Information security analyst jobs in Hemet, CA - 59 jobs

All

Information Security Analyst

Senior Security Engineer

Security Engineer

Senior Security Analyst

Information Technology Analyst

Senior Information Security Analyst

Securities Analyst

Information Systems Security Officer

Information Security Officer

Information Security Engineer

Global Chief Information Security Officer (CISO)
Security Director In San Diego, California
Information security analyst job in Irvine, CA
Allied Universal , North America's leading security and facility services company, offers rewarding careers that provide you a sense of purpose. While working in a dynamic, welcoming, and collaborative workplace, you will be part of a team that contributes to a culture that positively impacts the communities and customers we serve. Job Description Allied Universal is hiring a Global Chief Information Security Officer (CISO). The Global Chief Information Security Officer (GCISO) will lead Allied Universal's global cybersecurity strategy and operations, serving as the single accountable executive for cybersecurity across all of Allied Universal's global operations, responsible for protecting the company's people, systems, and data. Allied Universal is the 3 rd largest employer in North America and the 7th largest employer in the world, with approximately 800,000 employees in more than 100 countries and territories. This role is responsible for defining, implementing, and maintaining a comprehensive, risk-based cybersecurity program designed to protect Allied Universal's assets and technology platforms against evolving threats. The GCISO must be both a strategic leader and a hands-on practitioner capable of translating complex technical risks into business terms, fostering a culture of cybersecurity accountability throughout the organization, and directly engaging in key operational, investigative, and incident-response activities when necessary. The GCISO reports directly to the Global General Counsel to ensure independent oversight and transparency to executive leadership and the Board, with a dotted-line reporting relationship to the Chief Technology Officer for alignment with technology architecture, strategy, and operations. The GCISO directly manages Regional Cybersecurity Leaders, who implement global standards and maintain local readiness while partnering closely with Regional Chief Information Officers (CIOs) to integrate cybersecurity requirements into regional IT operations and project delivery. RESPONSIBILITIES: Strategic Leadership: Develop and execute a global, risk-based cybersecurity strategy and program aligned with Allied Universal's business objectives Establish, communicate, and oversee governance of enterprise-wide cybersecurity policies, standards, and controls that are appropriate for the company's diverse global operations Lead, mentor and manage Regional Cybersecurity Leaders to promote consistency, accountability, and operational effectiveness across all regions Define and monitor key risk indicators, cybersecurity metrics, and maturity objectives to inform executive decision-making and drive ongoing program improvement Oversee global monitoring, detection, and response capabilities that provide 24×7 visibility into potential cyber risks and support timely containment activities Identify and assess emerging threats, technologies, and vulnerabilities to support informed planning and risk mitigation efforts Provide recommendations regarding cybersecurity investments and resource allocation, helping prioritize efforts based on risk, business impact, and value Collaboration and Stakeholder Engagement: Foster a culture of cybersecurity awareness, ownership, and accountability across all functions and geographies Coordinate, develop, and implement programs designed to train Allied Universal's workforce regarding the company's cybersecurity requirements, including applicable cybersecurity laws and requirements and responding to evolving cybersecurity threats Risk Management: Evaluate emerging threats and vulnerabilities, driving continuous improvement of the company's cybersecurity posture as appropriate Direct recurring global cybersecurity risk assessments; oversee associated cybersecurity risk management activities, including maintenance of a risk register, remediation tracking, and risk decisions Oversee periodic internal and external cybersecurity audits to verify adherence to policies, standards and regulatory requirements Report promptly on cybersecurity risks to relevant Allied Universal Leadership upon identifying risks that exceed tolerance levels Compliance: Support compliance with regulatory requirements as well as any Allied Universal and customer contractual obligations for cyber security Remain current and knowledgeable regarding applicable cybersecurity laws and regulations, including laws and regulations applicable to government contractors Lead on various external cybersecurity initiatives, including compliance for protecting sensitive data such as responding to regulators and customer audits Incident Response: Direct and continuously improve the enterprise incident-response program, including playbooks, tabletop exercises, and post-incident reviews Lead cross-functional coordination with Legal, Technology, Operations, and Regional CIOs to contain and recover from major cyber incidents Oversee specialized incident-response and investigative resources for critical events Provide timely updates to the CEO, Global General Counsel, and Board on incident status, impact, and remediation progress Assessments and Audits: Review and assess the effective deployment of cybersecurity technologies, tools and software by Allied Universal, third parties, and related vendors Coordinate and respond to various cybersecurity assessments, including, as required, certifications to process certain government-related data or other sensitive data Monitor and manage cybersecurity aspects of the third-party lifecycle and confirm that third parties' cybersecurity practices align with Allied Universal's cybersecurity risk tolerance Third-Party Due Diligence: Communicate/respond to requests regarding the effectiveness of Allied Universal's cybersecurity program regarding third-party diligence, selection, and monitoring (e.g., insurance, debt financing, public accounting, initial public offering, etc.) in coordination with Allied Universal Leadership, including IT, Legal and Procurement Communication and Reporting: Provide regular briefings to the CEO, Global General Counsel, and Board of Directors on cybersecurity posture, key risks, and, if applicable, major incidents. Communicate with internal and external stakeholders (including government and prime contractor customers) regarding Allied Universal's cybersecurity program Prepare and present reports on Allied Universal's cybersecurity posture to the CEO and Board of Directors, and other Allied Universal Leadership Business Continuity and Disaster Recovery: Partner with IT and Operations to ensure business-continuity and disaster-recovery programs incorporate cybersecurity risk considerations, are regularly tested, and effectively support enterprise resilience objectives QUALIFICATIONS (MUST HAVE): Bachelor's degree in computer science, Information Technology, cybersecurity, or a related field Minimum of fifteen (15) years of progressive experience in cybersecurity Minimum of seven (7) years in a senior management role in an information security function Experience in managing, responding to, and mitigating cyber incidents Experience or familiarity with government contracting and public and private company cybersecurity reporting requirements Hands-on cyber incident response coordination and oversight experience Expertise in risk-based frameworks (NIST CSF, ISO 27001, SOC 2, CMMC, NIST 800-171) and familiarity with applicable regulatory regimes (SEC, GDPR, state breach laws, etc.) Proven ability to engage with CEO, Board of Directors, and Executive Team on cybersecurity strategy and governance Ability to operate effectively as both strategist and practitioner, a player-coach who drives global cybersecurity direction while engaging hands-on to guide, mentor, and resolve complex technical and operational challenges Strong leadership skills as well as the ability to work and communicate (verbal, written, and interpersonal) effectively with other leadership and their teams An entrepreneurial and innovative mindset regarding cybersecurity development and operations A strong understanding of the business impact of cybersecurity policies, tools, and technologies, including leveraging existing assets and talent to efficiently manage cybersecurity spend PREFERRED QUALIFICATIONS (NICE TO HAVE): Recognized security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), etc. COMPENSATION AND BENEFITS: Base salary range: $275,000 to $350,000 (based on skills, qualifications, and relevant experience), annual bonus, equity package Medical, dental, vision, supplemental income plan with a company match, basic life, AD&D, and disability insurance Eight paid holidays annually, five sick days, and four personal days Executive Flex Vacation Plan Closing Allied Universal is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race/ethnicity, age, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, protected veteran status or relationship/association with a protected veteran, or any other basis or characteristic protected by law. For more information: *********** If you have difficulty using the online system and require an alternate method to apply or require an accommodation, please contact our local Human Resources department. To find an office near you, please visit: ***********/offices. Requisition ID 2026-1510953
$275k-350k yearly Auto-Apply 2d ago

Looking for a job?

Let Zippia find it for you.

Sr. Security Compliance Analyst
TP-Link Systems Inc. 3.9
Information security analyst job in Irvine, CA
Job Description Headquartered in the United States, TP-Link Systems Inc. is a leading global provider of networking devices and smart home products. Consistently ranked as the world's top provider of Wi-Fi devices, TP-Link is dedicated to delivering innovative solutions that improve people's lives by offering faster, more reliable connectivity. Serving customers in over 170 countries, we are committed to expanding our global footprint. At TP-Link Systems Inc., we believe that technology has the power to transform the world for the better. Our mission is to design reliable, high-performance products that connect users worldwide to the limitless possibilities of technology. We are driven by our core values of professionalism, innovation, excellence, and simplicity. Our goal is to help clients achieve outstanding global performance and to provide consumers with a seamless, effortless technology experience. TP-Link Systems Inc. is seeking a skilled and proactive Sr. Security Compliance Analyst who will be responsible for developing and overseeing TP-Link's enterprise security governance framework, ensuring compliance with regulatory requirements, industry standards, and internal policies. This individual will collaborate with cross-functional teams to embed security into business operations, manage risk, and enhance security resilience across TP-Link's enterprise ecosystem. Key Responsibilities: Security Governance & Policy Development Develop, implement, and maintain security policies, standards, and guidelines aligned with industry best practices (e.g., NIST, ISO 27001, CIS). Establish and lead a security governance framework to ensure consistent application of security controls across the enterprise. Risk Management & Compliance Identify, assess, and mitigate security risks across TP-Link's global operations. Ensure compliance with regulatory requirements such as GDPR, CCPA, NIST CSF, and other applicable cybersecurity frameworks. Oversee security audits, risk assessments, and third-party security evaluations. Partner with legal, IT, and business leaders to address security compliance gaps. Third-Party & Supply Chain Security Develop and enforce security requirements for vendors, suppliers, and third-party partners. Conduct security assessments of supply chain partners to identify and mitigate potential risks. Security Awareness & Training Develop and lead security awareness programs to educate employees on cybersecurity risks and best practices. Foster a security-first culture across all levels of the organization. Provide guidance and training on security governance processes for internal stakeholders. Incident Response & Continuous Improvement Support security incident response efforts by ensuring governance processes facilitate rapid detection and response. Lead post-incident analysis to refine security policies and controls. Monitor emerging threats, regulatory changes, and industry trends to evolve TP-Link's security governance strategies. Requirements Qualifications Education: Bachelor's degree in Computer Science, Cybersecurity, Information Security, or a related field. Experience: 5+ years of experience in security governance, risk management, or compliance in a global technology or networking company. Proven track record in developing and implementing security governance frameworks for enterprise security. Experience managing compliance with industry standards and regulations (ISO 27001, NIST CSF, SOC 2, GDPR, CCPA, etc.). Hands-on experience with supply chain security, third-party risk management, and vendor security assessments. Skills: Deep understanding of security frameworks (ISO 27001, NIST, CIS, SOC 2) and regulatory requirements. Strong expertise in risk management methodologies, security policy development, and compliance auditing. Proficient in conducting security assessments, third-party risk evaluations, and internal security reviews. Ability to communicate complex security concepts to business and technical stakeholders effectively. Strong leadership skills with experience in cross-functional collaboration and executive reporting. Benefits Salary range: $100,000-$150,000 Free snacks and drinks, and provided lunch on Fridays Fully paid medical, dental, and vision insurance (partial coverage for dependents) Contributions to 401k funds Bi-annual reviews, and annual pay increases Health and wellness benefits, including free gym membership Quarterly team-building events At TP-Link Systems Inc., we are continually searching for ambitious individuals who are passionate about their work. We believe that diversity fuels innovation, collaboration, and drives our entrepreneurial spirit. As a global company, we highly value diverse perspectives and are committed to cultivating an environment where all voices are heard, respected, and valued. We are dedicated to providing equal employment opportunities to all employees and applicants, and we prohibit discrimination and harassment of any kind based on race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Beyond compliance, we strive to create a supportive and growth-oriented workplace for everyone. If you share our passion and connection to this mission, we welcome you to apply and join us in building a vibrant and inclusive team at TP-Link Systems Inc. Please, no third-party agency inquiries, and we are unable to offer visa sponsorships at this time.
$100k-150k yearly 2d ago
Information Security Analyst
Cathay General Bancorp 4.4
Information security analyst job in Rancho Cucamonga, CA
This position is responsible for ensuring that the Bank's Security operations and preventive controls are managed and maintained in accordance with established Information Security policies, standards and procedures, published regulations and industry best practices. Primarily responsible for the constant review of vendor security controls in comparison with policies and industry frameworks, risk assessments, determination of control gaps and their remediation. ESSENTIAL FUNCTIONS Performs vendor security risk assessments to determine inherent risk on proposed projects and assesses vendor security controls to determine residual risk. Evaluates the potential exposure to application security risks and threats based on industry security frameworks and recommends appropriate mitigation. Assesses security practices including Information Security governance, Identity and access control, Incident monitoring and response, Vulnerability assessment and Penetration tests, Network Security and Endpoint Security, among others. Acts as liaison with Third Party Risk Management, Information Technology and business department Relationship Managers related to vendor risk assessments. Reports information security risks and follows-up remediations. Remediates audit and regulatory findings and recommendations related to Information Security and Vendor Risk Management. QUALIFICATIONS Education: College degree in Information Technology or Information Security or equivalent; Security+, SSCP, CISSP, CISM or similar information security certifications preferred. Experience: Minimum two years of experience in Information Security Risk, Information Security Operations or Security Auditing. Proven experience on third-party risk management and vendor security assessments. Working knowledge of security practices such as Endpoint Security, Network Security, Security Operations and Security Governance required. Experience working with Vendor Risk Management (VRM) applications preferred. Skills/Ability: Proven ability to initiate and manage projects. Excellent communication and problem-solving skills. Strong inter-personal communication and collaboration skills. Self-starter, highly motivated, and able to work with general supervision. OTHER DETAILS $28.84 - $33.65 / hour Pay determined based on job-related knowledge, skills, experience, and location. This position may be eligible for a discretionary bonus.
$28.8-33.7 hourly 20d ago
Lead Security Engineer
Swiftly, Inc.
Information security analyst job in Ontario, CA
Company DescriptionSwiftly is on a mission to help cities move more efficiently. We are the leading transit data platform for agencies to share real-time passenger information, manage day-to-day operations, and improve service performance. Today, over 180 transit agencies in 12 countries - including LA Metro, MARTA, SEPTA, and MBTA - rely on Swiftly to improve on-time performance by up to 40% and increase passenger information accuracy by up to 50%. The result is better service reliability, increased ridership, and more efficient transit operations. Even though Swiftly's HQ office is located in San Francisco, CA, we are open to candidates in most locations across the U.S. as well as Ontario and British Columbia, Canada. At this time we are unable to provide Visa sponsorship. Engineering at SwiftlyEngineering at Swiftly is not only about writing code - we believe in creating empowered product teams that work together to conceptualize new features and bring them to life. Each team aims to strike a balance between delivering incremental improvements, creating prototypes to test new ideas and mitigate risks, and building scalable software using industry best practices. We're guided by a mission to positively impact transit riders, and we embrace humility and intentionality in how we make technical decisions so that we best meet our customers' needs. About the Role We're looking for a Lead Security Engineer to join our Platform team and mature Swiftly's security posture. We believe excellent security isn't just about tools and controls; it's about empowering product, infrastructure, and corporate IT teams across our organization to make secure decisions every day. In this role, you'll partner closely with engineering, product, and go-to-market teams to design secure solutions, build DevSecOps tooling, and drive our compliance roadmap. You'll balance strategic initiatives with hands-on work in our cloud-native environment. We're looking for someone equally comfortable working on codebases and leading cross-functional initiatives, a force multiplier who can train teams, represent security to customers and executives, and make security a natural part of how Swiftly ships products. We use AI tools for scheduling and summarization in our hiring process. We do not use AI tools to make decisions about who moves forward or to assess the strength of candidates. Every application is reviewed and all hiring decisions are made by Swiftly team members. This is an active, open role that we are currently hiring for at Swiftly. What You'll Do Make Swiftly Secure - Own Swiftly's security risk register and threat models; identify, prioritize, and drive remediation of risks across application and infrastructure.- Design secure architectures for our SaaS platform, mobile applications, and IOT/Hardware Integration, focusing on authentication, authorization, data protection, and network boundaries- Recommend, implement, and manage security tools end-to-end- Build DevSecOps guardrails into CI/CD so vulnerabilities, misconfigurations, and license issues surface early- Conduct internal security assessments and coordinate engagements with external penetration testers.- Own security policies and standards; ensure they're practical, adopted, and measurable- Define standards for secure adoption of AI coding assistants, building reusable patterns, custom configurations, and guardrails that help developers move fast safely Compliance & Customer Trust - Lead renewals and continuous readiness for existing certifications like SOC 2- Proactively identify security frameworks required for international expansion; scope cost, level of effort, and timelines to inform market entry decisions; and lead execution of new certifications- Respond to customer security and compliance inquiries and support product marketing with security content Incident Response & Detection - Design and maintain security incident response plans, playbooks, and escalation paths- Serve as an escalation point for security incidents; lead triage, root cause analysis, and remediation Security Leadership - Define and maintain security KPIs and dashboards for executive and board reporting- Give teams visibility into their security posture and coach them to improve- Influence roadmap prioritization to ensure security and compliance are first-class concerns- Mentor engineers in secure design and help grow a security-aware culture across Swiftly by delivering security training and office hours for developers and other stakeholders- Drive corporate IT security strategy, including endpoint hardening, email security, IAM standards, and periodic access reviews What will set you up for success 5+ years of experience in security engineering with both strategic and hands-on work Strong experience securing cloud-native environments (AWS preferred), including IAM, networking, logging/monitoring, and secrets management Hands-on experience with infrastructure-as-code (Terraform) and policy-as-code frameworks (OPA, Sentinel, or similar) Background building security into CI/CD pipelines and development workflows Familiarity with container and orchestration security Excellent threat modeling and risk assessment skills; able to translate complex risks into clear options and tradeoffs Experience with compliance frameworks (SOC 2 preferred) and audit processes Strong communication skills; comfortable working across technical and non-technical teams Self-directed and comfortable operating with autonomy Nice to Haves Relevant certifications (CISSP, cloud security certifications) Experience advising on security for AI/ML or LLM-powered features Mobile application security experience (Android preferred) Experience with GRC and compliance platforms Background in application security or penetration testing Experience with international compliance frameworks Familiarity with regulated industries or public sector requirements Experience with physical device security (IoT, embedded systems, or field-deployed hardware) Experience with Mobile Device Management (MDM) solutions for enterprise or fleet deployments Pay Range In accordance with pay transparency laws, please see the approximate salary ranges below. These ranges represents the anticipated low and high end of the salary for this position. Actual salaries will vary and are based on a multitude of non-discriminatory factors including final role leveling decisions, a candidate's relevant work experiences/skills, and geographic location. Salary is one component of Swiftly's total compensation package, which also includes stock options, competitive benefits, 401(k)/ RRSP matching, a fantastic team and culture, opportunity to have a huge impact, emphasis on professional growth and holistic wellness, and other perks. US Salary Range: $140,000 - 200,000Canadian Salary Range: $165,000 - 200,000 Beyond the SkillsWe are looking for candidates who are passionate about mobility, sustainability, or mission-oriented projects that have a significant real-world impact. Ideal candidates encompass the core values of our company:Team. Together, we are more effective and better supported Impact. Drive impact for our customers, our company, and all of our teams Diversity. See differing perspectives as ways to address our weaknesses and find new strengths Communication. Assume others internally and externally have good intentions Feedback. We share feedback because we want each other to grow professionally and personally Growth. Foster personal, professional, and company growth Benefits:• Competitive salary• Equity compensation (company ownership) for every employee• Medical, Dental and Vision• Retirement with Employer Match• Flexible Spending Account (FSA)• Home office setup reimbursement• Monthly cell/internet reimbursement• Monthly "Be Well" stipend• Flexible PTO with a recommended minimum• Flexible work environment• 16 paid holidays - including months without US national holidays• 8 fully paid weeks of leave for child birth/adoption Travel note: Swiftly employees can generally expect to travel 1-2 times a year for in-person company or team offsites. As a fully distributed company, we consider these offsites important for cultivating strong relationships across our teams! Attending these in-person is expected and encouraged, although we understand everyone has different personal circumstances and we will consider requests for exceptions. Customer-facing team members and other specific roles may be expected to travel more frequently. We are an equal opportunity employer - we are committed to a workplace that is as dynamic, diverse, and passionate as the communities we serve.
$165k-200k yearly Auto-Apply 35d ago
Sr. Information Security GRC Analyst
Loan Depot 4.7
Information security analyst job in Irvine, CA
Responsible for driving the development, implementation, communication, and maintenance of loan Depot's technology policies, standards and procedures that are aligned to industry standards and regulatory requirements. Ensures that loan Depot technology processes adheres to regulatory requirements, manages risks effectively, and establishes strong governance practices. Develops and implements controls, monitors compliance, and supports risk management activities. Responsibilities: * Leads the development and implementation of comprehensive cybersecurity and IT policies, standards, and guidelines. * Continuously evaluates and updates cybersecurity and IT policies to ensure they remain current and effective. * Ensures policies comply with relevant laws, regulations, and industry standards (e.g., NIST, FFIEC, GLBA, NYDFS, SOX and PCI-DSS). * Collaborates with teams, working closely with IT, legal, compliance, and other departments, to gain a deep understanding of business needs to ensure cybersecurity policies align with business objectives. * Transforms complex information and documentation into simple concepts that are easy to understand by the end-users. * Offers specialized expertise and consultation to cross-functional teams to perform framework-oriented risk assessments, identify deficiencies, generate reports, and recommends prioritized, actionable solutions to mitigate risks and enhance loan Depot's overall security posture. * Stays informed about the latest cybersecurity threats, trends, and best practices. Ensures accurate and up-to-date records of policy reviews, risk assessments, training activities, and incident responses. * Benchmarks the organization's policies against industry standards and best practices. * Develops and implements governance frameworks for cybersecurity policy management. * Monitors key performance indicators, conducts gap analysis, risk assessments and implements frameworks, as needed. Tests and monitors effectiveness of controls. * Establishes a feedback loop and analyzes metrics to continuously improve cybersecurity policies based on audit findings, incident reviews, and emerging threats. * Actively leads and supports on internal and external audits and assessments of cybersecurity policies and practices. Accountable for ensuring identified audit and assessment findings and actions are tracked to closure. * Maintains comprehensive documentation of all cybersecurity policies, procedures, and related activities. Communicates policy requirements and updates to all relevant stakeholders. * Identifies opportunities for innovation and improvement in cybersecurity policy and practice. Proposes suitable mitigation strategies and verifies the effectiveness of remediation plans Requirements: * Bachelor's Degree in Information Security, Computer Science, Information Technology, or a related field preferred. * Minimum of six (6) + years' experience working in Cybersecurity GRC, policy development, risk management, or a similar field. * Experience with GRC tools (e.g., Archer, ServiceNow, OneTrust). * Proficiency in using data analysis and reporting tools (e.g., Excel, Power BI). * Relevant certifications such as CISM and/or CISA are highly desirable. Why work for #teamloan Depot: * Competitive compensation package based on experience, skillset and overall fit for #TeamloanDepot. * Inclusive, diverse, and collaborative culture where people from all backgrounds can thrive * Work with other passionate, purposeful, and customer-centric people * Extensive internal growth and professional development opportunities including tuition reimbursement * Comprehensive benefits package including Medical/Dental/Vision * Wellness program to support both mental and physical health * Generous paid time off for both exempt and non-exempt positions About loan Depot: loan Depot (NYSE: LDI) is a digital commerce company committed to serving its customers throughout the home ownership journey. Since its launch in 2010, loan Depot has revolutionized the mortgage industry with a digital-first approach that makes it easier, faster, and less stressful to purchase or refinance a home. Today, as the nation's second largest non-bank retail mortgage lender, loan Depot enables customers to achieve the American dream of homeownership through a broad suite of lending and real estate services that simplify one of life's most complex transactions. With headquarters in Southern California and offices nationwide, loan Depot is committed to serving the communities in which its team lives and works through a variety of local, regional, and national philanthropic efforts. Base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay for this role is between $99,000 and $136,500. Your base pay will depend on multiple individualized factors, including your job-related knowledge/skills, qualifications, experience, and market location. We are an equal opportunity employer and value diversity in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
$99k-136.5k yearly Auto-Apply 2d ago
Senior Security Engineer
Goodleap 4.6
Information security analyst job in Irvine, CA
GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: * Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. * Build-time controls: Managing applications/products security controls and activities during development. * Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities * Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. * Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. * Support or develop components of the security analytics platform. * Contribute to investigations, threat hunting, and incident response activities in a supporting role. * Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. * Support the security operations team with the vulnerability management lifecycle for products and services under your purview. * Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities * Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. * Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. * Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. * Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). * Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. * Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. * Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. * Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. * Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. * Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. * Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. * Experience engaging with vendors in design partnerships. * Experience overseeing vulnerability and threat management at the platform and application levels. * Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. * Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. $146,000 - $170,000 a year In addition to the above salary, this role may be eligible for a bonus. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
$146k-170k yearly 60d+ ago
Senior Information Security Analyst
Vesync
Information security analyst job in Tustin, CA
Job DescriptionThe Company: VeSync is a portfolio company with brands that cover different categories of health & wellness products. We wouldn't be surprised if you have one of our Levoit air purifiers in your living room or a COSORI air fryer whipping up healthy and delicious meals for you every night. We're a young and energetic company, we've had tremendous success, and we are constantly growing our team. As we garner more industry attention - just check out our accomplishments and awards by CES Innovation, iF Design, IGA, and Red Dot - we also need driven and talented people to join our team. That brings us to you, and what you'll be joining. Our teams are smart and diligent and take ownership of their work - they're confident in their work but know how to collaborate with open ears and a spirit of learning. If you're down-to-earth, approachable, and easy to strike up a conversation with, this may be a great fit for you. Check out our brands:levoit.com \u007C cosori.com \u007C etekcity.com The Opportunity: Information Security Planning • Develop and implement comprehensive information security plans to safeguard the security of company data and assets, including on-premise and cloud environments. • Thoroughly analyze the company's business processes and data characteristics, and combine industry best practices and frameworks such as NIST Cybersecurity Framework (CSF)to create customized security plans, ensuring the confidentiality, integrity, and availability of information assets in various scenarios. Policy Development and Compliance • Create security policies and ensure that the company's operations are in strict compliance with industry standards (e.g., ISO 27001, NIST, GDPR) and regulatory requirements. • Continuously monitor industry trends and regulatory changes, and adjust security policies in a timely manner to provide a solid security and compliance framework for the company's business operations. • Experience with OneTrust, Drata or similiar tools System, Network and Cloud Security • Maintain and enhance security measures for systems, networks , and public cloud platforms (e.g., AWS, Azure, GCP) to prevent potential threats. • Utilize advanced technical means and tools to conduct real - time monitoring and risk early warning of systems, networks, and cloud environments, promptly detect and block various attack behaviors, and ensure the stable and secure operation of IT infrastructure. • Familiar with AWS security suites • Familiar with security scorecards, SIEM tools and dashboards (Splunk, QRadar, Rapid7, Wazhu) Security Monitoring and Incident Response • Monitor security events in real - time, respond promptly to emergencies, and effectively mitigate risks. • Build an efficient security monitoring platform, use intelligent analysis technology to promptly capture abnormal behaviors, activate emergency response plans, and minimize the impact of security incidents. • Conduct re/blue team exercise Security Awareness and Training • Develop and deliver security training programs to enhance employees' security awareness and encourage their adherence to best practices. • Design targeted training courses according to the needs of different positions and use diverse training methods to ensure that employees have a deep understanding of and implement security requirements. Access Control and Identity Management • Oversee user access controls, regularly review permissions, and ensure secure identity management. • Implement a strict access control mechanism, Conduct regular audits of user permissions, and use reliable identity management systems to prevent unauthorized access and ensure the security of company resources. Risk Assessment and Management • Conduct comprehensive risk assessments, identify vulnerabilities, and implement effective mitigation strategies. • Use scientific risk assessment methods and frameworks such as NIST CSF to evaluate potential threats and vulnerabilities, formulate corresponding mitigation measures based on the assessment results, and continuously improve the company's security defense capabilities. • Develop KPIs and metrics Documentation and Mentorship • Document Cyber Security controls, detection rules and playbooks • Mentoring team members What you bring to the role: Bachelor's degree in Information Security, Computer Science, or a related field. 8+ years of experience in information security, with a strong background in security event analysis, incident response, vulnerability management, and risk assessment. Hands-on experience with public cloud security (e.g., AWS, Azure, GCP), including cloud-native security tools and best practices. Familiarity with security regulatory compliance standards and frameworks such as NIST CSF, ISO 27001, and CIS. Knowledge of network security principles, intrusion detection/prevention systems (IDS/IPS), firewalls, and endpoint protection. Understanding these aspects is essential for ensuring the company's security compliance and building a robust security defense system. Strong analytical and problem - solving skills, with the ability to quickly identify and mitigate security threats. Relevant security certifications such as CISSP, CISM, CEH are a plus. Location: This is an on-site, office-based role in Tustin, CA. Salary: Starting at $125K Perks and Benefits: 100% covered Medical/Dental/Vision insurance for employee AND spouse + dependents! 401K with 4% employer match (eligible after 90 days of employment) and immediate 100% vesting Generous PTO policy + paid holidays Life Insurance Voluntary Life Insurance Disability Insurance Critical Illness Coverage Accident Insurance Healthcare FSA Dependent Care FSA Travel Assistance Program Employee Assistance Program (EAP) Fully stocked kitchen
$125k yearly 19d ago
Information Systems Security Officer
Mantech 4.5
Information security analyst job in Camp Pendleton South, CA
**MANTECH** seeks a motivated, career and customer-oriented **Information Systems Security Officer** with strengths in Information Systems Security to join our team at Marine Corps Base **Camp Pendleton California.** This position will assist Marine Corps Warfighting Laboratory (MCWL) prepare for and maintain the IT infrastructure, IT capabilities and Audio-Visual capabilities to support emerging ICD 705 Sensitive Compartmentalized Information Facilities (SCIFs) and Special Access Control Facilities (SAPFs) through planning, activation and operations. **Responsibilities include but are not limited to:** + Experience in network design, network monitoring, systems development, and knowledge of Information Assurance (IA) policies, directives, and best practices across DoD and Marine Corps. + Knowledge and experience with organizations within the Marine Corps responsible for facilitating network approvals and connections. + Work with various Marine Corps, Navy, Joint, and other services to coordinate installs supporting Initial Operating Capability (IOC) and Final Operating Capability (FOC). + Ability to communicate and provide effective staff coordination across government, Marine Corps, and contractor organizations. + Support the facility Site Security Manager (SSM)/Special Security Representative (SSR) and Information Systems Security Manager (ISSM) to oversee the secure installations and operations of systems across multiple security domains and in accordance with policies, directives, and best practices. + Establishes and satisfies complex system-wide information security requirements based upon the analysis of user, policy, regulatory, and resource demands. Supports Marine Corps and other customers at the highest levels in the development and implementation of doctrine and policies. **Minimum Qualifications:** + Bachelor's degree and at least 10 years' experience planning and/or operating IT infrastructure within ICD 705 facilities. + Experience with network security aspects of installations and operations. **Preferred Qualifications:** + Experience with MS Word, MS Power Point **Clearance Requirements** **_:_** + Candidate must have a current/active Top Secret clearance with the ability to obtain and maintain a TS/SCI clearance prior to starting this position. **Physical Requirements:** + Ability to maintain construction security oversight in outdoor environment; walk (with personal protective equipment) to inspect and document delivery of components and assembly/construction of structure. MANTECH International Corporation considers all qualified applicants for employment without regard to disability or veteran status or any other status protected under any federal, state, or local law or regulation. If you need a reasonable accommodation to apply for a position with MANTECH, please email us at ******************* and provide your name and contact information.
$67k-94k yearly est. 57d ago
Information Security Engineer
Lenderlive Network 4.4
Information security analyst job in Temecula, CA
It's fun to work in a company where people truly BELIEVE in what they're doing! We're committed to bringing passion and customer focus to the business. The Information Security Engineer is responsible for contributing to the corporate Information Security program by assisting in the identification, recommendation and implementation of industry leading application security tools and techniques. The incumbent will also maintain and update application security processes and procedures and train team members on any relevant updates. This position is remote, but local to the Temecula, CA office. Essential Functions Assist with the development, implementation, and administration of information security policies, standards, and procedures, adhering to industry best practices Assist in integrating regulatory compliance requirements (e.g., PCI, GLBA) into the organizational security roadmap Assist in ensuring that the corporate IT environment is secure and complies with all external audit requirements and federal standards Coordinate with IT Operations to ensure endpoints and network devices conform to security standards, and that security devices and controls are working as designed Assist in the identification, evaluation and implementation of industry leading application security tools and techniques Plan, coordinate, and implement security measures to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information Perform risk assessments and execute system tests to ensure proper functioning of data processing activities and security measures Identify potential security risks, and define and document remediation options or mitigating controls Perform security incident investigations including: chain of custody, containment measures, root cause analysis, and identification of preventive measures Define and assist in the management of an Incident Response Team that addresses potential or in-progress security events, establishing and adhering to escalation procedures and response times Perform information systems evidence gathering, to support e-discovery requests and messaging searches Perform security reviews on requests for new commercial software or material configuration changes to existing software Perform periodic internal IT security audit functions on IT operational controls, to include system access controls, firewall rule reviews, etc. Participate in on-call rotation Perform related duties as requested Essential Knowledge, Skills, & Abilities Excellent written and verbal communication skills required Solid presentation skills Significant knowledge of security-oriented regulatory requirements and compliance Excellent familiarity with IT security principles and practices including firewalling, hardening, data loss prevention, threat prevention, and identity management. Ability to provide technical guidance to less experienced team members Knowledge of the mortgage industry is helpful, but not required Commitment and ability to cultivate a diverse and inclusive work environment. Education Bachelor's degree in computer science, Engineering, Information Systems Security or a related field is required. Security class certifications strongly preferred Azure certifications preferred CISSP license preferred Experience 5+ years of related IT experience required 2+ years in an Information Security engineering role 3+ years of experience in a regulated IT environment including some combination of SOX, HIPAA, GLBA, PCI preferred Compensation and Benefits Covius offers an extensive benefits package for all employees, including medical, dental, vision and 401(k)! Compensation: $96,000 to $120,000 annually with a 10% AIP opportunity Application Guidelines: For best consideration, please submit your resume and application materials as soon as possible. Review of applications will begin immediately. Working Conditions Work is performed in a climate controlled indoor administrative office setting. The noise level in the work environment is usually quiet to moderate, depending upon the office or meeting location. Physical Demands and Activities While performing the duties of this job, the employee is frequently required to communicate. The employee frequently is required to remain stationary. The employee is frequently required to move about the office, operate a computer and other office machinery, such as calculator, copy machine, and computer printer; rarely position self to maintain files; rarely moves boxes weighing up to 10 lbs. Close and distance observation required with the ability to observe objects at close range in presence of glare or bright lighting (e.g., computer screen). Must possess the ability to communicate information and ideas so others will understand and have the ability to interact with external and internal stakeholders. Covius is committed to equal opportunity in all employment practices to all qualified applicants and employees without regard to race, color, religion, gender, gender identity, age, national origin, pregnancy, disability, genetics, marital status, military or veteran status or any other protected category as established by local, state, and federal law. This policy applies to all aspects of the employment relationship including recruitment and hiring, placement, promotion, transfer, compensation, disciplinary action, layoff, leaves of absence, training, and termination. All such employment decisions will be made without unlawful discrimination based on any prohibited basis. The essential functions, working conditions and physical demands described above are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position. Please note that all s are not intended to be all-inclusive. This job description is not designed to cover all activities, duties or responsibilities that are required of the employee for this job. Employees may be required to perform other duties at any time with or without notice to meet the ongoing needs of the organization. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
$96k-120k yearly Auto-Apply 46d ago
Security Engineer
Momenti, Inc.
Information security analyst job in Irvine, CA
Momenti is a dynamic and immersive content company that revolutionizestraditional media by bringing visceral experiences to all forms of content. Wespecialize in interactive video that breaks the 4th wall, creating deeperconnections and emotions with our audience. Join us in transforming the waypeople engage with content and bring moments to life. Momenti is at theforefront of the content revolution, and we want you to be part of it. Job Summary:We are seeking a talented and experienced Security Engineer to join Momentias our first security hire and report directly to our Engineering Director. In thisrole, you will be responsible for ensuring the security and integrity of oursystems, applications, and data. You will work closely with cross-functionalteams to identify potential vulnerabilities, develop and implement securitymeasures, and provide ongoing support to maintain a secure environment. Thisis a unique opportunity to make a significant impact and shape the securitylandscape at Momenti. Key Responsibilities:• Develop and implement effective security strategies, policies, and proceduresto protect Momenti's systems, applications, and data.• Conduct regular security assessments, vulnerability testing, and risk analysisto identify and address potential security weaknesses.• Collaborate with software engineers and other stakeholders to design andimplement secure coding practices and ensure secure applicationdevelopment.• Monitor and respond to security incidents, including investigating andresolving security breaches, intrusions, and unauthorized access attempts.• Stay up-to-date with the latest security technologies, trends, and bestpractices, and provide recommendations for enhancements to our securityposture.• Educate and train employees on security awareness and best practices topromote a culture of security throughout the organization.Preferred Qualifications:• Solid experience in a security engineering or related role, with a focus onapplication and system security.• Strong understanding of web application security, network security principles,and secure coding practices.• Familiarity with security frameworks such as OWASP, NIST, and CISbenchmarks.• Knowledge of cloud security principles and experience securing cloud-basedenvironments (e.g., GCP, AWS, Azure).• Experience with security assessment tools and techniques, such asvulnerability scanners, penetration testing, and log analysis.Basic Qualifications:• Proven experience in implementing and managing security controls in aproduction environment.• Familiarity with compliance standards and regulations (e.g., GDPR, HIPAA,PCI DSS).• Strong problem-solving and analytical skills, with the ability to assess risksand develop effective mitigation strategies.• Excellent communication and collaboration skills, with the ability to workeffectively in cross-functional teams.
$104k-149k yearly est. Auto-Apply 60d+ ago
Principal Security Engineer
Aveva Group Plc
Information security analyst job in Lake Forest, CA
AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life - such as energy, infrastructure, chemicals and minerals - safely, efficiently and more sustainably. We're the first software business in the world to have our sustainability targets validated by the SBTi, and we've been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We've also recently been named as one of the world's most innovative companies. If you're a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at AVEVA Careers. For more information about our privacy policy and how to manage cookies, visit our Privacy Policy. Position: Principal Security Engineer - Application Security & Incident Response Location: Calgary Canada/ Lake Forest, CA Type: Full time- Hybrid Path: Individual Contributor Salary Range: $123,500.00 - $205,900.00 About the Role: We're looking for a Principal Security Engineer to lead our application security efforts and help protect our global technology environment. This is a hands-on, high-impact role for someone with deep expertise in application security, a strong development background, and real-world breach response experience. You'll work across engineering and product teams to identify vulnerabilities, guide secure development, and respond to security incidents. As part of our global 24×7 security team, you'll help ensure continuous coverage and rapid response to emerging threats. Key Responsibilities: * Lead application security practices across development and deployment workflows. * Identify and remediate vulnerabilities in collaboration with engineering teams. * Monitor for threats and respond to security incidents across global environments. * Apply breach response experience to strengthen threat modeling and security controls. * Stay ahead of emerging threats and translate insights into actionable improvements. * Develop secure coding standards and mentor teams on best practices. * Work as part of a global 24×7 team to ensure consistent security coverage. Required Qualifications: * Strong development background with experience in secure coding and software engineering. * Proven experience in application security and incident response. * Proven experience securing cloud applications (e.g., Azure, AWS, GCP). * At least two years operating at Principal level or in a senior technical leadership role. * Strong understanding of secure development practices and threat modeling. * Experience with cloud-native environments, CI/CD pipelines, and containerized applications. * Excellent communication and stakeholder engagement skills. Preferred Qualifications: * Certifications like CSSLP, OSWE, or GWAPT. * Experience with automated security tools and analysis platforms. * Familiarity with compliance frameworks (e.g., GDPR, PCI-DSS, ISO 27001). * Understanding of the NIS Directive and its impact on security operations. R&D at AVEVA Our global team of 2000+ developers work on an incredibly diverse portfolio of over 75 industrial automation and engineering products, which cover everything from data management to 3D design. AI and cloud are at the centre of our strategy, and we have over 150 patents to our name. Our track record of innovation is no fluke - it's the result of a structured and deliberate focus on learning, collaboration and inclusivity. If you want to build applications that solve big problems, join us. AVEVA requires all successful applicants to undergo and pass a comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria. AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. Come and join AVEVA to create the transformative technology that enables our customers to engineer a better world.
$123.5k-205.9k yearly 36d ago
Principal Security Engineer
Aveva
Information security analyst job in Lake Forest, CA
**AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life - such as energy, infrastructure, chemicals and minerals - safely, efficiently and more sustainably.** **We're the first software business in the world to have our sustainability targets validated by the SBTi, and we've been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We've also recently been named as one of the world's most innovative companies.** **If you're a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at AVEVA Careers (**************************************** .** **For more information about our privacy policy and how to manage cookies, visit our** **Privacy Policy (**************************************************************************************************************************** **.** **Position:** Principal Security Engineer - Application Security & Incident Response **Location:** Calgary Canada/ Lake Forest, CA **Type:** Full time- Hybrid **Path:** Individual Contributor **Salary Range:** $123,500.00 - $205,900.00 **About the Role:** We're looking for a **Principal Security Engineer** to lead our application security efforts and help protect our global technology environment. This is a hands-on, high-impact role for someone with deep expertise in application security, a strong development background, and real-world breach response experience. You'll work across engineering and product teams to identify vulnerabilities, guide secure development, and respond to security incidents. As part of our global 24×7 security team, you'll help ensure continuous coverage and rapid response to emerging threats. **Key Responsibilities:** + Lead application security practices across development and deployment workflows. + Identify and remediate vulnerabilities in collaboration with engineering teams. + Monitor for threats and respond to security incidents across global environments. + Apply breach response experience to strengthen threat modeling and security controls. + Stay ahead of emerging threats and translate insights into actionable improvements. + Develop secure coding standards and mentor teams on best practices. + Work as part of a global 24×7 team to ensure consistent security coverage. **Required Qualifications:** + Strong development background with experience in secure coding and software engineering. + Proven experience in application security and incident response. + Proven experience securing cloud applications (e.g., Azure, AWS, GCP). + At least **two years operating at Principal level** or in a senior technical leadership role. + Strong understanding of secure development practices and threat modeling. + Experience with cloud-native environments, CI/CD pipelines, and containerized applications. + Excellent communication and stakeholder engagement skills. **Preferred Qualifications:** + Certifications like CSSLP, OSWE, or GWAPT. + Experience with automated security tools and analysis platforms. + Familiarity with compliance frameworks (e.g., GDPR, PCI-DSS, ISO 27001). + Understanding of the NIS Directive and its impact on security operations. **R&D at AVEVA** Our global team of 2000+ developers work on an incredibly diverse portfolio of over 75 industrial automation and engineering products, which cover everything from data management to 3D design. AI and cloud are at the centre of our strategy, and we have over 150 patents to our name. Our track record of innovation is no fluke - it's the result of a structured and deliberate focus on learning, collaboration and inclusivity. If you want to build applications that solve big problems, join us. **AVEVA requires all successful applicants to undergo and pass a comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria.** **AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.** **Come and join AVEVA to create the transformative technology that enables our customers to engineer a better world.** Empowering you with pioneering tech AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life - such as energy, infrastructure, chemicals and minerals - safely, efficiently and more sustainably. We're the first software business in the world to have our sustainability targets validated by the SBTi, and we've been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We've also recently been named as one of the world's most innovative companies. If you're a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at AVEVA Careers (**************************************** . For more information about our privacy policy and how to manage cookies, visit our Privacy Policy (*********************************************************************************************************************** .
$123.5k-205.9k yearly 60d+ ago
IT Security Analyst II
Monster 4.7
Information security analyst job in Corona, CA
Energy: Forget about blending in. That's not our style. We're the risk-takers, the trailblazers, the game-changers. We're not perfect, and we don't pretend to be. We're raw, unfiltered, and a bit unconventional. But our drive is unrivaled, just like our athletes. The power is in your hands to define what success looks like and where you want to take your career. It's not just about what we do, but about who we become along the way. We are much more than a brand here. We are a way of life, a mindset. Join us. A day in the life: Rev up your career as an IT Security Analyst II at Monster Energy, where you'll be on the frontlines of cyber defense! Your mission? Identify, track, and analyze cyber threats with the precision of a racing champion. Harness your technical and analytical skills to decode threat tactics, techniques, and procedures (TTPs), assessing impacts like a pro and effectively communicating your findings to management and stakeholders. Master the MITRE ATT&CK framework and stay ahead of the curve, adapting to the ever-evolving cyber landscape. Keep a keen eye on security tools like MS Defender, Red Canary, and BlueVoyant, tackling tickets, and neutralizing any threats that dare to challenge MEC. Get ready to protect and serve with Monster Energy's unstoppable spirit! The impact you'll make: Threat Identification and Tracking potential threats such as malware or hacking attempts Vulnerability Response Management using ServiceNow, MS Defender, Tenable.io Participate in MDR/EDR actionable events and fine tuning alerts from 3rd party monitoring such as Red Canary and Blue Voyant Work with the team and with 3rd parties to update and maintain rules associated with securing endpoints and identities Ensure up-to-date documentation surrounding cyber security awareness, training, security events, incidents and all reported issues Who you are: Key Competencies: Oral and written communication skills Learning skills Customer service orientated Problem analysis Problem-solving Adaptability Planning and organizing Attention to detail Ability to multi-task and work in a fast paced environment Preferred Requirements: Bachelor's Degree in IT Cyber Security or related field Experience with MS Windows 11, MS Office suite to include Word, Excel, and Powerpoint Minimum 1 year of experience in MS Office Suite Between 3-5 years of experience in Industry standards such as NIST Monster Energy provides a competitive total compensation. This position has an estimated annual salary of $78,750 - $105,000. The actual pay may vary depending on your skills, qualifications, experience, and work location.
$78.8k-105k yearly 60d+ ago
IT Security Analyst II
Monster Beverage 1990 Corporation 4.1
Information security analyst job in Corona, CA
About Monster Energy: Forget about blending in. That's not our style. We're the risk-takers, the trailblazers, the game-changers. We're not perfect, and we don't pretend to be. We're raw, unfiltered, and a bit unconventional. But our drive is unrivaled, just like our athletes. The power is in your hands to define what success looks like and where you want to take your career. It's not just about what we do, but about who we become along the way. We are much more than a brand here. We are a way of life, a mindset. Join us. A day in the life: Rev up your career as an IT Security Analyst II at Monster Energy, where you'll be on the frontlines of cyber defense! Your mission? Identify, track, and analyze cyber threats with the precision of a racing champion. Harness your technical and analytical skills to decode threat tactics, techniques, and procedures (TTPs), assessing impacts like a pro and effectively communicating your findings to management and stakeholders. Master the MITRE ATT&CK framework and stay ahead of the curve, adapting to the ever-evolving cyber landscape. Keep a keen eye on security tools like MS Defender, Red Canary, and BlueVoyant, tackling tickets, and neutralizing any threats that dare to challenge MEC. Get ready to protect and serve with Monster Energy's unstoppable spirit! The impact you'll make: * Threat Identification and Tracking potential threats such as malware or hacking attempts * Vulnerability Response Management using ServiceNow, MS Defender, Tenable.io * Participate in MDR/EDR actionable events and fine tuning alerts from 3rd party monitoring such as Red Canary and Blue Voyant * Work with the team and with 3rd parties to update and maintain rules associated with securing endpoints and identities * Ensure up-to-date documentation surrounding cyber security awareness, training, security events, incidents and all reported issues Who you are: * Key Competencies: * Oral and written communication skills * Learning skills * Customer service orientated * Problem analysis * Problem-solving * Adaptability * Planning and organizing * Attention to detail * Ability to multi-task and work in a fast paced environment * Preferred Requirements: * Bachelor's Degree in IT Cyber Security or related field * Experience with MS Windows 11, MS Office suite to include Word, Excel, and Powerpoint * Minimum 1 year of experience in MS Office Suite * Between 3-5 years of experience in Industry standards such as NIST Monster Energy provides a competitive total compensation. This position has an estimated annual salary of $78,750 - $105,000. The actual pay may vary depending on your skills, qualifications, experience, and work location.
$78.8k-105k yearly 60d+ ago
IT Analyst
Firstservice Corporation 3.9
Information security analyst job in Irvine, CA
The IT Systems Specialist position actively supports FirstService Residential philosophies and culture to staff, clients, and the community, enhancing the brand's image, reputation, differentiation, and professionalism. As an IT Specialist, the primary functions include supporting end-user technology and maintaining 100% availability of all IT related systems and software to provide Regional Offices and On-Site Locations with a competitive advantage, improved profitability, and exceptional customer service. Compensation: $26-$30hr FirstService Residential will compensate the successful candidate in accordance with the posted range. The salary or wage paid to the successful candidate will be commensurate with experience, education, and specific job responsibilities. For positions designated at a client's property, the salary or wage will also be premised upon the client's directive. The base pay range is subject to change and may be modified in the future. Job Responsibilities: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Due to the nature of this role and technology these responsibilities may change over time. * Manage internal and external client relationships and expectations during escalated issue processes. * Effectively communicate pertinent information to the team, associates, and leadership as needed. * Document all work performed in ServiceDesk in a timely, accurate, and detailed manner, with follow-up to resolution. * Provide professional, courteous, and timely support and service to users/customers. * Occasionally travel to other offices and site locations as needed. * Active Directory - Manage user's accounts, permissions, reset passwords. Create and disable accounts. * Support Office 365 and Office applications (Outlook, Word, Excel). * Manage the maintenance of all hardware (desktops, laptops, printers, and peripherals) and software. * Be familiar with Citrix desktops and applications. * Use remote support tools (GoToAssist, ManageEngine) to troubleshoot and resolve issues. * Conduct user training sessions on an as-needed basis Skills & Qualifications: * Valid State Driver's License and mandated vehicle insurance. * Proficient in English; bilingual skills are helpful. * Expert level with Microsoft Windows 10/11. Proficient in Active Directory, Citrix, Office 365, and Microsoft applications. * Basic understanding of networks and troubleshooting * Strong customer orientation. * Excellent interpersonal and communication skills Education & Experience: * Experience in IT (1-3 years). * Combination of associate's degree and/or IT-related certifications (Microsoft, CompTIA) in a related field is desirable. Physical Requirements & Working Environment: The physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. * Must be able to sit for extended periods of time. * Must be able to stand for extended periods of time. * Must be able to communicate both on the phone and in person with our clients in order to resolve issues and manage the business. * Must have finger dexterity for typing/using a keyboard. * Must be mobile enough to move around both the office in order to make copies, send mail and faxes and to walk around the property. This could include lengthy walks on uneven areas. * Talking and hearing occur continuously in the process of communicating with guests, supervisors, and other associates. Hours over and above normal office hours will occur, including evenings, holidays, and some weekends. Schedule is subject to change based on business needs. Tools & Equipment Used: * Must have access to and consistent use of a vehicle for transportation to client sites and local offices. * Computer and peripherals, standard and customized software applications and tools, and usual office equipment. Travel: * Must be able to travel locally to client sites in the field (Southern California) What We Offer: * Medical, dental, and vision plans (full time and part time 30+ hours) * Part time 20+ hours qualify for dental and vision * 401K match * Time off including vacation, sick, and company paid holidays * Pet insurance available * Tuition reimbursement * Legal services * Free emotional wellbeing and daily life assistance support for all associates * Domestic partner coverage * Health savings account * Flexible spending account About Us: FirstService Residential transforms the property management landscape by providing professional association management services to over 9,000 residential communities across the United States and Canada. Our dedication to associate satisfaction and growth is recognized by our Great Place to Work certification, exemplifying our commitment to fostering a positive and inclusive workplace culture. Our 19,000 associates can count on competitive salaries, top-tier medical, dental, and retirement benefits, career training, and support for continued professional development. Disclaimer: The above information in this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. This is not an all-inclusive job description; therefore, management has the right to assign or reassign schedules, duties, and responsibilities to this job at any time. FirstService Residential is an equal opportunity employer committed to a diverse and inclusive workforce. Applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), age, sexual orientation, national origin, marital status, parental status, ancestry, disability, gender identity, veteran status, genetic information, other distinguishing characteristics of diversity and inclusion, or any other protected status. Qualified applicants with arrest and/or conviction records will be considered for employment in a manner consistent with federal and state laws. All offers of employment with FirstService Residential are contingent upon a satisfactory background check.
$26-30 hourly 12d ago
Sr. Security Compliance Analyst
TP-Link Corp 3.9
Information security analyst job in Irvine, CA
Headquartered in the United States, TP-Link Systems Inc. is a leading global provider of networking devices and smart home products. Consistently ranked as the world's top provider of Wi-Fi devices, TP-Link is dedicated to delivering innovative solutions that improve people's lives by offering faster, more reliable connectivity. Serving customers in over 170 countries, we are committed to expanding our global footprint. At TP-Link Systems Inc., we believe that technology has the power to transform the world for the better. Our mission is to design reliable, high-performance products that connect users worldwide to the limitless possibilities of technology. We are driven by our core values of professionalism, innovation, excellence, and simplicity. Our goal is to help clients achieve outstanding global performance and to provide consumers with a seamless, effortless technology experience. TP-Link Systems Inc. is seeking a skilled and proactive Sr. Security Compliance Analyst who will be responsible for developing and overseeing TP-Link's enterprise security governance framework, ensuring compliance with regulatory requirements, industry standards, and internal policies. This individual will collaborate with cross-functional teams to embed security into business operations, manage risk, and enhance security resilience across TP-Link's enterprise ecosystem. Key Responsibilities: Security Governance & Policy Development * Develop, implement, and maintain security policies, standards, and guidelines aligned with industry best practices (e.g., NIST, ISO 27001, CIS). * Establish and lead a security governance framework to ensure consistent application of security controls across the enterprise. Risk Management & Compliance * Identify, assess, and mitigate security risks across TP-Link's global operations. * Ensure compliance with regulatory requirements such as GDPR, CCPA, NIST CSF, and other applicable cybersecurity frameworks. * Oversee security audits, risk assessments, and third-party security evaluations. * Partner with legal, IT, and business leaders to address security compliance gaps. Third-Party & Supply Chain Security * Develop and enforce security requirements for vendors, suppliers, and third-party partners. * Conduct security assessments of supply chain partners to identify and mitigate potential risks. Security Awareness & Training * Develop and lead security awareness programs to educate employees on cybersecurity risks and best practices. * Foster a security-first culture across all levels of the organization. * Provide guidance and training on security governance processes for internal stakeholders. Incident Response & Continuous Improvement * Support security incident response efforts by ensuring governance processes facilitate rapid detection and response. * Lead post-incident analysis to refine security policies and controls. * Monitor emerging threats, regulatory changes, and industry trends to evolve TP-Link's security governance strategies.
$111k-150k yearly est. 25d ago
Senior Information Security Analyst
Vesync
Information security analyst job in Tustin, CA
The Company: VeSync is a portfolio company with brands that cover different categories of health & wellness products. We wouldn't be surprised if you have one of our Levoit air purifiers in your living room or a COSORI air fryer whipping up healthy and delicious meals for you every night. We're a young and energetic company, we've had tremendous success, and we are constantly growing our team. As we garner more industry attention - just check out our accomplishments and awards by CES Innovation, iF Design, IGA, and Red Dot - we also need driven and talented people to join our team. That brings us to you, and what you'll be joining. Our teams are smart and diligent and take ownership of their work - they're confident in their work but know how to collaborate with open ears and a spirit of learning. If you're down-to-earth, approachable, and easy to strike up a conversation with, this may be a great fit for you. Check out our brands:levoit.com | cosori.com | etekcity.com The Opportunity: Information Security Planning • Develop and implement comprehensive information security plans to safeguard the security of company data and assets, including on-premise and cloud environments. • Thoroughly analyze the company's business processes and data characteristics, and combine industry best practices and frameworks such as NIST Cybersecurity Framework (CSF)to create customized security plans, ensuring the confidentiality, integrity, and availability of information assets in various scenarios. Policy Development and Compliance • Create security policies and ensure that the company's operations are in strict compliance with industry standards (e.g., ISO 27001, NIST, GDPR) and regulatory requirements. • Continuously monitor industry trends and regulatory changes, and adjust security policies in a timely manner to provide a solid security and compliance framework for the company's business operations. • Experience with OneTrust, Drata or similiar tools System, Network and Cloud Security • Maintain and enhance security measures for systems, networks , and public cloud platforms (e.g., AWS, Azure, GCP) to prevent potential threats. • Utilize advanced technical means and tools to conduct real - time monitoring and risk early warning of systems, networks, and cloud environments, promptly detect and block various attack behaviors, and ensure the stable and secure operation of IT infrastructure. • Familiar with AWS security suites • Familiar with security scorecards, SIEM tools and dashboards (Splunk, QRadar, Rapid7, Wazhu) Security Monitoring and Incident Response • Monitor security events in real - time, respond promptly to emergencies, and effectively mitigate risks. • Build an efficient security monitoring platform, use intelligent analysis technology to promptly capture abnormal behaviors, activate emergency response plans, and minimize the impact of security incidents. • Conduct re/blue team exercise Security Awareness and Training • Develop and deliver security training programs to enhance employees' security awareness and encourage their adherence to best practices. • Design targeted training courses according to the needs of different positions and use diverse training methods to ensure that employees have a deep understanding of and implement security requirements. Access Control and Identity Management • Oversee user access controls, regularly review permissions, and ensure secure identity management. • Implement a strict access control mechanism, Conduct regular audits of user permissions, and use reliable identity management systems to prevent unauthorized access and ensure the security of company resources. Risk Assessment and Management • Conduct comprehensive risk assessments, identify vulnerabilities, and implement effective mitigation strategies. • Use scientific risk assessment methods and frameworks such as NIST CSF to evaluate potential threats and vulnerabilities, formulate corresponding mitigation measures based on the assessment results, and continuously improve the company's security defense capabilities. • Develop KPIs and metrics Documentation and Mentorship • Document Cyber Security controls, detection rules and playbooks • Mentoring team members What you bring to the role: Bachelor's degree in Information Security, Computer Science, or a related field. 8+ years of experience in information security, with a strong background in security event analysis, incident response, vulnerability management, and risk assessment. Hands-on experience with public cloud security (e.g., AWS, Azure, GCP), including cloud-native security tools and best practices. Familiarity with security regulatory compliance standards and frameworks such as NIST CSF, ISO 27001, and CIS. Knowledge of network security principles, intrusion detection/prevention systems (IDS/IPS), firewalls, and endpoint protection. Understanding these aspects is essential for ensuring the company's security compliance and building a robust security defense system. Strong analytical and problem - solving skills, with the ability to quickly identify and mitigate security threats. Relevant security certifications such as CISSP, CISM, CEH are a plus. Location: This is an on-site, office-based role in Tustin, CA. Salary: Starting at $125K Perks and Benefits: 100% covered Medical/Dental/Vision insurance for employee AND spouse + dependents! 401K with 4% employer match (eligible after 90 days of employment) and immediate 100% vesting Generous PTO policy + paid holidays Life Insurance Voluntary Life Insurance Disability Insurance Critical Illness Coverage Accident Insurance Healthcare FSA Dependent Care FSA Travel Assistance Program Employee Assistance Program (EAP) Fully stocked kitchen
$125k yearly Auto-Apply 19d ago
Senior Security Engineer
Goodleap 4.6
Information security analyst job in Irvine, CA
About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: - Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. - Build-time controls: Managing applications/products security controls and activities during development. - Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Support or develop components of the security analytics platform. Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. Support the security operations team with the vulnerability management lifecycle for products and services under your purview. Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI.
$114k-145k yearly est. Auto-Apply 60d+ ago
Sr. Security Compliance Analyst
TP-Link Systems 3.9
Information security analyst job in Irvine, CA
Headquartered in the United States, TP-Link Systems Inc. is a leading global provider of networking devices and smart home products. Consistently ranked as the world's top provider of Wi-Fi devices, TP-Link is dedicated to delivering innovative solutions that improve people's lives by offering faster, more reliable connectivity. Serving customers in over 170 countries, we are committed to expanding our global footprint. At TP-Link Systems Inc., we believe that technology has the power to transform the world for the better. Our mission is to design reliable, high-performance products that connect users worldwide to the limitless possibilities of technology. We are driven by our core values of professionalism, innovation, excellence, and simplicity. Our goal is to help clients achieve outstanding global performance and to provide consumers with a seamless, effortless technology experience. TP-Link Systems Inc. is seeking a skilled and proactive Sr. Security Compliance Analyst who will be responsible for developing and overseeing TP-Link's enterprise security governance framework, ensuring compliance with regulatory requirements, industry standards, and internal policies. This individual will collaborate with cross-functional teams to embed security into business operations, manage risk, and enhance security resilience across TP-Link's enterprise ecosystem. Key Responsibilities: Security Governance & Policy Development Develop, implement, and maintain security policies, standards, and guidelines aligned with industry best practices (e.g., NIST, ISO 27001, CIS). Establish and lead a security governance framework to ensure consistent application of security controls across the enterprise. Risk Management & Compliance Identify, assess, and mitigate security risks across TP-Link's global operations. Ensure compliance with regulatory requirements such as GDPR, CCPA, NIST CSF, and other applicable cybersecurity frameworks. Oversee security audits, risk assessments, and third-party security evaluations. Partner with legal, IT, and business leaders to address security compliance gaps. Third-Party & Supply Chain Security Develop and enforce security requirements for vendors, suppliers, and third-party partners. Conduct security assessments of supply chain partners to identify and mitigate potential risks. Security Awareness & Training Develop and lead security awareness programs to educate employees on cybersecurity risks and best practices. Foster a security-first culture across all levels of the organization. Provide guidance and training on security governance processes for internal stakeholders. Incident Response & Continuous Improvement Support security incident response efforts by ensuring governance processes facilitate rapid detection and response. Lead post-incident analysis to refine security policies and controls. Monitor emerging threats, regulatory changes, and industry trends to evolve TP-Link's security governance strategies. Requirements Qualifications Education: Bachelor's degree in Computer Science, Cybersecurity, Information Security, or a related field. Experience: 5+ years of experience in security governance, risk management, or compliance in a global technology or networking company. Proven track record in developing and implementing security governance frameworks for enterprise security. Experience managing compliance with industry standards and regulations (ISO 27001, NIST CSF, SOC 2, GDPR, CCPA, etc.). Hands-on experience with supply chain security, third-party risk management, and vendor security assessments. Skills: Deep understanding of security frameworks (ISO 27001, NIST, CIS, SOC 2) and regulatory requirements. Strong expertise in risk management methodologies, security policy development, and compliance auditing. Proficient in conducting security assessments, third-party risk evaluations, and internal security reviews. Ability to communicate complex security concepts to business and technical stakeholders effectively. Strong leadership skills with experience in cross-functional collaboration and executive reporting. Benefits Salary range: $100,000-$150,000 Free snacks and drinks, and provided lunch on Fridays Fully paid medical, dental, and vision insurance (partial coverage for dependents) Contributions to 401k funds Bi-annual reviews, and annual pay increases Health and wellness benefits, including free gym membership Quarterly team-building events At TP-Link Systems Inc., we are continually searching for ambitious individuals who are passionate about their work. We believe that diversity fuels innovation, collaboration, and drives our entrepreneurial spirit. As a global company, we highly value diverse perspectives and are committed to cultivating an environment where all voices are heard, respected, and valued. We are dedicated to providing equal employment opportunities to all employees and applicants, and we prohibit discrimination and harassment of any kind based on race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Beyond compliance, we strive to create a supportive and growth-oriented workplace for everyone. If you share our passion and connection to this mission, we welcome you to apply and join us in building a vibrant and inclusive team at TP-Link Systems Inc. Please, no third-party agency inquiries, and we are unable to offer visa sponsorships at this time.
$100k-150k yearly Auto-Apply 60d+ ago
Senior Security Engineer
Goodleap 4.6
Information security analyst job in Irvine, CA
About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: - Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. - Build-time controls: Managing applications/products security controls and activities during development. - Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Support or develop components of the security analytics platform. Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. Support the security operations team with the vulnerability management lifecycle for products and services under your purview. Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. In addition to the above salary, this role may be eligible for a bonus. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
$114k-145k yearly est. 26d ago

Learn more about information security analyst jobs

How much does an information security analyst earn in Hemet, CA?

The average information security analyst in Hemet, CA earns between $75,000 and $154,000 annually. This compares to the national average information security analyst range of $71,000 to $135,000.

Average information security analyst salary in Hemet, CA

$107,000

$75,00010%

$107,000Median

$154,00090%

Job type you want

Full Time

Part Time

Internship

Temporary

Zippia Careers
Computer and Mathematical Industry
Information Security Analyst Jobs
Locations
Hemet, CA
Information Security Analyst Hemet, CA Jobs

Information security analyst jobs in Hemet, CA - 59 jobs

Global Chief Information Security Officer (CISO)

Sr. Security Compliance Analyst