Information security analyst jobs in Longview, WA

TITLE: N/A JOB CODE: FLSA: Exempt SALARY GRADE: 7 CATEGORY: Full-time UNION REPRESENTATION: NA SCHEDULE: Hybrid SUPERVISORY ROLE Y/N: 11.2025 The Information Security Analyst I plays a critical role in safeguarding the organization's systems and information assets. This position supports the development and implementation of security strategies, tools, and guidelines to protect against unauthorized access, data breaches, and system disruptions. Responsibilities include monitoring and responding to Information Security-related alerts, supporting audit and risk assessment activities, evaluating internal controls, and recommending improvements to enhance security posture. The analyst assists in migrating non-compliant environments to meet regulatory standards and ensures adherence to data protection laws and banking industry compliance requirements. This role is foundational to maintaining the confidentiality, integrity, and availability of sensitive financial data and supporting the organization's overall cybersecurity framework. ESSENTIAL DUTIES Identity and Access Management Support access provisioning, modification, and termination processes to ensure timely and secure access control. Conduct administrator activity and user access reviews across IT systems, including privileged access audits and firewall/cloud app usage monitoring. Maintain asset and access inventories, perform recurring audits of critical systems, and reconcile against endpoint and network tools. Security Monitoring and Incident Response Monitor and respond to alerts from SIEM, IDS, firewalls, and endpoint protection systems. Conduct vulnerability scans, track remediation efforts, and facilitate related meetings. Maintain readiness for incident response activation, including participation in tabletop exercises. System Administration and Tool Management Administration of cloud computing environments, conditional access, and guest provisioning following established best practices. Manage software controls, browser extensions, and patching processes. Administer security camera system and ensure system uptime. Administer Mobile Device Management system. Threat Intelligence and Continuous Improvement Stay informed on emerging threats in the banking sector and contribute to threat intelligence reporting. Research and test new security tools, controls, and AI applications to enhance the Bank's security posture. Correctly identify true and false positives in alerting systems and tune these systems for continuous improvement. Security Awareness and Training Support phishing simulations and training campaigns, track completion, and report metrics to management. Documentation and Reporting Log findings, remediation efforts, and audit results in a structured ticketing system. Assist with vendor management program administration and reporting. Data Protection and Compliance Ensure compliance with GLBA, FFIEC, and other applicable regulations through log retention, configuration management oversight, and DLP monitoring. Administer data classification tools and respond to violations involving PII or sensitive data. Audit VPN usage and test controls across email, endpoint, and network security platforms. Completes mandatory compliance training in accordance with established deadlines. The position performs duties specific to the position and other functions as assigned. ROLE COMPETENCIES/SKILLS Attention to Detail Collaboration & Communication Diversity & Inclusion Execution & Ownership Time Management Compliance Innovation Systems Thinking Data Analysis & Management Information Security Network Operations Critical Thinking Consulting Analytical Thinking ENVIRONMENT, PHYSICAL & MENTAL ACTIVITIES The incumbent is in a non-confined office-type setting in which they are free to move about at will. It may include some minor annoyances such as noise, odors, drafts, etc. For Hybrid and Remote roles, work may also be performed away from BSB worksites depending on the position and requirements. For Hybrid/Remote work, employees are required to have an environment when working at home that has a dependable, high-speed internet connection and environment conducive to frequent phone or internet calls where private, confidential or other information is not visible, able to be overheard, or physically or electronically accessible to anyone else. The incumbent in the course of performing this position spends time writing, typing, speaking, listening, lifting (up to 10 pounds), driving, carrying, seeing (such as close, color and peripheral vision, depth perception and adjusted focus), sitting, pulling, walking, standing, squatting, kneeling and reaching. The incumbent for this position may operate any or all of the following: personal computer, cellular telephone, printer, fax, and other standard office equipment. The incumbent in this position must be able to accommodate reading documents or instruments, detailed work, problem solving, customer contact, reasoning, math, language, presentations, verbal and written communication, analytical reasoning, stress, multiple concurrent tasks and constant interruptions. The work environment characteristics, physical and mental demands described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. POSITION REQUIREMENTS Minimum Qualifications Bachelor's degree in Information Technology, Cybersecurity, or a related field, or equivalent combination of education and experience. 5 years of professional experience in IT support or related technical roles. Foundational understanding of cybersecurity principles, including access control, endpoint protection, and network monitoring. Familiarity with Microsoft 365, Active Directory, and basic system administration tasks. Ability to conduct audits, manage tickets, and document findings accurately. Strong analytical and troubleshooting skills. Effective communication skills and ability to collaborate across departments. Preferred Qualifications Bachelor's degree in Information Technology, Cybersecurity, or a related field. Experience with banking industry compliance standards (e.g., GLBA, FFIEC). Hands-on experience with security tools such as SIEM, DLP, IDS/IPS, EDR, Email Filtering, and Firewalls. Exposure to vulnerability management platforms and identity/access management processes. Familiarity with Microsoft cloud services and Mobile Device Management. Experience supporting or administering phishing simulations, security awareness programs, or similar efforts. Knowledge of vendor management platforms and data classification tools. Management reserves the right to change this position description at any time according to business needs. #LI_Hybrid

The world is transforming - and so is Intel. Intel is a company of bold and curious inventors and problem solvers who create some of the most astounding technology advancements and experiences in the world. With a legacy of relentless innovation and a commitment to bring smart, connected devices to every person on Earth, our diverse and brilliant teams are continually searching for tomorrow's technology and revel in the challenge that changing the world for the better brings. We work every single day to design and manufacture silicon products that empower people's digital lives. Come join us and do something wonderful. Who we Are: Intel's Information Security organization enables Intel to provide secure products, solutions, and services which meet U.S. regulatory requirements. The Information Security organization supports the unique IT information Security and Compliance requirements for Intel Federal projects that deliver products and/or services to the US Government (USG).As part of this team, you will help us grow our secure solution suite to meet U.S. Government requirements. The Intel Information Security organization is seeking an Identity Security Analyst. The candidate chosen for this role will assist senior engineers with design, architecture, and build of secure classified network products to support USG operations. Primary duties and responsibilities: * Assist with architecting identity and identity security products in secured enclaves, including product testing, validation, and selection. * Assist with design and long-term roadmap planning for new and future scalability in secure enclaves. * Coordinate security assessments to identify security control failures and recommend corrective actions. * Development and configuration experience of various SailPoint IIQ modules (e.g. audit, compliance, lifecycle, service account, Microsoft Active Directory connector). * Design and integration of Microsoft Active Directory. * Design and deploy custom forms, approval workflows, connections in SailPoint for access requests, access certifications, and provisioning. * Automate processes in the SailPoint toolset using PowerShell scripting. * Business travel is required as needed. * Ability to thrive in dynamic and fast-paced environments. * Excellent communication, leadership, strong troubleshooting, debugging, and analytical skills. Qualifications: You must possess the below minimum qualifications to be initially considered for this position. Preferred qualifications are in addition to the minimum requirements and are considered a plus factor in identifying top candidates. Experience listed below would be obtained through a combination of your degree, research and or relevant previous job and or internship experiences. Minimum Qualifications: * US Citizenship required * Ability to obtain and maintain a US Government Security Clearance * High School /Equivalent Diploma and 3+ years of applicable experience with at least one of the following certifications: CISSP, CISM, CASP E, Security+ OR Bachelor's degree and 2+ years of applicable experience * 2+ years' experience configuring Access Profiles, Roles, and Identity Profiles * 2+ years' experience in Active Directory * 2+ years' experience in APIs (RESTful services preferred) * 1+ years' experience in implementing and supporting SailPoint IIQ modules like Compliance Manager, Lifecycle Manager, Integration modules, in both production and nonproduction environments * 1+ years' experience in designing and implementing custom SailPoint solutions Preferred Qualifications: * Active US Government Top Secret (TS) Security Clearance with the ability to obtain and maintain SCI access * Bachelor's degree in Systems Engineering, Cyber Security Engineering, Computer Engineering, Computer Science, Information Systems, or similar discipline and four years of work-related experience; or an equivalent combination of education and experience * Experience with DoD security implementation (e.g. STIG) and security tools for managing the environment * Experience with business continuity and disaster recovery * Experience with scripting in the Windows and UNIX environment * Experience with Microsoft SQL Server 2019/2022 * Experience with Web Tech: HTML, JavaScript, JSP, XML, XSL, and DTD Job Type: Experienced Hire Shift: Shift 1 (United States of America) Primary Location: US, California, Santa Clara Additional Locations: US, Arizona, Phoenix, US, Oregon, Hillsboro Business group: As members of the Finance team, employees act as full partners in making and supporting business decisions that are aimed at maximizing shareholder value. Intel Finance has a strong focus on facilitating change and improvement both within finance and in the operations supported. Posting Statement: All qualified applicants will receive consideration for employment without regard to race, color, religion, religious creed, sex, national origin, ancestry, age, physical or mental disability, medical condition, genetic information, military and veteran status, marital status, pregnancy, gender, gender expression, gender identity, sexual orientation, or any other characteristic protected by local law, regulation, or ordinance. Position of Trust N/A Benefits: We offer a total compensation package that ranks among the best in the industry. It consists of competitive pay, stock, bonuses, as well as, benefit programs which include health, retirement, and vacation. Find more information about all of our Amazing Benefits here: ********************************************************************************** Annual Salary Range for jobs which could be performed in the US: 123,130.00 USD - 173,830.00 USD The range displayed on this job posting reflects the minimum and maximum target compensation for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific compensation range for your preferred location during the hiring process. Work Model for this Role This role will require an on-site presence. * Job posting details (such as work model, location or time type) are subject to change.

KPMG Advisory practice is currently our fastest growing practice. We are seeing tremendous client demand, and looking forward we do not anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, a world-class training facility and leading market tools, we make sure our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Advisory. KPMG is currently seeking a Specialist Director, MAST Application Penetration Testing Lead to join our Managed Services practice. Responsibilities: * Lead the strategic delivery of Managed Application Security Testing (MAST) services, ensuring alignment with client objectives and industry best practices * Execute go-to-market (GTM) strategies for MAST offerings, collaborating with cross-functional teams to drive market penetration and revenue growth * Oversee the design and implementation of scalable security testing frameworks across diverse application environments, including cloud-native and hybrid architectures * Provide subject matter expertise in application security, guiding clients through risk assessments, remediation planning, and secure development lifecycle integration * Build and maintain strong client relationships, serving as a trusted advisor and ensuring high levels of satisfaction and retention * Mentor and lead a team of security professionals, fostering a culture of innovation, accountability, and continuous improvement * Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment Qualifications: * Minimum eight years of recent experience in application security, penetration testing, or related cybersecurity domains, with at least three years in a leadership or director-level role * Master's degree from an accredited college or university in cybersecurity, computer science, or related field is preferred; Bachelor's degree from an accredited college or university is required * Deep understanding of application security testing methodologies, tools (for example, DAST, SAST, IAST), and secure SDLC practices * Proven experience developing and executing GTM strategies for security services or technology solutions * Strong client-facing skills with the ability to communicate complex technical concepts to non-technical stakeholders * Excellent verbal/written communication, presentation, and analytical skills * Ability to travel as required * Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa) KPMG LLP and its affiliates and subsidiaries ("KPMG") complies with all local/state regulations regarding displaying salary ranges. If required, the ranges displayed below or via the URL below are specifically for those potential hires who will work in the location(s) listed. Any offered salary is determined based on relevant factors such as applicant's skills, job responsibilities, prior relevant experience, certain degrees and certifications and market considerations. In addition, KPMG is proud to offer a comprehensive, competitive benefits package, with options designed to help you make the best decisions for yourself, your family, and your lifestyle. Available benefits are based on eligibility. Our Total Rewards package includes a variety of medical and dental plans, vision coverage, disability and life insurance, 401(k) plans, and a robust suite of personal well-being benefits to support your mental health. Depending on job classification, standard work hours, and years of service, KPMG provides Personal Time Off per fiscal year. Additionally, each year KPMG publishes a calendar of holidays to be observed during the year and provides eligible employees two breaks each year where employees will not be required to use Personal Time Off; one is at year end and the other is around the July 4th holiday. Additional details about our benefits can be found towards the bottom of our KPMG US Careers site at Benefits & How We Work. Follow this link to obtain salary ranges by city outside of CA: ********************************************************************** California Salary Range: $153700 - $319000 KPMG offers a comprehensive compensation and benefits package. KPMG is an equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding KPMG's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please. KPMG recruits on a rolling basis. Candidates are considered as they apply, until the opportunity is filled. Candidates are encouraged to apply expeditiously to any role(s) for which they are qualified that is also of interest to them. Los Angeles County applicants: Material job duties for this position are listed above. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness, and safeguard business operations and company reputation. Pursuant to the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers, Fair Chance Initiative for Hiring Ordinance, and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

At EY, we're all in to shape your future with confidence. We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. **Manager - Security Architect** **The opportunity** We're hiring an experienced Security Architect that is an expert in the modern security threat and mitigation environment. Knowledge of the use of security in the development of applications (threat model development) best practices for security in the design architecture of applications. The use of AI in SEIM/MDR/MXDR and/or the analysis of behavioral threats. The successful candidate should have experience in the emerging area of AI based attack vectors and be able to devise successful mitigation. The candidate should thrive in fast-paced environments and are passionate about enabling scalable AI solutions. **Your key responsibilities** + Develop effective security designs for implementation into enterprise applications and internal EY platforms. + Support security tool selection and verification. + Develop best practices for security design patterns in AI native applications. + Execute security assessments based on experience and select AI and conventional code analysis tools. + Assess new proposed projects to insure they are leveraging best security practices architecture design and implementation. + Collaborate with other architectural experts in AI, Data and Infrastructure to insure balanced and practical outcomes. + Support strategic business development activities for emerging technology. **Skills and attributes for success** + Strong analytical and troubleshooting skills. + Ability to lead security architectural product functions and mentor junior engineers. + Comfortable working across cross-functional teams and managing competing priorities. + Build and manage strong internal and external partnerships by fostering trust, empathy, and mutual value. + Leverage emotional agility and hybrid collaboration to navigate diverse stakeholder needs and drive long-term engagement. + Use critical thinking and creative reasoning to address complex problems and exceed expectations. + Align cross-functional teams around shared goals, ensuring accountability and progress. Use emotional intelligence and hybrid collaboration to motivate others and deliver high-impact results. **T** **o qualify you must have** + 5-10+ years of experience in security engineering and architecture for products. + Understand security and safety in an AI environment (Guardrails, Adversarial attacks, output validation etc..) + Use of security tooling for application verification in Github Advance Security, Checkmarx JFrog, DAST, etc.. + Understand threat model development and verified implementation. + Familiarity with security certifications and appropriate use for best practices development OWASP etc.... + Expertise in the assessment of security best practices of agile development process + Expertise in the development and adoption of security first best practices. **Ideally, you'll also have** + Experience with large-scale cross functional software development projects. + Excellent communication and leadership abilities. **What we offer you** At EY, we'll develop you with future-focused skills and equip you with world-class experiences. We'll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more . + We offer a comprehensive compensation and benefits package where you'll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $125,500 to $230,200. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $150,700 to $261,600. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. + Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year. + Under our flexible vacation policy, you'll decide how much vacation time you need based on your own personal circumstances. You'll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. **Are you ready to shape your future with confidence? Apply today.** EY accepts applications for this position on an on-going basis. For those living in California, please click here for additional information. EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. **EY | Building a better working world** EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY's Talent Shared Services Team (TSS) or email the TSS at ************************** .

At PLEXSYS, our teams design, build and deliver Live, Virtual, and Constructive (LVC) innovation and training solutions to customers around the world. With over 200 employees in seventeen states and four foreign countries, we contribute our success to enabling better training…everyday…across the globe. As an employee of PLEXSYS, you'll find a culture that empowers you to achieve your professional objectives, give your personal best, and work with other highly passionate individuals. Our core values of integrity, excellence, teamwork and agility drive our daily decisions, identify our focus areas, and inspire our organizational culture. GENERAL DESCRIPTION The Information System Security Officer (ISSO) is responsible for ensuring the appropriate operational security posture for information systems and as such, works in close collaboration with the ISSM, CPSO, and FSO. The ISSO must have detailed knowledge and expertise required to manage the security aspects of an information system and is assigned the day-to-day responsibility for assigned systems. Responsibilities include implementation of the requirements of Risk Management Framework, including the Joint Special Access Program (SAP) Implementation Guide (JSIG), NIST 800-53, or other security requirements as assigned. This position will report to the Corporate Information Assurance Manager and work in close collaboration with the AFSO and FSO. The ISSO is responsible for developing and updating the security authorization package, managing and controlling changes to the system, and assessing the security impact of those changes. Ensure systems are operated, maintained, and disposed of following security policies and procedures as outlined in the security authorization package. Report all security-related incidents to the ISSM. Conduct periodic reviews of information systems to ensure compliance with the security authorization package. Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly. Ensure audit records are collected, reviewed, and documented. Duties also include physical and environmental protection, personnel security, and incident handling. DUTIES & RESPONSIBILITIES Lead the information system security program for their assigned location to include implementation and validation of automated informational security, ensuring security requirements as contracted are satisfied Maintain and establish the accreditation of classified information systems Establish and implement security procedures and practices in support of Corporate goals and current DoD Regulations Ensure all security procedures are being followed such as patching, AV updates, continuous monitoring, trainings, and self-inspections Develop, implement and maintain security emergency action plans Provide security education and training to local employees Maintain administrative security records and documents for local employees Conduct self-inspections to ensure current security measures and policies are effective Conduct random security inspections to ensure regulations and procedures are being adhered to by local employees Conduct system audits in accordance with security accreditation package requirement Lead the information system security program for their assigned location to include implementation and validation of automated informational security, ensuring security requirements as contracted are satisfied Maintain and establish the accreditation of classified information systems Establish and implement security procedures and practices in support of Corporate goals and current DoD Regulations Ensure all security procedures are being followed such as patching, AV updates, continuous monitoring, trainings, and self-inspections Develop, implement and maintain security emergency action plans Provide security education and training to local employees Maintain administrative security records and documents for local employees Conduct self-inspections to ensure current security measures and policies are effective Conduct random security inspections to ensure regulations and procedures are being adhered to by local employees Conduct system audits in accordance with security accreditation package requirements Conduct vulnerability scans and analysis Conduct maintenance on the networks, systems, and hardware Perform software upgrades on networks, systems, and hardware Perform security assignments in accordance with the Automated Information System requirements and local regulations Understand and follow NISPOM/ODAA/RMF/JAFAN/ICD/NIST/JSIG classified system accreditation and certification requirements Other duties as assigned REQUIREMENTS Bachelor's degree in related field or 4 years' experience in related field DoD 8570 compliant, IAT Level II Experience with Windows based administration of Information Systems Ability to work within compliance standards; previous experience with RMF, HIPAA , PCI DSS, or equivalent compliance standard preferred Strong experience in networking, active directory, centralized logging solutions, vulnerability scanning and anti-virus solutions Experience with security audits for information systems Strong communication and problem-solving skills Ability to work in both a team environment as well as independently Must be organized and detail oriented Ability to obtain and maintain Top Secret clearance with the ability to obtain approval for SAP/SCI access DESIRABLE Have previous experience with DoD Security Regulations and Policies PERKS As a PLEXSYS employee, you can expect certain advantages; such as advancement based on performance, competitive wages, valuable benefits and a great working environment. Our team is committed to ensuring an environment that empowers individuals to realize their full potential by providing opportunities and necessary support to achieve personal and professional goals. Medical/Vision/Prescription/Dental Benefits Life, AD&D and Long Term Disability Coverage Paid Holidays, Military Leave, and Paid Time Off 401k Plan with eligibility from first day of employment Education reimbursement for job-related courses for full-time employees PriceClub/COSTCO/Sam's Club annual membership

Change Mgmt & IT Compliance; Portland, Oregon (US-OR) Hybrid schedule available for Oregon & Washington residents. Regular FT Posting # 5338 About Us: At NW Natural, we offer more than rewarding career opportunities and a vibrant, inclusive work culture. We invite you to join us in providing safe and reliable utility services and renewable energy to better the lives of the communities we serve. Our vision is to be the leader in service excellence, innovation and environmental stewardship for our customers, while building on our strengths as a trusted energy provider and environmental leader for our industry. In addition to environmental stewardship, we're also deeply committed to Diversity, Equity and Inclusion at NW Natural. Our DEI Council started 21 years ago, and today we continue to foster a culture where all employees can experience a sense of belonging, shared purpose and possibility. The Role: NW Natural is recruiting for IT Compliance Analyst I/II/III positions. These positions will be reporting to the IT&S compliance manager and will work closely with IT&S Security and other technical, non-technical teams as well as internal or external auditors. The primary purpose of this position is to ensure Information Technology & Services (IT&S) department is in compliant with state and federal regulations by creating, monitoring, evaluating, and reporting on the effectiveness of operational controls within Information Technology (IT) and Industrial Control System (ICS) environments. Day to Day: * Ensure company complies with all local, state and federal requirements. * Performing and coordinating the testing of key controls, documenting findings, and ensuring controls are effectively designed and operating as intended. * Collaborate with internal and external auditors to facilitate walkthroughs, evidence collection, and remediation tracking. * Assist in the development and maintenance of IT compliance policies, procedures, and control frameworks. * Monitor and report on control deficiencies, remediation plans, and risk mitigation strategies. * Conduct security risk assessments of third-party vendors, including review of SOC reports, security questionnaires, and contractual obligations. * Evaluate vendor responses and identify potential risks or gaps in security controls. * Work with business units and procurement to ensure vendors meet security and compliance standards. * Maintain a centralized repository of vendor assessments and risk ratings. Come on your first day with: Qualifications: * Bachelor's degree in related field or equivalent education/experience. * Understanding of IT systems, applications, networks and databases. * Knowledge of SOX and Operational Controls. * 2 + years of experience in working on a IT compliance program and/or information security program for level 2. More advanced experience required for level 3 including managing more complex tasks, broader responsibilities, and increased autonomy in decision-making or leading initiatives. * Familiarity with SOX, NIST, ISO 27001, or similar regulatory frameworks. * Experience with third-party risk management tools and processes. * Analytical, communication, and organizational skills. * Ability to work independently and collaboratively in a fast-paced environment. * Understanding of assessing and designing internal and security controls. * Experience in developing and submitting audit and compliance reports to governing. * Understanding of cloud security and modern IT environments. Recommended: * Experience in planning, organizing, and developing information technology policies, procedures, and practices. * Ability to propose creative solutions to successfully remediate identified compliance issues. * Certifications in one or more of the following areas preferred: CISA, CRISC, CISSP, and CISM. What we offer: Health & Wellness - * Rich health insurance benefits with competitive employer contribution * Free access to an online wellness resources platform Work Life Balance - * Up to 23 Vacation Days * 80 Hours of Sick Time * 10 paid holidays and 3 floating holidays * Flexible work arrangements * 3 weeks paid parental leave * Green Team / Diversity, Equity & Inclusion Council / Safety Team / Women's Network and many other Employee Resource Groups * 1500 sq foot exercise facility and secure bike room Financial - * Meaningful annual incentive bonus opportunity in addition to base salary * Competitive 401K company contribution and match * 15% discount on NW Natural stock through Employee Stock Purchase Program * Up to $5250 a year in tuition reimbursement * Wellness incentive program Discounts - * 20% off natural gas service * Up to 30% discount at NW Natural Appliance Center * TriMet Pass for all HQ employees * Generous discounts with Verizon & AT&T Wireless Base salary range: $86,500.00 - $123,250.00 (Level 2) or $96,000.00 - $136,800.00 (Level 3) per year, depending on qualifications Annual Target Incentive: Level 2, 9.5% target Level 3, 9.5% target Targets are calculated using eligible earnings during plan year participation. Payout, if earned, is based on company and individual performance for each plan year and may range from 0% - 200% of target. Targets are subject to change in subsequent plan years. Must be employed by September 30 in order to receive any prorated payout. Application Process: To be considered for this position, submit a complete electronic application including cover letter and resume via our website. ****************************************************** Deadline: 1/5/26 Disclosure: We are a drug free workplace and we comply with Federal Drug Free Workplace Act and Department of Transportation regulations. NW Natural participates in E-Verify. Individuals hired will have their Form I-9 information submitted to E-Verify. E-Verify is an Internet-based system that compares information from an employee's Form I-9, Employment Eligibility Verification, to data from U.S. Department of Homeland Security and Social Security Administration records to confirm employment eligibility. All applications must be submitted through NW Natural's Electronic Application System. Resumes submitted via email, fax or mail will not be accepted in lieu of an electronic application. NW Natural is proud to be an equal opportunity employer. We welcome and embrace our candidates' diversity and take affirmative action to employ and advance individuals without discrimination on the basis of race, color, sex, gender identity or expression, sexual orientation, religion, age, physical or mental disability, veteran status, pregnancy (including childbirth or related medical conditions), national origin, marital status, genetic information, and all other legally protected characteristics. We forbid discrimination and harassment in the workplace based on any protected status or characteristic. A criminal history is not an automatic bar to employment with NW Natural. Instead, we make individualized assessments regarding qualifications and backgrounds. NW Natural is also committed to providing reasonable accommodations for individuals with disabilities, individuals with sincerely held religious beliefs, and disabled veterans in our job application procedures. If you need assistance or an accommodation as part of the application process, please contact us at ************************ or **************. NW Natural does not accept unsolicited submissions or assistance from search firms for posted positions. Resumes submitted by search firms working under a valid and current written contract with NW Natural valid written Statement of Work in place for this position from NW Natural HR/Employment will be deemed the sole property of NW Natural. No fee will be paid in the event the candidate is hired by NW Natural as a result of the referral or through other means.

Who You'll Work With As a modern technology company, our Slalom Technologists are disrupting the market and bringing to life the art of the possible for our clients. We have passion for building strategies, solutions, and creative products to help our clients solve their most complex and interesting business problems. We surround our technologists with interesting challenges, innovative minds, and emerging technologies As a Consultant or Senior Consultant, you will collaborate with cross-functional teams, including IT, security, and business units, to design and implement Google Cloud-based application innovation solutions. You will work alongside experienced cloud architects, data scientists, and other specialists, ensuring the successful delivery of scalable, cloud-native applications and AI-powered solutions. What You'll Do * Stay current with security trends, technologies, and best practices around Google Cloud solutions, leveraging tools like Cloud IAM, Cloud Security Command Center, BeyondCorp, and Cloud Armor. * Define and guide transformational security strategies for Google Cloud environments, ensuring alignment with Google's Zero Trust and BeyondCorp principles. * Translate complex regulatory requirements (e.g., GDPR, SOC 2, HIPAA) and technology standards into actionable functional and technical requirements for cloud and hybrid environments, ensuring security and compliance. * Lead teams through various phases of gap analyses, including security assessments, remediation planning, roadmap development, and implementation of remediation actions using Google Cloud-native tools. * Deliver on the vision, architecture, execution, and quality assurance of security projects on Google Cloud, driving initiatives that secure enterprise workloads and data. * Guide stakeholders and senior leaders on aligning security solutions with broader business goals, ensuring the architecture follows Google Cloud's security best practices and roadmap. * Establish security architecture patterns based on Google Cloud security frameworks and industry standards to meet the unique needs of enterprise clients. * Collaborate with other Google Cloud architects and security teams to continuously improve security knowledge assets and best practices, ensuring the most effective security solutions for clients. * Design and architect solutions to secure Generative AI models and applications against adversarial attacks, prompt injection, and their potential misuse for malicious cyber activities. What You'll Bring * Proven experience with Google Cloud security architecture, with hands-on experience in tools like Cloud IAM, VPC Service Controls, Cloud DLP, and Cloud Armor. * Strong background in defining and implementing Zero Trust and BeyondCorp security models within Google Cloud environments. * Familiarity or direct experience with Identity and Access Management (IAM), Data Protection, Vulnerability Management, and Cloud Security solutions in Google Cloud. * Extensive experience with security design patterns specific to Google Cloud, as well as hybrid and multi-cloud security architecture. * Experience in security and risk advisory consulting, particularly related to cloud security transformations. * Ability to lead the development and implementation of cloud security roadmaps aligned with business goals and compliance needs. * Familiarity with Google Cloud's Artificial Intelligence (AI) capabilities (e.g., Vertex AI, Generative AI services, Model Armor) including their applications, associated security risks (e.g., prompt injection, data poisoning, privacy concerns), and proven strategies for implementing security controls, governance, and responsible AI practices. * Relevant certifications are strongly desired, including (but not limited to): * GCP Professional Security Engineer * GCP Professional Cloud Architect * CISSP * Security+ About Us Slalom is a fiercely human business and technology consulting company that leads with outcomes to bring more value, in all ways, always. From strategy through delivery, our agile teams across 52 offices in 12 countries collaborate with clients to bring powerful customer experiences, innovative ways of working, and new products and services to life. We are trusted by leaders across the Global 1000, many successful enterprise and mid-market companies, and 500+ public sector organizations to improve operations, drive growth, and create value. At Slalom, we believe that together, we can move faster, dream bigger, and build better tomorrows for all. Compensation and Benefits Slalom prides itself on helping team members thrive in their work and life. As a result, Slalom is proud to invest in benefits that include meaningful time off and paid holidays, parental leave, 401(k) with a match, a range of choices for highly subsidized health, dental, & vision coverage, adoption and fertility assistance, and short/long-term disability. We also offer yearly $350 reimbursement account for any well-being-related expenses, as well as discounted home, auto, and pet insurance. Slalom is committed to fair and equitable compensation practices. For this position the base salary pay ranges are listed below. In addition, individuals may be eligible for an annual discretionary bonus. Actual compensation will depend upon an individual's skills, experience, qualifications, location, and other relevant factors. The salary pay range is subject to change and may be modified at any time. East Bay, San Francisco, Silicon Valley: * Consultant: $120,000-$177,000 * Senior Consultant: $140,000-$203,000 San Diego, Los Angeles, Orange County, Seattle, Houston, New Jersey, New York City, Westchester, Boston, Washington DC: * Consultant: $110,000-$162,000 * Senior Consultant: $130,000-$186,000 All other locations: * Consultant: $105,000-$148,000 * Senior Consultant: $115,000-$171,000 EEO and Accommodations Slalom is an equal opportunity employer and is committed to inclusion, diversity, and equity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veterans' status, or any other characteristic protected by federal, state, or local laws. Slalom will also consider qualified applications with criminal histories, consistent with legal requirements. Slalom welcomes and encourages applications from individuals with disabilities. Reasonable accommodations are available for candidates during all aspects of the selection process. Please advise the talent acquisition team if you require accommodations during the interview process. We are accepting applications until 12/31.

The Microsoft Offensive Research & Security Engineering (MORSE) team is looking for a learn-it-all engineer that will help secure Microsoft products and devices. The MORSE team is responsible for securing Microsoft's operating systems, including Windows, cloud computing platforms, and virtualization technologies. These solutions support the daily needs of over one billion customers worldwide. This team performs security design reviews, code reviews, and vulnerability research on key features of Windows and Azure to make sure they meet the highest possible security standards. In this role, you will help a team of engineers tasked with building automation and tooling to streamline and scale detection of vulnerabilities. The ideal candidate will have hands-on experience with native code (C/C++), building security-focused developer-facing tools, a clear understanding of OS security fundamentals, solid computer science skills, and a passion for keeping Microsoft customers safe. Responsibilities * Equip Microsoft developers with powerful, easy-to-use security tools to catch security issues earlier * Improve existing processes and tools to help us deliver our goal of ubiquitous fuzzing * Collaborate with teams of security experts to understand their requirements and build tools to streamline or automate common tasks * Devise new methods to systematically detect vulnerabilities at scale Qualifications Required * Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in security or related field OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in security or related field OR equivalent experience. Other Requirements: Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter. Preferred * Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in security or related field OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 8+ years experience in security or related field OR equivalent experience. * Public track record of relevant security research, especially around vulnerability discovery * Experience exploiting bugs and bypassing security mitigations in Operating Systems * Familiarity with Microsoft Windows architecture * 5+ years of experience in a software engineering or security-related field * 3+ years of software engineering in a systems language such as C, C++, or Rust Penetration Testing IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: **************************************************** This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled. Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.

Rajesh KRG Technologies Inc. 25000 | Avenue Stanford | Suite 253 | Valencia, CA 91355 rajesh.b at krgtech.com / ************ EXT- 514 Job Description : General Cryptography (symmetric algorithms like AES, DES and asymmetric or public crypto like RSA, EC) Experience of open security suites like Openssl, embed TLS, Elgamal or other opensource secure communication packages which export general crypto api's (e.g. Open SSL, Elgamal) Public key and private key concepts Programming in ‘C' Preferred: Basic kernel driver development concepts, linux Userspace Desirable : DRM's, NOCS, Nagra Additional Information All your information will be kept confidential according to EEO guidelines.

**About the job you're considering** Are you passionate about securing the future of cloud-native infrastructure in mission-critical environments? Join our team in Portland, OR, as a Kubernetes Security Engineer supporting the aerospace industry, where security, reliability, and precision are paramount. In this onsite role, you'll focus on hardening and isolating Kubernetes clusters to minimize blast radius in the event of compromise. This includes enforcing Linux security modules like SELinux and AppArmor, leveraging Trusted Platform Module (TPM) for secure boot and attestation, implementing least privilege across nodes and workloads, and ensuring multi-tenant isolation within hybrid Kubernetes environments-spanning x86, ARM, and accelerator-based architectures. You'll work hands-on with cutting-edge technologies and collaborate with cross-functional teams to build resilient, secure infrastructure that supports aerospace innovation. **Your role** + Architect and deploy security-first Kubernetes cluster configurations across diverse hardware platforms, including x86, ARM, and accelerators. + Enforce Linux security modules (SELinux, AppArmor) and sandboxing techniques (seccomp, gVisor, Kata) to protect workloads and system services. + Integrate TPM for secure boot and attestation, ensuring hardware and OS integrity, and support cryptographic operations with HSM/KMS systems. + Design multi-tenant isolation strategies using namespaces, node pools, and hardware partitioning to prevent lateral movement and reduce blast radius. + Apply least-privilege policies using RBAC, PodSecurityStandards, NetworkPolicies, and resource constraints to secure workload execution and mitigate denial-of-service risks. + Harden Kubernetes components (API server, etcd, kubelet) using CIS and NSA benchmarks, and implement kernel-level protections like seccomp-bpf and IMA/EVM. + Secure workload secrets using TPM-backed storage and tools like SealedSecrets, HashiCorp Vault, or SOPS for safe distribution and access control. + Strengthen supply chain security through image signing (cosign, Notary), SBOM scanning, and CI/CD vulnerability management. + Monitor runtime behavior with tools like Falco and Cilium Tetragon, and collaborate with SRE and Security teams to develop incident response runbooks and conduct breach simulation drills. **Your skills and experience** + Bachelor's degree in Computer Science, Engineering, or a related technical field, with 8-10 years of experience in infrastructure, security, or systems engineering. + Deep expertise in Kubernetes internals, including cluster hardening, multi-tenant isolation, and security architecture. + Advanced proficiency in Linux security features such as SELinux, AppArmor, seccomp, and kernel-level protections. + Hands-on experience with TPM for secure boot, attestation, and integration with HSM/KMS for cryptographic operations and secrets management. + Strong understanding of Pod Security frameworks (PodSecurityStandards, OPA, Gatekeeper, Kyverno) and implementation of RBAC, NetworkPolicies, and workload isolation at scale. + Familiarity with container runtimes (containerd, CRI-O, gVisor, Kata) and their security implications in hybrid environments. + Experience with runtime and supply chain security tools and frameworks, including Falco, Cilium Tetragon, cosign, Notary, SLSA, and NIST 800-190. + Knowledge of confidential computing (TEE, SGX, SEV), air-gapped deployments, and hardened Linux distributions like Flatcar and Bottlerocket. **Life at Capgemini** **Capgemini supports all aspects of your well-being throughout the changing stages of your life and career. For eligible employees, we offer:** + Flexible work + Healthcare including dental, vision, mental health, and well-being programs + Financial well-being programs such as 401(k) and Employee Share Ownership Plan + Paid time off and paid holidays + Paid parental leave + Family building benefits like adoption assistance, surrogacy, and cryopreservation + Social well-being benefits like subsidized back-up child/elder care and tutoring + Mentoring, coaching and learning programs + Employee Resource Group + Disaster Relief **About Capgemini Engineering** World leader in engineering and R&D services, Capgemini Engineering combines its broad industry knowledge and cutting-edge technologies in digital and software to support the convergence of the physical and digital worlds. Coupled with the capabilities of the rest of the Group, it helps clients to accelerate their journey towards Intelligent Industry. Capgemini Engineering has 65,000 engineer and scientist team members in over 30 countries across sectors including Aeronautics, Space, Defense, Naval, Automotive, Rail, Infrastructure & Transportation, Energy, Utilities & Chemicals, Life Sciences, Communications, Semiconductor & Electronics, Industrial & Consumer, Software & Internet. Capgemini Engineering is an integral part of the Capgemini Group, a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, generative AI, cloud and data, combined with its deep industry expertise and partner ecosystem. The Group reported 2024 global revenues of 22.1 billion. **Get the future you want |** ********************* **Disclaimer** Capgemini is an Equal Opportunity Employer encouraging inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law. This is a general description of the Duties, Responsibilities and Qualifications required for this position. Physical, mental, sensory or environmental demands may be referenced in an attempt to communicate the manner in which this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, Capgemini will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship. Capgemini is committed to providing reasonable accommodations during our recruitment process. If you need assistance or accommodation, please reach out to your recruiting contact.Please be aware that Capgemini may capture your image (video or screenshot) during the interview process and that image may be used for verification, including during the hiring and onboarding process.Click the following link for more information on your rights as an Applicant ************************************************************************** Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini. **Job:** _Developer_ **Organization:** _ERD PPL US_ **Title:** _Sr. Kubernetes Security Engineer_ **Location:** _OR-Portland_ **Requisition ID:** _081871_

We are looking for an AI Security Engineer to design, implement, and secure our next generation of AI solutions. You will combine hands-on engineering with security and governance expertise to ensure safe and compliant AI adoption. You will build and maintain AI guardrails, enforce Agent RBAC and permissions tied to firm roles, and integrate Data Loss Prevention (DLP) pipelines to protect sensitive information from leaking into LLM endpoints. Partnering with cloud, security, and governance teams, you will evaluate AI architectures for bias, drift, and risk, while aligning them with frameworks like NIST AI RMF, EU AI Act, and ISO/IEC 42001. You are equally comfortable developing AI security controls in Python/YAML as they are advising on compliance strategy - ensuring Fisher Investments leverages AI responsibly, securely, and at scale. You will report to the Team Lead. We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to ********************.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: **************************************************** Skills and Requirements - 7+ years in IT, Information Security, or AI/ML engineering roles, with experience in: Design, reviewing, and implementing secure AI programs in enterprise environments Apply compliance frameworks (ISO 27001, SOC 2, NIST AI RMF, EU AI Act, ISO/IEC 42001) Build RBAC/ABAC-based permission models for AI agents and personas - 2+ years of hands-on AI/ML administration or engineering, including: Experience with NVIDIA NeMo Guardrails, Azure AI Foundry, or similar platforms Design and deploy DLP solutions or privacy-preserving data pipelines for AI Support AI and security operations in a large enterprise - Proficiency with Terraform, Python, and cloud automation Prior experience in cloud security, data protection, and SIEM/logging for AI traffic - Leadership experience is a nice to have

Job Description The Security Engineer will focus on hardening and isolating K3s clusters to minimize blast radius in the event of compromise. This includes enforcing Linux security modules (SELinux, AppArmor), leveraging TPM for secure boot and attestation, implementing least privilege across nodes and workloads, and ensuring multi-tenant isolation within hybrid Kubernetes environments (x86, ARM, accelerators). Responsibilities Security Architecture & Policy Enforcement Design and implement security-first cluster configurations for K3s nodes. Enforce mandatory access control (MAC) using SELinux and AppArmor profiles for pods and system services. Integrate TPM-based attestation and secure boot for cluster nodes to ensure trust in hardware and OS integrity. Establish node, pod, and namespace isolation strategies to reduce lateral movement risk. Harden cluster components (API server, etcd, kubelet) following CIS and NSA Kubernetes security benchmarks. Blast Radius Reduction Define and enforce workload sandboxing strategies (seccomp, AppArmor, SELinux contexts, gVisor/Kata if applicable). Configure minimal privilege policies (RBAC, PodSecurityStandards, NetworkPolicies) to ensure least-privilege execution. Implement namespace, node pool, and hardware partitioning to confine workloads and protect sensitive applications. Apply resource quotas, limits, and scheduling constraints to contain denial-of-service blast radius. Integration with Identity & Secrets Management Work with Security team to ensure strong identity, authentication, and authorization models. Integrate TPM-backed secrets storage and HSM/KMS systems for cryptographic operations. Ensure secure distribution of workload secrets with solutions like SealedSecrets, HashiCorp Vault, or SOPS. Runtime & Supply Chain Security Enforce image signing and verification with cosign or Notary. Integrate SBOM scanning and vulnerability management into CI/CD pipelines. Monitor workloads for runtime anomalies (Falco, Cilium Tetragon, or equivalent). Apply kernel hardening measures (seccomp-bpf, kernel lockdown, IMA/EVM with TPM). Monitoring & Incident Response Build observability hooks for security events (audit logs, syscall monitoring, TPM attestations). Define blast radius response runbooks for compromised pods or nodes. Work with SRE and Security teams to test chaos/security drills simulating breaches. Deliverables K3s cluster baseline hardened with SELinux and AppArmor profiles. TPM-enabled secure boot and node attestation pipeline. Enforced PodSecurityStandards and workload sandboxing (seccomp, gVisor/Kata optional). Documentation of isolation strategies (namespaces, node pools, network segmentation). Audit-ready evidence of compliance with CIS/NSA Kubernetes security benchmarks. Security runbooks for containment and blast radius reduction. Required Skills & Experience Strong knowledge of K3s/Kubernetes internals, especially security features. Hands-on experience with SELinux, AppArmor, seccomp, and Linux capabilities. Experience with TPM (Trusted Platform Module) for secure boot and attestation. Deep understanding of Pod Security (PodSecurityPolicies/Standards, OPA/Gatekeeper/Kyverno). Experience implementing RBAC, NetworkPolicies, and workload isolation at scale. Proficiency in Linux kernel security mechanisms and debugging. Familiarity with container runtimes (containerd, CRI-O, gVisor, Kata) and their security implications. Strong background in incident response, forensic data collection, and audit logging in Kubernetes. Nice to Have Contributions to Kubernetes SIG-Security or open-source security tooling. Experience with supply chain security frameworks (SLSA, NIST 800-190). Familiarity with confidential computing (TEE/SGX/SEV) for workload isolation. Hands-on with Cilium Tetragon, Falco, or other runtime security tools. Knowledge of air-gapped deployments and hardened Linux distributions (e.g., Flatcar, Bottlerocket).

FLEX IT has an immediate need for a Cyber Security Analyst with a proven track record of delivering world-class results with our Enterprise level client. The ideal candidate will bring a broad range of lean and agile experiences working within large-scale organizations. ALL LEVELS OF Cyber Security Analysts ARE ENCOURAGED TO APPLY Top Skillsets: (Based on Requirement) ?-Knowledge of information security standards, principles, and practices -Computer programming and/or scripting languagues (Python, Powershell, Java Script, Go) -Experience with massive log aggregation and analysis -Comfortable interfacing with other organizations regarding security policy Job Responsibilities: Elevate security analytics by distilling complex analytical concepts Enable a culture of data driven decision making Minimize complexity and focus on results Thrive in an entrepreneurial environment Use data to prove your point, think outside the box and solve problem creatively

Job Details:Job Description: Our Government Information Techology and Security (GITS) Team is looking for a talented and motivated individual with strong technical skills and the ability to rapidly learn new technologies. We are growing our Hybrid Cloud solution suite to meet US Government requirements for data safeguarding. Information Security Engineers within GITS are actively involved in the following: Identifies, develops, plans, implements, and supports enterprise security systems using Agile methodologies and DevOps principles to improve and grow our secure solutions to enhance Intel Federal's capabilities with a constant focus on security. Creates solutions in partnership with enterprise architecture to design security measures (from infrastructure to software) that safeguard sensitive data, protect confidentiality and availability, and enable compliance with security policies and regulatory requirements for the enterprise and USG regulations and standards. Partners with system engineers, network engineers, database administrators, and information security personnel in support, integration, development, and lifecycle management. Develops and validates functional requirements and identifies gaps or risks to meet business and security outcomes. Reviews health measures for various functional performance components of platform, applications, controls, and appliances and supports key security systems, responds to security events, and troubleshoots and proactively discovers security issues across the enterprise. Validates security controls are working as designed (validation and/or efficacy) to ensure effective security measures. Develops new and/or updates existing controls that limit the risk exposure for the company and optimizes security system performance. Researching new security and information technology trends in enterprise applications, networks, and systems to understand and drive strategic plans, forward engineering, upgrades, and changes while influencing vendors to drive bug resolution, product feature enhancement, and key security improvements. Works to identify, design, test, document, and implement internal process improvements such as automating manual processes, optimization of data delivery, elimination of technical debt, and support/administration of key security control systems. Supports lifecycle management of systems, software, and infrastructure. Behavioral Traits Passion for Information Security. Customer service and stakeholder management skills, including experience in setting and managing user and stakeholder expectations is a must in this role. We partner closely with the Intel Federal business teams to ensure we can prioritize and deliver key IT solutions to the business. Strong interpersonal, analytical, problem solving, negotiating, influencing, facilitation, organizational, prioritization, decision making and conflict resolution skills. Strong team player who works both independently and collaboratively with peers and teams. Qualifications: Minimum qualifications are required to be initially considered for this position. Preferred qualifications are in addition to the minimum requirements and are considered a plus factor in identifying top candidates. Requirements listed would be obtained through a combination of industry relevant job experience, internship experiences and / or schoolwork/classes/research. Minimum Qualifications U.S. Citizenship. Bachelor's degree in computer science, Information Security, or related Information Technology field with 3+ years of relevant experience. 3+ years of experience in Information Security. 1+ year of experience working in an environment that supports Controlled Unclassified Information (CUI) or International Traffic in Arms Regulations (ITAR) data. 3+ years of experience with script writing for automation and integration (e.g. PowerShell, .Net, Python, etc.) 1+ year of Identity Access Management experience. (e.g. Entra ID or other IAM tools) 1+ year Azure or AWS Hosted Cloud environment experience. Preferred Qualifications: Track record of excellent customer Service and Support skills - Independently troubleshoots for successful problem resolution. MS Azure Government Cloud and Amazon Web Services GovCloud solutions deployment experience desired. 1+ year of experience working with NIST Special Publication 800-171 and/or 800-53 compliance standards. 1+ year of experience working with NIST 800- 171A readiness assessment procedures. Willingness to quickly ramp up on online data solutions - quickly applying trusted technologies across on-premises, cloud, and hybrid cloud environments. Experience using Privilege Access Management (PAM) or similar tools. Windows and Linux OS and application operations support, administration, security configuration and monitoring. Security certifications are an advantage (CISSP, CISM, CEH, CCNA, etc.) Experience working with applications such as SCOM, BigFix, Azure Security Center and Antivirus configuration. Experience with Datacenter management operations such as servers/hardware handling, installation, configuration, decom and general support. Experience with Agile Scrum and/or Kanban project management methodologies. Scaled Scrum, SAFe, or other scaled Agile framework approaches to manage operations, engineering and development workloads. Job Type:Experienced HireShift:Shift 1 (United States of America) Primary Location: US, Oregon, HillsboroAdditional Locations:US, Arizona, Phoenix, US, California, Folsom, US, Virginia, FairfaxBusiness group:Posting Statement:All qualified applicants will receive consideration for employment without regard to race, color, religion, religious creed, sex, national origin, ancestry, age, physical or mental disability, medical condition, genetic information, military and veteran status, marital status, pregnancy, gender, gender expression, gender identity, sexual orientation, or any other characteristic protected by local law, regulation, or ordinance.Position of TrustN/A Benefits: We offer a total compensation package that ranks among the best in the industry. It consists of competitive pay, stock, bonuses, as well as, benefit programs which include health, retirement, and vacation. Find more information about all of our Amazing Benefits here: ********************************************************************************** Annual Salary Range for jobs which could be performed in the US: 104,770.00 USD - 204,290.00 USDThe range displayed on this job posting reflects the minimum and maximum target compensation for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific compensation range for your preferred location during the hiring process. Work Model for this Role This role will require an on-site presence. * Job posting details (such as work model, location or time type) are subject to change.

Who You'll Work With As a modern technology company, our Slalom Technologists are disrupting the market and bringing to life the art of the possible for our clients. We have passion for building strategies, solutions, and creative products to help our clients solve their most complex and interesting business problems. We surround our technologists with interesting challenges, innovative minds, and emerging technologies. Join the Slalom Cloud Team -a team of trailblazers ensuring we achieve our strategic goals through innovation and investment in the future. You'll collaborate with local market teams, niche experts, and global partners to drive cloud solution sales and empower clients on their cloud transformation journey. As a key member of Slalom's Google Cloud Center of Excellence, you'll leverage our award-winning partnerships and multidisciplinary teams to deliver business value and technical excellence for high-impact security and infrastructure solutions. What You'll Do * Stay current with security trends, technologies, and best practices around Google Cloud solutions, leveraging tools like Cloud IAM, Cloud Security Command Center, BeyondCorp, and Cloud Armor. * Define and guide transformational security strategies for Google Cloud environments, ensuring alignment with Google's Zero Trust and BeyondCorp principles. * Translate complex regulatory requirements (e.g., GDPR, SOC 2, HIPAA) and technology standards into actionable functional and technical requirements for cloud and hybrid environments, ensuring security and compliance. * Lead teams through various phases of gap analyses, including security assessments, remediation planning, roadmap development, and implementation of remediation actions using Google Cloud-native tools. * Deliver on the vision, architecture, execution, and quality assurance of security projects on Google Cloud, driving initiatives that secure enterprise workloads and data. * Guide stakeholders and senior leaders on aligning security solutions with broader business goals, ensuring the architecture follows Google Cloud's security best practices and roadmap. * Establish security architecture patterns based on Google Cloud security frameworks and industry standards to meet the unique needs of enterprise clients. * Collaborate with other Google Cloud architects and security teams to continuously improve security knowledge assets and best practices, ensuring the most effective security solutions for clients. * Design and architect solutions to secure Generative AI models and applications against adversarial attacks, prompt injection, and their potential misuse for malicious cyber activities. What You'll Bring * Proven experience with Google Cloud security architecture, with hands-on experience in tools like Cloud IAM, VPC Service Controls, Cloud DLP, and Cloud Armor. * Strong background in defining and implementing Zero Trust and BeyondCorp security models within Google Cloud environments. * Familiarity or direct experience with Identity and Access Management (IAM), Data Protection, Vulnerability Management, and Cloud Security solutions in Google Cloud. * Extensive experience with security design patterns specific to Google Cloud, as well as hybrid and multi-cloud security architecture. * Experience in security and risk advisory consulting, particularly related to cloud security transformations. * Ability to lead the development and implementation of cloud security roadmaps aligned with business goals and compliance needs. * Familiarity with Google Cloud's Artificial Intelligence (AI) capabilities (e.g., Vertex AI, Generative AI services, Model Armor) including their applications, associated security risks (e.g., prompt injection, data poisoning, privacy concerns), and proven strategies for implementing security controls, governance, and responsible AI practices. * Relevant certifications are strongly desired but not required, including (but not limited to): * GCP Professional Security Engineer * GCP Professional Cloud Architect * CISSP * Security+ About Us Slalom is a fiercely human business and technology consulting company that leads with outcomes to bring more value, in all ways, always. From strategy through delivery, our agile teams across 52 offices in 12 countries collaborate with clients to bring powerful customer experiences, innovative ways of working, and new products and services to life. We are trusted by leaders across the Global 1000, many successful enterprise and mid-market companies, and 500+ public sector organizations to improve operations, drive growth, and create value. At Slalom, we believe that together, we can move faster, dream bigger, and build better tomorrows for all. Compensation and Benefits Slalom prides itself on helping team members thrive in their work and life. As a result, Slalom is proud to invest in benefits that include meaningful time off and paid holidays, parental leave, 401(k) with a match, a range of choices for highly subsidized health, dental, & vision coverage, adoption and fertility assistance, and short/long-term disability. We also offer yearly $350 reimbursement account for any well-being-related expenses, as well as discounted home, auto, and pet insurance. Slalom is committed to fair and equitable compensation practices. Slalom is committed to fair and equitable compensation practices. For this role, we are targeting the following levels and salary ranges: East Bay, San Francisco, Silicon Valley: * Senior Consultant: $131,000-$196,500 San Diego, Los Angeles, Orange County, Seattle, Houston, New Jersey, New York City, Westchester, Boston, Washington DC: * Senior Consultant: $120,000-$180,000 All other locations: * Senior Consultant: $110,000-$165,000 In addition, individuals may be eligible for an annual discretionary bonus. Actual compensation will depend upon an individual's skills, experience, qualifications, location, and other relevant factors. The salary pay range is subject to change and may be modified at any time. EEO and Accommodations Slalom is an equal opportunity employer and is committed to inclusion, diversity, and equity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veterans' status, or any other characteristic protected by federal, state, or local laws. Slalom will also consider qualified applications with criminal histories, consistent with legal requirements. Slalom welcomes and encourages applications from individuals with disabilities. Reasonable accommodations are available for candidates during all aspects of the selection process. Please advise the talent acquisition team if you require accommodations during the interview process.

The Security Engineer will focus on hardening and isolating K3s clusters to minimize blast radius in the event of compromise. This includes enforcing Linux security modules (SELinux, AppArmor), leveraging TPM for secure boot and attestation, implementing least privilege across nodes and workloads, and ensuring multi-tenant isolation within hybrid Kubernetes environments (x86, ARM, accelerators). Responsibilities Security Architecture & Policy Enforcement Design and implement security-first cluster configurations for K3s nodes. Enforce mandatory access control (MAC) using SELinux and AppArmor profiles for pods and system services. Integrate TPM-based attestation and secure boot for cluster nodes to ensure trust in hardware and OS integrity. Establish node, pod, and namespace isolation strategies to reduce lateral movement risk. Harden cluster components (API server, etcd, kubelet) following CIS and NSA Kubernetes security benchmarks. Blast Radius Reduction Define and enforce workload sandboxing strategies (seccomp, AppArmor, SELinux contexts, gVisor/Kata if applicable). Configure minimal privilege policies (RBAC, PodSecurityStandards, NetworkPolicies) to ensure least-privilege execution. Implement namespace, node pool, and hardware partitioning to confine workloads and protect sensitive applications. Apply resource quotas, limits, and scheduling constraints to contain denial-of-service blast radius. Integration with Identity & Secrets Management Work with Security team to ensure strong identity, authentication, and authorization models. Integrate TPM-backed secrets storage and HSM/KMS systems for cryptographic operations. Ensure secure distribution of workload secrets with solutions like SealedSecrets, HashiCorp Vault, or SOPS. Runtime & Supply Chain Security Enforce image signing and verification with cosign or Notary. Integrate SBOM scanning and vulnerability management into CI/CD pipelines. Monitor workloads for runtime anomalies (Falco, Cilium Tetragon, or equivalent). Apply kernel hardening measures (seccomp-bpf, kernel lockdown, IMA/EVM with TPM). Monitoring & Incident Response Build observability hooks for security events (audit logs, syscall monitoring, TPM attestations). Define blast radius response runbooks for compromised pods or nodes. Work with SRE and Security teams to test chaos/security drills simulating breaches. Deliverables K3s cluster baseline hardened with SELinux and AppArmor profiles. TPM-enabled secure boot and node attestation pipeline. Enforced PodSecurityStandards and workload sandboxing (seccomp, gVisor/Kata optional). Documentation of isolation strategies (namespaces, node pools, network segmentation). Audit-ready evidence of compliance with CIS/NSA Kubernetes security benchmarks. Security runbooks for containment and blast radius reduction. Required Skills & Experience Strong knowledge of K3s/Kubernetes internals, especially security features. Hands-on experience with SELinux, AppArmor, seccomp, and Linux capabilities. Experience with TPM (Trusted Platform Module) for secure boot and attestation. Deep understanding of Pod Security (PodSecurityPolicies/Standards, OPA/Gatekeeper/Kyverno). Experience implementing RBAC, NetworkPolicies, and workload isolation at scale. Proficiency in Linux kernel security mechanisms and debugging. Familiarity with container runtimes (containerd, CRI-O, gVisor, Kata) and their security implications. Strong background in incident response, forensic data collection, and audit logging in Kubernetes. Nice to Have Contributions to Kubernetes SIG-Security or open-source security tooling. Experience with supply chain security frameworks (SLSA, NIST 800-190). Familiarity with confidential computing (TEE/SGX/SEV) for workload isolation. Hands-on with Cilium Tetragon, Falco, or other runtime security tools. Knowledge of air-gapped deployments and hardened Linux distributions (e.g., Flatcar, Bottlerocket).

We're looking for a Sr. CyberSecurity Engineer professional. This role provides technical and tactical expertise to a 24x7 team of dedicated security engineers focused on maintaining operational stability while reducing risk, and is part of a diverse, cross-functional team that collaborates globally across the organization with a variety of stakeholders from service desk technicians to system architects, developers and lawyers. The candidate needs to have strong problem-solving skills and be able to determine root cause along with providing relevant solutions. They should have an operational mindset, believe change is an opportunity and not rattled by ambiguity. You'll be working with the Security Technology Management team and perform these key tasks: Assess, analyze, and optimize operational tasks, functions and processes. Provide technical and tactical expertise to a 24x7 team of dedicated security engineers focused on maintaining operational stability while reducing risk Administer and maintain both network and endpoint security controls, primarily focused on tier 2/3 support. Maintaining proper saturation of endpoint security controls; versions, scoping and exclusions. Documentation of Knowledgebase articles, How-to's, policies and procedures. Requirements: Bachelor's Degree in Information Technology, Information Security/Assurance, Engineering, or related field of study. Experience with Endpoint Protection, NGFW, IDS/IPS, WAF, Proxy, PKI and Advanced Threat Protection. Experience with cloud, automation and scripting. Ability to juggle multiple priorities where you are the driving force ensuring completion and on-time delivery. Excellent written and verbal communication skills in a clear business relevant manner that is adjusted to the audience; up, down and across the organization. Independent sound decision making is the skill most used on a daily basis. Collaboration, mentoring and training members of your team are an innate core skillset Passionate about security and self-driven to one-day become an expert. Previous enterprise experience and enjoy the challenge of slaying large and ever-changing technical dragons. Believe your approach to security balances risk against the needs of the business. Excel in a highly-matrixed, organized-chaos environment.

Responsibilities Conduct initial evaluations of ASC security inquiries to determine the treatment level needed for each potential request Enter security request information into tools used by ASC, verify the information provided, and assign the request to the appropriate resource Research and respond to questions submitted by our key partners or Corporate Information Security teams Manage Intake for security requests by supporting the tracking of ASC Security Review requests, risks assigned to ASC Consultants, and SecureCode requests. Maintain Application Security Review process to include identifying gaps and enhancements necessary to reduce risk Facilitate stand-ups with ASC consultants to manage active work being managed in team tracking tools including new development and risk remediation Active participant of the Risk Translation Counsel supporting improvements for data integrity in the Risk Register to include proper assignment for Risk Owner, Global Technology or business team, and Risk Consultant. Active member of the Risk Solutioning team supporting Risks Life Cycle process improvements Training for Risk Life Cycle process for new ASC team resources Partner with GRC to inform ASC team resources of Risk Life Cycle process or Risk Register changes Work with ASC MT to improve on current Risk Register update processes Review and track ASC assigned security risks entered in the Risk Register to validate updates are current Gather data for various reports for ASC, and Global Technology leadership Enhance reporting processes to improve efficiency of gathering and tracking of data needed for metrics, Provide process recommendations and/or recommend alternate solutions to resolve gaps with team processes

We are looking for a high energy individual with experience and interest in developing cloud native applications, APIs, and data pipelines. This individual will work with a wide range of technologies, both cutting-edge and legacy, and coordinate with both technical and non-technical business teams. Tenacity, an open and curious mind, and desire to learn and understand is critical for success on this team.