Information security analyst jobs in Pittsburgh, PA

The Information Security Specialist plays a vital role in protecting the Bank's information assets by ensuring the integrity, confidentiality, and availability of systems across the enterprise. This position is responsible for the effective application of security controls across both business operations and technology environments. The successful candidate will perform security administration, conduct continuous monitoring, and lead investigations into security events triggered by the Bank's security infrastructure. Organization Overview FHLBank Pittsburgh provides reliable funding and liquidity to its member financial institutions, which include commercial and savings banks, community development financial institutions, credit unions and insurance companies in Delaware, Pennsylvania and West Virginia. FHLBank products and resources help support community lending, housing and economic development. As one of 11 Federal Home Loan Banks established by Congress, FHLBank has been an integral and reliable part of the financial system since 1932. Primary Success Factors * Supports the efficient and effective implementation and maintenance of security for the Bank's information assets and resources; evaluates, installs and maintains security software on a variety of platforms; and actively promotes the advancement of sound security policies and procedures. Provides customer support for email processing and security, Help Desk ticket queues for security and account requests. * Monitoring and investigation of security events generated by the Bank's security infrastructure * Designs appropriate security measures in new system development efforts as defined by security requirements, product options and implementation strategies. * Evaluates, engineers, and recommends security enhancements to Bank's current environment and architecture. * Establishes and executes procedures for authorizing access to information across all platforms to appropriately restrict access. * Participates in establishing and maintaining security policies and procedures * Provides daily support and management of Security incident and event Management (SIEM) solution according to industry best practice and Bank policy. * Performs monitoring, analysis, and reporting of security events across a complex environment. * Establishes and executes procedures for performing self-audits of the security administration function to detect inappropriately defined security parameters. * Manages bank firewalls to ensure access and controls are properly applied to all systems. * Manages security systems (IDS, firewall, mail/web filtering, etc.) to ensure systems are properly functioning and upgraded. * Works with business users to ensure proper access to applications is in place. * Regularly reviews systems and networks to ensure compliance with IT Security policy. * Assists in the designing of network architecture to ensure industry-standard network practices are enforced. * Deciphers network packet captures for troubleshooting. * Ensures compliance with applicable policies, procedures, and regulations to ensure safe and sound business operations. Required Experience * Bachelor's degree in Computer Science, Information Systems or related degree or equivalent work experience * At least one of the following professional Security-related certifications required: CISSP, SANS GIAC, CCSP * Five or more years of experience in an information security role * At least two years of hands-on experience with firewall administration * Hands-on experience with administering security in Windows Active Directory Security * Demonstrated knowledge of managing and administering spam filtering system * Demonstrated knowledge of securing and administering security on multiple operating environments: Linux, Windows * Demonstrated knowledge of host-based and network-based Intrusion Detection System concepts * Experience with DDOS mitigation and related network traffic risk mitigation techniques * Experience with Network Access Control Platforms and Procedures Candidates with at least three years of experience in an information security role and Windows Active Directory Security will be considered for an alternative role. It is the policy of the Federal Home Loan Bank of Pittsburgh to ensure equal employment opportunity (EEO) for all employees and applicants for employment without regard to race, religion, color, sex, national origin, age, disability status, genetic information, veteran's status, ancestry, sexual orientation or status as a parent as defined by applicable law. It is the Bank's policy to comply with applicable laws concerning the employment of persons with disabilities, including reasonable accommodation for applicants and employees with disabilities.

Pittsburgh, PA Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions. At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities. Learn more at *************** Follow us on LinkedIn THE OPPORTUNITY CONTEXT: Our growing international IT department (EMEA, AMER, APAC) is composed of over sixty experts responsible for the deployment and operation of the Ivalua Cloud, which hosts environments for our clients around the world. It is also responsible for internal IT infrastructure, IT applications and data, as well as IT support for our users. In this context of growth, we are looking for an experienced Security Analyst (SOC) to strengthen our global SOC team. ROLE: As part of the SOC (Security Operations Center) team, you will be responsible for developing and implementing the SOC strategy for our information systems. You will detect suspicious or malicious activities. You will contribute to the handling of confirmed security incidents in support of the InfoSec teams. Your experience will allow you to mentor more junior SOC analysts and act as a liaison between the SOC team and the company's IT and cybersecurity communities. As the highest-level technical officer of the SOC, you will be responsible for: The technical aspects of a SOC, ensuring that security measures are implemented and maintained to protect Ivalua's information assets Day-to-day operations, ensuring that security incidents are identified, analyzed, and addressed quickly and efficiently WHAT YOU WILL DO WITH US Be the technical point of contact for the SOC team, collaborating directly with the infrastructure, infosec, and cybersecurity solution management teams Serve as the highest escalation point for other SOC analysts Provide mentorship, share best practices, and lead security projects Provide technical advice and support to team members Be the driving force behind the continuous improvement of SOC processes and tools Contribute to standard SOC activities, including monitoring, incident management, and vulnerability management Participate in threat intelligence activities in direct collaboration with the infosec teams Guard SOC communication with other teams (Security, Infrastructure, Business IT, R&D, etc.) as well as senior IT management Participate in the studies, deployments, and development of cybersecurity solutions, particularly SOC tools Implement the necessary processes and reports to analyze logs to detect abnormal user and software behavior, using our SIEM tool and other security consoles. Define the event log collection strategy. Performs regular vulnerability assessments, prioritizes remediation, and tracks closure of security gaps. Manage the coordination, tracking, and remediation of incidents at the global level (EMEA, AMER, APAC). Contributes to ongoing monitoring of threats, vulnerabilities, and attack methods. Improve dashboards reporting on alert tracking and SOC KPIs. Maintain SOC procedures and tools, as well as documentation and knowledge bases. Ensures adherence to security policies, standards, and regulatory requirements (e.g., GDPR, HIPAA, SOC, FEDRAMP, etc. YOUR PROFILE If you have the below experience and strengths this role could be for you: Skills and Experience: Bachelor's degree in relevant field preferred with a minimum of 7 years of relevant professional experience, OR Master's degree in relevant field with a minimum of 5 years of relevant professional experience, OR Equivalent combination of education and experience Minimum of 7 years in the field of IT security, primarily in SOC (analyst, senior analyst, lead, etc.) Solid knowledge of Systems and Networks Knowledge of SIEM tools (MS Sentinel, ELK, Q-Radar, Splunk, AlienVault, etc.) Knowledge of EDR tools (Microsoft Defender, CrowdStrike, etc.) Knowledge of Rapid7 or other vulnerability scanning tools would be a plus Relevant certifications (e.g., CSA, CySA+, CISSP, GCIA,CEH) a plus Desired Qualities: Rigor, attention to detail, curiosity, autonomy, analytical thinking, adaptability, problem-solving Leadership & mentorship, continuous learning, ethical judgment Good communication and writing skills Motivation to thrive in a scale-up, international, dynamic, and fast-growing environment WHAT HAPPENS NEXT If your application fits this specific position's needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals - apply today! Our Talent team will guide you through every step of the interview process - from preparation to completion. They're here to support you! Our recruitment process is designed to assess your competencies through a series of personalized interviews with internal stakeholders relevant to the role. Interviews will be conducted virtually via video or on-site with face-to-face meetings. LIFE AT IVALUA Hybrid working model (3 days in the office per week) We're a team dedicated to pushing the boundaries of product innovation and technology Sustainable Growth, Privately Held A stable and cash-flow positive Company since 10 years Snacks and weekly lunches in the office Feel empowered to pursue your goals with improved team collaboration and increased creativity/productivity Unlock and unleash your full professional potential with our exceptional training and career development program Join a dynamic and international team of top-notch professionals who are experts in their respective fields. Collaborate with like-minded individuals who are deeply passionate and highly motivated about their work. Experience a truly diverse and inclusive work environment where your unique contributions are highly valued Regular social events, competitive outings, team running events, and musical activities, Comparably recognized Ivalua for the following (******************************************** : Powered by People - Powered by You! United by our values we embrace diversity and equity in the broadest possible sense to create an inclusive workplace. To help our customers make supply chains more efficient, sustainable and resilient, we rely on a global team with a variety of backgrounds, skills and views. We believe in equal opportunity and in diversity as a driver of innovation that cultivates a spirit of inclusiveness, creates a productive and fun place to work, and provides fulfilling career opportunities for all Ivaluans. ********************************************** One of Ivalua's core values is to Care & Grow People. We take matters like pay equity very seriously and strive to reward our employees appropriately and fairly for their talents. The salary range for this position is based upon careful and continual market compensation research. In addition to location, salary may also vary based upon job-related knowledge, skills, and experience. Title: Sr Security Analyst Base range minimum: $115,000 Base range maximum: $175,000 *Additional compensation / rewards: In addition to the base salary information above, Ivalua offers an uncapped commission plan as part of the competitive compensation package. Other compensation factors may also be considered. Ivalua also offers exceptional benefits including medical, dental, vision, retirement (with company match), and much more. #LI-SG1 #LI-HYBRID

Opportunity Information Security Analyst to support cybersecurity initiatives across various network systems, focusing on protecting data integrity and system security. They will implement the Risk Management Framework, conduct audits, monitor for vulnerabilities, manage encryption, and respond to security breaches. The Information Security Analyst will also perform routine IT tasks with varying complexity to maintain overall system protection. Key Responsibilities Implement and manage the Risk Management Framework (RMF) to ensure compliance and secure system operations Provide ongoing cybersecurity support across a variety of network systems Conduct IT audits, develop and refine monitoring strategies, review access controls, identify system vulnerabilities, manage data encryption, and respond to security incidents Perform a range of routine and complex IT tasks to support daily operations and system integrity Safeguard the confidentiality, integrity, and availability of computer networks, systems, and data Qualifications Requirements Bachelor's Degree and 4+ years of experience OR, Associate's degree with 6+ years of experience OR, High School Degree and 10+ years of experience ISC2, CISSP, or similar certification with customer approval Active Top Secret or Q security clearance Preferred Qualifications Excellent customer support experience and soft skills to ensure end-user satisfaction Ability to lead small teams or projects through cross functional coordination/collaboration with other departments Assist key stakeholders in overall project execution and find solutions through creative problem solving Ability to demonstrate proven success with adaptability - willingness to evolve with technology while ensuring data accuracy standards Salary 100-130k About IMG Founded in 1987, IMG is a leading small business that exemplifies competence, integrity and follow-through. We consistently provide customer focused professional services, which ensures our company is recognized for continually exceeding expectations. We believe that at the core of our success stand our people. Our people have provided professional services in the Information Technology field for our customers with a commitment to customer satisfaction for over 35 years. IMG Benefits: Health, dental, vision, and life insurance Short term and long term disability insurance 401(k) with generous company match Health Savings Accounts (HSA) Personal leave plus paid federal holidays Professional development and training assistance IMG is an equal opportunity employer including disability and protected veterans or other characteristics protected by law.

OPEN JOB: Security Specialist Sr - HSM authentication/Encryption Key Lifecycle HYBRID - 2 days in office, or for emergencies so needs to be within reasonable distance SALARY: $140,000 to $160,000 INDUSTRY: Financial Services - Securities The Enterprise Key Management Security Sr Engineer drives the design, development and implementation of activities including Enterprise Encryption Solutions, Hardware Security Modules (HSMs) and centralized key management processes and procedures. Ideal Candidate: Banking or highly regulated industry a must Prefer physical hand on experience but willing to accept cloud based Key Ceremonies PED Based Preferred Skills: Experienced in HSM solutions (Thales Network HSM, Backup and USB HSMs, Cloud HSM backup solutions), and nShield HSMs Experienced in the Encryption Key Lifecycle Management, key ceremonies, dual control and chain of custody processes Knowledge of Cryptography, encryption, algorithms Familiarity with scripting languages is a plus Knowledge of Jira, Confluence, SharePoint, LogScale, Dynatrace, PowerBI, and Microsoft suite a plus Responsibilities Include: Provide subject matter expertise when applying security concepts Leverage technical knowledge and industry experience to design, build, and implement technology solutions Determine impact to existing solutions when new standards are implemented Develop and implement cryptographic solutions HSM lifecycle activities - Initialize, configure, update hardware/software, tamper, and decommission Develop documentation Responsible for deliverable related to project timelines Secure Room operations and management Knowledgeable of current technologies, industry trends, and best practices Optional Skills: Knowledge of Thales CipherTrust Manger, CipherTrust Cloud Key Manager (CCKM), and Oracle Key Vault Knowledge of Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) solutions in Azure, AWS or GCP a plus If you are interested in pursuing this opportunity, please respond back and include the following: MS WORD Resume required compensation. Contact information. Availability Upon receipt, one of our managers will contact you to discuss the position in full detail. Jason Denmark Recruiting Manager INTERMEDIA GROUP, INC. EMAIL: **************************** LINKEDIN: *****************************************

Primary Office Location:626 Washington Place. Pittsburgh, Pennsylvania. 15219.Join our team. Make a difference - for us and for your future. Cyber Security Specialist Business Unit: Risk Management Reports to: Manager of Cyber Security Position Overview: This position is primarily responsible for performing all procedures necessary to ensure the safety of information systems assets and protecting systems from intentional or inadvertent access or destruction under the supervision of the Manager of Cyber Security. The incumbent demonstrates the ability to develop IT security standards and procedures, has demonstrated knowledge and understanding of IT industry trends and emerging technologies and an ability to relate them to the corporation and it's objectives. Primary Responsibilities: Investigates, escalates and documents cyber security events or incidents according to standard operating procedures (SOP), as needed. Writes comprehensive reports of incident investigations. Evaluates and improves Security Information and Event Management (SIEM) rule set based on threat and vulnerability indicators. Analyzes information from variable threat sources and provide necessary awareness to management, IT and impact business areas. Tracks remediation of identified issues based on incident investigations. Utilizes forensic resources to understand event impacts and generates incident reports. Assists management in preparation of reports of current threats. Uses PowerShell scripting or other programming languages to automate tasks. Leverages various toolsets to gain awareness of potentially suspicious activity and alerts to threats, intrusions and/or compromises. Performs other related duties and projects as assigned. All employees have the responsibility and the accountability to serve as risk managers for their businesses by understanding, reporting, responding to, managing and monitoring the risk they encounter daily as required by F.N.B. Corporation's risk management program. F.N.B. Corporation is committed to achieving superior levels of compliance by adhering to regulatory laws and guidelines. Compliance with regulatory laws and company procedures is a required component of all position descriptions. Minimum Level of Education Required to Perform the Primary Responsibilities of this Position: BA or BS Minimum # of Years of Job Related Experience Required to Perform the Primary Responsibilities of this Position: 3 Skills Required to Perform the Primary Responsibilities of this Position: Excellent communication skills, both written and verbal Excellent customer service skills Excellent project management skills Detail-oriented Strong security background in network/systems/physical security, authentication, authorization and usability. Comprehensive knowledge of the OSI model. Working knowledge of packet collection and analysis tools. Licensures/Certifications Required to Perform the Primary Responsibilities of this Position: Valid Drivers License CISSP, Security+, Network+, GCIA, GCIH, CEH, CISM, CSX Physical Requirements or Work Conditions Beyond Traditional Office Work: Heavy Lifting over 45 lbs. Equal Employment Opportunity (EEO): It is the policy of FNB not to discriminate against any employee or applicant for employment because of his or her race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, or status as a protected veteran. FNB provides all applicants and employees a discrimination and harassment free workplace.

We specialize in Staffing, Consulting, Software Development, and Training along with IT services to small to medium size companies. AG's primary objective is to help companies maximize their IT resources and meet the ever-changing IT needs and challenges. In addition, AG offers enterprise resource planning and enterprise application integration, supply-chain management, e-commerce solutions, and B2B public exchanges and B2B process integration solutions. Our company provides application analysis, design, development and programming, software engineering, systems development, testing, integration, and implementation, and management consulting services to various clients - including governmental agencies and private companies - throughout the United States and India. We provide these services in multiple computing environments and use technologies such as client/server architecture, object-oriented programming languages and tools, distributed database management systems, state-of-the-art networking, and communications infrastructures. Our honest and realistic approach to recruiting dictates that AG does not entice or lure engineers from their employers. We represent only high caliber technical professionals who have committed to making a change required by career. Job Description Security Analyst MUST HAVE: Experience with implementing a vulnerability scanner Familiarity with both Windows and Linux platforms Experience with a log management system (Splunk, Elastic Search, etc) General understanding of incident management systems Experience patching operating systems/applications Experience configuring operating systems/applications Knows and applies the fundamental concepts, practices and procedures of IT security hardware, software, management software, and troubleshooting tools Candidate should have a strong knowledge of IT security, including demonstrated knowledge of current security trends and issues Ability to effectively and professionally communicate with customers and technical support staff at remote locations including team members in foreign countries; excellent verbal and written communication skills Highly self-motivated and flexible Manage priorities for timely completion of assignments Strong analytical and problem-solving skills Demonstrated success managing confidential/secure information with a high level of integrity NICE TO HAVE: Nessus experience HP Service Manager Additional Information Good comm skills are a big priority Duration: 3+ Months Phone+F2F Local Candidates Preferred

Enterprise Security Architect Duration: Full Time Interview mode: Inperson Brand new role Serve as a member of the enterprise architecture team, providing technical security insight that aligns with business objectives and security requirements. Establish and evangelize the security architecture (principles, policies, standards and patterns) to development groups, business groups and other stakeholders; Govern adherence to the architecture golden rules. Analyze gaps between current and target security architecture and develops plans to close the gaps. Responsibilities: Works with IT departments, information security architects, technical architects, data custodians, and governance groups to develop and update Client security policies, standards, procedures, and solutions for secure application architecture. Ensures that security practices are aligned with Client's overall business strategies. Advises and drives the security maturity of the development lifecycle including secure coding and system security for operations. Recommends and implements changes in security procedures and practices using best-in-class information to ensure that Client is maintaining best-in-class security practices. Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs. Conducts Penetration Test, Vulnerability, and Risk assessments to improve the security architecture and security product toolset. Prepares system security reports by collecting, analyzing, and summarizing data and trends. Executes validation by external vendors. Verifies security systems and network configurations by developing and implementing test scripts while monitoring adherence to standards in architecture, application design, development, and testing frameworks. Qualifications Qualifications: Bachelor degree with Master preferred. Security certification required. 7 to 10 years of experience operating in a cloud environment (e.g. Azure, AWS, Rackspace) along with at least 5 years working in a dedicated information security role with a focus on Security Architecture for at least 3 years. 7 to 10 years of experience with PaaS, IaaS, SaaS, and/or mobile architecture Solid experience with security hacking tools and techniques. Solid understanding in application architectures and technology including web applications, mobile technology, identity and access management, security event and incident management as well as web security controls (e.g. Web Application Firewall, Database Activity Monitor, Distributed Denial of Service controls, etc.) Extensive working knowledge of web application security best practices to include, but not limited to, Cloud Security Alliance controls matrix, OWASP Top 10. Experience with compliance standards such as HIPAA, CMS, SOX, GLBA; as well as security frameworks such as SANS 20 CSC, CoBIT, or NIST. Previous involvement with developing and/or maintaining an Enterprise Security Architecture. Familiarity with TOGAF is a plus Strong understanding and experience of software development methodologies and life cycles Excellent written and verbal communications skills required, with the ability to explain advanced concepts to audiences of varying levels Can be counted on to exceed goals successfully, very bottom-line orientated while steadfastly pushes self and others for results. Has working knowledge of web application security best practices to include, but not limited to, Cloud Security Alliance controls matrix, OWASP Top 10. Demonstrated ability to make sound decisions using a mixture of analysis, wisdom, experience, and judgement coupled with a strong ability to learn on the fly (quickly learns new tasks, open to change). Certifications, licenses or registrations: Security+, CISSP, CISA, CEH Proven ability to organize/manage multiple priorities coupled with the flexibility to quickly adapt to ever-changing business needs. Additional Information All your information will be kept confidential according to EEO guidelines.

We are seeking a pragmatic, collaborative individual that can draw on their experience with real-world cyber risks and industrial system constraints. This person will lead the deployment of cybersecurity tools, improve network segmentation, enhance threat detection, and close critical gaps in patching, access control, and asset management. This person will directly strengthen Carmeuse's ability to prevent, detect, and respond to cyber threats across its global operations - always with IT/OT convergence in mind. Responsibilities: Own and drive the execution of Carmeuse's global OT cyber security strategy, in alignment with the Global Security and Technology Team, and broader IT/OT convergence objectives. Lead the implementation and ongoing operation of core cyber security platforms in the OT landscape, including asset inventory, vulnerability management, network segmentation, and secure remote access. Participate in the design and architecture of cybersecurity controls and technologies that span both IT and OT environments, ensuring practical fit-for-purpose solutions in industrial settings and aligned to the Carmeuse strategy. Plan, coordinate, and execute OT cyber security assessments in collaboration with internal stakeholders, external partners, and OT engineering teams. Define and maintain OT cyber security governance with monthly IT/OT security steerco, including clear roles and responsibilities, decision rights, and escalation paths across sites and functions. Lead the Continuous Improvement Program, regularly testing OT/IT security policies and operational readiness through drills, tabletop exercises, and lessons-learned reviews. Develop and maintain OT security standards and implementation guidelines for global use, and guide regional and site-level teams in building and executing local adoption roadmaps. Manage and scale a targeted cyber security awareness and training program for OT and production site personnel, tailored to the realities of operational teams. Research, evaluate, and participate in the selection of IT/OT security technologies and partners through structured RFPs, PoCs, and integration planning - ensuring long-term sustainability and compatibility with Carmeuse's industrial and IT environments. Serve as a trusted, hands-on advisor to plant managers, engineers, and IT teams - balancing cyber risk reduction with operational continuity and practical constraints. Basic Requirements: Master's degree in industrial automation, cybersecurity, computer science, information technology, or equivalent experience. Minimum 7 years of combined IT or OT experience, including at least 2 years in an OT/industrial cybersecurity environment (e.g., production sites, SCADA, PLCs, DCS). Demonstrated hands-on experience implementing cybersecurity controls in OT environments - including asset visibility, network segmentation, secure remote access, and vulnerability remediation. Solid knowledge of cybersecurity fundamentals and domains such as risk assessments, access control, incident response, vulnerability management, and security policy development. Deep understanding of the threat landscape for industrial environments, including risks tied to network-connected OT/ICS systems. Strong generalist profile in cyber/information security, with the ability to dive deep into technical topics when needed and explain risks in a practical, business-relevant way. Demonstrated ability to balance security with operational reality - applying common sense, working within real-world constraints, and finding consensus between conflicting priorities across IT, OT, and production teams. Comfortable making progress in imperfect environments, where legacy systems, technical debt, or limited resources are part of the challenge - without losing focus on risk reduction and long-term improvement. Proven ability to lead global, cross-functional security projects and work with both technical and non-technical stakeholders in a manufacturing environment. Holds or working toward relevant certifications such as CISSP, CISM, GICSP, or equivalent. (nice to have) Strong awareness of emerging trends in both IT and OT technologies, with a pragmatic view on what's feasible in industrial operations. Willingness to travel globally up to 20% and engage with on-site teams and partners. Knowledge: Solid knowledge of OT security tools and platforms, such as Nozomi Networks, Claroty, Dragos, or similar industrial cybersecurity solutions. Experience with firewall management, preferably with Checkpoint firewalls; familiarity with firewall policies, segmentation, and industrial DMZ design. Hands-on experience with Endpoint Detection and Response (EDR) solutions, such as CrowdStrike Falcon or Microsoft Defender for Endpoint, including deployment and integration. Strong understanding of Microsoft Azure and Microsoft 365 security solutions, including identity, access, and threat protection features. Knowledge of OT security best practices, including secure remote access, industrial asset management, and network segmentation. Familiarity with cybersecurity frameworks and standards, including IEC 62443, NIST SP 800-82, NIST CSF, and ISO/IEC 2700x series. Practical knowledge of IT/OT convergence principles and ability to apply best practices across both domains. Fluent in English (written and spoken); additional languages are an asset. Skills: Strong sense of ownership and accountability - able to take initiative and follow through without needing constant direction. Proven ability to collaborate across teams (IT, OT, engineering, operations) and align people around common goals. Applies common sense and sound judgment when navigating complex or unclear situations. Skilled at finding practical consensus between often conflicting priorities - balancing security needs with operational realities. Comfortable working in imperfect environments, where legacy systems, resource constraints, or organizational complexity are part of the daily reality. Clear and effective communicator, able to tailor messages to both technical and non-technical audiences. Benefits & Compensation Package Includes: Salary range for this position is $130,000-$150,000 as well as an annual bonus plan Paid holidays and vacation time Group medical/pharmacy insurance options with company funded health care spending accounts Dental insurance & Vision insurance A 401k account with company matching contribution A robust Wellness program with financial rewards Company-paid life insurance and short-term and long-term disability insurance Options to purchase additional life insurance (employee, spouse, and child) and additional employee long-term disability insurance. Employee Assistance Program (EAP) Tuition benefits including professional certifications Employee referral program #LI-Hybrid

Who We Are… Since our founding in 1901, Limbach's primary core value has always been simple: We Care. That commitment extends to our people, our customers, and the communities we serve-driving a culture of belonging across our industry. Limbach Facility Services LLC, a subsidiary of Limbach Holdings, Inc., (NASDAQ: LMB), is a leading building systems solutions firm delivering mission-critical systems that support life's most important moments. We specialize in revitalizing and maintaining HVAC, mechanical, electrical, plumbing, and control systems within existing facilities-ensuring buildings are always ready to perform when it matters most. Learn more about Limbach by checking out our YouTube channel: We Are Limbach - YouTube From healthcare and education to government and commercial facilities, we partner with building owners and operators to safeguard reliability, efficiency, and comfort where it's needed most. Our vision is to create value for building owners targeting opportunities for long term relationships. Our purpose is to create great opportunities for people. Learn more about Limbach's commitment to our people and career opportunities, straight from our employees via the Limbach Unlocked podcast: Limbach Unlocked - Why We Chose Limbach We carry out our vision and purpose through a commitment to our four core values… We Care We Act with Integrity We Are Innovative We Are Accountable The Benefits & Perks… Base salary range of $120K - $130K Full portfolio of medical, dental, and vision benefits, along with 401K plan and company match. HSA, FSA, and life insurance offerings. Maximize your professional development with our award-winning Learning & Engagement team. Engage in our “We Care” culture through our ERGs, brought to you by EMBRACE. Career pathing flexibility and mobility. Who You Are… As Security Analyst / Engineer, you will serve as the organization's primary, hands-on security operations lead. Reporting directly to the CIO, the candidate will triage SOC outputs, tune detection logic, drive automated response through SOAR playbooks, own the vulnerability management lifecycle, and lead incident response from detection through remediation and post-incident lessons learned. They act as a trusted partner to our outsourced SOC, the quarterback for IR, and the technical voice to the CIO and Board on operational security posture working closely with our IT Operations leader. This Position… Some examples of the work you might do includes: Security Operations & Monitoring: Serves as the primary liaison to our outsourced SOC and vCISO. Triage, validate, and prioritize alerts from SIEM (e.g., Google Chronicle, GrayMatter, or equivalent). Ensures log integrity, enrichment, and actionable alerting. SOAR & Automation: Builds, maintains, and iterates SOAR playbooks (Google SOAR or comparable) to automate containment, enrichment, and evidence collection; lowers MTTR by automating low-risk actions while preserving human judgment for high-impact events. Incident Response: Lead detection → containment → eradication → recovery workflows. Owns post-incident reviews, creates remediation roadmaps, and tracks closure of corrective actions. Conducts regular tabletop exercises and maintains IR runbooks and escalation paths. EDR/MDR/XDR Management: Administers and tunes EDR/MDR/XDR platforms (deployment health, telemetry, detection rules, containment capabilities). Investigates endpoint events, performs root cause analysis, and coordinates remediation with IT operations. Vulnerability Management: Operates the vulnerability management program (Rapid7, Tenable.io, or equivalent): schedules scans, triages findings, prioritizes by risk and asset criticality, and shepherds remediation with engineering teams. Proposes and verifies system hardening measures and baselines. Detection Engineering: Authors correlation rules, analytic searches, and detection content; reduces false positives while increasing meaningful detections. Builds dashboards and KPIs that communicate detection coverage and efficacy. M&A & Integration Security: Leads security due diligence and integration activities for acquisitions: identities & accesses reviews, vulnerability scans, endpoint posture checks, and integration playbooks to onboard new entities into Limbach's security baselines. Training & Knowledge Transfer: Develops and delivers IR and detection training for IT and business teams. Produces clear operational documentation, SOPs, and playbooks. Coaches SOC engineers and champions continuous improvement. Reporting & Executive Communication: Produces monthly operational and executive risk reports (incidents, vulnerability trends, MTTR, coverage gaps). Briefs the CIO and Board with concise risk-based recommendations. Third-Party Coordination: Manages relationships and SLAs with MDR/MSSP/MDR providers, forensic firms, and other security partners. What You Need… 5+ years of progressive, hands-on cybersecurity experience, with significant time spent in SOC and incident response environments. Demonstrated expertise with SIEM and SOAR platforms (Google Chronicle, GrayMatter, Chronicle SOAR, or comparable). Proven track record managing EDR/MDR/XDR solutions and performing endpoint investigations. Hands-on experience owning vulnerability programs with Rapid7, Tenable.io, or similar tooling. Experience writing detection logic, playbooks, and incident runbooks; demonstrable success in alert tuning and automation. Real-world experience coordinating cross-functional incident response activities and driving remediation to completion. Scripting and automation skills (PowerShell, Python, Bash) to automate enrichment, containment, and evidence collection. Strong Windows and Linux administration/forensics fundamentals; network fundamentals and packet-level troubleshooting. Familiarity with cloud security (Azure, Microsoft 365, Intune, Conditional Access) and endpoint management tools. Knowledge of security controls, hardening standards, and configuration baselines. Ability to read and interpret logs and telemetry across endpoints, network devices, and cloud services. Superior written and verbal communication; able to explain technical findings to non-technical and executive audiences. Decisive under pressure, methodical in evidence collection, and disciplined in documentation. Collaborative, tactful, and experienced at working with cross-functional teams (IT ops, HR, Legal, vendor partners). Strong project management and organizational skills with an eye for measurable outcomes. Ability to travel up to 15% of the time. Preferred Qualifications: Certifications: CISSP, GCIH, GCFA, ECIH, or Security+ (or equivalent). Prior role as a dedicated incident responder or IR team lead. Experience with Microsoft Defender for Endpoint, Azure Security Center, and native cloud telemetry. Familiarity with compliance frameworks (SOC 2, NIST CSF/800-171, ISO 27001) and how detection/IR maps to them. Experience in multi-site enterprise environments and with M&A integration security. Conduct Standards: Maintains appropriate Company confidentiality at all times. Protects the assets of the Company and ethically upholds the Code of Conduct & Ethics in all situations. Cultivates and promotes the “Hearts & Minds” safety culture. Consistently exemplifies the Core Values of the Company (we CARE, we act with INTEGRITY, we are INNOVATIVE, and we are ACCOUNTABLE). Work Environment: This position operates primarily in an office environment and routinely utilizes standard office equipment, such as computers, phones, copiers, and filing cabinets. The Company's Remote Work Policy is applicable to this position. Physical Demands: In performing the duties of this job, the incumbent is regularly required to talk, hear, perform repetitive motion, and possess an appropriate degree of both visual acuity and manual dexterity. This is considered a sedentary position, which means possible exertion up to ten (10) pounds of force occasionally, and/or negligible amount of force frequently or constantly to lift, carry, push, pull, or otherwise move objects. This job description is intended to describe the general nature of work being performed by the individual who assumes this role, not an exhaustive list of responsibilities. Duties, responsibilities, and activities may change at any time, with or without notice, as business needs dictate. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position. Limbach Facility Services LLC is an Equal Opportunity Employer. #LFS

Artech Information Systems is the #1 Largest Women-Owned IT Staffing Company in the U.S. and an employer of choice for over 7,200 consultants. We recruit world-class talent for IT, engineering, and other professional jobs at 70+ Fortune and Global 500 companies coast-to-coast across the U.S., India, and China. We are one of the fastest-growing companies in the US and we welcome you to search the thousands of jobs in our cutting-edge GEM system for employment opportunities that fit your qualifications. Job Title: Security Analyst Location: Pittsburgh, PA/ Lake Mary, FL / Nashville, TN Duration: 12 months contract with possible extension/ conversion FTE Job Description: Client is looking for a talented and self-motivated individual with strong technical skills and the ability to rapidly learn new technologies. We are looking for an exceptional candidate that shares our passion for delivering solutions to complex security problems, while maximizing productivity and minimizing employee friction. The candidate will contribute to IAMO Transformation program by aiding in the configuration and implementation of the new SailPoint LCM product. The candidate will perform business critical analysis to help with the implementation of application access requests and workflows across IAM. This role will support access provisioning, remediation for audit findings, workflow creation and modifications, and ensuring revocations and certifications are completed within the guidelines established by Corporate Policy. This position is critical to ensure Service Level Objectives and Internal project deadlines are met. The candidate will require increased technical and analytical skillsets and provide Sailpoint Product Support with a focus on: • Experience with designing, developing, testing, implementing, and integrating IGA solutions involving SailPoint Identity Now (IIQ). • Experience in SailPoint Identity IQ implementation and configuration for application on-boarding for access request and approval and access certifications o Configuration of simple and advanced LCM workflows within SailPoint o Creating and managing workgroups in SailPoint o Configuration and management of most common direct connectors (i.e. Active Directory, LDAP, Mainframe, etc.) o Creation of preventative and detective Segregation of Duty rules o Experience with role-based access controls and configuring automate provisioning and deprovisioning. • Train and mentor other team members on the use of the SailPoint Identity Now platform. • Experience with identity lifecycle flows including leaver, joiner, and mover. • Experience with consultative and complex technical deployment projects, managing various stakeholder relationships. • Strong knowledge and experience with incident/problem management processes. • Possess critical thinking skills. • Strong functional knowledge of MS Office Suite software products, Jira, and Confluence. • Strong communications skills, oral and written. • Ability to collaborate and interact productively with team members and key stakeholders. • Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood and actionable manner. • Ability to effectively influence and convince others to make appropriate changes in their priorities and behaviors for the benefit of the organization. • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business. • Ensures integration end state protects information resources against unauthorized use, inappropriate degrees of access, disclosure, damage and/or loss. • Design and code rules, applications, workflows, custom tasks, custom connectors, UI pages and custom reports in SailPoint Identity Now. • Develop working relationship with IT engineering resources to drive solution features adoption. • Develop control adoption templates for IT resources to understand and implement connections required for the SailPoint Identity Now service. • Review SailPoint IGA to ensure the solution is optimized for the highest level of service and establish an ongoing practice to perform periodic reviews. • Interpret policies and standards with InfoSec, Risk and Compliance teams, ensuring policies and standards are properly followed by IAM control solutions. • Design and maintain flowchart diagrams, process workflows and standard documentation required to sustain the SailPoint platform. • Promote security policies, standards, and best practices across the organization. • Supports and resolves system incidents, problems, and changes. Qualifications 5 years of Sailpoint experience -Will consider experience over degree -Locations: Pittsburgh, Lake Mary or Nashville -2000+ applications to be migrated into sailpoint -Configure workflows -Create/manage work groups -Create duty rules -Invisio, Confluence, Jira, Excel Additional Information All your information will be kept confidential according to EEO guidelines.

The Systems Engineer position is responsible for providing full cycle implementation and support of customer systems, while working across multiple company departments to ensure full client satisfaction. Under the direction of a manager or dispatcher, coordinates the design and maintenance of all access control, intrusion, and video surveillance systems. Incumbent receives and evaluates work orders and requests, investigates requests and troubleshoots problems where appropriate, establishes priorities and coordinates with contractors, when required. Requirements Essential functions and responsibilities: Assists with security systems integration, mapping and software updates and helps train personnel in the use of these systems. Assists on new projects in both existing areas and new construction helping with security assessments, vendor selection, technology upgrades, product selections, testing, field verification of systems and inspection of work in progress for compliance with standards Assess work sites, conditions, and logistics for each project; Develop Method of Procedure based on pre-project assessment. Design, develop and provide documentation of systems, configurations, and other pertinent information for the customer. Communicate with clients to resolve issues in a professional and confidential manner; Develop and execute client specific solutions. Manage the allocation of project resources, including software, hardware, tools, and related items specific to each customer and/or project. Direct the work responsibilities of union labor personnel based on specific project needs. Design and oversee training programs for new and existing customers; Determine which customers receive training. Collaborate with Customer Relationship Managers on demonstrations for new and potential clients. Perform installation, configuration, programming, and final commissioning of customer systems. Work collaboratively with installation, project management and engineering teams. Perform infrastructure services, including pulling cables, installing wall, and ceiling cabling, and installing surface mounted devices, as required. Perform system wiring and terminations services, as required. Deliver on-going remote and on-site technical support for existing customers and systems. Additional responsibilities may be required as necessary, including but not limited to: Provide internal support for basic trouble shooting. Organizes and manage parts stock and tools. Perform other duties as needed. Success factors/job competencies: Effectively communicate both in writing and verbally Work independently and prioritize multiple tasks and adapt to needed change Analysis Mechanical aptitude Comprehend technical language and read and interpret blueprints, wiring diagrams, and schematics Safety orientation Customer Focus Attention to Detail Teamwork/Collaboration Stay abreast of changes in security technology Physical demands and work environment: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Individual will be required to travel to customer sites as needed. While performing the duties of this job, the employee is occasionally exposed to moving mechanical parts. The employee is occasionally exposed to outside weather conditions and risk of electrical shock. Individual will regularly be required to lift, push, pull, and carry up to 50 pounds, and occasionally up to 75 pounds. Incumbent will be required to use a computer with keyboard, telephone, or handheld mobile device for extended periods of time, and office machinery as needed. Incumbent must be able to read, see, hear, and speak. Workdays and Shifts: Position works Monday-Friday, daylight hours, and additional time as needed to complete work. Education/Certification(s)/License(s) required: Bachelor's Degree in Electronics, Information Technology or related field, or equivalent experience. May be required to participate in safety trainings and/or certifications provided by the Company or customers. Valid driver's license, as employee will be required to travel to local and overnight client sites as needed. Manufacturer specific certifications, as required. Responsible to maintain active certifications and obtain new and updated certifications as required by the Company. Experience/Other required: Position requires two (2) to three (3) years of relevant experience in the electronic services. Strong knowledge of Microsoft Office. Strong computer skills with advanced software aptitude. Security systems to include, service and maintenance across a broad spectrum of access control, intrusion and video surveillance systems such as, Genetec, Milestone, Bosch, and DMP. Applicants must be currently authorized to work in the United States on a full-time basis. Visa sponsorship is not available for this position. This is a full-time, in-person position, and candidates must be able to work from our office located in Pittsburgh, Pennsylvania.

Job Title: IT Analyst Reports to: Director of IT Company Statement: This is an opportune time to join a fast-growing company which is an industry leader in the renewable energy space. Montauk is a fully integrated renewable energy company specializing in the management, recovery, and conversion of landfill methane into renewable electric power and renewable natural gas. Montauk's corporate office is located in Pittsburgh, Pennsylvania with a regional office in Houston, Texas. Montauk operates as a subsidiary of Montauk Holdings Limited, a publicly traded holding company listed on the NASDAQ. Job Description: Under the supervision of the Director of IT, the IT Analyst will be responsible for (i) the daily operations of the organization's network infrastructure, including hardware, software, security, and services. (ii) Coordinate and collaborate with the rest of IT, Automations (OT), and the business at large to identify and implement opportunities for continuous improvement. (iii) Assist with policies and procedures that ensure compliance with industry standards and regulations, minimize downtime, and support efficient operations. Standard Requirements and Desired Skills: Associates of Science in Computer Information Systems or similar degree 2 - 5 years' experience in systems support Strong technical skills to maintain environments such as Microsoft 365, Citrix systems, VMware, Fortinet, etc. Comprehensive knowledge of Enterprise Resource Planning (ERP) software Fundamental working knowledge of SQL database environments Applied use of scripting for automated tasks (Visual Basic, PowerShell, etc.) Ability to construct and revise policies relating to acceptable systems use Strong interpersonal and communication skills Excellent technical documentation skills Ability to work and learn under direct supervision and under a high stress, growing environment Essential Job Functions: Ensure the core infrastructure systems within the IT network are effectively maintained, and administered to ensure smooth reliable operations Lead troubleshooting and resolution of routine network issues and conducts root cause analysis (RCA) to prevent recurrences and identify potential technological, training, or process improvements. Translate business needs to specific functional requirements to be relied upon by designated project team(s) Coordinates with project stakeholders to meet desired implementation goals and timelines Provides support to existing systems across both administrative and operational departments Select and manage key hardware and software for supporting the IT infrastructure Development of baselines for technology stack across the organization Understanding and adherence of defense-in-depth practices as related to cybersecurity Available to be on call when needed Other duties as assigned Benefits: · Full-Time employees are eligible for a strong benefits package including: · Medical, Dental and Vision · Flexible spending account · Paid time off · Long term disability, and life insurance · Retirement 401K · Pay is commensurate with qualifications. Montauk Renewables is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to status as a protected veteran or a qualified individual with a disability, or other protected status, such as race, religion, color, national origin, sex, age. We are a drug free work environment based on Federal guidelines and use e-verify to confirm employment eligibility.

Insight Global is searching for a Requirements Analyst to join our Financial Services client in Pittsburgh. This person will be accountable for collaborating with both IT teams and the business units to ensure their requirements are accurately captured, prioritized, and fulfilled in alignment with the overall IT strategy. You'll be responsible for defining business and technical requirements - both functional and non-functional - along with creating use cases and supporting documentation throughout the project lifecycle, from initiation to implementation. We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to ********************.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: **************************************************** Skills and Requirements - Bachelor's degree in Information Technology or related field. o Will consider commensurate experience in lieu of education. - Minimum 5 years of experience in a business/requirements analyst role gathering, documenting, publishing, and validating requirements for services and stakeholders. - Minimum 4 years' experience in an IT environment. - Demonstrated experience working on simultaneous projects large in size and scope. - Self-starter and ability to work on their own to research project requirements - Strong Microsoft Office Products understanding (Word, Excel, PowerPoint, Outlook, Visio) - Ability to lead and document whiteboard sessions with key stakeholders - Formal Business Requirements training and/or certification is a plus. - Knowledge of Cloud Technology - Demonstrated leadership skills. - Experience working with both Agile and Waterfall developmental approaches

Identity & Security Engineer - Browser Security Second preference is other tech hubs Dallas TX, Columbus OH, Cleveland OH , Pheonix AZ and Birmingham AL Shift Times/Preferred Time Zone: M-F 9-4 EST but also night and weekend work (flex schedule) network configuration adjustments after hours and weekends Length of Assignment: 12 months Organizational Structure And Impact: Impact/Function this role has within the bank/LOB i.e., mitigating risk, cost reduction, revenue, etc.: Mitigating Risk/ fraud and security operations Team Background and Preferred Candidate History: Security engineering team, mitigating risks, fraud and security operations Key responsibilities: Deploying Island.io Browser to PNC Must have technical skills/experience (ask for alternative/tool/version): + Island.io Browser exp + Security browser exp + Browser extensions Flex Skills: Azure or AWS Cloud exp Education: No Bachelor's needed, Exp more important Screening Questions: + Describe your experience in detail with Island.io Browser or other security browsers? + Describe your experience with OS deployment of Island.io Browser or other security browser? Logistics (Interviews) : 2 step, 1 hr first 2nd 30 mins + 1st round: Hm and a few Sr engineers (used to narrow down to 2nd round) + 2nd round: HM and Mgr Skills: + Browser extensions + Island.io Browser + Security browser exp Share your resume with ***********************. Also connect me at LinkedIn : (16) Ariz J. Khan | LinkedIn (************************************************** Ref: #404-IT Pittsburgh System One, and its subsidiaries including Joulé, ALTA IT Services, CM Access, TPGS, and MOUNTAIN, LTD., are leaders in delivering workforce solutions and integrated services across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible full-time employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan. System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.

* Familiarity with security architecture frameworks such as SABSA and TOGAF. * Familiarity with Threat modelling methodologies such as STRIDE. * Familiarity with security frameworks such as NIST800, CIS, ISO27001. * Familiarity with independent assurance frameworks such as SOC2. * Industry recognized technical certifications are desirable (CISSP, CCSP, CompTIA Security+, GIAC security essentials). * Familiarity with security and privacy regulations impacting financial services such as SOX and GDPR. * Prior experience with risk assessments and general understanding of risk management principles. * Excellent written and verbal communications skills. MAJOR DUTIES: * Conduct formal end to end Information Security Assessments (review of questionnaires, third party security audit reports and evidence, onsite assessments, etc.) * Perform security reviews for technical products, identify gaps in security and assist in providing guidance on mitigating controls. * Perform risk analysis on third party capabilities (i.e., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change). * Use third-party risk evaluation tools to monitor and reduce organizational cyber risk associated with third parties. * Assess remediation plans and non-compliance acceptances where Information Security standards compliance cannot be achieved. Review services and data in scope of the assessment and analyze security risk ratings. * Work on projects as directed by management. HOURS/LOCATION: * 8:30 a.m. - 5:00 p.m. (Overtime as required) * Hybrid schedule (in-office / remote) * Warrendale, PA - 15086 * Work at downtown location when required EXPLANATORY COMMENTS: * Good communication and interpersonal skills * Good decision making and problem-solving skills * Good analytical skills with attention to detail and accuracy * Ability to work on multiple projects simultaneously * Ability to work effectively both individually and as a member of a project team

We are focused on imparting effective business staffing services through high level cost effective solutions. We have a strong foundation built on legacy and emerging technologies, including excellent track record of on-time delivery. We are leaders in providing additional custom IT Services with a proficient approach towards development of emerging mobile-based applications and web based application development. We are emerging as one of the largest private talent sourcing and management firms in the US. Our client- one of the leading ICT for development - ICT4D - organization, providing low cost solutions using ICT to tackle poverty and to overcome disadvantage, working closely with local communities seeks an accomplished IT Security Leader. Job Description Title: Information Risk Consultant Location: Pittsburgh PA Duration: 12+ months Responsible for providing support to technical professionals with regard to a variety of administrative, systems, and business operations problems, and participation in related system development projects of the most complex nature. Requires a seasoned expert on the integration of multiple systems or large-scale development projects. Responsibilities may include: determining and defining system specifications, process improvement, quality assurance, interaction with customers and technical staff, strong emphasis on problem resolution, and project-lead activities. Other Skills: Information Risk Governance/Information Security Additional Information I would love to talk to you if you think this position suits your interest. If you are looking for rewarding employment and a company that puts its employees first, we would like to work with you. We also offer group health insurance. NOTE: “Candidates that are offered a position are required to pass pre-employment drug and background screening”

We are seeking an experienced AI Security Engineer to lead the development of next -generation cybersecurity solutions for advanced AI systems. This individual will be responsible for researching, designing, and implementing cutting -edge security controls to protect AI models, data pipelines, and infrastructure from adversarial attacks, privacy vulnerabilities, and regulatory risks. The ideal candidate has a strong background in AI and understanding of cybersecurity principles, has been published in leading academic conferences (NeurIPS, ICLR, Black Hat, DEFCON, etc.), and has experience working at a frontier AI lab. Requirements Experience: 5+ years in AI/ML with a strong focus on cybersecurity. Education: Bachelor's or Master's in Computer Science, Cybersecurity, AI/ML, or a related field. PhD preferred. Technical Expertise: Strong understanding of AI security challenges, including adversarial ML, LLM backdoor, (in)direct prompt injections, model poisoning, and data leakage. Proficiency in cybersecurity frameworks (NIST, MITRE ATLAS, OWASP AI Top 10) and security tools. Hands -on experience with AI frameworks (TensorFlow, PyTorch, OpenAI API, Hugging Face) and securing AI pipelines. Expertise in cryptography, secure data handling, and privacy -preserving AI techniques (federated learning, differential privacy). Proficiency in Python and security -related programming (e.g., secure coding, AI model evaluation). Familiarity with AI agents, autonomous agents, large language models (LLMs), and multi -modal AI systems. Preferred: Experience in compliance, regulatory, or risk frameworks for AI (e.g., OWASP, MITRE, GDPR, HIPAA, GLBA, NIST AI RMF). An interest in robotics would be preferred as well. Publication & Research: Proven track record of research contributions in top AI/ML and cybersecurity conferences. Industry Experience: Prior work at a leading AI research lab, security -focused AI startup, or a major tech company's AI division. Benefits Competitive salary and equity options. 100% paid medical insurance coverage. Research and publication opportunities. Opportunity to work on cutting -edge AI security challenges that expand beyond software systems. Flexible work environment with remote and in -office options. Access to industry -leading AI security research and resources. A dynamic, mission -driven team shaping the future of AI security.

The Information Security Engineer with EdgeCo Holdings is responsible for designing, implementing, and monitoring security measures to protect EdgeCo's organization's computer networks and systems from cyber-attacks across the parent and all divisional companies. This role requires a deep understanding of both offensive and defensive security tactics, as well as the ability to anticipate and mitigate potential vulnerabilities. The role is required to understand Information Security risks as it pertains to our various businesses as well as trends in Information Security including offensive threats and appropriate defensive controls to manage them. The role will be required to understand Information Security risks and how these risks are managed by our Information Security Program and how to manage risks using technologies, tools, and logical and administrative controls to our risk tolerance and appetite. The role works with the Enterprise IT organization working with and running projects with Desktop Support, Infrastructure, and Operations as well as with our various business line development teams to ensure secure supportable applications and systems. The role will work with stakeholders to develop comprehensive security strategies that align with business objectives while performing standard security assessments of architecture to identify risks and any residual risk to be accepted. Location: Pittsburgh, PA - hybrid We are interested in qualified candidates who are eligible to work in the United States. However, we are not able to sponsor visas. Duties/Responsibilities: Configure, monitor, and/or support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. Assist with the identification, response, investigation, and remediation of potential breaches and issues surrounding data security. Recommend enhancements to existing and new security hardware, software, or related tools. Ensure security best practices are identified and integrated into all facets of projects according to the published Software Development Life Cycle (SDLC). Perform vulnerability scans and research new vulnerabilities and malicious software; review the company's potential exposure. Perform network, system, and server security assessments as well as ad-hoc audits to company policies, processes, procedures and validate according to internal and external industry standards and best practices. Monitor, analyze, and communicate security alerts and information according to policies and procedures for primary ownership areas in our InfoSec tool set. Regularly make recommendations to improve the security posture of enterprise systems and network infrastructure. Participate in IR processes for specialty areas and tool sets under their management and to support standard IR processes and procedures. Assist with new technology reviews, consulting with I&O teams in the support of new enterprise applications and technologies entering the infrastructure, proposing, and recommending process improvements, and working collaboratively with peers and support teams. Contribute to the development of InfoSec strategies to align with the overall business strategy as well as corporate strategy. Contribute, perform and act as primary owner in the development, implementation and execution of 'best practice' standards as well as departmental policies and procedures. Process or program management, and mentoring junior staff members. Required Skills/Abilities: Demonstrated experience supporting third party tools to manage and audit information systems. Working knowledge of security concepts such as: security information and event management (SIEM); point products like anti-virus (AV) and intrusion detection system/intrusion prevention system (IDS/IPS) and penetration testing tools. Cloud security exposure that includes tools and associated risks as well as Cloud based information security tools for Data Loss Prevention, CASB, Cloud Security Posture tools, WAF, SASE and other Infosec tools. Exposure to various regulatory requirements and or frameworks such as Payment Card Industry (PCI) or COBIT/NIST CSF/ NIST 800.53, ISO 27001/Cloud Security Alliance etc.). High degree of proficiency in MS Office Suite, Outlook & Internet applications. Strong, professional, and effective verbal and written communication skills. Strong analytical, prioritizing, problem-solving and presentation skills. Ability to work closely with cross-functional teams, while operating independently. Self-motivated with critical attention to details and deadlines. Ability to adapt well to change in direction and priority in a fast-paced and deadline-oriented environment. Preferred Skills/Abilities: Desired certifications include: MCSE, MCSA, A+, Network+, CISSP, Cisco, VMware, PMP or Project+, and Information Technology Infrastructure Library or relevant experience. Strong hands-on/technical knowledge of core Microsoft technologies including but not limited to Windows Servers, Active Directory. Technical knowledge of core networking tools and products. Experience as an Azure Administrator or equivalent role. Experience with SCRUM/Agile development methodologies. Ability to keep up to date with cloud offerings and solutions. Education and Experience: BS degree in the field of Computer Science, Information Systems, or related field and/or relevant certification with 5+ years equivalent work experience. 5+ years managing Information Security tools, services and risk exposure and risk assessment processes. Demonstrated experience in successfully supporting an Information Security program in a mid-sized company with significant regulatory and contractual obligations. 5+ years of Information Security experience 5+ years in a professional environment Strong Reading/Writing skills required

Overview & Responsibilities PURPOSE OF THE JOB The Senior IT Security Manager is a strategic and technical leadership role responsible for architecting and driving a robust, global cyber security program for Elliott, Ebara, and their subsidiaries. This position spearheads advanced security strategies, oversees critical security operations, and fosters cross-functional collaboration to protect enterprise-wide digital assets and infrastructure, ensuring resilience against sophisticated threats and compliance with multinational regulations. BACKGROUND and EXPERIENCE Minimum 10 years of progressive IT security experience, with at least 5 years in a senior leadership or managerial role overseeing global operations. Advanced expertise in enterprise security architecture, next-generation threat detection, identity and access management, and securing hybrid/multi-cloud environments across diverse geographic regions. In-depth knowledge of global regulatory frameworks (e.g., GDPR, ISO 27001, NIST, SOC 2, CCPA) and enterprise risk management methodologies applicable to multinational organizations. Proven track record leading complex, global security incident responses, threat hunting, and proactive vulnerability management programs. Industry recognized certifications required (e.g., CISSP, CISM, CISA, CCSP); advanced certifications in cloud security, threat intelligence, or governance preferred. Exceptional leadership, project management, and cross-cultural communication skills to build and mentor high-performing, globally distributed teams. Superior analytical and stakeholder engagement skills to translate complex technical risks into business impacts for diverse audiences, including senior leadership and boards. NATURE OF THE JOB This is a senior-level, hands-on leadership role focused on strategizing, implementing, and governing advanced cyber security initiatives across Elliott, Ebara, and their subsidiaries. Principal activities include: Designing and deploying cutting-edge, scalable security solutions to mitigate global threats. Directing multinational security operations and coordinating with diverse teams to ensure comprehensive protection. Proactively assessing and addressing risks with tailored, enterprise-wide strategies. Guiding global teams and promoting a unified culture of security awareness. SUPERVISION This is a supervisory role with responsibilities for IT Security professionals with direct responsibility for recommendations for hiring, discipline, discharge, performance appraisal and salary increase planning. SPECIFIC JOB RESPONSIBILITIES/COMPETENCIES Architect and execute a comprehensive, global cyber security strategy to protect the digital assets and infrastructure of Elliott, Ebara, and their subsidiaries, anticipating and mitigating advanced threats. Lead and oversee multinational security operations, including advanced threat monitoring, incident response, and threat intelligence programs across all regions. Conduct enterprise-wide risk assessments and develop sophisticated mitigation strategies aligned with business objectives and global compliance mandates (e.g., GDPR, NIST, ISO 27001, SOC 2). Spearhead the design and implementation of best-in-class security practices for physical, network, database, and application security, ensuring consistency across Elliott, Ebara, and subsidiaries. Direct and coordinate large-scale, multinational IT security projects, collaborating closely with Ebara IT to secure corporate and subsidiary environments. Oversee the execution of global security audits, penetration testing, and vulnerability management programs, ensuring robust controls and compliance with legal and regulatory standards. Develop, publish, and enforce enterprise-wide information security policies, standards, and guidelines, leveraging best practices and compliance requirements to ensure consistent application across all technology projects and services. Translate complex technical risks into actionable, business oriented insights for diverse stakeholders, including senior leadership, boards, and technical teams across Elliott and Ebara. Drive the selection, deployment, and optimization of state-of-the-art cyber security tools (e.g., SIEM, EDR, zero-trust solutions) to enhance global security resilience. Build, mentor, and lead a high-performing, globally distributed team of security professionals, fostering technical excellence, innovation, and accountability. Champion enterprise-wide security awareness and training programs to embed a proactive, risk-aware culture across all regions and subsidiaries. Provide strategic guidance to company and Ebara leadership on emerging security threats, recommending timely and collaborative actions to mitigate risks. Monitor and validate the effectiveness of in-place security controls, ensuring alignment with global regulatory compliance and business continuity requirements. Contribute to enterprise-wide technology planning, providing expert insights into current and future cyber security trends, tools, and systems to support organizational goals. Act as a key liaison for internal and external audit activities, overseeing technical aspects and ensuring seamless support for compliance driven initiatives. Equal Employment Opportunity Ebara Elliott Energy is an equal employment opportunity/affirmative action employer and does not discriminate on the basis of race, color, religion, sex, national origin, age, marital status, genetic information, disability, veteran status, or any other characteristic protected by the federal, state or local laws of the United States. Applicants and employees are protected under U.S. federal law from discrimination. To learn more, click here . To learn more about our Job Applicant Privacy Notice, please click here . No agency submissions please. NOTE: Resumes submitted to any Ebara Elliott Energy employee without a current, signed and valid contract in place with the Ebara Elliott Energy recruiting team will become the property of Ebara Elliott Energy and no search fees will be paid.