Information security analyst jobs in Tulare, CA

Role Purpose The Director of Information and Data Security will establish and lead Eltropy's IT and cybersecurity function, responsible for developing foundational systems, processes, and governance across infrastructure, data protection, and compliance. This leader will drive security maturity across the organization by balancing hands-on execution with long-term strategic planning, and by partnering with external GRC consultants to build a scalable security and compliance framework aligned with industry standards such as SOC 2 and ISO 27001. Location: Santa Clara, CA (Hybrid) Department: IT, Cyber Security and Ops Employment Type: Full-Time Minimum Experience: Senior Manager/Supervisor Compensation: $200,000-$240,000 (Base + Bonus) Strong cybersecurity background, with experience leading threat detection, incident response, and proactive security risk management across cloud and enterprise environments. Key Responsibilities IT and Infrastructure Security Oversee endpoint management, asset inventory, and identity and access management (IAM). Establish standards for device hardening, patch management, and secure configuration. Define and manage the budget for all security and IT tools, services, and human capital, ensuring cost-effectiveness and alignment with the overall security roadmap. Implement centralized visibility and control across systems and SaaS applications. Cybersecurity and Data Protection Lead threat detection, vulnerability management, and incident response operations. Implement and maintain a Cloud Security Posture Management (CSPM) solution to monitor cloud infrastructure (AWS/Azure) for misconfigurations and compliance issues. Deploy and tune SIEM/XDR solutions to enhance visibility and threat detection across environments. Conduct regular penetration testing, track remediation, and drive security awareness programs. Define and enforce data protection policies covering classification, encryption, and retention. Governance, Risk, and Compliance (in partnership with GRC Consultant) Partner with external GRC consultants to design and operationalize Eltropy's information security and compliance framework. Translate consultant-driven recommendations into actionable internal controls, policies, and monitoring mechanisms. Manage the Third-Party Risk Management (TPRM) program, including vendor due diligence, security questionnaires, and ongoing risk monitoring. Maintain a centralized risk register and oversee remediation tracking. Own operational compliance for frameworks such as SOC 2, ISO 27001, and GDPR. Security Architecture and Product Collaboration Work closely with Engineering and Product teams to embed security-by-design principles in SaaS architecture and cloud deployments. Implement automated security testing (SAST/DAST) within the CI/CD pipeline to shift security left and reduce vulnerabilities early in the development lifecycle. Review architecture and third-party integrations to ensure alignment with data security and privacy standards. Incident Management and Business Continuity Establish and operationalize the company's Incident Response Plan (IRP) and Business Continuity/Disaster Recovery (BCP/DR) framework. Conduct tabletop exercises and post-incident reviews to enhance preparedness and learning. Security Awareness and Culture Develop and implement a company-wide security awareness program. Partner with HR and Operations to ensure onboarding/offboarding includes security compliance and periodic training. Foster a security-first culture emphasizing accountability and vigilance across teams. Leadership and Department Setup Build and lead a high-performing IT and Security team, including IT administrators and cybersecurity engineers. Define structure, roles, and hiring priorities aligned with the company's growth stage. Create a phased roadmap for security maturity, including technology adoption and process optimization. Key Performance Indicators (KPIs) Security Tool Coverage: Achieve at least X% deployment and agent coverage across all corporate and cloud assets within the first 6 months. Vulnerability Remediation: Maintain average time-to-remediate critical and high vulnerabilities below X days. Compliance Milestones: Achieve SOC 2 / ISO 27001 readiness within agreed timelines. Asset Visibility: 100% endpoint and asset inventory completeness. Incident Management: Reduction in mean time to detect (MTTD) and mean time to respond (MTTR) for incidents. Team Ramp; Process Setup: Completion of key hires and operational processes within the first year. Requirements Independent, self-starter with strong ownership and execution bias. Ability to prioritize and execute in a resource-constrained, fast-paced SaaS environment. Strategic thinker with operational depth; able to balance long-term maturity goals with immediate risk mitigation. Excellent communication skills with the ability to influence and align cross-functional stakeholders. Proven experience setting up IT or cybersecurity programs in a SaaS or technology environment. Strong understanding of endpoint protection, cloud infrastructure security (AWS/Azure), IAM, and network security. Experience with SIEM and/or XDR deployment and tuning for threat detection and monitoring. Familiarity with CSPM, SAST/DAST, and vulnerability management tools. Knowledge of GRC frameworks (SOC 2, ISO 27001) and translating them into practical, auditable controls. Reporting to: VP of Operations Level: Senior Leadership Direct Reports: IT Team Cybersecurity Engineer(s)

ROLE: Oracle Security Analyst Duration: 6 months extendable Job Details: This role will be part of a growing team responsible for maintaining and supporting the security functionalities of the Oracle Fusion Cloud ERP/EPM/OTM applications. The Oracle Fusion Security Analyst is responsible for supporting all security related issues in Oracle Fusion Cloud ERP, EPM & OTM application. This role will also require strong knowledge on supporting user access, auditing, and custom role security design. In addition, this role may have to support managing the Oracle application environments with supporting refreshes, outages, system monitoring, configurations, and patching. We are looking for a candidate with an in-depth understanding of Security and RMD in Oracle Fusion Cloud, experience in ERP implementations. Key Responsibilities: Effectively support Oracle Cloud ERP, EPM, and OTM SaaS user access and auditing Support user security and roles within Oracle Fusion Cloud, OTM, EPM and guide users as needed to provide proper access to proper functionality. Import users and access using oracle standard functionalities Understand and has experience in Oracle ERP, EPM, OTM security fundamentals and role base access Manage auditing for users and access for ERP, EPM and OTM ensuring access violations are to a minimum in Oracle RMC. Support all issues related to auditing and security for Oracle Fusion Cloud applications (ERP, EPM & OTM) Partner with Security, Network, Development and Product Teams to identify issues, driving issue resolution. Migrate technical SaaS and PaaS objects such as OIC, BIP, BICC, and ESS jobs Follow up on service requests in MOS as needed to complete issues resolution Complete Service Now tickets as required to support users as needed under agreed

Role: Cybersecurity Manager Duration: 6+ months Summary: The Cybersecurity Manager leads global cybersecurity operations, incident response, cloud security, and vulnerability management across IT, OT, and cloud environments. This role drives security maturity, manages SOC functions, and ensures compliance with frameworks like ISO 27001, NIST, and ITAR. Key Responsibilities:Lead cybersecurity operations, including SOC oversight, threat detection, and endpoint security. Manage incident response for ransomware, APT, insider threats, and major security events. Oversee vulnerability and patch management programs (Tenable, Automox, CrowdStrike). Strengthen cloud and identity security across Azure, Entra ID, and Microsoft 365. Implement Zero Trust architecture and secure configuration standards. Support compliance efforts (ISO 27001, NIST CSF/800-53/171, ITAR, GDPR, HIPAA, PCI). Lead global cybersecurity teams, contractors, and MSSP partners. Provide executive-level reporting on risk posture, incidents, and security metrics. Requirements:10+ years of cybersecurity experience with leadership responsibilities. Strong background in SOC operations, IR, EDR, SIEM/SOAR, and cloud security. Hands-on experience with Sentinel, XSOAR, CrowdStrike, Defender, Tenable. Knowledge of ISO 27001, NIST, ITAR, and broader regulatory frameworks. Strong communication, team leadership, and cross-functional collaboration skills.

We are a specialized technology staffing agency supporting professional and financial services companies. Why do we stand out in technology staffing? We listen and act as advisors for our candidates on how they can best add value, find interesting projects, and pave a path for career advancement. We advocate for the best pay, diversity in tech, and the best job fit for every candidate we place. Our client, a global investment firm, is seeking an experienced Director of Information Security to join their team in Los Angeles, CA! This role will ensure compliance with industry regulations and standards, enforce robust policies, and provide strategic direction for the firm's information security roadmap. The Director will lead a team of security professionals dedicated to mitigating risks and responding to incidents, protecting the firm's systems, sensitive financial data, client information, and intellectual property from cyber threats. Responsibilities Develop, maintain, and enforce the firm's information security policies, procedures, and standards in accordance with legal and regulatory requirements, such as SEC, FINRA, GDPR, and any applicable financial industry regulations. Lead and oversee the firm's information security program, including cybersecurity, identity management, risk assessment, incident response, and security awareness training. Manage a comprehensive security strategy that includes network defenses, endpoint protection, data loss prevention, threat intelligence, and security monitoring. Collaborate with key stakeholders to align security initiatives with business objectives and risk management strategies. Conduct regular security audits, vulnerability assessments, and penetration tests to evaluate the effectiveness of security controls and policies. Work closely with IT leadership to ensure the secure implementation of new technologies and the review the effectiveness of security controls and policies around existing architecture. Lead the incident response team in managing and investigating security breaches and incidents while minimizing business impact. Develop and oversee a vendor risk management program to ensure third-party compliance with the firm's security standards. Collaborate with legal and compliance departments to ensure all data privacy practices align with legal requirements and to provide supporting documents for security governance programs. Prepare and manage security budgets and forecasts, ensuring the strategic allocation of resources. Manage, mentor and develop a team of technology and security professionals, nurturing a culture of teamwork, integrity, excellence, humor, and results. Stay abreast of the latest security trends, threats, and technologies to maintain the firm's cyber security resiliencies and capabilities. Regularly report to executive management and cyber security committee on the state of information security program, potential risks, and recommendations. Develop, standardize, and maintain security documentation, including the Information Security Program, Incident Response Plan, Security Policies and Procedures, and Infrastructure Presentations. Identify third-party vendors for security due diligence of both external and internal applications used by the firm. Conduct account audits and sensitive data validation audits, leveraging the data classification system. Audit and maintain records of Active Directory data ownership, distribution list memberships, and employee access and approvals. Monitor daily security alerts, log review, and maintain records of security incidents. Manage the documentation for Windows and third-party patching processes and security hardening measures. Provide new hire security training, conduct monthly phishing exercises, and maintain security training documentation. Schedule and document annual risk assessments, penetration tests, and bi-annual disaster recovery tests, including maintaining the disaster recovery notification system. Keep the employee status roster up-to-date in coordination with HR. Oversee the creation and maintenance of onboarding/offboarding documentation and the electronic keycard register. Act as the firm's main point of contact for managed security service providers and vendors. Regularly inform the firm of significant security updates and maintain ongoing security-related communications. Qualifications A minimum of 10 years of experience in information security, IT risk management, or related field, with at least 5 years in a leadership role. Bachelors or master's degree in Information Security, Computer Science, Information Systems, or related field. Professional information security certifications such as CISSP, CISM, CISA or similar. Strong understanding of the cyber security risks associated with various technologies and ways to manage them. Ability to present security findings and reports to key stakeholders including executive management, cyber security committee, and boards and investors. A proven track record of developing and administering an information security program in a complex environment. In-depth knowledge of financial industry's policies, procedures, regulations, and legislation specifically as they relate to investment management sector. Excellent communication, leadership, and presentation skills to effectively convey complex information security topics to technical and non-technical audiences. Demonstrated ability to collaborate, build consensus, and drive initiatives in a complex business environment. Hands-on experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation. Relevant experience in information security management, governance, and operations. Familiarity with conducting audits, risk assessments, and working within regulatory frameworks. Experience in incident response planning, access control audits, and vendor management. Demonstrated ability to create and conduct security training programs. Excellent organizational skills, with the ability to manage multiple processes and maintain meticulous records. Strong communication skills for interfacing with various departments, vendors, and key stakeholders. Salary: $200,000 - $250,000

We are seeking a Cybersecurity Risk Analyst to support managing and mitigating security risks across processes, technologies, and cloud environments. The ideal candidate will combine technical expertise, business acumen, and cybersecurity experience to advise partners, assess risks, and drive improvements in secure operations. This role requires hands on experience with Kusto Query Language (KQL), cloud security, and risk assessment, as well as the ability to communicate effectively with stakeholders at all levels. Must be local to San Francisco or Los Angeles (LA) or Salt Lake City (SLC). Responsibilities: Support risk strategies by identifying and mitigating security risks in bank systems and processes. Apply and interpret security policies, provide guidance and input on policy enhancements. Advise business and technical partners on security controls, procedures, and best practices. Assess cloud and on-prem environments to identify risks and recommend control improvements. Conduct security control assessments, document findings, and develop actionable remediation plans. Evaluate third-party vendors to determine shared security responsibilities and associated risks. Communicate security risks and mitigation strategies effectively to technical teams and executives. Collaborate across teams to drive secure operations and deliver results in a fast-paced environment. Qualifications: Bachelor's degree in Cybersecurity, Information Security, Computer Science, or related technical discipline (or equivalent experience). 3+ years of experience in cybersecurity, information security, or technology risk management. Proficiency in Kusto Query Language (KQL) for data analysis, log correlation, and threat detection. In-depth understanding of security frameworks such as NIST, ISO 27001, or FedRAMP. Demonstrated experience assessing and improving security posture across Cloud (Azure, AWS) and on-premises environments. Proven ability to conduct security control assessments, identify risk exposures, and develop actionable remediation plans. Skilled at translating technical security concepts into clear, business-relevant insights for stakeholders and executives. Excellent communication, collaboration, and interpersonal skills, with a focus on building trusted partnerships across technical and business teams. Strong organizational and analytical skills, with the ability to manage multiple initiatives in a fast-paced, results-driven environment.

NO SPONSORSHIP - NO OPT Cybersecurity Engineer / Architect BILL RATE: Open - C2C or W2 DURATION: 1 YEAR OR LONGER The manager is looking for someone out of a large enterprise environment and is a true architect with engineering skills. Highly technical and applications and infrastructure focused is key platform applications storage network virtualization cloud azure and mobile security The Cyber Security Engineer will be responsible for the planning, development and implementation of enterprise information security solutions (such as authentication and authorization, public key infrastructure, data loss prevention, and security event information management) to address the current and emerging security needs of the business. This role requires the solution of complex enterprise-scale information security problems. The role will design and develop new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Skills/Experience: Contributes to a team that ensures the security of enterprise data and systems by developing enterprise information security solutions. Creates and updates a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats. Researches, designs, and develops new enterprise technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Serves as a security expert in one or more of application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices. Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contributes to the development and maintenance of information security architecture. Engages with security specialists and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements. Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks. Serves as an expert in one or more of platform, application, storage, network, virtualization, cloud and mobile security best practices. Mandatory Technical Skills: Experience with healthcare data systems or claims management platforms Strong knowledge of network security protocols, best practices, and perimeter security tools Strong knowledge of identity and access management controls, including SAML and OAUTH/OIDC based authentication, Active Directory, and role mapping Understanding of common security control solutions for event logging, remote access, endpoint management, and mobile device management Understanding of common data protection technologies such as cryptography, tokenization, and hashing Additional Technical Skills: Understanding of Azure native security services and best practices Strong knowledge of threat modelling and risk assessment technologies or frameworks

Company - Our client is a globally recognized leader in financial services and technology innovation, consistently ranked in the Fortune 200. Known for their commitment to cybersecurity and digital transformation, they offer a dynamic environment where top-tier tech professionals can make a large-scale impact on cutting-edge cloud and security initiatives. Job Title - Principal Cloud Security Architect Location - Irvine, California (Hybrid - onsite 2-3 days per week) Role Type - 6-Month Contract (1,040 hours) with potential for full-time conversion Must Have Skills: 15 years in information risk management and information security, including 5+ years in security architecture and 5+ years in cloud environments Deep technical expertise in cloud security architecture, including IAM, CI/CD security, data protection, and threat modeling Experience designing and implementing large-scale cloud and security programs (e.g., SOC, SSDLC, DLP, IAM, Zero Trust) Hands-on familiarity with security frameworks such as NIST 800-53, ISO 27002, CIS Benchmarks, and Cloud Security Alliance Strong leadership and communication skills with the ability to influence executive stakeholders Responsibilities and Job Details: Lead the overall cloud security architecture strategy and define secure computing frameworks and standards Collaborate with Infrastructure, Development, and Business Leadership teams to ensure secure cloud adoption Serve as the security SME on the Information Technology Architecture Committee (ITAC) and Architecture Review Committee Develop and maintain the Secure Software Development Lifecycle (SSDLC) and Data Protection Programs Define and enforce enterprise-wide security architecture patterns based on best practices and compliance needs Manage the enterprise threat management/intelligence program, supporting SOC operations and risk integration Evaluate and lead implementation of new security technologies and vendor tools to support enterprise cloud strategy Provide mentorship to junior cybersecurity staff, elevating technical acumen across the team Guide secure integration of innovative technologies such as IoT and AI in alignment with risk posture Participate in security incident investigations and lead post-incident review and strategy refinement Ensure secure CI/CD pipelines, container security, and cloud-native protection strategies are embedded into architecture Influence security roadmap by identifying gaps and defining forward-looking technical solutions across domains

Castelion is bringing a new approach to defense development and production: one that focuses on short, iterative design cycles, rapid testing in development, and modern commercial manufacturing strategies for production at scale. We're designing, building, and testing next generation long range strike weapons systems to give America and its Allies a definitive edge and deter future conflicts. Information Systems Security Manager (ISSM) *This position requires a TS/SCI Clearance and Special Access Program Experience* Castelion Corporation is looking for an experienced ISSM to manage and maintain the Classified Networks out of our Torrance location. The ideal candidate will be a dedicated security professional with a demonstrated ability to work independently and as a member of a team in a fast-paced, high-tech environment. The ISSM's primary function serves as a principal expert and manager on all matters, technical and otherwise, involving the security of information systems under his/her purview. Primary support will be working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, NAVY, Army, DARPA, etc. The position will provide "day-to-day" support, oversight, and maintenance for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities. As the site ISSM you will own the end-to-end Information Assurance Program for all classified and controlled information systems at our Torrance facility. You will partner with Program Management, Engineering, IT, Security, and the Cognizant Security Agency (DCSA/SAPCO) to obtain and sustain ATO on schedule, mentor a growing ISSO team, and keep our environment audit ready every day. Responsibilities Lead RMF/JSIG/DAAPM execution architect secure solutions, prepare authorization packages, brief Security Control Assessments, and drive POA&M closure. Own continuous monitoring vulnerability & patch management (ACAS/Nessus, SCAP, STIGs), log analysis (Splunk), account management, media control, incident response, and annual self-inspection. Shape early program decisions embed with PMO to define security requirements, supply secure-by-design input at PDR/CDR/TRR, and influence contract CDRLs. Develop people & process coach ISSOs/ISSEs, refine SOPs, track metrics, and present status to senior leadership and customers. Interface with external stakeholders act as the single voice to DCSA, SAPCO, and other Cognizant Security Agencies for all cybersecurity matters. Develop Assured File Transfer (AFT) in accordance with JSIG Conduct all self-inspections and report findings to Cognizant Security Agency annually Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media Develop and execute security assessment plans that include verification that the features and assurances required for each protection level functioning Maintain a and/or applicable repository for all system authorization documentation and modifications Develop policies and procedures for responding to security incidents, to include investigating and reporting security violations and incidents Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system Ensure that data ownership and responsibilities are established for each authorization boundary, to include accountability, access rights, and special handling requirements Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local cyber security training. Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed Assess changes in the system, its environment, and operational needs that could affect the authorization Ensure that authorization is accomplished a valid Authorization determination has been given for all authorization boundaries under your purview Review AIS assessment plans Coordinate with PSO or cognizant security official on approval of external information systems (e.g., guest systems, interconnected system with another organization) Conduct periodic assessments of the security posture of the authorization boundaries Institute and implement a Configuration Control Board (CCB) charter Ensure configuration management (CM) for security-relevant changes to software, hardware, and firmware and that they are properly documented. Ensure periodic testing is conducted to evaluate the security posture of IS by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs) Ensure that system recovery and reconstitution processes developed and monitored to ensure that the authorization boundary can be recovered based on its availability level determination Ensure all authorization documentation is current and accessible to properly authorized individuals Ensure that system security requirements are addressed during all phases of the system life cycle Basic Qualifications A degree in Science, Technology, Engineering or Mathematics (STEM), information technology and a minimum of 5 years of prior relevant experience. 5 years in DoD/IC Cybersecurity as ISSM and must meet position and certification requirements outlined in DoD Directive 8570.01-M for IAM-III within 6 months of the date of hire (CISSP, CISM, GSLC). Proven delivery of ATO for SAP or SCI systems; prior Enterprise ISSM experience. Active and transferable U.S. government issued Top Secret SCI (TS/SCI) security clearance required prior to start date. Finalized CI polygraph, or willingness to submit to one U.S. citizenship is required Preferred Skills and Experience Proven leadership of multi-disciplinary teams and successful ATO delivery for SAP or SCI systems Expert knowledge of NISPOM (32 CFR 117), JSIG, RMF (NIST 800-37/-53), ICD-503, and DAAPM, oversight/execution of A&A processes. Experience with DevSecOps pipelines, Zero Trust architecture, and Identity Access Management. Experience executing DISA STIG/SRG hardening across Linux and Windows. Background in network/systems security (architecture, topology, protocols, components, principles). Hands-on with ACAS, SCAP, STIG Viewer, DISA SRGs, and SIEM/Vulnerability Tools SPLUNK, NESSUS etc. Masters in Cybersecurity, Computer Science, or related engineering field. CISSP-ISSEP / ISSMP or PMP. Existing U.S. government issued Top Secret SCI (TS/SCI) security clearance within the last 24 months. Additional Information This is not designed to cover or contain all job duties required of the employee. There may be additional activities, duties and/or responsibilities that are required for this position that are not listed in this job description. All employees are granted long-term stock incentives as part of their employment as Castelion. All employees receive access to comprehensive medical, vision, and dental insurance, and the company offers three weeks of paid time off per year. Leadership Qualities Bias to Action and Creative Problem Solving. Desire and experience questioning assumptions in ways that lead to break through ideas that are ultimately implemented. Successfully bring in applicable processes/concepts/materials from other industries to achieve efficiency gains. Ability to personally resolve minor issues in development without requiring significant support. High Commitment, High Initiative. A successful candidate will have a genuine passion for Castelion's mission and consistently look for ways to contribute to the company's technical goals and prevent hardware blockers. Ability to work in a fast paced, autonomously driven, and demanding atmosphere. Strong sense of accountability and integrity. Clear Communicator. Proactively communicates blockers. Trusted in previous roles to be voice of company with regulators, suppliers, gate keepers and customers. Capable of tactfully managing relationships with stakeholders to achieve company-desired outcomes without compromising relationships. Emails, IMs and verbal interactions are logical, drive clarity, and detailed enough to eliminate ambiguity. ITAR Requirements: · To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. § 1157, or (iv) Asylee under 8 U.S.C. § 1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Employment with Castelion is governed on the basis of competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.

In this role, you will drive the evolution of our infrastructure and security posture. You will have substantial ownership over our technology choices and implementation for deployment, observability, storage, and security. You will identify, triage, and implement incremental improvements in all of these domains, working closely with backend engineers and internal and external auditors to develop appropriately scoped interventions. You will work with engineers to ensure that security considerations are baked into software development from the outset. You should have a broad understanding of modern best practices around cloud architecture, data governance and infrastructure as code. You should approach questions of infrastructure and security risk with a sense of nuance and good judgment. You should be able to build consensus around your threat models such that the necessary consequences seem natural to other stakeholders. In this role, you will need to be fluent in Python and Terraform (at least to start). Company & Funding We're building the world's largest long-term insurer, using digital money and AI to serve billions of people profitably. We want anyone, anywhere, to be able to save for their future, protect their family, and build wealth across generations. We face a once-in-a-century opportunity to build a vertically integrated life (re)insurer. Our product offerings are globally unique, making it possible for us to scale our balance sheet, build modern systems from scratch, and then directly compete to win a market that is 3% of global GDP. We've raised over $140M to date. Sam Altman and Lachy Groom led our initial raise, and they've since been joined by leading investors in AI, insurance, and Bitcoin, including Northwestern Mutual, Apollo, Bain Capital, Pantera, Haun, Framework, Fulgur Ventures, MS&AD, Mouro, Stillmark, and Wences Casares. Our Bermuda operating subsidiary holds the the world's only license to issue life insurance denominated entirely in Bitcoin. It's also the only company in the world with audited financials stated in Bitcoin. (If you join us, you can expect to do a lot of things no one's ever done before.) Engineering at Meanwhile With the advent of ubiquitous AI tooling, the dynamic range in individual engineering effectiveness is only widening. At Meanwhile, we're planning for a world in which small, tight-knit engineering teams (supported by a small, tight-knit platform team) own entire lines of business, and are compensated accordingly. We're attacking a huge market with the leanest, most effective team in insurance. Where incumbents employ a thousand people, we think we can make it work with a hundred or a dozen. We're looking for hungry ICs (and former managers who see the writing on the wall) interested in pushing the boundaries of engineering productivity in a vertically integrated, regulated organization. We're growing quickly. You will fix million-dollar bugs. On the business side, we hire for deep domain expertise, ambition, and the creativity to figure out the previously impossible. Because our engineers work closely with people from the business, they need curiosity, flexibility, an appetite for (and the ability to digest) complex context, and strong communication skills. Our view is that ownership is taken, not given. You will be successful here if your work progressively builds others' trust in your ability to identify, attack, and solve larger and larger problems, including those that no one else has anticipated. We believe that "code wins arguments," that prototyping is often the best first step in a design process, and that the impact of velocity is non-linear. You are excited by putting up multiple meaningful changes, or writing thousands of lines of code, in a day (even though you know that deleting lines of code is more exciting than writing them, and that, occasionally, deep reflection is required in order to ship anything). You aren't fazed by building systems that don't work out - sometimes, you have to throw code away. Intellectual honesty is non-negotiable. You love to learn and to teach, to ask questions and to answer them, and to be transparent about your uncertainty. You are eager to learn, with the rest of the team, how to work with AI tools, including agents, in order to move faster and ship better, more complete versions of your ideas. You will experiment with new ways of working, with the expectation that some of them will be unsuccessful, and you will teach others what works. This is the most exciting time in decades to be a competent, technically ambitious engineer. We want to offer you the opportunity to see what's really possible and how much better you can get at your craft.

At PriMed, your uniqueness is valued, celebrated, encouraged, supported, and embraced. Whatever your relationship with Hill Physicians, we welcome ALL that you are. We value and respect your race, ethnicity, gender identity, sexual orientation, age, religion, disabilities, experiences, perspectives, and other attributes. Our celebration of diversity and foundation of inclusion allows us to leverage our differences and capitalize on our similarities to better serve our communities. We do it because it's right! Job Description We are seeking a skilled Governance, Risk, and Compliance (GRC) Engineer to strengthen our security posture and ensure adherence to healthcare regulations. The GRC Engineer will play a vital role in designing, implementing, and maintaining risk management processes, compliance frameworks, and policies that align with healthcare regulations such as HIPAA and HITECH. The ideal candidate will have experience with tools like SAI360, CyberArk, and other compliance and security platforms. Job Responsibilities: Develop, implement, and maintain GRC policies, processes, and controls in alignment with industry best practices and regulatory requirements (e.g., HIPAA, HITECH, NIST, ISO 27001). Perform risk assessments and develop mitigation strategies for identified security risks. Administer and optimize SAI360 for governance, risk management, and compliance activities, including reporting and policy management. Collaborate with cross-functional teams to ensure new projects and systems are designed with security and compliance in mind. Monitor and report on compliance status, identifying gaps and proposing remediation strategies. Oversee third-party vendor risk assessments and ensure adherence to security requirements. Support internal and external audits by providing documentation, evidence, and responses to audit findings. Conduct security awareness training programs and promote a culture of compliance within the organization. Required Experience/Skills/Knowledge: 5+ years of experience in Governance, Risk, and Compliance roles or a related field. Strong knowledge of healthcare regulations, including HIPAA, HITECH, and other relevant standards. Proficiency in GRC tools such as SAI360 for compliance and risk management. Experience with privileged access management tools like CyberArk. Solid understanding of risk assessment methodologies and security frameworks, including NIST CSF, ISO 27001, or COBIT. Excellent communication and collaboration skills to engage with technical and non-technical stakeholders. Strong analytical and organizational skills with attention to detail. This role is critical in maintaining our organization's compliance with healthcare security standards and reducing risk exposure. Required Education: Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field. Equivalent work experience may be considered in lieu of a degree.

A client of Sharp Decisions if looking for a Security Architect. This role is ONSITE in Torrance, CA- a multi-year contract with no end date, W2 only. Daily Task Performed: • Security Design and Architecture: Knowledge of security design and architecture for organizational systems to meet defined cybersecurity needs; ability to embed security principles into the design goals while minimizing the risk from cyber security threats and vulnerabilities. • Cross-functional Collaboration: Knowledge of collaborative techniques and approaches; ability to promote a culture of continuous improvement and working together across functions to solve business problems and meet business goals. • Frameworks and Industry Standards: Knowledge of cybersecurity enterprise programs, policies, and standards to govern the organization's approach towards protecting their systems; Ability to align them with regulations, organization's context, operating environment, and cyber threats. Position Success Criteria (Desired) - 'WANTS' • IS related bachelors degree and/or equivalent work experience. • 5+ years of IT business work experience Desired Certifications: CISSP, CCSP, CCNP, CISA, or equivalent are highly desirable • Problem Solving: Knowledge of approaches, tools, techniques for recognizing, anticipating, and resolving organizational, operational or process problems; ability to apply knowledge of problem solving appropriately to diverse situations. • Conceptual Thinking: Knowledge of thinking and reasoning at a conceptual level; ability to identify the critical ideas and interdependencies among system elements that impact performance. • Cloud Security: Knowledge of tools, technologies, and processes of cloud security; ability to minimize security risks to secure cloud computing services.

100% On-site | Santa Ana, CA We are seeking a Senior Security Architect to lead enterprise security operations, compliance, and infrastructure within a mission-critical environment. This hands-on leadership role combines deep Cisco networking expertise, security architecture design, and staff mentorship to ensure audit readiness and operational excellence. Key Responsibilities: • Enforce and maintain network security controls aligned with CJIS, NIST, and internal policy frameworks. • Implement and manage firewall rules, NAC solutions (e.g., Cisco ISE), and endpoint access policies. • Support incident detection, forensics, and mitigation efforts alongside cybersecurity teams. • Lead network deployments, upgrades, and response initiatives across Cisco infrastructure. • Configure and manage switches, routers, firewalls, WLCs, and VPNs. • Design and optimize QoS, ACLs, and network monitoring (SolarWinds, NetFlow, SNMP). • Act as a Subject Matter Expert (SME), mentoring internal IT staff and guiding certification readiness (CCNA/CCNP). • Create and maintain SOPs, documentation, and training materials for ongoing operations. Top Skills Required: • Cisco networking (switches, routers, firewalls, WLCs, VPNs) • Security & compliance (CJIS, NIST, NAC, audit readiness) • Network monitoring (SolarWinds, NetFlow, SNMP, ACLs, QoS) • Leadership & mentoring (staff training, documentation, SME guidance) Nice-to-Have: • Advanced CJIS/NIST compliance experience • Public safety or government network background • Proven mentorship and SOP development experience #SecurityArchitect #NetworkSecurity #CiscoJobs #CJIS #NIST #Cybersecurity #SolarWinds #NetworkEngineer #OnsiteJobs #CaliforniaJobs #ITLeadership #InformationSecurity #InfrastructureSecurity

At least 9 years of experience with Information Technology Domain experience in supply chain, order management, shipping, inventory management Understanding of Oracle PL/SQL, SQL, ERP (OM, Inventory, Shipping, Receiving), Java and various integration technologies and approaches, to be able to comprehend existing as well as design new solutions Sound data analysis skills Expertise in grasping the complexity of current state application design, analyze new requirements to design new solution options and develop functional specification & author technical user story for developers and QA team members Experienced in test case preparation/reviews, supporting QA exercise and issue resolutions Perform validations of the capabilities once developed to ensure compliance with the business requirements Perform demos to stakeholders Ability to work in teams within a diverse/multi-stakeholder environment Ability to interact effectively across cross-functional teams to iron out integration needs Experience and desire to work in a Global delivery environment Strong analytical abilities Good communication skills

JT4 Point Mugu is seeking an Information Systems Security Specialist. This role is responsible for assessing, developing and implementing programs and controls set in place to help increase cybersecurity within our company. The Information Systems Security Specialist will be detail-oriented, have great problem-solving and analytical skills, and a passion for cybersecurity. JT4, LLC provides engineering and technical support to multiple western test ranges for the U.S. Air Force, Space Force, and Navy under the Joint Range Technical Services Contract, better known as J-Tech II. JT4 develops and maintains realistic, integrated test and training environments and prepares our nation's war-fighting aircraft, weapons systems, and aircrews for today's missions and tomorrow's global challenges. **An ideal candidate will have an active DoD secret clearance** **This position is located at Point Mugu and is not eligible for telework** Job Summary -- Essential Functions/Duties This position is the on-site technical specialist for monitoring information systems and maintaining the environment of operation to include developing and updating System Security Plans, managing and controlling changes to the systems, conducting audits, providing incident response, perpetration for vulnerability assessments, and assessing the security impact of security and non-security-relevant changes. Employee will be responsible to perform the following functions/duties: Provides incident handling in conjunction with the Facility Security Office (FSO) and Information Security Officer / Information Systems Security Manager (ISSO/ISSM) Assists in writing and maintaining computer security processes to meet Navy requirements of Risk Management Framework Monitors computer system use and audits logs Makes recommendations for future hardware / software implementations and related process improvements This position requires skills in team building and customer service Provides operational status as required Uses established policies and procedures and subject matter knowledge to complete complex assignments requiring originality and ingenuity performed under minimum supervision with considerable latitude for independent contribution Provides security training and awareness briefings Other duties as assigned. Requirements -- Education, Technical, and Work Experience Associates or higher degree in Computer/Information Technology, or equivalent academic/technical training/certification. Possess two to three years of experience in computer system security and/or related areas of expertise. Must be compliant to DoD 8570.01-M levels and possess or working toward Security+ certification with a CISSP desired. Should have experience with JSIG, NIST 800 and NISPOM, Chapter 8. In addition, an Information Systems Security Specialist must possess the following qualifications: Must possess and apply a broad knowledge of principles, practices and procedures in computer security and information systems and working experience with Microsoft Office, Access, and Visio Must possess experience supporting various system configurations such as Stand Alone, Local Area Networks, and Wide Area Networks Must possess excellent skills in verbal and written communications, planning, and organizing Ability to work under deadlines. Employee is expected to routinely cross fields in the completion of somewhat difficult and varied assignments. Government vehicle is used on an as-needed basis Ability to work in a field environment at remote locations with occasional overnight assignments Must qualify for and maintain a government security clearance Must possess a valid, state-issued driver's license.

Cloud Security AI Security Container Security Cyber Risk Assessment Identity and Access Management (IAM) DevSecOps CISSP / CCSP / CISA / CCNP (Certifications) Daily Tasks Performed: • Security Design and Architecture: Knowledge of security design and architecture for organizational systems to meet defined cybersecurity needs; ability to embed security principles into the design goals while minimizing the risk from cyber security threats and vulnerabilities. • Cross-functional Collaboration: Knowledge of collaborative techniques and approaches; ability to promote a culture of continuous improvement and working together across functions to solve business problems and meet business goals. • Frameworks and Industry Standards: Knowledge of cybersecurity enterprise programs, policies, and standards to govern the organization's approach towards protecting their systems; Ability to align them with regulations, organization's context, operating environment, and cyber threats. • Communicating Complex Concepts: Knowledge of effective presentation tools and techniques to ensure clear understanding; ability to use summarization and simplification techniques to explain complex technical concepts in simple, clear language appropriate to the audience. • Domain Knowledge: Knowledge of a specific domain, its current trends, directions, and regulatory considerations; ability to apply domain-specific knowledge to relevant situations. • Technical Excellence: Knowledge of a given technology and various application methods; ability to develop and provide solutions to significant technical challenges • Cybersecurity Expertise: Knowledge of the processes, tools, and techniques in the cybersecurity domain; ability to deploy and monitor cybersecurity measures, while detecting, controlling, and preventing cybersecurity breaches. What this person will be working on: This is a Security architect role and will include Cloud Security, AI Security, endpoint security, Network security and other security domain areas as needed Position Success Criteria (Desired) - 'WANTS' Qualification: IS related bachelor's degree and/or equivalent work experience. 5+ years of IT business work experience Desired Certifications: CISSP, CCSP, CCNP, CISA, or equivalent are highly desirable • Problem Solving: Knowledge of approaches, tools, techniques for recognizing, anticipating, and resolving organizational, operational or process problems; ability to apply knowledge of problem solving appropriately to diverse situations. • Conceptual Thinking: Knowledge of thinking and reasoning at a conceptual level; ability to identify the critical ideas and interdependencies among system elements that impact performance. • Cloud Security: Knowledge of tools, technologies, and processes of cloud security; ability to minimize security risks to secure cloud computing services. • Container Security: Knowledge of containerization technologies, secure image practices, runtime security, secure networking, and incident response; ability to design, develop, and implement secure container environments, while assessing risks, leading audits, and advocating for best practices, enables effective protection of containerized environments. • AI Security: Designs secure architectures for Gen AI systems with a focus on threat modeling, data protection, and adversarial risk mitigation. Ensures secure deployment, access control, and compliance with AI governance and regulatory standards. Collaborates cross-functionally to embed security across the AI/ML lifecycle. Knowledge of tools, technologies related to AI development and security. • Cyber Risk Assessment and Mitigation: Knowledge of cyber risk assessment and mitigation strategies across the systems' life cycle; ability to assess risks timely and propose countermeasures. • Threat Analysis and Defense: Knowledge of characteristics, behaviors, capabilities, intent, and interactions of incoming cyber threats; ability to analyze the threats and develop defense and mitigation strategies to effectively combat such threats. • Identity and Access Management: Knowledge of security administration; ability to manage access to computers, infrastructure, networks, and applications. • DevSecOp: Knowledge of concept, principles, methodologies of DevSecOps; ability to utilize related tools and techniques to integrate security into DevOps processes.

About Company, Droisys is an innovation technology company focused on helping companies accelerate their digital initiatives from strategy and planning through execution. We leverage deep technical expertise, Agile methodologies, and data-driven intelligence to modernize systems of engagement and simplify human/tech interaction. Amazing things happen when we work in environments where everyone feels a true sense of belonging and when candidates have the requisite skills and opportunities to succeed. At Droisys, we invest in our talent and support career growth, and we are always on the lookout for amazing talent who can contribute to our growth by delivering top results for our clients. Join us to challenge yourself and accomplish work that matters. We're hiring Senior Backend Engineer - Cloud Security in Sunnyvale, CA What You Will Do Build containerized microservices and related components for a multi-tenant, distributed system that ingests and processes real-time cloud events, system telemetry, and network data across major cloud platforms. Your work will enable customers to detect risks and strengthen their cloud security posture. Mentor junior engineers, interns, and new graduates, helping them develop strong technical skills and become effective contributors. Write production-quality software primarily in Java using Spring Boot, and work extensively with Kafka, SQL, and other data interfaces. Work within a Kubernetes-based service infrastructure, while learning new technologies as needed. Take ownership of major features and subsystems through the entire development lifecycle-requirements, design, implementation, deployment, and customer adoption. Participate in operational responsibilities, gaining firsthand experience with real-world performance, reliability, and support scenarios-informing how you design and build better systems. Prioritize quality at every stage, performing thorough developer testing, functional validation, integration checks, and performance testing to ensure highly resilient systems. Collaborate closely with Product Management to review, refine, and finalize requirements. Develop a deep understanding of customer needs by engaging with peers, stakeholders, and real-world use cases. What You Bring Bachelor's degree in computer science or similar (Master's preferred). 5+ years of experience building scalable, distributed systems. Passion for software engineering, continuous learning, and working in a collaborative environment. Hands-on experience with AWS, Azure, or GCP, with strong familiarity at the API/programming level. Experience with networking and/or security concepts is a plus. Experience developing containerized services on Kubernetes is strongly desired. Strong programming experience in Java/Spring Boot or Golang. Experience building or using REST APIs. Knowledge of infrastructure-as-code tools such as CloudFormation, Terraform, or Ansible is a plus. Understanding of TCP/IP networking fundamentals. Experience developing in Unix/Linux environments. Droisys is an equal opportunity employer. We do not discriminate based on race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law. Droisys believes in diversity, inclusion, and belonging, and we are committed to fostering a diverse work environment

Information Security Need Local to San Francisco, CA Onsite role Looking for independent folks. Top Skills: KQL - kusto query language - used by different Microsoft security tools like sentinel or defender SPL that Splunk uses General incident response actual incident tickets - resolve actual security incident tickets Requirements • Self-starter, able to readily explore and learn new areas and concepts. • Knowledge and experience normally acquired through, or equivalent to, the completion of a Computer Science or Computer Engineering Bachelor's degree with a minimum of 5 years of job-related experience. • Degrees in Computer Science or Engineering and/or relevant technically focused certifications in Cloud and/or enterprise security architecture such as GCAD or GDSA are advantageous Experience with • AWS commercial or government cloud • Experience securing critical workloads in a cloud environment. • Knowledge and experience with Databricks, Starburst, Collibra and Immuta is advantageous. Job Role Summary Lead and produce system threat models for integration of commercial components into a data lake platform. Help design secure cloud architectures. Propose effective security controls within the environment and identify and mitigate security vulnerabilities. Simplify complex security topics, lead discussion in technical and business teams, communicate risk accurately. Skills • Able to create AWS secure cloud architecture designs • Understand current security threats, techniques, and landscape • System threat modeling of applications and platforms • Able to identify and provide mitigation for security vulnerabilities within applications and application environments based on threat models. • Able to simplify complex security topics for consumption and critical decision making. • Clear and accurate communication • Able to lead/direct discussions with technical and business teams to achieve common goals. • Able to work well within a team and support team goals • Understand cyber security frameworks such as NIST 800-53 • Ability to work on a geographically distributed team across multiple time zones • Familiarity with SAFe a plus Responsibilities • Evolve and mature our models, templates, standards and procedures related to secure application development and secure application and cloud architecture. Ensure these artifacts are in alignment with FRS policy and standards. • Consult with our development teams to help them align with FRS policy and standards and meet the risk appetite of the customer. • Work with members of application development teams to review and create secure application and infrastructure designs and patterns. • Assist development teams by reviewing threat models related to applications and related systems. Analyze potential business impact and exposure leading to risk, based on emerging security threats, vulnerabilities, configurations, threat actor TTPs, etc. • Evaluate CICD pipeline design, and related development team processes and help to mature and secure creation, management and utilization of pipelines. • Assist in identification and integration of security focused tooling into development and operations processes. • Support secure application architecture within the Federal Reserve System by fostering constructive dialogue and seeking resolution when confronted with discordant views. • Solicit feedback and continuously improve your knowledge, skills and capabilities related to the position. • Assist with recruiting activities and administrative work.

Security Architect / Implementation Engineer Duration: 6 Months contract with possibility of extension We are seeking a highly skilled Security Architect / Security Implementation Engineer with expertise in designing, implementing, and integrating Google Cloud Security Command Center (SCC), Chronicle SIEM, and Cybereason XDR. The candidate will be responsible for architecting the end-to-end solution, implementing GCP native security controls, integrating third-party security tools, and producing detailed design and operational documentation. Key Responsibilities: Design and architect cloud-native security controls in GCP aligned with security and compliance frameworks (CIS, ISO 27001, NIST, etc.). Implement Google Security Command Center (SCC) for threat detection, vulnerability management, and risk insights. Architect and configure Chronicle SIEM for log ingestion, correlation, and advanced threat analytics. Integrate Cybereason XDR with SCC, Chronicle, and other security tools to establish end-to-end threat detection and response workflows. Define use cases, rules, policies, and security playbooks to automate detection and response. Document the solution architecture, design decisions, configuration standards, and integration workflows. Conduct knowledge transfer sessions with security operations and support teams. Collaborate with GCP Cloud Platform teams, SOC teams, and compliance teams to align solutions with enterprise policies. Required Skills & Experience: 8-12 years of overall IT security experience with at least 4-5 years in Google Cloud Security. Proven experience with Google Security Command Center (SCC), Chronicle SIEM, and XDR platforms (Cybereason preferred). Strong knowledge of GCP IAM, VPC Service Controls, Cloud Armor, DLP, Cloud Logging, Cloud Monitoring. Hands-on experience in integrating SIEM, XDR, and native GCP security tools. Experience with Terraform, Deployment Manager, or automation frameworks for security deployment. Strong documentation and presentation skills. Security certifications preferred: Google Professional Cloud Security Engineer, GCP Professional Architect, CISSP, CISM, CCSP.

📍 Base: Client base is in LA and HQ is in La Verne, CA 💰 $130 to $140K + Bonus + Benefits We're seeking a System Engineer/ Consultative to join a growing Managed Services Provider (MSP). This role blends advanced technical expertise with consultative, client-facing responsibilities. You'll resolve high-level escalations, lead infrastructure projects, and identify opportunities to upsell solutions that truly add value for clients. What You'll Do: Own L3 escalations across server, cloud, and networking environments Design and implement solutions (Azure, M365, VMware, SonicWall, etc.) Act as a trusted advisor to clients, aligning IT with business goals Spot upsell opportunities and work with leadership to close deals Mentor junior engineers and help shape best practices What We're Looking For: 4+ years MSP experience (required) Advanced knowledge of Microsoft Server, Azure, M365, AD, VMware, and networking Strong client-facing, consultative approach Proven ability to upsell or expand client accounts through solutions Perks & Benefits: ✅ Competitive salary + bonus ✅ Medical, Dental, Vision, 401(k) + 5% match ✅ PTO + Holidays ✅ Clear upward mobility and leadership growth ✅ Paid parking