Information security analyst jobs in Vacaville, CA

Create the product vision, customer persona identification, product framework for IT's compliance practices including the scopes of SOX and GxP Our client is a public biopharmaceutical company that is regulated by different governmental agencies. It is important that IT operates in a manner that is consistent, accurate, and high quality so that they stay in compliance with GxP and SOX procedures, protocols and audits. This role collaborates with IT members, QA leadership, Finance/SOX leadership, to align plans and activities to achieve successful results for GxP and SOX. ESSENTIAL DUTIES/RESPONSIBILITIES: Manage our IT systems' SOX related Governance, Risk and Compliance (SAP-GRC) component, framework and operations to maintain high quality and transparent results. Collaborate and work closely with Finance teams to set expectation and align activities. Oversee the cyclical SOX evidence sample selection, collection, data analysis, corrective actions and actively participate with the internal and external audit processes Drive the SOX Segregation of Duty analysis and related actions Ensure that IT Product Owners and product teams operate their SOX procedures with exceptions Coordinate and collaborate with business partners (e.g. Finance SOX Operations, Corporate Quality Assurance) to set priorities and directions to achieve reliable and optimal results for accurate and quality operations with successful compliance results. Represent IT's philosophy and operational requirements to our business partners Experience: Minimum of 5 years of experience with SOX compliance. Minimum of 3 years of experience managing SAP-GRC, ITGC, and SOX Experience leading IT GxP compliance practices Experience with operating and testing SOX controls a plus (in accordance with Governance Risk Compliance framework). Knowledge, Skills and Abilities: General knowledge of the Sarbanes-Oxley Act and the application to IT General knowledge of SOX IT controls and the operations and execution of SOX IT Controls Advance skills and abilities managing consultants and Managed Service Providers Comprehensive experience with IT development lifecycle and support methodologies Comprehensive experience with project management The salary range provided for this contract role represents our good faith estimate for this position. Within the range, individual offers will vary based on the selected candidate's experience, industry knowledge, technical and communication skills, location and other factors that may prove relevant during the interview process (W2 or C2C). In addition to compensation, the company provides eligible W2 employees with a comprehensive and highly competitive benefits package. I.T. Solutions, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

RELOCATION ASSISTANCE: No relocation assistance available CLEARANCE TYPE: SCITRAVEL: Yes, 10% of the TimeDescriptionAt Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. Northrop Grumman Mission Systems (NGMS) is seeking a Principal Cybersecurity Analyst/Sr. Principal Cybersecurity Analyst to join our team based in McClellan, CA. What You'll Get to Do: Perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments. Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits. Assist in the implementation of the required government policy (i.e., NISPOM, ICD 503), make recommendations on process tailoring, participate in and document process activities. Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards. Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports. Document the results of Certification and Accreditation activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M. Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed. This requisition may be filled as either a Principal Cybersecurity Analyst or Sr. Principal Cybersecurity Analyst. #MPR Basic Qualifications for a Principal Cybersecurity Analyst Bachelor's degree and 5 years of relevant experience; 3 years with a Masters; 1 year with a PhD. An additional 4 years of relevant experience may be considered in lieu of a degree. Active Top Secret clearance with SCI eligibility Must possess an IAT Level II (DoD 8570) certification Experience with Risk Management Framework accreditation functions, including documentation, scanning, assessment, POAM management, through all steps of the RMF Experience with Continuous Monitoring to comply with RMF Experience with cybersecurity, information security and information assurance roles Experience executing and monitoring security tools, such as SIEM, Splunk, and vulnerability and compliance scanners Demonstrated ability to handle multiple levels of classified systems and data and follow data transfer/trusted download/assured file transfer processes Basic Qualifications for a Sr. Principal Cybersecurity Analyst Bachelor's degree and 8 years of relevant experience; 6 years with a Masters. 4 years with a PhD. An additional 4 years of relevant experience may be considered in lieu of a degree. Active Top Secret clearance with SCI eligibility Must possess an IAT Level II (DoD 8570) certification Experience with Risk Management Framework accreditation functions, including documentation, scanning, assessment, POAM management, through all steps of the RMF Experience with Continuous Monitoring to comply with RMF Experience with cybersecurity, information security and information assurance roles Experience executing and monitoring security tools, such as SIEM, Splunk, and vulnerability and compliance scanners Demonstrated ability to handle multiple levels of classified systems and data and follow data transfer/trusted download/assured file transfer processes Preferred Qualifications: Bachelor's degree in a STEM discipline Active TS/SCI clearance Active DoD 8570 IAT Level II, or higher, certification such as CompTIA Security+; required to start and must be maintained Primary Level Salary Range: $137,400.00 - $206,000.00Secondary Level Salary Range: $110,300.00 - $165,500.00The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit *********************************** U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.

Our client seeking a Cyber Security Operations Analyst to support an operations team that supports a large government customer. The candidate will be relied upon to assist teammates and perform troubleshooting as needed. The candidate should excel in a fast-paced work environment and be willing to face new challenges. Qualifications • Proficiency with vulnerability scanning, remediation and reporting • Knowledge in web application scanning using various tools • Demonstrated proficiency with Windows, UNIX, & LINUX operating systems • Experience working in a customer service information technology environment • Network security and system security experience • Ability to discuss real world troubleshooting; problems and solutions encountered • Knowledge of IT security best practices, US federal government standards, regulations and policy (FedRamp, TIC, NIST 800-37rev1 & 800-53rev3) • Must be motivated and able to work independently • Proven project leadership (PowerPoint presenting, MS Project Planning) • Experience working with change implementation in a controlled environment • Excellent verbal, written communication and technical writing skills Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience. 2-5 years of related experience in data security administration. Experience using some of the following tools: o Nessus o Tenable Security Center o Netsparker o WebInspect o BurpSite Additional Information Work with blue Stone recruiting to find your next Cyber Security role. You can find us at ******************************* We look forward to speaking with you.

Details: Stefanini Group is hiring! Stefanini is looking for an Information Security Analyst for San Francisco, CA/Salt Lake City, UT/Los Angeles, CA (Onsite Role). For quick Apply, please reach out to Rahul Kumar: ************/ ************************* W2 candidates only! Responsibilities: Knowledge of SPL and use of Splunk; experience with KQL(Kusto Query Language) Coding experience or knowledge, preferably in Python and/or R Knowledge of SQL and database experience Proficiency in Microsoft Office applications, especially Excel and PowerPoint Knowledge of Level 1 & 2 SOC operations Public speaking skills #LI-RK1#LI-HYBRID Details: Qualifications: Peraton high BG check or secret clearance Bachelor's degree in Cyber Security, Information Security, Computer Science, or 3+ years of experience in Information Security or Cyber Security Preference is local to SF, open to remote Splunk experience, SQL Microsoft Office Cyber kill chain/incident response SOC experience programming experience-python Listed salary ranges may vary based on experience, qualifications, and local market. Also, some positions may include bonuses or other incentives. Stefanini takes pride in hiring top talent and developing relationships with our future employees. Our talent acquisition teams will never make an offer of employment without having a phone conversation with you. Those face-to-face conversations will involve a description of the job for which you have applied. We also speak with you about the process including interviews and job offers. About Stefanini Group: The Stefanini Group is a global provider of offshore, onshore and near shore outsourcing, IT digital consulting, systems integration, application, and strategic staffing services to Fortune 1000 enterprises around the world. Our presence is in countries like the Americas, Europe, Africa, and Asia, and more than four hundred clients across a broad spectrum of markets, including financial services, manufacturing, telecommunications, chemical services, technology, public sector, and utilities. Stefanini is a CMM level 5, IT consulting company with a global presence. We are CMM Level 5 company.

Our Company Changing the world through digital experiences is what Adobe's all about. We give everyone-from emerging artists to global brands-everything they need to design and deliver exceptional digital experiences! We're passionate about empowering people to create beautiful and powerful images, videos, and apps, and transform how companies interact with customers across every screen. We're on a mission to hire the very best and are committed to creating exceptional employee experiences where everyone is respected and has access to equal opportunity. We realize that new ideas can come from everywhere in the organization, and we know the next big idea could be yours! The Opportunity The Adobe Security organization seeks a proactive force multiplier with experience skillfully leading multiple technical programs, running a healthy portfolio, working directly with leadership, and delighting stakeholders. Our ideal candidate has superb communication and relationship-building skills and a solid track record of driving business outcomes through managing large programs. In addition, familiarity with fundamentals in key security operations and related security compliance frameworks could help this candidate have an immediate impact. If you excel at navigating complexity with multiple internal customers, are a master planner who helps teams foresee challenges and risks and guides them through them, and are equipped with a diverse technical program management toolbox, we can't wait for you to join our Security PMO team! What you'll Do * Partner directly with security leadership to build a portfolio of key programs. Lead and monitor the health and execution of several key initiatives with insights into status, risks, dependencies, roadblocks, and budget across the organization's program portfolio. * Ensure a healthy program portfolio in Adobe's Technology GRC (Governance, Risk, and Compliance) organization with a clearly defined roadmap. * Bring together cross-functional teams to deliver business outcomes for high-priority programs through clear planning, execution, partnership, and communication. * Make things easier for all collaborators of your program portfolio by driving simplicity, clarity, and efficiency in all aspects of your work. * Reduce program risk by proactively identifying, communicating, and removing roadblocks. * Build trust through visibility. Provide accurate and timely data-driven status reports for a broad audience and lead executive governance meetings. * Effectively handle program financials, including driving accurate budget forecasts. What you need to succeed * Exceptional communication skills for effective engagement with both engineers and executives in meetings, presentations, and writing. Excel at building strong and trusted partner relationships. * 7+ years as a program manager in the security domain with portfolio-level oversight experience. Demonstrate strong knowledge in the compliance field and have worked closely with the compliance teams on projects. * Experience leading programs involving AI systems and workflows (e.g., MCP servers, RAG capabilities, LLM integrations, or related AI infrastructure). * Established history of effectively managing programs from inception, prioritizing, and strategizing to implementation, reporting, and successful delivery of intricate projects with many significant internal customers. * Demonstrated Agile practice experience in software projects and familiarity with Jira (including query and dashboarding), O365 Suite, MS Teams, SharePoint, MS Project, Excel, and Miro or equivalent experience * Familiarity with compliance frameworks such as ISO 42001, SOC2, HIPAA, PCI DSS, ISO27001, ISO27017/18, ISO22301, and Geo-compliance programs. * Preferred Certifications: CISSP, CISM, PMP, or equivalent credentials demonstrating expertise in cybersecurity and program leadership. Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. The U.S. pay range for this position is $124,300 -- $228,400 annually. Pay within this range varies by work location and may also depend on job-related knowledge, skills, and experience. Your recruiter can share more about the specific salary range for the job location during the hiring process. At Adobe, for sales roles starting salaries are expressed as total target compensation (TTC = base + commission), and short-term incentives are in the form of sales commission plans. Non-sales roles starting salaries are expressed as base salary and short-term incentives are in the form of the Annual Incentive Plan (AIP). In addition, certain roles may be eligible for long-term incentives in the form of a new hire equity award. State-Specific Notices: California: Fair Chance Ordinances Adobe will consider qualified applicants with arrest or conviction records for employment in accordance with state and local laws and "fair chance" ordinances. Colorado: Application Window Notice If this role is open to hiring in Colorado (as listed on the job posting), the application window will remain open until at least the date and time stated above in Pacific Time, in compliance with Colorado pay transparency regulations. If this role does not have Colorado listed as a hiring location, no specific application window applies, and the posting may close at any time based on hiring needs. Massachusetts: Massachusetts Legal Notice It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Adobe is proud to be an Equal Employment Opportunity employer. We do not discriminate based on gender, race or color, ethnicity or national origin, age, disability, religion, sexual orientation, gender identity or expression, veteran status, or any other applicable characteristics protected by law. Learn more. Adobe aims to make Adobe.com accessible to any and all users. If you have a disability or special need that requires accommodation to navigate our website or complete the application process, email accommodations@adobe.com or call **************.

Lambda, The Superintelligence Cloud, builds Gigawatt-scale AI Factories for Training and Inference. Lambda's mission is to make compute as ubiquitous as electricity and give every person access to artificial intelligence. One person, one GPU. If you'd like to build the world's best deep learning cloud, join us. *Note: This position requires presence in our San Francisco or San Jose office location 4 days per week; Lambda's designated work from home day is currently Tuesday. What You'll Do Validate and verify the organization's security controls and practices meet the requirements of ISO 27001, 27701, PCI, SOC 2 and other relevant regulatory requirements to ensure alignment to business objectives Manage IT Risk Register including risk identification, tracking, and prioritization. Assist with and drive remediation of control deficiencies and gaps Provide guidance to Control Owners in the planning, design, implementation, operation, maintenance & remediation of control activities and other supporting requirements (e.g. policies, standards, processes, system configurations, etc.) Communicate with technical and non-technical stakeholders and leaders on cybersecurity risk and controls management topics and program-specific reporting Assist with the Customer Trust program which may include managing customer assessments, and security questionnaires Assist control owners with root cause analysis and track risk management action plan progress. Create risk metrics for management regarding information security control maturity, compliance status, risks, performance and findings Assist with the third-party risk management assessment process, ensuring consistent enforcement of information security requirements You Have a minimum of 8 years of experience supporting cybersecurity risk or controls management programs with in-depth knowledge and experience of cybersecurity frameworks including ISO 27001 and 27701, PCI-DSS, SOC, NIST CSF and other regulatory requirements Have experience managing and running audits, certification programs and control assessments. This includes but is not limited to scope planning, defining control procedures based on requirements, policies and standards, control testing, and mapping issues to risks Have experience collaborating closely with engineers, business teams, and security partners, including incident response, red teams, and architects to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations Possess a strong ability to define, drive and execute a program vision, strategy, approach and milestones in alignment with organization priorities and initiatives Nice to Have Experience in the machine learning or computer hardware industry Experience with Security by Design and/or Privacy by Design principles Experience with standard cyber controls frameworks, including CIS Top18, NIST Cyber Security Framework (CSF), NIST 800.53, NIST 800.171, CMMC, Cybersecurity Maturity Model Certification (CMMC), ISO 27001 and 27701, and SOX ITGC control frameworks. Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases, and ERP systems Familiarity with using third-party tools such as Audit Board, Whistic, RSA Archer, ServiceNow for third-party risk management Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Experience in the AI infrastructure, machine learning and/or computer hardware industry Salary Range Information The annual salary range for this position has been set based on market data and other factors. However, a salary higher or lower than this range may be appropriate for a candidate whose qualifications differ meaningfully from those listed in the job description. About Lambda Founded in 2012, ~400 employees (2025) and growing fast We offer generous cash & equity compensation Our investors include Andra Capital, SGW, Andrej Karpathy, ARK Invest, Fincadia Advisors, G Squared, In-Q-Tel (IQT), KHK & Partners, NVIDIA, Pegatron, Supermicro, Wistron, Wiwynn, US Innovative Technology, Gradient Ventures, Mercato Partners, SVB, 1517, Crescent Cove. We are experiencing extremely high demand for our systems, with quarter over quarter, year over year profitability Our research papers have been accepted into top machine learning and graphics conferences, including NeurIPS, ICCV, SIGGRAPH, and TOG Health, dental, and vision coverage for you and your dependents Wellness and Commuter stipends for select roles 401k Plan with 2% company match (USA employees) Flexible Paid Time Off Plan that we all actually use A Final Note: You do not need to match all of the listed expectations to apply for this position. We are committed to building a team with a variety of backgrounds, experiences, and skills. Equal Opportunity Employer Lambda is an Equal Opportunity employer. Applicants are considered without regard to race, color, religion, creed, national origin, age, sex, gender, marital status, sexual orientation and identity, genetic information, veteran status, citizenship, or any other factors prohibited by local, state, or federal law.

The Department of Public Health prioritizes equitable and inclusive access to quality healthcare for its community and values the importance of diversity in its workforce. All employees at the Department of Public Health work to advance equity, inclusion, and diversity with a specific lens and focus on race, ethnicity, gender, sex, sexuality, disability, and immigration status. This is a Position-Based Test conducted in accordance with CSC Rule 111A. Learn more about the City's hiring process here: ***************************************** * Application Opening: Friday, November 21, 2025 * Application Deadline: Application filing will close on or after Friday, January 9, 2026. * Salary: $180,440 - $230,308 Annually (Range A) * Appointment Type: Permanent Civil Service * Recruitment ID: PBT-0933-160818 Becoming a City employee means being a part of a team that cares about making a difference. Your work will shape both the present and future of San Francisco. When you work for the City, you're choosing a job with purpose. The mission of the San Francisco Department of Public Health (SFDPH) is to protect and promote the health of all San Franciscans. SFDPH strives to achieve its mission through the work of several divisions - the San Francisco Health Network, Population Health Division, Behavioral Health Services, and Central Administration. The San Francisco Health Network is the City's only complete system of care and has locations throughout the City, including Zuckerberg San Francisco General Hospital and Trauma Center, Laguna Honda Hospital and Rehabilitation Center, and over 15 primary care health centers. The Population Health Division (PHD) provides core public health services for the City and County of San Francisco: health protection, health promotion, disease and injury prevention, disease surveillance, and disaster preparedness and response. Behavioral Health Services operates in conjunction with SFHN and provides a range of mental health and substance use treatment services. Central Administration houses core support organizations, including Finance, Information Technology (IT), Human Resources, Privacy and Compliance, Business Office, Facilities Management, and Security Services. Role description The San Francisco Department of Public Health is seeking a dynamic and experienced cybersecurity professional to join its IT leadership team. As a key strategic leader, the Chief Information Security Officer (CISO) (0933 Manager V) will be responsible for developing and executing a comprehensive information security strategy that safeguards the department's systems, data, and services. This role leads the implementation of an enterprise-wide security program that promotes collaboration, strengthens governance, and aligns cybersecurity initiatives with organizational goals. The CISO serves as a trusted advisor to senior leadership, providing expert guidance on risk management, security investments, and policy development. The CISO oversees a team of cybersecurity professionals within the SFDPH IT division and collaborates extensively with the CISO for the City and County of San Francisco. We are looking for a visionary and collaborative leader who can balance innovation with risk mitigation, and who thrives in a complex, mission-driven environment. The CISO reports directly to the Chief Information Officer (CIO). The Chief Information Security Officer (0933 Manager V) performs the following essential job functions: * Provides strategic leadership in evaluating and mitigating information security threats across the organization using a structured, risk-based methodology. Advises executive leadership on identified risks and ensures timely execution of mitigation and remediation plans with integrity and discretion * Directs the ongoing development of the department's information security program, including project portfolio management, incident response, policy frameworks, compliance activities, threat and vulnerability management, and third-party risk management * Allocates and manages resources to support a robust security strategy. Identifies and advocates for strategic investments, oversees capital and operating budgets, and delivers ROI analyses and budget recommendations * Partners with the Office of Compliance and Privacy Affairs to assess data security risks related to contracts, projects, artificial intelligence solutions, and other initiatives. Develops tools and interventions to mitigate risks, establishes performance metrics, and monitors compliance through audits and assessments * Builds alignment and support for security goals and initiatives across internal and external stakeholders. Communicates effectively with leadership at all levels on trends, risks, and the overall effectiveness of the security program * Promotes awareness and understanding of regulatory requirements across the organization. Leads or collaborates on testing and auditing activities to ensure ongoing compliance and successful certifications * Analyzes security requirements and ensures compliance with industry standards such as HIPAA, NIST, and PCI-DSS * Establishes and maintains comprehensive policies and procedures to support effective and sustainable security operations * Serves as the department's representative in security-related matters with City agencies and partners * Continuously monitors emerging trends, technologies, and best practices in cybersecurity to ensure the department's security posture remains current and effective The Chief Information Security Officer (0933 Manager V) may perform other duties as assigned/required. How to qualify 1. Education: Bachelor's degree from an accredited college or university; AND 2. Experience: Five (5) years of professional healthcare information systems security experience, of which three (3) years must include supervising IT professionals. Education Substitution: Additional experience as described above may be substituted for the required degree on a year-for-year basis. One (1) year is equivalent to thirty (30) semester units / forty-five (45) quarter units. Applicants must meet the minimum qualification requirements by the final filing date unless otherwise noted. One-year full-time employment is equivalent to 2,000 hours (2,000 hours of qualifying work experience is based on a 40-hour work week). Desirable Qualifications: The stated desirable qualifications may be considered at the end of the selection process when candidates are referred for hiring: * Possession of a Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) certification Verification of Education and Experience: Every application is reviewed to ensure that you meet the minimum qualifications as listed in the job ad. Review SF Careers Employment Applications for considerations taken when reviewing applications. Applicants may be required to submit verification of qualifying education and experience at any point during the recruitment and selection process. If education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found at ******************************************************* Note: Falsifying one's education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco. What else should I know? Selection Procedures: After application submission, candidates deemed qualified must complete all subsequent steps to advance in this selection process, which includes the following: Supplemental Questionnaire (SQ) Examination (Weight: 100%) Candidates that meet the minimum qualifications will be invited to participate in a Supplemental Questionnaire (SQ) examination that is designed to measure the knowledge, skills, and abilities in job related areas which may include but not be limited to: Knowledge of local, State and Federals laws and regulations relating to information security, including but not limited to HIPAA and HITECH; Knowledge of information security technology frameworks and standards, including but not limited to NIST, HITRUST, COBIT, ISO 27001, PCI-DSS or similar cyber security frameworks; Knowledge of technology relating to enterprise wide information security protection; Knowledge of structured systems analysis and design practices and techniques; common operating systems software and relational database systems; hospitals or community health network environments; Ability to apply principles and practices of management, administration, budgeting, training, and personnel management; Ability to manage, supervise, train and coordinate complex functional area of responsibility and groups of employees; Ability to analyze and report on activities, issues and problems and recommend appropriate solutions; Ability to communicate effectively orally; Ability to communicate effectively in writing; Ability to exercise judgement, decisiveness and creativity required in situations involving the direction, control and planning of a program(s); manage critical timelines effectively; Ability to establish and maintain good working relationships with department personnel, staff, vendors, peers, and management, and engage and influence a broad range of stakeholders (e.g. HR, IT, Legal, Compliance, senior management, etc.) Candidates must achieve a passing score on the Supplemental Questionnaire exam in order to continue in the selection process and will be placed on the confidential eligible list in rank order according to their final score. Additional selection processes may be conducted by the hiring department prior to making final hiring decisions. Certification The certification rule for the eligible list resulting from this examination will be the Rule of the List. Eligible List/Score Report: A confidential eligible list of applicant names that have passed the civil service examination process will be created and used for certification purposes only. An examination score report will be established, so applicants can view the ranks, final scores, and number of eligible candidates. Applicant information, including names of applicants on the eligible list, shall not be made public unless required by law. However, an eligible list shall be made available for public inspection, upon request, once the eligible list is exhausted or expired and referrals resolved. The eligible list/score report resulting from this civil service examination process is subject to change after adoption (e.g., as a result of appeals), as directed by the Human Resources Director or the Civil Service Commission. The duration of the eligible list resulting from this examination process will be of six months and may be extended with the approval of the Human Resources Director. To find Departments which use this classification, please see the city's Position Counts by Job Codes and Departments. Terms of Announcement and Appeal Rights: Applicants must be guided solely by the provisions of this announcement, including requirements, time periods and other particulars, except when superseded by federal, state or local laws, rules, or regulations. Clerical errors may be corrected by the posting the correction on the Department of Human Resources website at ************************ The terms of this announcement may be appealed under Civil Service Rule 111A.35.1. The standard for the review of such appeals is 'abuse of discretion' or 'no rational basis' for establishing the position description, the minimum qualifications and/or the certification rule. Appeals must include a written statement of the item(s) being contested and the specific reason(s) why the cited item(s) constitute(s) abuse of discretion by the Human Resources Director. Appeals must be submitted directly to the Executive Officer of the Civil Service Commission within five business days of the announcement issuance date. Additional information regarding Employment with the City and County of San Francisco: * Information about the Hiring Process * Conviction History * Employee Benefits Overview * Equal Employment Opportunity * Disaster Service Workers * ADA Accommodation * Right to Work * Copies of Application Documents * Diversity Statement * Veterans Preference * Seniority Credit in Promotional Exams Where to Apply All job applications for the City and County of San Francisco must be submitted through our online portal. Please visit *********************** to begin your application process. Applicants may be contacted by email about this recruitment. Please consider using a personal email address that you check regularly rather than a work or school account. Computers are available for the public (9:00 a.m. to 4:00 p.m. Monday through Friday) to file online applications in the lobby of the Dept. of Human Resources at 1 South Van Ness Avenue, 4th Floor and at the City Career Center at City Hall, 1 Dr. Carlton B. Goodlett Place, Room 110. Ensure your application information is accurate, as changes may not be possible after submission. Your first and last name must match your legal ID for verification, and preferred names can be included in parentheses. Use your personal email address, not a shared or work email, to avoid unfixable issues. Applicants will receive a confirmation email from ******************************** that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their records. Failure to receive this email means that the online application was not submitted or received. If you have any questions regarding this recruitment or application process, please contact the analyst, Marielle Saldajeno at **************************** or **************. We may use text messaging to communicate with you on the phone number provided in your application. The first message will ask you to opt in to text messaging. The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.

ISSOEmployment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success:- Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. - Maintain responsibility for managing cybersecurity risk from an organizational perspective. - Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership.- Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies.- Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO).- Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes.- Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF.- Provide subject matter expertise for cyber security and trusted system technology. - Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems.- Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. - Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring.- Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications:- Bachelor's Degree.- A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc.- eMASS experience.- Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher.- Strong desktop publishing skills using Microsoft Word and Excel.- Experience with industry writing styles such as grammar, sentence form, and structure.- Ability to multi-task in a deadline-oriented environment. Ideally, you will also have:- CISSP, CASP, or a similar certificate is preferred.- Master's Degree in Cybersecurity or related field.- Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking.- Demonstrated ability to work well independently and as a part of a team.- Excellent work ethic and a high commitment to quality. Our Commitment:Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package.Health, Dental, and VisionLife Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation!Explore additional job opportunities with CGS on our Job Board:**************************************** more information about CGS please visit: ************************** or contact:Email: ******************* #CJ

This job requires relocation to the United States, Silicon Valley, through the use of a TN visa. If selected for this job, the process of coming to the United States will be handled by Tech-Mex. The Information Security Engineer maintains 24x7 support, responds to vendor security questionnaires, performs monitoring and maintenance of the security infrastructure and components, participates in project planning and deployment of new technologies and will be responsible for remediation of identified compliance and risk gaps. He/she works independently, operating under the defined guidelines established by the Director of Information Technology and Security. ESSENTIAL Job Duties & Responsibilities Monitor and advise on information security issues related to the systems and workflow to ensure the internal and external security controls for the company are appropriate and operating as intended Documenting gaps between vendor requirements and National MIs infrastructure Coordinate and execute IT security projects Coordinate response to information security incidents Conduct company-wide audits and manage remediation plans Collaborate with other areas of IT to manage security vulnerabilities Conduct research to keep abreast of latest security issues Ensures that system documentation is accurate and updated as needed Participates in disaster recovery (DR) exercises as directed Logfile review and analysis Install and maintain new systems Prioritize remediation of gaps based on internal and external audits Prepares compliance reports by collecting, analyzing, and summarizing data Evaluates information to determine compliance with laws, regulations, or standards MINIMUM QUALIFICATIONS 3-5 plus years related work experience Vendor audit and compliance experience, preferably with the SIG framework Strong technical skills in anti-virus, DLP, and PKI Strong experience with the McAfee suite of products Solid understanding of networking concepts and system administration Experience with Nessus, RSA envision, RedHat Linux and database security Knowledge of data compliance and privacy standards and regulations as they apply to insurance and banking industries Knowledge of Information Security Standards (ISO27001, NIST, etc) Self-motivated, self-directed and shows attention to detail while working Ability to effectively prioritize and execute reporting tasks in a fast-paced, results-driven environment Extensive experience working in a team-oriented, collaborative environment with a diverse team of business and IT staff Bachelor's degree in Computer Science or Information Systems preferred; Professional certifications are an advantage Essential Worker Competencies The ability to function independently with minimal supervision. Works ethically and with integrity supporting organizational goals and values Displays commitment to excellence Completes work in a timely manner and meets deadlines Good verbal and written communication skills Meets productivity standards and achieves key outcomes Is dependable and keeps commitments Contributes to building a positive team spirit and treats others with respect Candidate will be relocated to the United States

ABOUT THE ROLE You'll be our first dedicated security leader, owning the technical execution of our security and compliance program. You'll drive SOC 2 and PCI DSS compliance, manage our vulnerability program, and build security capabilities that enable our engineering teams to move fast while staying secure. This is a hands-on role-you'll design controls, write policies, respond to incidents, and work directly with auditors. This is initially an individual contributor role with high impact and visibility. As our security program matures, you'll have the opportunity to build and lead a security team. IN THIS ROLE, YOU WILL Own Compliance Lead SOC 2 Type II and PCI DSS programs through successful audit Design and implement security controls without blocking velocity Serve as primary technical contact for external auditors and assessors Manage third-party vendor security assessments and ongoing monitoring Build automated evidence collection and continuous compliance monitoring Report security metrics and program status to executive leadership Manage Security Operations Establish vulnerability management program with defined SLAs and remediation workflows Own end-to-end vulnerability management: identify, assess, prioritize, and drive remediation to completion across infrastructure and applications Manage external penetration testing program with third-party vendors, including scoping, assessment review, and remediation tracking Perform internal penetration testing and security assessments of applications, APIs, and infrastructure Build SIEM detection rules, security dashboards, and alert triage processes Develop and test incident response runbooks Conduct threat modeling for critical systems and architectural changes Lead security assessments of new technologies and third-party integrations Enable & Collaborate Partner with platform engineering to implement security roadmap: AWS landing zone design, PAM/JIT workflows, account segmentation, disaster recovery testing Enforce enterprise security controls (SSO, secrets management, RBAC) Build and deliver security awareness training program for all employees Develop and maintain security policies, standards, and procedures Translate compliance requirements into actionable engineering tasks and drive completion YOU HAVE Security & Compliance: 5+ years in information security, with 2+ years in fintech or highly regulated industry CISSP certification (or actively pursuing - must obtain within 12 months of hire) Hands-on experience leading SOC 2 and PCI DSS audits from start to finish Strong incident response background-you've led real security incidents Experience with vulnerability management platforms (Wiz, Snyk, Tenable) Technical Skills: Solid understanding of AWS security: IAM, Security Hub, GuardDuty, CloudTrail, KMS Experience with SIEM platforms (Splunk, Datadog, Elastic)-you can write detection rules and build dashboards Hands-on experience with vulnerability assessment and penetration testing tools (Burp Suite, Nessus, Qualys, or similar) Ability to read code (Ruby, JavaScript, Python) and assess security implications Knowledge of web application security, API security, and OWASP Top 10 Understanding of access control patterns (PAM, SSO, RBAC, least privilege) Core Competencies: Strong communication-you can explain risks to engineers and executives alike Pragmatic risk management in fast-paced environments Self-starter who builds programs from scratch Collaborative mindset-security as enabler, not blocker Ability to drive remediation to completion across teams NICE TO HAVE Additional certifications (CISM, CISA, CCSP, CEH, OSCP, CRISC) Experience managing WAF deployments (Palo Alto, Cloudflare, AWS WAF) Infrastructure-as-code experience (Pulumi, Terraform) Kubernetes security knowledge SOAR platform experience DevSecOps or security automation background Scripting skills (Python, Bash) for security tooling and automation Kikoff: A FinTech Unicorn Powering Financial Progress with AI At Kikoff, our mission is to provide radically affordable financial tools to help consumers achieve financial security. We're a profitable, high growth FinTech unicorn serving millions of people, many of whom are building credit or navigating life paycheck to paycheck. With innovative technology and AI, we simplify credit building, reduce debt, and expand access to financial opportunities to those who need them the most. Founded in 2019, Kikoff is headquartered in San Francisco and backed by top-tier VC investors and NBA star Stephen Curry. Why Kikoff: This is a consumer fintech startup, and you will be working with serial entrepreneurs who have built strong consumer brands and innovative products. We value extreme ownership, clear communication, a strong sense of craftsmanship, and the desire to create lasting work and work relationships. Yes, you can build an exciting business AND have real-life real-customer impact. 🏥 Medical, dental, and vision coverage - Kikoff covers the full cost of health insurance for the employee! 📈 Meaningful equity in the form of RSU's 🏝 Flexible vacation policy to help you recharge 💰 Competitive pay based on experience consisting of base + equity + benefits Location: Hybrid, 3 days onsite in San Francisco, CA. Visa sponsorship available: Kikoff is willing to provide sponsorship for H1-B visas and U.S. green cards for exceptional talent. Equal Employment Opportunity Statement Kikoff Inc. is an equal opportunity employer. We are committed to complying with all federal, state, and local laws providing equal employment opportunities and considers qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other legally protected class. Please reference the following for more information. If you need reasonable accommodation for a job opening please connect with us at ***************** and describe the specific accommodation requested for a disability-related limitation. Reasonable accommodations are modifications or adjustments to the application or hiring process that would enable you to fully participate in that process. San Francisco Fair Chance Ordinance: Pursuant to the San Francisco Fair Chance Ordinance, Kikoff will consider for employment qualified applicants with arrest and conviction records.

Seeking a candidate with the ability to demonstrate expertise in both the practical implementation and the administration of noted tools. The basis of the work will be to backfill daily operations management as well as assess the current state implementation for completeness and currency. The candidate will also be responsible for the identification and execution of implementation improvement efforts that will allow for the transition of such tools to a managed service provider including the documentation of run books, incident response and remediation support, and developing continuity plans. Has demonstrated expertise in one or more of the following tools: Qualys Vulnerability Scanner LogRhythm Tripwire Essential Functions: Manage and maintain key Information Security tools to help mature and improve the overall effectiveness of solutions across the organization to safeguard information systems, intellectual property assets and customer data. Design, implement and support integration of information security solutions including security architectures, firewall analysis, and developing and coordinating security implementation plans to improve monitoring and compliance functions and drive automation and efficiencies. Manage remediation of security issues with technology and business teams to ensure remediation is completed timely and effectively. Analyze existing processes to identify improvement opportunities, recommend solutions and lead implementation. Establish and implement a repeatable process for tracking, reporting and driving remediation of security issues. Assist with the PCI DSS security compliance program including scoping, testing, and remediation activities. Help train associates, contractors, alliance or other third parties on information security policies and -procedures. Provide skill-set knowledge transfer that ensures necessary cross-training of other IT Security team members. Monitors compliance with information security policies and procedures and monitors access control systems to assure appropriate access levels are maintained. Develop, support and manage Security metrics & reporting. Develop, maintain and enforce standardized, repeatable administrative and operational policies, processes and procedures. Serves as enterprise information security consultant, conduct information security risk assessments. Lead computer forensic analysis, cyber-crime investigation, incident emergency response and investigations. Perform other responsibilities and duties as assigned. Additional expertise in the following tools is a plus; Imperva DB Monitoring Ingrian HSM LogRhythm McAfee IDS/IPS McAfee Solid Core NETIQ PGP Desktop, WDE, Netshare PGP Universal Server & KMS Qwest Password Manager RedSeal RSA Authentication Manager RSA Envision Symantec DLP Varonis Data Privilege & DWebsense websense

Magic's mission is to build safe AGI that accelerates humanity's progress on the world's most important problems. We believe the most promising path to safe AGI lies in automating research and code generation to improve models and solve alignment more reliably than humans can alone. Our approach combines frontier-scale pre-training, domain-specific RL, ultra-long context, and inference-time compute to achieve this goal. About the role As a Software Engineer on the Supercomputing Platforms and Infrastructure team, you will build the next generation systems that power large scale AI research and deployment. You will focus on sandboxed execution environments, distributed systems orchestration, and performance optimized compute workflows. You will work closely with ML and Research teams and infrastructure teams to deliver both high throughput, scale, and strong isolation guarantees in a cluster environment. What you might work on Build highly scalable, highly performant, software that facilitates arbitrary code execution with strong isolation guarantees. Design and build systems that allow our AI models to interface with machines in various modes, interactive terminal, GUI applications, etc. Provision and operate high density compute and storage nodes (NVMe, high IOPS SSDs, high bandwidth networks), and build software that performs efficient load balancing, and resource utilization across them. Instrument and optimize end to end performance including storage IO, network bandwidth, CPU, memory, and endurance constraints. Develop APIs, self service platforms, and automation and tools so researchers and engineers can deploy and monitor workloads at scale. Troubleshoot complex infrastructure issues across OS, drivers, hardware, storage systems (local NVMe, block storage, NFS), networking, namespace isolation, and cloud or hybrid environments. Produce clean, documented code and developer workflows, and collaborate with SRE and security teams to ensure safe, reliable, and self serviceable compute offerings. What we are looking for Strong software engineering background (C, C++, Go, Rust, or similar systems languages). Experience designing or operating sandboxed or isolated execution environments (namespaces, cgroups, container runtime internals), or strong interest in this area. Experience building or operating distributed systems or parallel processing frameworks (scatter aggregate processing, worker pools, multi thread and multi process coordination, shared memory, atomics, merging strategies). Solid understanding of storage and IO subsystems (NVMe, SSD endurance, write amplification), network performance, CPU and memory resource constraints in high performance compute clusters. Comfortable working on low level systems (OS, threading, memory management, synchronization) as well as higher level orchestration or automation. Experience with cloud infrastructure (GCP, AWS, Azure, etc.) including IaC tools such as OpenTofu, Terraform, Pulumi, or CDK is a plus. Intellectual curiosity, strong ownership, and the ability to make tradeoffs in ambiguous environments such as latency versus throughput and isolation versus performance. Nice to haves Prior experience with GPU scheduling, RDMA networking, or bare metal HPC clusters Contributions to open source container runtimes or sandboxing frameworks Experience with kernel internals, device drivers, or SSD and NVMe endurance modeling Familiarity with Rust for systems programming or Go for infrastructure orchestration Why join us You will work at the cutting edge of AI infrastructure including large compute clusters, advanced metrics engines, and next generation sandboxing systems for untrusted workloads. The problems you solve will be foundational, for example how to securely and efficiently run arbitrary research code across thousands of GPUs or high end SSDs. You will join a collaborative and hands-on team where you are building rather than only modeling. Excellent compensation and equity, generous benefits, and high impact. Our culture: Integrity. Words and actions should be aligned Hands-on. At Magic, everyone is building Teamwork. We move as one team, not N individuals Focus. Safely deploy AGI. Everything else is noise Quality. Magic should feel like magic Compensation and benefits (US) Annual salary range: 225,000 USD to 550,000 USD depending on seniority Significant equity component 401(k) with matching, comprehensive health, dental, and vision insurance, unlimited paid time off, visa sponsorship and relocation support Fast paced, mission driven environment focused on safely advancing AGI for humanity

Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems. About the Role We're looking for an Operating Systems Security Engineer to harden and secure the OS layer of our infrastructure. You'll be responsible for designing and implementing OS-level security controls, from kernel hardening to runtime protection, ensuring our systems can withstand sophisticated attacks while maintaining the performance required for AI model training. This is a hands-on role where you'll work with cutting-edge hardware and implement novel security solutions for environments that don't exist anywhere else in the world. You'll need to balance extreme security requirements with the operational needs of researchers training models at unprecedented scale. What You'll Do: Design and implement hardened OS configurations for AI workloads across diverse hardware platforms Develop kernel security policies using SELinux, AppArmor, and custom Linux Security Modules and runtime enforcement mechanisms Implement and maintain full-disk encryption solutions for diverse storage systems Build security infrastructure for AI systems, research environments, and production services Build secure network stacks with appropriate isolation and segmentation Create OS-level attestation and integrity monitoring systems Develop security patches, custom kernel modules, and kernel hardening configurations Design secure boot processes and trusted execution environments Work with container teams to ensure proper workload isolation at the kernel level Design privilege separation and mandatory access control policies Implement secure update mechanisms for OS components Build tooling for security configuration management and compliance verification Who You Are: 5+ years of experience in operating systems security or kernel development Deep knowledge of Linux internals, including kernel subsystems and security frameworks (SELinux, AppArmor, seccomp, etc.) Experience with kernel hardening techniques and exploit mitigation Strong programming skills in C and systems programming languages Experience with eBPF for security monitoring and enforcement Understanding of virtualization and containerization security Track record of identifying and fixing OS-level security vulnerabilities Experience with security-focused Linux distributions Strong candidates may also have: Kernel development experience or contributions to Linux kernel Experience with real-time or embedded operating systems Knowledge of hardware security features and their OS integration Experience with confidential computing and memory encryption technologies (SEV, TDX, SGX) Background in vulnerability research, exploit development, or fuzzing Experience with formal methods for OS verification Knowledge of hardware security features and their OS integration (TPM, HSM, secure enclaves) Deadline to apply: None. Applications will be reviewed on a rolling basis. The expected base compensation for this position is below. Our total compensation package for full-time employees includes equity, benefits, and may include incentive compensation. Annual Salary:$300,000-$405,000 USDLogistics Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience. Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices. Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this. We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work. We think AI systems like the ones we're building have enormous social and ethical implications. We think this makes representation even more important, and we strive to include a range of diverse perspectives on our team. How we're different We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact - advancing our long-term goals of steerable, trustworthy AI - rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills. The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences. Come work with us! Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues. Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process

Hands-on cloud security engineer who has a deep understanding of emerging technologies including Openstack, PaaS - Pivotal cloud foundry, Mesos, Docker container, Security, Software defined networks, Cloud integration technologies. Hands-on deployment of AWS\Azure IaaS components necessary to support the Cyber Security deployment needs, as well as approved Cyber Security specific solutions in the AWS\Azure environment to support these efforts. Qualifications Bachelor's Degree in STEM and/or a minimum of 4 years of equivalent experience Minimum of 6 years of experience of application design and architecture Minimum of 6 years of experience with deployment of cloud controls for infrastructure, platform, and applications (IaaS/SaaS/PaaS) AWS and Azure experience a must Additional Information All your information will be kept confidential according to EEO guidelines.

About the California Academy of Sciences The California Academy of Sciences is a globally renowned scientific and cultural institution located in the heart of San Francisco's Golden Gate Park. Home to a world-class planetarium, aquarium, research center, and natural history museum-all under one living roof-our mission is to regenerate the natural world through science, learning, and collaboration. Our extensive collections span plants, animals, fossils, and cultural artifacts from across the globe and throughout history. We are a diverse team of leading biodiversity scientists, educators, storytellers, designers, and communicators who work collaboratively to advance knowledge and inspire action through science and storytelling. When you join the California Academy of Sciences, you become part of a mission-driven community that values curiosity, collaboration, and innovation. Whether you're working behind the scenes in research or engaging the public on the museum floor, your work will help connect people to the natural world and empower them to protect it. About the Opportunity Reporting to the Director of Information Technology, the Senior Security Analyst is responsible for configuring, maintaining, and monitoring internal security controls to prevent, detect, and respond to cyber threats. The Analyst will focus on the needs of information security services, bringing information security expertise to integrate security tools into daily operations, contribute to the improvement of security architecture, and assess/improve security in departments across the Academy. Additionally, this position plays a critical role in maturing our IT and security programs at the Academy. Organizational Culture Join a team dedicated to the Academy's mission, vision, and values! Currently, the Academy has a new strategic plan including three initiatives - Hope for Reefs , Thriving California , and Islands 2030 - that leverage biodiversity science, environmental learning, and collaborative engagement to regenerate fragile ecosystems around the world. Learn more at ****************************************************** We hope you are inspired by what we do and are excited to contribute to our mission. The mission of the California Academy of Sciences is to regenerate the natural world through science, learning, and collaboration. The Academy is seeking candidates who consistently deliver exceptional work, and they may come from a variety of backgrounds and experiences. We encourage you to apply even if you do not believe you meet every qualification for the position. This position is based in San Francisco, California. The specific onsite/hybrid schedule for this position is listed below. [FOR CAWU ROLES] This position is part of a bargaining unit represented by Cal Academy Workers United, and will be subject to the terms and conditions of that contract. Key Responsibilities Manage, coordinate, and implement the latest security best practices on network devices, firewalls, servers, and workstations to ensure continuous alignment with security standards and requirements. Partner with the IT Infrastructure Manager to establish and maintain a system for ensuring that security policies are met and all staff are trained and informed fully on their role in security Evaluate the effectiveness of awareness and security training programs and make recommendations for improvement. Analyze, research, and resolve security breaches and vulnerability issues for all implemented software and hardware platforms. Evaluate, Prioritize, and coordinate patching. Provide security expertise and consulting to the IT Team and CAS internal technology partners Partner with external security advisors to evaluate security posture and review/remediate issues Participate in team exercises to identify potential security risks and tabletop scenarios Maintain awareness/knowledge of industry-standard security trends/benchmarks/frameworks (e.g., NIST/CISA/ISO 27001) Perform off-hour/weekend work as required Qualifications: A successful candidate will have the following: EXPERIENCE and/or EDUCATION: 5+ years of experience in the Information Technology field 3+ years of enterprise IT security experience Experience with the administration/use of security software (e.g., Trellix/FireEye, Tenable, Nessus, Sophos, Splunk) Experience assessing IT infrastructure and software to identify vulnerabilities BS/BA or equivalent training and experience Information Security Certifications - CISSP, CISM, GIAC - strongly preferred Hands-on experience with firewalls, network security, and VPNs - preferred SIEM Experience - preferred Automation Experience - Preferred SKILLS AND ABILITIES: Strong problem-solving and troubleshooting skills Ability to interact with users of varying levels of technical knowledge Ability to work as part of a team or collaborate well with team members and external collaborators to accomplish mutual goals. Ability to work efficiently and communicate with staff, cross-functional teams, and external customers from different identities and experiences. Advanced knowledge of the processes, tools, and techniques of information security management, ability to deploy and monitor information security systems, as well as detect, resolve, and prevent violations of IT security, to protect organizational data Physical Environment: To perform this job successfully, an individual must be able to perform each essential job duty satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform essential job functions. ( Cut and paste from the Job Description, adding other requirements relevant to the position's responsibilities.) Compensation and Benefits: The salary range for this position is $121,762. Actual compensation will be commensurate with the final candidate's qualifications and experience, including skills, knowledge, relevant education, certifications and aligned with the internal peer group. We believe in fair and equitable compensation practices and are committed to providing competitive salaries within the industry and market standards. The Academy offers a total compensation package that emphasizes both base salary and comprehensive benefits based on the hours per week worked. Further details regarding compensation and benefits will be discussed during the interview process. Schedule: Full-time, 40 hours per week How to Apply: Interested candidates should submit a resume and application through our Careers Page portal. The California Academy of Sciences will give full consideration for employment to all qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance (SF Police Code, Article 49).

At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. Northrop Grumman Mission Systems (NGMS) is seeking a Principal Cybersecurity Analyst/Sr. Principal Cybersecurity Analyst to join our team based in McClellan, CA. **What You'll Get to Do:** + Perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy. + This is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments. + Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. + Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits. + Assist in the implementation of the required government policy (i.e., NISPOM, ICD 503), make recommendations on process tailoring, participate in and document process activities. + Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards. + Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports. + Document the results of Certification and Accreditation activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M. + Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed. This requisition may be filled as either a Principal Cybersecurity Analyst or Sr. Principal Cybersecurity Analyst. **\#MPR** **Basic Qualifications for a Principal Cybersecurity Analyst** + Bachelor's degree and 5 years of relevant experience; 3 years with a Masters; 1 year with a PhD. An additional 4 years of relevant experience may be considered in lieu of a degree. + Active Top Secret clearance with SCI eligibility + Must possess an IAT Level II (DoD 8570) certification + Experience with Risk Management Framework accreditation functions, including documentation, scanning, assessment, POAM management, through all steps of the RMF + Experience with Continuous Monitoring to comply with RMF + Experience with cybersecurity, information security and information assurance roles + Experience executing and monitoring security tools, such as SIEM, Splunk, and vulnerability and compliance scanners + Demonstrated ability to handle multiple levels of classified systems and data and follow data transfer/trusted download/assured file transfer processes **Basic Qualifications for a Sr. Principal Cybersecurity Analyst** + Bachelor's degree and 8 years of relevant experience; 6 years with a Masters. 4 years with a PhD. An additional 4 years of relevant experience may be considered in lieu of a degree. + Active Top Secret clearance with SCI eligibility + Must possess an IAT Level II (DoD 8570) certification + Experience with Risk Management Framework accreditation functions, including documentation, scanning, assessment, POAM management, through all steps of the RMF + Experience with Continuous Monitoring to comply with RMF + Experience with cybersecurity, information security and information assurance roles + Experience executing and monitoring security tools, such as SIEM, Splunk, and vulnerability and compliance scanners + Demonstrated ability to handle multiple levels of classified systems and data and follow data transfer/trusted download/assured file transfer processes **Preferred Qualifications:** + Bachelor's degree in a STEM discipline + Active TS/SCI clearance + Active DoD 8570 IAT Level II, or higher, certification such as CompTIA Security+; required to start and must be maintained Primary Level Salary Range: $137,400.00 - $206,000.00 Secondary Level Salary Range: $110,300.00 - $165,500.00 The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business. The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates. Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit *********************************** U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.

blue Stone Recruiting is a national search firm with a focus of placing top Cyber Security talent from the Analyst level to CISO with prestigious organizations nationwide Job Description Our client seeking a Cyber Security Operations Analyst to support an operations team that supports a large government customer. The candidate will be relied upon to assist teammates and perform troubleshooting as needed. The candidate should excel in a fast-paced work environment and be willing to face new challenges. Qualifications • Proficiency with vulnerability scanning, remediation and reporting • Knowledge in web application scanning using various tools • Demonstrated proficiency with Windows, UNIX, & LINUX operating systems • Experience working in a customer service information technology environment • Network security and system security experience • Ability to discuss real world troubleshooting; problems and solutions encountered • Knowledge of IT security best practices, US federal government standards, regulations and policy (FedRamp, TIC, NIST 800-37rev1 & 800-53rev3) • Must be motivated and able to work independently • Proven project leadership (PowerPoint presenting, MS Project Planning) • Experience working with change implementation in a controlled environment • Excellent verbal, written communication and technical writing skills Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience. 2-5 years of related experience in data security administration. Experience using some of the following tools: o Nessus o Tenable Security Center o Netsparker o WebInspect o BurpSite Additional InformationWork with blue Stone recruiting to find your next Cyber Security role. You can find us at ******************************* We look forward to speaking with you.

Details: Stefanini Group is hiring! Stefanini is looking for an Information Security Risk Analyst for San Francisco, CA/Salt Lake City, UT/Los Angeles, CA (Onsite Role). For quick Apply, please reach out to Akash Gupta: ************/ ************************* W2 candidates only! Responsibilities: The ideal candidate for this role will have the ability to blend and apply their technical, organizational, business, and cyber security abilities, to: Support risk strategies, identify risks in processes and technologies, and lead improvement initiatives to minimize risk. Support the application of security policy and contribute insights to policy discussions as needed. Support and advise partners to enable them to understand security controls, policies, and procedures. Establish and foster long-term relationships with partners and contacts in assigned business areas and partner with them to understand their technical and business requirements to help enable them to do their work securely. Advise and assess application development teams on Secure Cloud Development and Operations to enable them to mature their practices and processes. Understand technical implementation details necessary to assess security risk in Cloud and on-prem environments and recommend security control improvements or identify mitigating controls. Perform complex analysis of security issues and advise business partners on relevant risks and mitigations. Evaluate external service providers to identify and communicate associated risks and identify shared security responsibility between the vendor and the Client. Perform security control assessments and prepare assessment reports to document assessment scope, procedures, findings, and recommendations; interpret the significance of assessment findings, conclude on findings, and make practical recommendations for remediation. Communicate security risk and implications to partners at all levels, including executives. Collaborate and influence work multi-functionally; navigate ambiguity while leading multiple projects simultaneously in a fast-paced, results-driven environment, accepting accountability of the process and delivering on commitments. #LI-AG#LI-HYBRID Details: Qualifications: Moderate Peraton Local to SF who can come onsite or LA or SLC, Soft skills, partnering with many different people at different levels. Ability to convey and communicate risk to multiple parties. Listed salary ranges may vary based on experience, qualifications, and local market. Also, some positions may include bonuses or other incentives. Stefanini takes pride in hiring top talent and developing relationships with our future employees. Our talent acquisition teams will never make an offer of employment without having a phone conversation with you. Those face-to-face conversations will involve a description of the job for which you have applied. We also speak with you about the process including interviews and job offers. About Stefanini Group: The Stefanini Group is a global provider of offshore, onshore and near shore outsourcing, IT digital consulting, systems integration, application, and strategic staffing services to Fortune 1000 enterprises around the world. Our presence is in countries like the Americas, Europe, Africa, and Asia, and more than four hundred clients across a broad spectrum of markets, including financial services, manufacturing, telecommunications, chemical services, technology, public sector, and utilities. Stefanini is a CMM level 5, IT consulting company with a global presence. We are CMM Level 5 company.

Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems. About the Role We're seeking a Systems Integrity Security Engineer to design and implement security architectures for bare-metal infrastructure. You'll work with teams across Anthropic to build firmware, bootloaders, operating systems, and attestation systems to ensure the integrity of our infrastructure from the ground up. This role requires expertise in low-level systems security and the ability to architect solutions that balance security requirements with the performance demands of training AI models. What you'll do: Design and implement secure boot chains from firmware through OS initialization for diverse hardware platforms (CPUs, BMCs, peripherals, embedded microcontrollers) Architect attestation systems that provide cryptographic proof of system state from hardware root of trust through application layer Define trust boundaries and security policies for multi-party authorization systems Develop measured boot implementations and runtime integrity monitoring Create reference architectures and security requirements for bare-metal deployments Integrate security controls with infrastructure teams without impacting training performance Prototype and validate security mechanisms before production deployment Conduct firmware vulnerability assessments and penetration testing Build firmware analysis pipelines for continuous security monitoring Document security architectures and maintain threat models Collaborate with hardware vendors to ensure security capabilities meet our requirements Who you are: 8+ years of experience in systems security, with at least 5 years focused on firmware and hardware security (firmware, bootloaders, and OS-level security) Hands-on experience with secure boot, measured boot, and attestation technologies (TPM, Intel TXT, AMD SEV, ARM TrustZone) Strong understanding of cryptographic protocols and hardware security modules Experience with UEFI/BIOS security, bootloader hardening, and chain of trust implementation Proficiency in low-level programming (C, Rust, Assembly) and systems programming Knowledge of firmware vulnerability assessment and threat modeling Track record of designing security architectures for complex, distributed systems Experience with supply chain security and firmware vulnerability analysis Ability to work effectively across hardware and software boundaries Knowledge of NIST firmware security guidelines and hardware security frameworks Strong candidates may also have: Experience with confidential computing technologies and hardware-based TEEs Knowledge of SLSA framework and software supply chain security standards Experience securing large-scale HPC or cloud infrastructure Contributions to open-source security projects (coreboot, CHIPSEC, etc.) Background in formal verification or security proof techniques Experience with silicon root of trust implementations Experience working with building foundational technical designs, operational leadership, and vendor collaboration Previous work with AI/ML infrastructure security Deadline to apply: None. Applications will be reviewed on a rolling basis. The expected base compensation for this position is below. Our total compensation package for full-time employees includes equity, benefits, and may include incentive compensation. Annual Salary:$300,000-$405,000 USDLogistics Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience. Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices. Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this. We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work. We think AI systems like the ones we're building have enormous social and ethical implications. We think this makes representation even more important, and we strive to include a range of diverse perspectives on our team. How we're different We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact - advancing our long-term goals of steerable, trustworthy AI - rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills. The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences. Come work with us! Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues. Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process