Information security analyst jobs in Woodinville, WA - 211 jobs

Job Category: Information Technology Posted : December 5, 2025 Full-Time Seattle, WA 98104, USA Description Salary range is $104k to $206k with a midpoint of $155k. New hires typically receive between minimum and midpoint, however, we may go slightly higher based on experience, internal equity and market. Sound Transit also offers a competitive benefits package with a wide range of offerings, including: Health Benefits: We offer two choices of medical plans, a dental plan, and a vision plan all at no cost for employee coverage; comprehensive benefits for employees and eligible dependents, including a spouse or domestic partner. Long-Term Disability and Life Insurance. Employee Assistance Program. Retirement Plans: 401a - 10% of employee contribution with a 12% match by Sound Transit; 457b - up to IRS maximum (employee only contribution). Paid Time Off: Employees accrue 25 days of paid time off annually with increases at four, eight and twelve years of service. Employees at the director level and up accrue additional days. We also observe 12 paid holidays and provide up to 2 paid floating holidays and up to 2 paid volunteer days per year. Parental Leave: 12 weeks of parental leave for new parents. ORCA Card: All full-time employees will receive an ORCA card at no cost. Tuition Reimbursement: Sound Transit will pay up to $5,000 annually for approved tuition expenses. Inclusive Reproductive Health Support Services. Compensation Practices: We offer competitive salaries based on market rates and internal equity. In addition to compensation and benefits, you'll find that we provide work-life balance, opportunities for professional development and recognition from your colleagues. GENERAL PURPOSE: Under general direction, the Information Security Engineering Manager oversees and operates several essential Information Security functions including Security Engineering and information security tool management. The Information Security Engineering Manager's role is to lead and support service owners, system owners, and relevant stakeholders in ensuring their respective (or proposed) systems are compliant with the Agency's information security standards. In addition, the Information Security Engineering Manager supports the operations of several other functions of the Agency's Information Security Management System (ISMS). ESSENTIAL FUNCTIONS: The following duties are a representative summary of the primary duties and responsibilities. Incumbent(s) may not be required to perform all duties listed and may be required to perform additional, position-specific duties. Acts as Service Owner for related Information Security Engineering services of the Information Security business unit. Support Information Security Architecture and Security Operations services Manages personal for the Information Security Engineering components of the Information Security Division. Provides guidance to the technical professionals that comprise the Security Engineering functions of the Information Security Division Participates in the overall implementation of the agency's information security program, under the direction of the Chief Information Security Officer (or delegate), where appropriate. Participates in the creation of information security governance documents (policies, standards, baselines, guidelines, and procedures) under the direction of the Chief Information Security Officer (or delegate), where appropriate. Identifies and assesses technology-related risks to information security associated with prospective technology solutions; and recommends appropriate mitigating controls. Influences the design of any prospective technology solution for adherence to documented agency standards, policies, and regulatory responsibilities. Evaluates, implements, and supports security-focused tools and services required to support information security controls. Collaborates with other IT engineering and administration disciplines to ensure security best practices are incorporated into design, implementation and sustainment of systems and services within the agency. Consults with internal customers on risk assessment, threat modeling and mitigation of vulnerabilities Conducts security assessments, evaluates controls, and provide feedback to management and system owners on the design and effectiveness of control processes. Conducts regular security reviews of both software and processes. Reviews and creates threat models and recommends security enhancements consistent with information security strategy and evolving threats Participates in ongoing information security education, awareness, and outreach activities. Participate with information security incident investigation and response efforts, leading as needed. Participate with computer and network forensic investigations in support of incident response activities. Prepares regular reports on relevant metrics for different stakeholders. Coaches, manages, mentors, and develops staff. Focuses on keeping professional skills current. Keeps up to date on latest information security threats and countermeasures. Champions and models Sound Transit's core values and demonstrates values-based behaviors in everyday interactions across the agency. Contributes to a culture of diversity, equity and inclusion in alignment with Sound Transit's Equity & Inclusion Policy. It is the responsibility of all employees to follow the Agency safety rules, regulations, and procedures pertaining to their assigned duties and responsibilities, which could include systems, operations, and/or other employees. It is the responsibility of all employees to integrate sustainability into everyday business practices. Other duties as assigned. MINIMUM QUALIFICATIONS: Education and Experience: Bachelor's degree in Computer Science, Information Technology, Business Administration, Engineering, or closely related field. Five years of information technology experience with a focus on security engineering and operations, OR an equivalent combination of education and experience. Three years of leadership, budgetary, planning and workforce management experience. Required Licenses or Certifications: Certified Information Systems Security Professional (CISSP), or obtain within 12 months of hire. Preferred Licenses or Certifications: One or more of the following certifications is strongly preferred: Certified Information Security Manager (CISM) Information Technology Infrastructure Library (ITIL) Certified Ethical Hacker (CEH) Certified Cyber Forensics Professional (CCFP) GIAC Certified Incident Handler (GCIH) Required Knowledge and Skills: Strong command of ITIL core processes and principles. Strong command and experience with information security architecture and engineering principles General knowledge of the NIST 800 series standards, PCI DSS standard, and the ISO 27001/2 frameworks. Demonstrated work experience in a few of the following areas: Information Security, Security Architecture, Security Engineering, Security Operations and implementing best practices, tools and technology. Strong understanding of information technology and security controls. Strong understanding of and experience with security-related technologies, systems, and tools. Proven competency in the use of MS Office applications (Microsoft Project, Word, Excel, PowerPoint, and SharePoint) Strong team leadership and communicational (verbal/written) skills. Ability to work in highly collaborative environments. Strong workload prioritization and self-organization skills Preferred Knowledge and Skills: Understanding of Cloud Computing environments (Microsoft Azure preferred). Physical Demands / Work Environment: Work is performed in a hybrid office environment. This position is responsible for communicating with stakeholders, and using specialized security tools; may be subject to bending, hearing, sitting, standing, talking, seeing, and carrying and lifting 25 lbs or less. The Agency promotes a safe and healthy work environment and provides appropriate safety and equipment training for all personnel as required. Sound Transit is an equal employment opportunity employer. No person is unlawfully excluded from employment action based on race, color, religion, national origin, sex (including gender identity, sexual orientation and pregnancy), age, genetic information, disability, veteran status or other protected class. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor. #J-18808-Ljbffr

Guide security policy and participate in broader Information Security governance efforts. Develop and maintain the Information Security Management System (ISMS) in collaboration with regional information security SMEs and technical consultants. Oversee and manage the ISMS and recommend appropriate mitigating controls. Oversees Information Security Risk Management activities, including risk identification, assessment, and communication to relevant interest holders. Provide valuable expertise and leadership directly to the governing Joint Board executive leadership, including sharing metrics to reflect the performance of the regional security program functions, executive risk score reports, and other guidance on a variety of information security topics. Facilitate a committee of Information Security SMEs across the Agencies to ensure both regional compliance and concurrence on information security-related matters, recommending solutions, and working from the regional perspective to achieve optimal solutions. Collaborate with the Systems Integrator, other vendors, and partner Agencies to ensure security best practices, standards, policies, and regulatory requirements are incorporated into core payment system design, implementation, and sustainment, as well as supportother future phase projects. Conduct regular security reviews of both software and processes, advising on information security practices. Reviews and creates threat models and recommends security enhancements consistent with information security strategy and evolving threats. Support external IT security audits and assessments that focus on operation. Develop, update, implement, and conduct information security training programs to support the ISMS objectives. Manage approvals for Identity and Access Management (IAM) and Access Control Administration. Act as Incident Commander for Security Incident Response activities, whenever the Information Security Incident Response Plan is invoked by the regional program; play an interest holder and oversight role if the plan is invoked by other partners or vendors. Participate in information security incident investigation and response efforts; perform root-cause analysis when incidents occur and prepare incident reports. Evaluate change requests to determine potential impacts to Information Security, including IT systems, processes, policies, and provideappropriate input to the Change Management process. Coach future Regional Operations Team (ROOT) information security personnel as the ISMS becomes complete and mature. Keep up to date on latest information security trends, "best practices", threats, and countermeasures. Required Skills and Qualifications Enterprise-level information security plans, policies, standards, guidelines, methods, and practices based on current industry standards, best practices, tools, and techniques. Information Security Management Systems, and applicable industry standards (ISO 27001/2). Pertinent federal, state, and local laws, codes, and regulations; particularly those that affect information security for payment systems. Environments subject to the Payment Card Industry Data Security Standard (PCI DSS), including compliance-related duties. Knowledge and understanding of developing and administering information-security standards, practices, audits, risk management, and policy compliance. Information Security Audit principles and practices. Knowledge of one or more governance frameworks such as COBIT 5, ISO, NIST, or COSO. Strong understanding of IT Service Delivery (ITIL) core processes and methodologies. Principles, methods, and techniques used in the facilitation of managing projects and leading teams. Relevant experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography. In-depth knowledge of security software threats and vulnerability mitigation techniques. Working knowledge of cloud platforms such as Azure/ AWS and relevant security controls. Establishing and maintaining collaborative working relationships with other department staff, management, vendors, and other interest holders. Documenting and explaining risks, recommendations, and incident data to technical interest holders. Interpreting and administering information security policies, standards, and procedures sufficiently to administer, discuss, resolve, and explain them to staff and other constituencies. Leading or supporting an Information Security Management System. Generating metrics and preparing reports to facilitate decision-making on security-related activities. Utilizing personal computer software programs affecting assigned work and in compiling and preparing spreadsheets and reports. Responding to inquiries with effective oral and written communication. Researching, analyzing, and evaluating new security processes, products, and techniques. Excellent time management skills including the ability to prepare, prioritize, and complete work plans. Working effectively under pressure, meeting deadlines, and adjusting to changing priorities. Writing of technical documentation and standards, including skill in English usage, spelling, grammar, and punctuation Required Certifications or Licenses At least one of the following (in valid status): Certified Information Systems Security Professional (CISSP). Certified Information Security Manager (CISM). Certified Information Security Auditor (CISA). Other industry relevant certifications in the fields of information security, project management, auditing and/ or risk management, such as the Certification in Risk and Information Systems Control (CRISC) Preferred Skills and Qualifications Knowledge of Governance, Risk, and Compliance (GRC) tools. Principles of leadership, supervision, training, and performance evaluation. Extensive knowledge of risk-based methodologies, and one or more of the following frameworks: ISO 27001/2:2017, 27005:2011, and 31000; PCI-DSS; or NIST 800-53. Duration: 11/07/2025 to 2/28/2026 Location: Downtown Seattle (Hybrid) M-F: 8 AM to 5 PM Hybrid: 3 days work onsite Pay: $75 per hour #J-18808-Ljbffr

A leading entertainment and media enterprise is seeking a Senior Software Engineer to enhance cybersecurity efforts. The role involves designing internal tools, managing security frameworks, and collaborating with compliance teams. Candidates should possess at least 5 years of software development experience, knowledge in DevSecOps, and familiarity with cloud technologies. This position is integral to securing information systems across various Disney platforms, supporting innovative consumer experiences and operational excellence. #J-18808-Ljbffr

Imagine what you could do here. At Apple, new ideas have a way of becoming extraordinary products, services, and customer experiences very quickly. Bring passion and dedication to your job and there's no telling what you could accomplish. We're a diverse collection of problem solvers and doers, continually reimagining our products, systems, and practices to help people do what they love in new ways. This is a deeply reciprocal place, where everything we build is the result of people in different roles and teams working together to make each other's ideas stronger. That same real passion for innovation that goes into our products also applies to our practices, strengthening our dedication to leave the world better than we found it! We are seeking a leader for our Security Services team. This role requires a strategic, results-driven leader to advance our security services portfolio while ensuring delivery excellence, operational efficiency, and exceptional customer outcomes. In this role, you will drive the evolution, optimization, and continuous improvement of security offerings, aligning capabilities with business objectives and emerging security needs. The ideal candidate brings a strong blend of security or technical expertise, proven people leadership, and a customer-centric mindset. We are seeking a strategic and results-oriented leader in Service Delivery to drive and advance our security service portfolio, ensuring consistent delivery excellence, operational efficiency, and customer satisfaction. This role will drive the evolution, optimization, and continuous improvement of our security service offerings, aligning capabilities with business objectives and emerging security needs. The ideal candidate will possess a strong blend of technical or security expertise, leadership skills, and a customer-centric approach. The Manager, Security Services will be responsible for influencing and driving transformational change to across the organization. This is an opportunity to play a key role in shaping the future of our security service offerings. You must be passionate about service excellence and continuous improvement. Experience in leading an MSP (managed service provider) or MSSP (managed security service provider) organization Expert knowledge of service management frameworks (e.g. ITIL) and security best practices. CISSP and related security certifications is a plus Demonstrated ability to manage, lead, and inspire teams while driving transformational organizational change Expertise with service delivery management; overseeing the end-to-end delivery of managed services Experience leading teams in a matrixed environment including working with security engineering, engineering managers, software developers, and other cross-functional teams Strong problem solving skills; with the ability to lead through ambiguity to deliver incremental value to our customers Exceptional communication and presentation skills

Job Description We is seeking a talented Cyber Security Analyst. As a Cyber Security Analyst, you will play a key role in ensuring the security and integrity of our organization's data and systems. Requirements Responsibilities: Monitor, detect, and respond to cyber threats and security incidents, Conduct vulnerability assessments and penetration testing to identify potential weaknesses in our systems, Develop and implement security measures and best practices to protect against cyber attacks, Stay up-to-date with the latest cyber security trends and technologies, Collaborate with cross-functional teams to identify security risks and implement appropriate solutions, Provide training and guidance to employees on cyber security awareness and best practices. Requirements: Bachelor's degree in Computer Science, Information Security, or a related field, Proven experience in cyber security or a related role, Strong knowledge of security protocols and tools, Ability to analyze and interpret complex data and make informed decisions, Excellent problem-solving and communication skills, Relevant certifications (e.g. CISSP, CISM) are preferred but not required. Benefits About Us Zone IT Solutions is an Australia-based Recruitment Company. We specialise in Digital, ERP and larger IT Services. We offer flexible, efficient and collaborative solutions to any organisation that requires IT, experts. Our agile, agnostic and flexible solutions will help you source the IT Expertise you need. If you are looking for new opportunities, your profile at *******************************. Also, follow our LinkedIn page for new job opportunities and more. Zone IT Solutions is an equal-opportunity employer, and our recruitment process focuses on essential skills and abilities.

The Integrity, Investigations, Intelligence and Events (i3E) teams at Meta are dedicated to protecting the users of our family of applications (e.g. Facebook, Instagram, WhatsApp, Oculus) from a multitude of threats including: criminal organizations, human trafficking and exploitation, and scams/fraud. We are seeking a security analyst - threat investigator to investigate sophisticated threat actors, advance investigative methods, automate and mature team processes through tooling, and use innovative approaches to protecting people from offline harm. You will have the opportunity to work on some of the most challenging, complicated, and high-visibility risks the company is facing. We are seeking an experienced security analyst to help drive our understanding and mitigation of child sexual abuse and exploitation on our family of apps. In addition to investigating complex threats, the ideal candidate will have an eye towards advancing investigative methods, and using innovative research approaches to prevent harm to children on our platforms. The ideal candidate will be someone with experience of solving complex problems and embracing ambiguity to drive novel and impactful solutions, who is motivated by our mission and will be able to extract, assimilate, and correlate a wide variety of data in order to surface, analyze, and disrupt threat actors across multiple spaces. Minimum Qualifications * 2+ years work experience performing security investigations in government, intelligence, cyber security, journalism and/or private sector organizations * Subject matter expertise or prior work experience in child safety based laws or policies (i.e intelligence, law enforcement, legal analysis, or NGO) * Experience with open source investigation techniques and familiarity with a variety of internet research tools * Experience leveraging SQL, OSINT, and network security concepts in an investigative context * Adept at developing multi-source, evidence-based findings and communicating them to varied audiences * Bachelors Degree in Computer Science, Information Systems, Intelligence Studies, Cybersecurity or related field or equivalent work experience in information security Preferred Qualifications * Experience conducting large scale data analysis and utilizing big data tools such as Jupyter Notebook, Maltego, Palantir, etc * Experience working on high-impact threats under compressed timelines * Experience working or managing projects that have enterprise-wide impact and/or multi-organization cross functional stakeholders * Experience working with a team spanning multiple locations/time zones Responsibilities * Investigate complex child sexual exploitation operations to understand how abuse manifests on Meta's platforms and the wider information ecosystem * Lead a portfolio of investigative research to include identifying abuse trends, understanding adversarial behavior, and designing forward-looking enforcement strategies to mitigate harm * Proactively hunt for threats and undetected abuse by leveraging internal data sets, open-source intelligence, and third-party private intelligence * Analyze qualitative and quantitative data to advance investigations, quantify trends and support findings with clear, concise evidence * Apply analytical rigor to investigations, analysis, and programs while looking for strategic improvement opportunities * This role involves exposure to graphic and/or objectionable content including but not limited to graphic images, videos and writings, offensive or derogatory language, and other potential objectionable material, i.e. child exploitation, graphic violence, self-injury, animal abuse, and other content which may be considered offensive or disturbing About Meta Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. People who choose to build their careers by building with us at Meta help shape a future that will take us beyond what digital connection makes possible today-beyond the constraints of screens, the limits of distance, and even the rules of physics. Equal Employment Opportunity Meta is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. You may view our Equal Employment Opportunity notice here. Meta is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, fill out the Accommodations request form.

Aditi Staffing is an MBE certified, IT Staffing firm in the US offering contract, contract-to-hire & direct hire career opportunities with Fortune Firms. Recently recognized as one of the fastest growing staffing firms and top diversity firm by the Staffing Industry Analysts, Aditi Staffing has been a partner of choice for candidates and clients. Visit our website: http://www.aditistaffing.com/ Job Description Role: Information Security Analyst Location: Information Security Analyst 6-8 years of experience in information security / technology or related field. Advanced verbal and communication skills with diverse cross functioning groups. Strong background and experience in policy development, program administration. In depth knowledge and experience in incident response activities and compliance. Ability to plan, organize and prioritize tasks to complete independently and within time frame established. While technical knowledge of information technology and security issues is highly desirable, technical expertise and resources will be available from units such as Security Operations to support the information security and privacy program. Strong technical writing abilities. Very good understanding of security controls, control systems, and business drivers that impact security controls. Knowledge of SEC, FFC, Sarbanes-Oxley (SOX) and or Gramm-Leach Bliley Act regulatory policies & guidelines. Strong background in security authentication, security applications development methodologies, security architecture and operational procedures, organization, business continuity skills, disaster recovery skills, identity management skills and hands on experience implementing products / solutions e.g. NetIQ, Entrust, Netegrity, Oblix, PKI, and some director service, RSA, strong understanding of the development and maintenance of RBAC s (Role Based Access Controls). Ability to work collaboratively with a broad range of constituencies essential. A demonstrated ability to work with diverse cross functional groups of people is required. Good to Have: Knowledge of the following technologies a plus: Intrusion Detection / Prevention Systems for networks and hosts Security Event Management Systems Vulnerability Assessment Systems Secure transfer protocols such as SSH, SCP and Connect Direct Secure Plus Diagnostic tools such as packet capture/decode and WAN probes IP Networking Windows Systems administration and security tools Experience with remote access, terminal servers, etc a plus Experience in the administration of UNIX Solaris, HP/UX, or Linux and Windows operating systems a plus Experience in developing and administering an information security program desirable Working knowledge of and experience in the policy and regulatory environment of information security, especially in higher education is desirable Additional Information Regards, Arun Kumar R arunkr(AT)aditistaffing.com D: 425-457-7916

Galvanick protects the industrial world against cyber attacks. Our threat detection platform defends the modern world against criminals and nation-states that target Operational Technology (OT) systems and networks. This is a chance to work in a startup environment with driven individuals committed to solving cybersecurity's big problems. We are backed by Founders Fund, Village Global, MaC Venture Capital, and others. About the Role We are seeking a highly skilled individual to join our team as a Threat Hunter / SOC Analyst. In this role, you will play a critical role in enhancing our operational security by conducting manual threat detection operations and proactively hunting for potential threats. You will ensure the threat hunting tools and methodologies employed by the company will scale with Galvanick's growth and success. This is a great opportunity to leverage the data collected by Galvanick to proactively hunt and identify security threats within customer systems and networks. You will provide insights through monthly reports with overview of findings and high level recommendations. What You Will Do * Develop and implement effective detection strategies and ensure comprehensive threat coverage. You will be responsible for hunting and monitoring for threats using hundreds of telemetry sources from across the Galvanick platform.* Stay updated with the latest security trends, attack techniques, and vulnerabilities to continuously improve our threat detection capabilities.* Investigate and respond to security incidents, conducting thorough analysis and providing timely resolution.* Maintain ownership of assigned customer accounts, facilitate high levels of customer satisfaction, and be a trusted advisor for customers. You will respond to customer questions relating to threat intelligence and threat hunting.* Identify opportunities to increase overall customer satisfaction or streamline internal processes.* Perform adversary-focused threat hunting to identify abnormalities in the environment, with a focus on public cloud environments.* Contribute to automation and tooling that support hunting operations. Develop and maintain comprehensive documentation of threat hunting activities, findings, and remediation steps. Who You Are * 5+ years of experience with one or more of the following areas, Incident Response, Security Operations, Threat Hunting, and Cyber Threat Intelligence.* Fluency with Python and an understanding of query languages. You are comfortable getting into the code and helping with detections.* Experience monitoring and analyzing telemetry data from application, infrastructure, and endpoint. * In-depth knowledge of security tools, techniques, and methodologies. Familiarity with threat intelligence platforms and frameworks. * Strong analytical and problem-solving skills, with the ability to think strategically and identify potential threats. * Excellent understanding of attack vectors, vulnerabilities, and common security weaknesses. * Proven experience as a SOC analyst or threat hunter, with a strong operational security background. * Effective communication skills, with the ability to clearly convey complex security concepts to both technical and non-technical stakeholders. Experience writing monthly reports with overview of findings and high level recommendations. Bonus Points * Experience conducting threat hunting or managing incident response for organizations, investigating targeted threats such as the Advanced Persistent Threat, Organized Crime, and Hactivists. * Knowledge of cyber threat intelligence terminology and data communication concepts and technologies. * You enjoy solving problems and are naturally curious about the technologies and tools you use. * Startup experience and an understanding of zero to one ideas. You enjoy attacking complex and novel problems. * Experience with industrial, operational, or fulfillment environments. * Relevant certifications such as CISSP, CEH, or GCIH are desirable. Benefits We provide top-of-the-line medical/dental/vision for employees and dependents, and have additional benefits designed to optimize every team member's vitality, health, and wellness. Our compensation reflects the cost of labor across various geographic markets. The base pay for this position ranges from $100,000/year in our lowest geographic market up to $180,000/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Galvanick is an early stage startup and base salary is only one component of our compensation package. Dependent on the position offered, equity may be provided as part of the compensation package, in addition to medical, financial, and/or other benefits. Location The Galvanick engineering team is based in Seattle. Given that we are an early-stage startup working on an exceptionally hard problem, we expect new team members to be in office. We are happy to cover relocation expenses. ITAR Requirements To conform to US Government export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a US citizen, lawful permanent resident of the US, protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the US Department of State. Learn more about the ITAR here.

Salary range is $109k to $211k, with a midpoint of $160k. New hires typically receive between minimum and midpoint, however, we may go slightly higher based on experience, internal equity and market. Sound Transit also offers a competitive benefits package with a wide range of offerings, including: Health Benefits: We offer two choices of medical plans, a dental plan, and a vision plan all at no cost for employee coverage; comprehensive benefits for employees and eligible dependents, including a spouse or domestic partner. Long-Term Disability and Life Insurance. Employee Assistance Program. Retirement Plans: 401a - 10% of employee contribution with a 12% match by Sound Transit; 457b - up to IRS maximum (employee only contribution). Paid Time Off: Employees accrue 25 days of paid time off annually with increases at four, eight and twelve years of service. Employees at the director level and up accrue additional days. We also observe 12 paid holidays and provide up to 2 paid floating holidays and up to 2 paid volunteer days per year. Parental Leave: 12 weeks of parental leave for new parents. Pet Insurance. ORCA Card: All full-time employees will receive an ORCA card at no cost. Tuition Reimbursement: Sound Transit will pay up to $5,000 annually for approved tuition expenses. Inclusive Reproductive Health Support Services. Compensation Practices: We offer competitive salaries based on market rates and internal equity. In addition to compensation and benefits, you'll find that we provide work-life balance, opportunities for professional development and recognition from your colleagues. GENERAL PURPOSE: The Information Security Manager - ORCA directs, maintains, and operates the Information Security Management System (ISMS) for the ORCA payment system, including the governance, risk, and compliance components of the regional security function. The Information Security Manager will have an important, visible role in collaboration with the ORCA partner agencies and their Information Security experts. This role partners with other Regional ORCA Operations Team (ROOT) staff to ensure the secure operation of the ORCA system, as well as working closely with vendors and service providers to ensure alignment of their security practices with the risk control strategies outlined in the region's ISMS. ESSENTIAL FUNCTIONS: The following duties are a representative summary of the primary duties and responsibilities. Incumbent(s) may not be required to perform all duties listed and may be required to perform additional, position-specific duties. Guides security policy and participates in broader Information Security governance efforts for the ORCA partnership. Develops and maintains the ISMS in collaboration with regional information security SMEs and technical consultants. Oversees and manages the ORCA ISMS and recommends appropriate mitigating controls. Oversees Information Security Risk Management activities, including risk identification, assessment, and communication to relevant stakeholders. Provides valuable expertise and leadership directly to the governing ORCA Joint Board executive leadership, including sharing metrics to reflect the performance of the regional security program functions, executive risk score reports, and other guidance on a variety of information security topics. Facilitates a committee of Information Security SMEs across the ORCA Agencies to ensure both regional compliance and concurrence on information security-related matters, recommending solutions, and working from the regional ORCA perspective to achieve optimal solutions. Collaborates with the Systems Integrator, other vendors, and partner Agencies to ensure security best practices, standards, policies, and regulatory requirements are incorporated into core payment system design, implementation, and sustainment, as well as supports other future phase projects. Conducts regular security reviews of both software and processes, advising on information security practices. Reviews and creates threat models and recommends security enhancements consistent with information security strategy and evolving threats. Supports external IT security audits and assessments that focus on ORCA operation. Develops, updates, implements, and conducts information security training programs to support the ISMS objectives. Manages approvals for Identity and Access Management (IAM) and Access Control Administration. Acts as Incident Commander for Security Incident Response activities, whenever the Information Security Incident Response Plan is invoked by the regional program; plays a stakeholder and oversight role if the plan is invoked by other partners or vendors. Participates in information security incident investigation and response efforts; performs root‐cause analysis when incidents occur and prepare incident reports. As a member of the Change Advisory Board, evaluates change requests to determine potential impacts to Information Security, including IT systems, processes, and policies, and provides appropriate input to the Change Management process. Coaches, mentors, and develops future ROOT information security staff as the ISMS becomes complete and mature. Keeps up to date on latest information security trends, “best practices”, threats and countermeasures. Champions and models Sound Transit's core values and demonstrates values-based behaviors in everyday interactions across the agency. Contributes to a culture of diversity, equity and inclusion in alignment with Sound Transit's Equity & Inclusion Policy. It is the responsibility of all employees to follow the Agency safety rules, regulations, and procedures pertaining to their assigned duties and responsibilities, which could include systems, operations, and/or other employees. It is the responsibility of all employees to integrate sustainability into everyday business practices. Other duties as assigned. MINIMUM QUALIFICATIONS: Education and Experience: Bachelor's degree in Computer Science, Information Technology, Management Information Systems, or closely related field. Eight years of information systems security (or cybersecurity) experience, or closely related field; OR an equivalent combination of education and experience. Required Licenses or Certifications: At least one of the following (in valid status): Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA). Other industry relevant certifications in the fields of information security, project management, auditing and/or risk management, such as the Certification in Risk and Information Systems Control (CRISC). Required Knowledge and Skills: Enterprise-level information-security plans, policies, standards, guidelines, methods, and practices based on current industry standards, best practices, tools, and techniques. Information Security Management Systems, and applicable industry standards (ISO 27001/2). Pertinent federal, state, and local laws, codes, and regulations; particularly those that affect information security for payment systems. Environments subject to the Payment Card Industry Data Security Standard (PCI DSS), including compliance-related duties. Knowledge and understanding of developing and administering information-security standards, practices, audits, risk management, and policy compliance. Information Security Audit principles and practices. Knowledge of one or more governance frameworks such as COBIT 5, ISO, NIST, or COSO. Strong understanding of IT Service Delivery (ITIL) core processes and methodologies. Principles, methods, and techniques used in the facilitation of managing projects and leading teams. Relevant experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography. In-depth knowledge of security software threats and vulnerability mitigation techniques. Working knowledge of cloud platforms and relevant security controls. Establishing and maintaining collaborative working relationships with other department staff, management, vendors, and other stakeholders. Documenting and explaining risks, recommendations, and incident data to technical stakeholders. Interpreting and administering information security policies, standards, and procedures sufficiently to administer, discuss, resolve, and explain them to staff and other constituencies. Leading or supporting an Information Security Management System. Generating metrics and preparing reports to facilitate decision-making on security-related activities. Utilizing personal computer software programs affecting assigned work and in compiling and preparing spreadsheets and reports. Responding to inquiries with effective oral and written communication. Researching, analyzing, and evaluating new security processes, products, and techniques. Candidate should have excellent time management skills including the ability to prepare prioritize and complete work plans. Working effectively under pressure, meeting deadlines, and adjusting to changing priorities. Writing of technical documentation and standards, including skill in English usage, spelling, grammar, and punctuation. Preferred Knowledge and Skills: Knowledge of Governance, Risk, and Compliance (GRC) tools. Principles of leadership, supervision, training, and performance evaluation. Extensive knowledge of risk-based methodologies and one or more of the following frameworks: ISO 27001/2:2017, 27005:2011, and 31000; PCI-DSS; or NIST 800-53. Physical Demands / Work Environment: Work is performed in a standard office environment. The Agency promotes a safe and healthy work environment and provides appropriate safety and equipment training for all personnel as required. Sound Transit is an equal employment opportunity employer. No person is unlawfully excluded from employment action based on race, color, religion, national origin, sex (including gender identity, sexual orientation, and pregnancy), age, genetic information, disability, veteran status or other protected class.

Sorry, the page you requested could not be found This might be because: * You have typed the web address incorrectly, or * the page you were looking for may have been moved, updated or deleted. Did you mean...? We also found the following content pages that may be similar to what you were looking for: * Jobs * Coupang to create about 400 jobs in Ulsan * Creating thousands of jobs and cutting-edge logistics tech * How Jeonju kids got their first jobs right after college * This job has enhanced my life in so many ways: Mor Ba You may also try... If you still can't find what you want please try: * Jobs * Sitemap * Search * Home

Bellevue Telecommunications Services Exp 10-15 years Deg Bachelors Relo Bonus Job Description The Information Security Manager, working with in Corporate Information Security Team will be responsible for liaising with assigned business units on behalf of Corporate Information Security (CIS). These responsibilities will include understanding business-driven projects that involve network and information security, applications, networking and web based technologies. They will be responsible for understanding the Business Unit's processes and priorities and working with them to manage business impact and threats, through a risk based methodology. Ensures through positive engagement that business goals are met in a secure and compliant manner, according to industry standard regulations Qualifications Ideal Candidate will have: Candidate must have strong technical, influential and organizational skills. Prefer six years' experience in information security related discipline, in addition to several years' relevant systems and/or network administration experience. Expert relationship building and partnering skills, including persuasion, negotiation and consensus building. Experience translating emerging IT and business trends into meaningful risk reduction opportunities. Demonstrated ability to work effectively in a complex matrixed environment. Outstanding verbal and written communication skills. Ability to interpret business strategy and align to appropriate security enhancements to achieve business enablement. Ability to translate security requirements into business risks and impacts. Experience with high level design Architecture, Firewall, Internet, LAN Router, Network, Protocols, Web Services and SOA. Strong understanding of encryption, obfuscation and/or tokenization technologies or compensating controls. Appropriate industry certifications, such as CISSP, CISA or CCIE. Preferred skill: Bachelor degree in Computer Science, Information Security, Information Management, or other related discipline. Telecommunications industry expertise, Six Sigma Training, Audit, Compliance & Network experience preferred. Skills and Qualifications: A broad, enterprise-wide view of the wireless (or similar) business and understanding of strategy, processes and capabilities, enabling technologies, and governance. Experience in telecommunications, internet service provider, or application service providers a plus. The ability to apply Information Security principles to business solutions. Extensive experience planning and deploying both business and technology security initiatives. Exceptional communication skills and the ability to convey results in a summarily and persuasive manner to business owners. This includes written and verbal communications as well as visualizations. The ability to act as liaison conveying information needs of the business to technology teams and technology constraints to the business. Team player able to work effectively at all levels of an organization with the ability to influence others to move toward consensus. Knowledge of federal & compliance regulations e.g. SOX, PCI & CPNI. Good understanding & experience applying CoBIT, ISO, ITIL, NIST frameworks. Understanding of Local (Wired & Wireless), Wide area, and mobile networks. A good understanding of Network Security, Firewalls, Intrusion Detection and Prevention, AVS, VLANS. Strong background and experience in IP Networking and Routing Protocols. Fluency in the use of all MS Office applications, including SharePoint services. Qualifications · Preferred: Any of the following CISSP, CISA, CISM, C-RISC, CCNA, CCIE, Six Sigma Yellow/Green/Black Belt Education Minimum Required High School Diploma/GED Education/Vocational Training/Experience Preferred Bachelor's degree in Computer Science, Information Technology or related field from an accredited 4-year college or university 10 years of system, network, and application design and architecture experience. Preferably in the wireless communications space CISSP and or CISM Certification (required; experience may be substituted for Cert requirements (4 years minimum) CISA Certification (preferred but not required; experience may be substituted for Cert requirements (4 years minimum) Responsibilities What you will do: Make proactive assessments of threat information in and outside the public domain, understanding the threat as it relates to its customers, and implementing measures to combat the threat. Understand the operations of the business and comprehend how these create value and risk for the organization. Collaborate with team members, peers and the business unit management team to determine technical information security requirements, planned remediation, and advocate for the program to gain resources to implement appropriate protection technologies and processes. Implement and monitor controls necessary to ensure operational processes are performed and are effective to protect the environment from all forms of malicious cyber activity. Assist the Governance group in the development and refinement of technical security standards, key performance indicators and other necessary processes to maintain effective operational security, as it relates to the business. Make risk-based decisions on a daily basis that has the potential to impact our ability to operate and communicate. Ensure the information and network security controls for us are appropriate and operating as intended; includes solutions that are directly controlled as well as security solutions that are operated by other internal and external groups. Provide status reports on a weekly, monthly and quarterly basis to business managers and other management activities that demonstrate the health of the program. Interact with internal audit, third party auditors, and appropriate regulatory bodies. Support the Information Security policy lifecycle throughout, including all aspects of intake, creation, review, approval, implementation, publishing, communication and maintenance. Liaise with and assist outsourced security service providers with vulnerability assessments of business applications, systems and architectures. Additional Information All your information will be kept confidential according to EEO guidelines. Direct Staffing Inc

360 IT Professionals is a Software Development Company based in Fremont, California that offers complete technology services in Mobile development, Web development, Cloud computing and IT staffing. Merging Information Technology skills in all its services and operations, the company caters to its globally positioned clients by providing dynamic feasible IT solutions. 360 IT Professionals work along with its clients to deliver high-performance results, based exclusively on the one of a kind requirement. Our services are vast and we produce software and web products. We specialize in Mobile development, i.e. iPhone and Android apps. We use Objective-C and Swift programming languages to create native applications for iPhone, whereas we use Android Code to develop native applications for Android devices. To create applications that work on cross-platforms, we use a number of frameworks such as Titanium, PhoneGap and Jquery mobile. Furthermore, we build web products and offer services such as web designing, layouts, responsive designing, graphic designing, web application development using frameworks based on model view controller architecture and content management system. Our services also extend to the domain of Cloud Computing, where we provide Salesforce CRM to effectively manage one's business and ease out all the operations by giving an easy platform. Apart from this, we also provide IT Staffing services that can help your organization to a great extent as you can hire highly skilled personnel's through us. We make sure that we deliver performance-driven products that are optimally developed as per your organization's needs. Take a shot at us for your IT requirements and experience a radical change. Job Description • Participate in security planning and analyst activities. • Performs security assessments and security attestations. • Participates in security investigations and compliance reviews as requested. • Make security analysis reports for security vulnerabilities and recommends feasible and appropriate options. • Hands-on experience of Mobile Applications and Device security tools. • Should have sound understanding of secure coding practices which are in conformance with OWASP Top 10, SANS and WASC. • Understanding of various Application Security Threat Models and their applicability to existing and upcoming applications. • Perform Vulnerability Analysis of applications based on the industry wide Application Security Threat Models like ASF, STRIDE and Risk Assessment model like DREAD. • Prepare technical solutions to mitigate the vulnerabilities identified during threat modelling and vulnerability analysis. • Hands-on experience of various Data Security Tools for Data Discovery, Governance, DLP, etc. • Evaluate all design documentations and perform design assessments to ensure appropriate security controls are implemented within designs. • Prepare strategies to mitigate vulnerabilities emanating from Vulnerability Assessments and Penetration Tests of Applications both at production level and source code level, i.e. DAST and SAST. • Assist audit team in developing audit reports; present audit reports to top management, as needed and execute and properly document the audit process on a variety of cyber security environments. • Possess strong analytical and problem solving abilities • Worked on different security tools w.r.t. around VA, PC, DAST, SAST, PT. Additional Information Thanks and Regards, Ankur Bhatia

Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems. About the Role We're looking for an Operating Systems Security Engineer to harden and secure the OS layer of our infrastructure. You'll be responsible for designing and implementing OS-level security controls, from kernel hardening to runtime protection, ensuring our systems can withstand sophisticated attacks while maintaining the performance required for AI model training. This is a hands-on role where you'll work with cutting-edge hardware and implement novel security solutions for environments that don't exist anywhere else in the world. You'll need to balance extreme security requirements with the operational needs of researchers training models at unprecedented scale. What You'll Do: Design and implement hardened OS configurations for AI workloads across diverse hardware platforms Minimize attack surfaces by removing as many unnecessary components as possible from kernelspace and userspace Develop kernel security policies using SELinux, AppArmor, and custom Linux Security Modules and runtime enforcement mechanisms Implement and maintain full-disk encryption solutions for diverse storage systems Build security infrastructure for AI systems, research environments, and production services Create OS-level attestation and integrity monitoring systems Apply security patches, develop patches for custom kernel modules, and kernel hardening configurations Design secure boot processes and trusted execution environments Work with container teams to ensure proper workload isolation at the kernel level Design privilege separation and mandatory access control policies Implement secure update mechanisms for OS components Build tooling for security configuration management and compliance verification Serve as a subject matter expert for OS security questions and designs Who You Are: 5+ years of experience in operating systems security or kernel development Deep knowledge of Linux internals, including kernel subsystems and security frameworks (SELinux, AppArmor, seccomp, etc.) Experience with kernel hardening techniques and exploit mitigation Strong programming skills in C and systems programming languages Experience with eBPF for security monitoring and enforcement Understanding of virtualization and containerization security Track record of identifying and fixing OS-level security vulnerabilities Experience with security-focused Linux distributions Strong candidates may also have: Kernel development experience or contributions to Linux kernel Experience with real-time or embedded operating systems Knowledge of hardware security features and their OS integration Experience with secure boot technologies Experience with confidential computing and memory encryption technologies (SEV, TDX, SGX) Background in vulnerability research, exploit development, or fuzzing Experience with formal methods for OS verification Knowledge of hardware security features and their OS integration (TPM, HSM, secure enclaves) Deadline to apply: None. Applications will be reviewed on a rolling basis. The expected base compensation for this position is below. Our total compensation package for full-time employees includes equity, benefits, and may include incentive compensation. Annual Salary:$300,000-$405,000 USDLogistics Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience. Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices. Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this. We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work. We think AI systems like the ones we're building have enormous social and ethical implications. We think this makes representation even more important, and we strive to include a range of diverse perspectives on our team. How we're different We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact - advancing our long-term goals of steerable, trustworthy AI - rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills. The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences. Come work with us! Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues. Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process

About the Role We are seeking a highly skilled and motivated Senior Security Platform Engineer to join our Edge Team. In this role, you will be responsible for securing our cloud and edge computing environments, with a focus on our Galleon mobile data centers and their integration with our Commander cloud platform. You will play a crucial role in designing, implementing, and managing security controls across our infrastructure, ensuring the confidentiality, integrity, and availability of our systems and data Responsibilities: Design, implement, and manage security controls across our cloud platforms (AWS, Azure, GCP), Kubernetes environments, and Galleon mobile data centers, ensuring secure deployment practices and platform security for microservices and APIs Integrate security components within our CI/CD pipelines, including automated security testing (SAST, DAST, container image scanning), vulnerability scanning, and compliance checks. Ensure that security is embedded throughout the software development lifecycle Define and implement security configurations for infrastructure, including Kubernetes, using IaC tools (Terraform, Ansible) to ensure consistent enforcement of security policies Monitor and respond to security events, develop and maintain security monitoring tools, and participate in incident response activities Architect and implement security solutions that protect our cloud-native, hybrid, and on-premises infrastructure, including our Galleon data centers. Conduct security architecture reviews, threat modeling, and risk assessments to identify and mitigate vulnerabilities Partner with engineering teams to integrate security tooling into the SDLC, enabling DevSecOps adoption and fostering a culture of shared security responsibility Ensure compliance with relevant security standards and regulations (e.g., SOC 2, ISO 27001) through regular audits and implementing necessary controls. Stay up-to-date with cybersecurity threats, trends, and industry standards Data Center Security Responsibilities: Implement robust perimeter security for Galleon data centers, including physical access controls, intrusion detection systems, and video surveillance Design and implement network segmentation within data centers to isolate critical systems and limit the impact of security breaches Utilize micro-segmentation techniques to enforce security policies at the workload level, controlling communication between individual applications and services Implement data loss prevention (DLP) solutions to prevent sensitive data from leaving the data center environment Securely manage and store cryptographic keys used for encryption and authentication within the data center Implement robust logging and monitoring systems to track security-related events and detect anomalies Regularly conduct vulnerability assessments and penetration testing to identify and remediate security weaknesses Develop and maintain incident response plans specific to data center security incidents Qualifications: 7+ years of experience in security engineering, with a focus on cloud-native technologies, distributed systems, and edge computing, including securing Kubernetes environments Strong understanding of security best practices across the SDLC, including secure coding principles, threat modeling, and vulnerability management Experience securing cloud platforms (AWS, Azure, GCP) and Kubernetes environments, including implementing RBAC, network policies, and container security Proficiency in scripting and automation (Python, Bash, Go) for security tooling and infrastructure-as-code (Terraform, Ansible) Experience with security monitoring, threat detection, and incident response in cloud and containerized environments Excellent communication and collaboration skills, with the ability to work effectively with engineering teams and advocate for security best practices Bachelor's degree in a relevant field or equivalent practical experience Why Join Armada? Be part of a team building the future of distributed computing and AI, impacting our innovative Galleon data center deployments and their integration with Commander Work with the latest technologies in edge computing, mobile data centers, AI infrastructure, and cloud integration We are a rapidly growing company with ample opportunities for advancement Work with talented and passionate individuals dedicated to pushing boundaries We offer competitive compensation and benefits, including health insurance Equal Opportunity Statement At Armada, we are committed to fostering a work environment where everyone is given equal opportunities to thrive. As an equal opportunity employer, we strictly prohibit discrimination or harassment based on race, color, gender, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other characteristic protected by law. This policy applies to all employment decisions, including hiring, promotions, and compensation. Our hiring is guided by qualifications, merit, and the business needs at the time. Compensation & Benefits For U.S. Based candidates: To ensure fairness and transparency, the starting base salary range for this role for candidates in the U.S. are listed below, varying based on location experience, skills, and qualifications. In addition to base salary, this role will also be offered equity and subsidized benefits (details available upon request) .

Job Title: “Information Security Specialist” (Cyber security analysis) Duration: 9+ Months (with high possibility of extending into full time) Job Description: This position is in Corporate Information Security and under the direction of the Manager, Third-Party Cybersecurity Assessments. The Cybersecurity Assessment Analyst will perform cybersecurity assessments on new and existing third parties. The Analyst will construct detailed and summary reports of assessments, including customized reports, as needed. The Analyst will work with Subject Matter Experts (SME) to develop and apply risk assessment criteria (aligned with Policy) to new and existing suppliers using internal and external business intelligence. The Analyst will work with Third-Party Risk Management, Privacy and Legal Counsel, Procurement and Contract Managers, Compliance, and Business Owners to develop and maintain an internal service model that informs the business of key risks in a timely manner to limit unnecessary impediments and avoid bureaucracy. Specific responsibilities: - Coordinate the development of information security policies, standards and procedures. Work with key IT offices, data custodians and governance groups in the development of such policies. Ensure that company policies support compliance with external requirements. Oversee the dissemination of policies, standards and procedures to the user community - Coordinate the development and delivery of an education and training program on information security and privacy matters for employees, other authorized users, and vendors - Serve as the company compliance officer with respect to state and federal information security policies and regulations. Work with the -designated internal audit, SOX compliance, legal, and HR on compliance issues as necessary. Prepare and submit and submit required reports to external agencies. - Develop and implement an Incident Reporting and Response System to address security incidents (breaches), respond to alleged policy violations, or complaints from external parties. - Serve as the official company contact point for information security, privacy and copyright infringement incidents, including relationships with law enforcement entities. - Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation, and oversee vulnerability testing. Required Qualifications: Talent management, results focus and inspirational leadership. Essential Functions • Conduct third-party cybersecurity risk assessments, applying established criteria • Support assessment team with quality assurance reviews over work product and reporting • Collaborate with internal partners and third parties to mitigate and otherwise resolve third-party cyber risks • Consistently deliver on commitments, deadlines and objectives while remaining in scope and leveraging appropriate tools, methods, frameworks, and professional standards • Demonstrate consistent credibility with business partners and leadership while recommending initiatives, identifying gaps, and potential issues • Continuously demonstrate the ability to work independently while representing the services of the department with the highest level of professionalism • Demonstrate the ability to appropriately influence business decisions, and the professional judgment for selecting the appropriate methods and techniques to do so Preferred Qualifications: • Solid background both educationally and via professional experience. No less than 3 years' professional experience in business operations, project/program management, finance, risk management, information security, business analytics or similar. • Experience in large companies and/or complex environments, or providing professional consulting services for them. • Demonstrated abilities in problem-solving and analysis: identifies issues, analyses information to assess root cause and relationships, risks, and potential risk responses. Proven ability to synthesize and summarize complex data into concise recommendations and reports. • Demonstrated strong business writing and professional oral communication skills. • Proven ability to balance multiple priorities, adapt to a constantly changing business environment, work independently, drive projects to completion, and meet deadlines in a fast-paced environment-with only periodic supervision. • Ability to work collaboratively and manage and initiate effective cross-functional relationships. • Strong computer skills, including MS Office products (e.g. Word, Excel, PowerPoint, Visio) and other business software to prepare reports, memos, summaries, and analyses. Desired • Analytical - Synthesizes complex or diverse information; Collects and researches data; employs intuition and experience to complement data; Designs work flows and procedures. • Quality Management - Looks for ways to improve and promote quality; Demonstrates accuracy and thoroughness. Applies feedback to improve performance; Monitors own work to ensure quality • Planning/Organizing - Prioritizes and plans work activities to achieve success; Sets and achieves goals and objectives; Develops realistic action plans • Professionalism - Reacts well under pressure; Keeps commitments; Accepts responsibility for own actions. • Career Growth: Focus on cyber security auditing with potential advancement goals in engineering or threat analysis roles • Self-directed team player with Agile environment experience Education Minimum Required • Bachelor's Degree • Equivalent experience is acceptable. License or Certification Desired: (one of the following): CISA (Certified Information Systems Auditor) GSEC (GIAC Security Essentials Certification) CompTIA - Security+ ECSA - EC-Council Certified Security Analyst SSCP (Systems Security Certified Practitioner) Other: Six Sigma, PMP or Agile certificates Other comments - suppliers: Organizational skills; office suite knowledge; and good communication skills are “must haves”. Cyber security analysis experience is preferred. Additional Information All your information will be kept confidential according to EEO guidelines.

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences. The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: * Secure the Magic by protecting information systems and platforms. * Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. * Strengthen the business through optimizing execution, application, and technology used to protect the Company. * Innovate by investing in core capabilities to enhance operational efficiency. Team Description: As a member of the Cyber Remediation Operations team, you will work closely with the Disney Entertainment business teams in protecting Disney's highly respected Disney Entertainment portfolio, including ESPN, Disney+, Hulu, and ABC. Responsibilities of Role: * Review reports, assessments, and findings to develop and prioritize appropriate remediation or corrective action plans. * Collaborate with IT, security teams, business partners, and operational teams to drive remediation of security deficiencies. * Regularly communicate portfolio health results to stakeholders, including technical and non-technical audiences. * Develop and document risk mitigation strategies when compliance cannot be achieved. * Analyze business areas and develop improvement plans to strengthen security posture. * Drive improvement to security baselines, policies and standards. * Verify implemented remediation and corrective action activity achieves compliance with TWDC policies and standards. * Stay updated on evolving cybersecurity threats, vulnerabilities, trends, technologies, and best practices and incorporate them into IT and business practices. * Consolidate data from multiple sources into clear, concise, actionable presentations for senior management, communicating data-driven insights. * Support the on-time delivery of security and compliance initiatives. Must Haves: * Minimum of 5+ Years of related cybersecurity experience * Demonstrated experience facilitating cyber remediation and vulnerability management. * Ability to handle confidential information with integrity. * Ability to work well with individuals and teams with varying technical and business backgrounds. * Understanding of security frameworks and standards. * Strong analytical, problem-solving, and critical-thinking skills with attention to detail. * Established problem-solving skills with an ability to develop creative alternatives to complex problems, as well as continuous process improvement skills. * Experience working in a security program for a large and complex organization. Nice to Haves: * Working knowledge of industry compliance programs such as PCI, SOX, etc. * One or more general security certifications including Security+, CySA+, AWS, GSEC, GICSP, CISSP, or other relevant certifications * One or more vulnerability assessment or auditing certification including CISA, CISM, GCCC, GSNA or other relevant certifications Education: * Bachelor's degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience #DISNEYTECH The hiring range for this position in Glendale, CA is $117,500 to $157,500 per year and in Seattle, WA is $123,000 to $165,000 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. About The Walt Disney Company (Corporate): At Disney Corporate you can see how the businesses behind the Company's powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you'll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe. About The Walt Disney Company: The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise that includes three core business segments: Disney Entertainment, ESPN, and Disney Experiences. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney's stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished. This position is with Disney Worldwide Services, Inc., which is part of a business we call The Walt Disney Company (Corporate). Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, religion, color, sex, sexual orientation, gender, gender identity, gender expression, national origin, ancestry, age, marital status, military or veteran status, medical condition, genetic information or disability, or any other basis prohibited by federal, state or local law. Disney champions a business environment where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a constantly evolving world. Apply Now Apply Later Current Employees Apply via My Disney Career Explore Location

Salary range is $104k to $206k with a midpoint of $155k. New hires typically receive between minimum and midpoint, however, we may go slightly higher based on experience, internal equity and market. Sound Transit also offers a competitive benefits package with a wide range of offerings, including: Health Benefits: We offer two choices of medical plans, a dental plan, and a vision plan all at no cost for employee coverage; comprehensive benefits for employees and eligible dependents, including a spouse or domestic partner. Long-Term Disability and Life Insurance. Employee Assistance Program. Retirement Plans: 401a - 10% of employee contribution with a 12% match by Sound Transit; 457b - up to IRS maximum (employee only contribution). Paid Time Off: Employees accrue 25 days of paid time off annually with increases at four, eight and twelve years of service. Employees at the director level and up accrue additional days. We also observe 12 paid holidays and provide up to 2 paid floating holidays and up to 2 paid volunteer days per year. Parental Leave: 12 weeks of parental leave for new parents. Pet Insurance discount. ORCA Card: All full-time employees will receive an ORCA card at no cost. Tuition Reimbursement: Sound Transit will pay up to $5,000 annually for approved tuition expenses. Inclusive Reproductive Health Support Services. Compensation Practices: We offer competitive salaries based on market rates and internal equity. In addition to compensation and benefits, you'll find that we provide work-life balance, opportunities for professional development and recognition from your colleagues. GENERAL PURPOSE: Under general direction, the Information Security Engineering Manager oversees and operates several essential Information Security functions including Security Engineering and information security tool management. The Information Security Engineering Manager's role is to lead and support service owners, system owners, and relevant stakeholders in ensuring their respective (or proposed) systems are compliant with the Agency's information security standards. In addition, the Information Security Engineering Manager supports the operations of several other functions of the Agency's Information Security Management System (ISMS). ESSENTIAL FUNCTIONS: The following duties are a representative summary of the primary duties and responsibilities. Incumbent(s) may not be required to perform all duties listed and may be required to perform additional, position-specific duties. Acts as Service Owner for related Information Security Engineering services of the Information Security business unit. Support Information Security Architecture and Security Operations services Manages personal for the Information Security Engineering components of the Information Security Division. Provides guidance to the technical professionals that comprise the Security Engineering functions of the Information Security Division Participates in the overall implementation of the agency's information security program, under the direction of the Chief Information Security Officer (or delegate), where appropriate. Participates in the creation of information security governance documents (policies, standards, baselines, guidelines, and procedures) under the direction of the Chief Information Security Officer (or delegate), where appropriate. Identifies and assesses technology-related risks to information security associated with prospective technology solutions; and recommends appropriate mitigating controls. Influences the design of any prospective technology solution for adherence to documented agency standards, policies, and regulatory responsibilities. Evaluates, implements, and supports security-focused tools and services required to support information security controls. Collaborates with other IT engineering and administration disciplines to ensure security best practices are incorporated into design, implementation and sustainment of systems and services within the agency. Consults with internal customers on risk assessment, threat modeling and mitigation of vulnerabilities Conducts security assessments, evaluates controls, and provide feedback to management and system owners on the design and effectiveness of control processes. Conducts regular security reviews of both software and processes. Reviews and creates threat models and recommends security enhancements consistent with information security strategy and evolving threats Participates in ongoing information security education, awareness, and outreach activities. Participate with information security incident investigation and response efforts, leading as needed. Participate with computer and network forensic investigations in support of incident response activities. Prepares regular reports on relevant metrics for different stakeholders. Coaches, manages, mentors, and develops staff. Focuses on keeping professional skills current. Keeps up to date on latest information security threats and countermeasures. Champions and models Sound Transit's core values and demonstrates values-based behaviors in everyday interactions across the agency. Contributes to a culture of diversity, equity and inclusion in alignment with Sound Transit's Equity & Inclusion Policy. It is the responsibility of all employees to follow the Agency safety rules, regulations, and procedures pertaining to their assigned duties and responsibilities, which could include systems, operations, and/or other employees. It is the responsibility of all employees to integrate sustainability into everyday business practices. Other duties as assigned. MINIMUM QUALIFICATIONS: Education and Experience: Bachelor's degree in Computer Science, Information Technology, Business Administration, Engineering, or closely related field. Five years of information technology experience with a focus on security engineering and operations, OR an equivalent combination of education and experience. Three years of leadership, budgetary, planning and workforce management experience. Required Licenses or Certifications: Certified Information Systems Security Professional (CISSP), orobtain within 12 months of hire. Preferred Licenses or Certifications: One or more of the following certifications is strongly preferred: Certified Information Security Manager (CISM) Information Technology Infrastructure Library (ITIL) Certified Ethical Hacker (CEH) Certified Cyber Forensics Professional (CCFP) GIAC Certified Incident Handler (GCIH) Required Knowledge and Skills: Strong command of ITIL core processes and principles. Strong command and experience with information security architecture and engineering principles General knowledge of the NIST 800 series standards, PCI DSS standard, and the ISO 27001/2 frameworks. Demonstrated work experience in a few of the following areas: Information Security, Security Architecture, Security Engineering, Security Operations and implementing best practices, tools and technology. Strong understanding of information technology and security controls. Strong understanding of and experience with security-related technologies, systems, and tools. Proven competency in the use of MS Office applications (Microsoft Project, Word, Excel, PowerPoint, and SharePoint) Strong team leadership and communicational (verbal/written) skills. Ability to work in highly collaborative environments. Strong workload prioritization and self-organization skills Strong project management skills. Preferred Knowledge and Skills: Understanding of Cloud Computing environments (Microsoft Azure preferred). Physical Demands / Work Environment: Work is performed in a hybrid office environment. This position is responsible for communicating with stakeholders, and using specialized security tools; may be subject to bending, hearing, sitting, standing, talking, seeing, and carrying and lifting 25 lbs or less. The Agency promotes a safe and healthy work environment and provides appropriate safety and equipment training for all personnel as required. Sound Transit is an equal employment opportunity employer. No person is unlawfully excluded from employment action based on race, color, religion, national origin, sex (including gender identity, sexual orientation and pregnancy), age, genetic information, disability, veteran status or other protected class.

Bellevue Telecommunications Services Exp 10-15 years Deg Bachelors Relo Bonus Job Description The Information Security Manager, working with in Corporate Information Security Team will be responsible for liaising with assigned business units on behalf of Corporate Information Security (CIS). These responsibilities will include understanding business-driven projects that involve network and information security, applications, networking and web based technologies. They will be responsible for understanding the Business Unit's processes and priorities and working with them to manage business impact and threats, through a risk based methodology. Ensures through positive engagement that business goals are met in a secure and compliant manner, according to industry standard regulations Qualifications Ideal Candidate will have: Candidate must have strong technical, influential and organizational skills. Prefer six years' experience in information security related discipline, in addition to several years' relevant systems and/or network administration experience. Expert relationship building and partnering skills, including persuasion, negotiation and consensus building. Experience translating emerging IT and business trends into meaningful risk reduction opportunities. Demonstrated ability to work effectively in a complex matrixed environment. Outstanding verbal and written communication skills. Ability to interpret business strategy and align to appropriate security enhancements to achieve business enablement. Ability to translate security requirements into business risks and impacts. Experience with high level design Architecture, Firewall, Internet, LAN Router, Network, Protocols, Web Services and SOA. Strong understanding of encryption, obfuscation and/or tokenization technologies or compensating controls. Appropriate industry certifications, such as CISSP, CISA or CCIE. Preferred skill: Bachelor degree in Computer Science, Information Security, Information Management, or other related discipline. Telecommunications industry expertise, Six Sigma Training, Audit, Compliance & Network experience preferred. Skills and Qualifications: A broad, enterprise-wide view of the wireless (or similar) business and understanding of strategy, processes and capabilities, enabling technologies, and governance. Experience in telecommunications, internet service provider, or application service providers a plus. The ability to apply Information Security principles to business solutions. Extensive experience planning and deploying both business and technology security initiatives. Exceptional communication skills and the ability to convey results in a summarily and persuasive manner to business owners. This includes written and verbal communications as well as visualizations. The ability to act as liaison conveying information needs of the business to technology teams and technology constraints to the business. Team player able to work effectively at all levels of an organization with the ability to influence others to move toward consensus. Knowledge of federal & compliance regulations e.g. SOX, PCI & CPNI. Good understanding & experience applying CoBIT, ISO, ITIL, NIST frameworks. Understanding of Local (Wired & Wireless), Wide area, and mobile networks. A good understanding of Network Security, Firewalls, Intrusion Detection and Prevention, AVS, VLANS. Strong background and experience in IP Networking and Routing Protocols. Fluency in the use of all MS Office applications, including SharePoint services. Qualifications · Preferred: Any of the following CISSP, CISA, CISM, C-RISC, CCNA, CCIE, Six Sigma Yellow/Green/Black Belt Education Minimum Required High School Diploma/GED Education/Vocational Training/Experience Preferred Bachelor's degree in Computer Science, Information Technology or related field from an accredited 4-year college or university 10 years of system, network, and application design and architecture experience. Preferably in the wireless communications space CISSP and or CISM Certification (required; experience may be substituted for Cert requirements (4 years minimum) CISA Certification (preferred but not required; experience may be substituted for Cert requirements (4 years minimum) Responsibilities What you will do: Make proactive assessments of threat information in and outside the public domain, understanding the threat as it relates to its customers, and implementing measures to combat the threat. Understand the operations of the business and comprehend how these create value and risk for the organization. Collaborate with team members, peers and the business unit management team to determine technical information security requirements, planned remediation, and advocate for the program to gain resources to implement appropriate protection technologies and processes. Implement and monitor controls necessary to ensure operational processes are performed and are effective to protect the environment from all forms of malicious cyber activity. Assist the Governance group in the development and refinement of technical security standards, key performance indicators and other necessary processes to maintain effective operational security, as it relates to the business. Make risk-based decisions on a daily basis that has the potential to impact our ability to operate and communicate. Ensure the information and network security controls for us are appropriate and operating as intended; includes solutions that are directly controlled as well as security solutions that are operated by other internal and external groups. Provide status reports on a weekly, monthly and quarterly basis to business managers and other management activities that demonstrate the health of the program. Interact with internal audit, third party auditors, and appropriate regulatory bodies. Support the Information Security policy lifecycle throughout, including all aspects of intake, creation, review, approval, implementation, publishing, communication and maintenance. Liaise with and assist outsourced security service providers with vulnerability assessments of business applications, systems and architectures. Additional Information All your information will be kept confidential according to EEO guidelines. Direct Staffing Inc

About the Role Responsibilities: Design and implement security architectures for Azure cloud environments, hybrid infrastructure, and edge computing solutions Develop and maintain security policies, standards, and procedures aligned with industry best practices and compliance requirements Lead security incident response efforts and conduct thorough post-incident reviews Perform security assessments, vulnerability scanning, and penetration testing across all environments Implement and manage security tools for continuous monitoring and threat detection Secure DevOps pipelines and CI/CD workflows, emphasizing "security as code" principles Address unique security challenges related to AI/ML development, deployment, and operations Collaborate with development teams to implement secure coding practices and conduct code reviews Design and implement security architectures for Azure cloud environments, hybrid infrastructure, and edge computing solutions Develop and maintain security policies, standards, and procedures aligned with industry best practices and compliance requirements Lead security incident response efforts and conduct thorough post-incident reviews Perform security assessments, vulnerability scanning, and penetration testing across all environments Implement and manage security tools for continuous monitoring and threat detection Secure DevOps pipelines and CI/CD workflows, emphasizing "security as code" principles Address unique security challenges related to AI/ML development, deployment, and operations Collaborate with development teams to implement secure coding practices and conduct code reviews Design and implement robust identity and access management solutions Stay current with emerging security threats and technologies Qualifications: Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience) 5+ years of experience in information security, with at least 3 years focused on cloud security Strong experience with Azure security services and best practices Familiarity with security tools such as Microsoft Defender for Cloud, Sentinel, etc. Knowledge of compliance frameworks (NIST, ISO 27001, SOC2, etc.) Proficient in using vulnerability scanners such as Nexpose and Nessus. Knowledge of Python and SQL for scripting and database analysis. Familiarity with Azure environments is preferred. Security Engineering certifications (CISSP, CCSP, Azure Security Engineer) - at least one is preferred. Offensive Security Certifications (OSCP, OSWP, OSEE, OSWE, CEH,) - at least one is preferred. US Citizenship required Equal Opportunity Statement At Armada, we are committed to fostering a work environment where everyone is given equal opportunities to thrive. As an equal opportunity employer, we strictly prohibit discrimination or harassment based on race, color, gender, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other characteristic protected by law. This policy applies to all employment decisions, including hiring, promotions, and compensation. Our hiring is guided by qualifications, merit, and the business needs at the time. Citizenship Requirements For select roles, due to the nature of our clientele and the technologies involved, there may be specific nationality or citizenship indicated in the required qualifications section. These roles may involve access to sensitive information that is subject to export control regulations or other legal restrictions. In such cases, employment offers will be contingent upon your ability to comply with these requirements. Compensation & Benefits For U.S. Based candidates: To ensure fairness and transparency, the starting base salary range for this role for candidates in the U.S. are listed below, varying based on location experience, skills, and qualifications. In addition to base salary, this role will also be offered equity and subsidized benefits (details available upon request) .