Cyber Security Engineer jobs at Nes Holdings - 100 jobs

A financial services company in San Francisco is seeking an experienced security professional to assess access controls and mentor peers in security best practices. The candidate should have over 6 years of experience in security operations and a Bachelor's degree. The role offers competitive compensation ranging from $157,000 to $200,000, along with a hybrid work model and comprehensive benefits. #J-18808-Ljbffr

"I can be myself at work." You are more than a job title. We want you to feel comfortable doing great work and bringing your best, authentic self to everything you do. We value your talents, traditions, and uniqueness-and we're committed to fostering a strong sense of belonging in a respectful workplace. We intentionally seek diverse perspectives, experiences, and backgrounds, investing in a culture designed to celebrate differences. We believe that belonging leads to better outcomes and a stronger community of associates united by our mission. At Capital, we live our core values every day: Integrity, Client Focus, Diverse Perspectives, Long-Term Thinking, and Community. "I can influence my income." You want to feel recognized at work. Your performance will be reviewed annually, and your compensation will be designed to motivate and reward the value that you provide. You'll receive a competitive salary, bonuses and benefits. Your company-funded retirement contribution will factor in salary and variable pay, including bonuses. "I can lead a full life." You bring unique goals and interests to your job and your life. Whether you're raising a family, you're passionate about where you volunteer, or you want to explore different career paths, we'll give you the resources that can set you up for success. Enjoy generous time-away and health benefits from day one, with the opportunity for flexible work options Receive 2-for-1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you love Access on-demand professional development resources that allow you to hone existing skills and learn new ones "I can succeed as a Lead AI Security Engineer at Capital Group" As aLeadAISecurity Engineer, you willbe responsible forsecuring Capital Group's enterprise AI Platforms.You willhelp enable Capital Group's AIstrategy bybuilding and/orprocuringsolutions toprotecta diverse set of enterprise AI platforms being built and deployed at Capital Group.You'llcollaborate with platformengineering, security engineering, and risk teams toensure their solutions support scalable, secureadoption of AI. Additionally,you'llbe expected toprovidementoring,advising diverse teams across the organization, andpromoting AI Securityprinciples across Capital Group. AISecurityProcurementManagements:You willprocureand/or build technical solutionsto reducethe riskof misconfiguration, exploitation, andother security issues formultipleenterprise AI platforms. Embedding Security in the AIPlatform Ecosystem:Working closely withplatform teams tointegrate securityintoeverycomponentof the AI Platform. Implementing Security Controls & "Guardrails" for GenAI:Designing, deploying, andoperatingtechnical controls to prevent misuse of AI systems.Guardrails designincludescontent filtering systems, usage policies, and safety checks that mitigate issues like prompt injection attacks, unauthorized data extraction, model bias or hallucinations, and other misuse of generative AIplatforms. AI Runtime Security:Engineer continually tests and updatestothe guardrails, replacing weaker controls with more robust solutions as threats evolve. AI Governance:You will work cross functionally with architecture and platform teams tomonitoralignment of solutions to AI Governance processes Contribute to Standards and Policies:You will providethought leadership for Information Security policies and standards for AIin collaboration with technology risk AI/Agent SME:Youwill provide AI/Agent subject matterexpertisefor AI Incidentsand Security Reviews, and helpdevelop incident response playbooks for AI-related security incidents "I am the person Capital Group is looking for." You have 8+yearsof experience in information security, application security, platform security, or penetration testing,DevSecOps, networksecurityand other security disciplines. You have experience securing AI platforms, whetherinternal AIplatforms or offerings such as CoPilot Studio, Amazon Bedrock, and/or Azure AI Gateway Proficient in Programming & ML Tool.Strong Python skillsrequired, with experience in AI/ML frameworks.Abilityto review and write ML code to implement security measures (e.g., model validation, adversarial testing) isdesired. You have5+ years of relevant professional experience ordemonstrated anequivalent level ofexpertisein security engineering, such as cloud, API, or platform security. You have3+ years of experience embedded identity, network, and encryption controls into enterprise platforms Youcaneffectively partner and collaborate with stakeholder teams. You have effective communication skills andthe abilityto outline security riskstoleadership. You are familiar with cloud and API security vendors and managed services providers. Preferred Qualifications: You have knowledge and experience with technologies including Kubernetes, Containers, CI/CD, and Cloud Service Providers You are familiar withfunctionand purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (ExamplesLangChain,LlamaIndex, etc.) You are familiar with key AI regulatory frameworks such as NIST AI RMF, MITRE ATLAS, GDPR, EU AI Act,etc You have information Security certifications (CISSP, SANS GIAC, CISA, etc.) "I can apply in less than 4 minutes." You've reviewed this job posting and you're ready to start the candidate journey with us. Apply now to move to the next step in our recruiting process. If this role isn't what you're looking for, check out our other opportunities and join our talent community. "I can learn more about Capital Group." At Capital Group, the success of the people who invest with us depends on the people in whom we invest. That's why we offer a culture, compensation and opportunities that empower our associates to build successful and prosperous careers. Through nine decades, our goal has been to improve people's lives through successful investing. We know that our history is a testament to the strength of the people we hire. More than 9,000 associates in 30+ offices around the world help our clients and each other grow and thrive every day. Find us on LinkedIn, Instagram, YouTube and Glassdoor. Southern California Base Salary Range: $179,273-$286,837San Antonio Base Salary Range: $147,378-$235,805New York Base Salary Range: $190,040-$304,064 In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings. You can learn more about our compensation and benefits here . * Temporary positions in the United States are excluded from the above mentioned compensation and benefit plans. We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.

"I can be myself at work." You are more than a job title. We want you to feel comfortable doing great work and bringing your best, authentic self to everything you do. We value your talents, traditions, and uniqueness-and we're committed to fostering a strong sense of belonging in a respectful workplace. We intentionally seek diverse perspectives, experiences, and backgrounds, investing in a culture designed to celebrate differences. We believe that belonging leads to better outcomes and a stronger community of associates united by our mission. At Capital, we live our core values every day: Integrity, Client Focus, Diverse Perspectives, Long-Term Thinking, and Community. "I can influence my income." You want to feel recognized at work. Your performance will be reviewed annually, and your compensation will be designed to motivate and reward the value that you provide. You'll receive a competitive salary, bonuses and benefits. Your company-funded retirement contribution will factor in salary and variable pay, including bonuses. "I can lead a full life." You bring unique goals and interests to your job and your life. Whether you're raising a family, you're passionate about where you volunteer, or you want to explore different career paths, we'll give you the resources that can set you up for success. Enjoy generous time-away and health benefits from day one, with the opportunity for flexible work options Receive 2-for-1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you love Access on-demand professional development resources that allow you to hone existing skills and learn new ones "I can succeed as a Lead AI Security Engineer at Capital Group" As aLeadAISecurity Engineer, you willbe responsible forsecuring Capital Group's enterprise AI Platforms.You willhelp enable Capital Group's AIstrategy bybuilding and/orprocuringsolutions toprotecta diverse set of enterprise AI platforms being built and deployed at Capital Group.You'llcollaborate with platformengineering, security engineering, and risk teams toensure their solutions support scalable, secureadoption of AI. Additionally,you'llbe expected toprovidementoring,advising diverse teams across the organization, andpromoting AI Securityprinciples across Capital Group. AISecurityProcurementManagements:You willprocureand/or build technical solutionsto reducethe riskof misconfiguration, exploitation, andother security issues formultipleenterprise AI platforms. Embedding Security in the AIPlatform Ecosystem:Working closely withplatform teams tointegrate securityintoeverycomponentof the AI Platform. Implementing Security Controls & "Guardrails" for GenAI:Designing, deploying, andoperatingtechnical controls to prevent misuse of AI systems.Guardrails designincludescontent filtering systems, usage policies, and safety checks that mitigate issues like prompt injection attacks, unauthorized data extraction, model bias or hallucinations, and other misuse of generative AIplatforms. AI Runtime Security:Engineer continually tests and updatestothe guardrails, replacing weaker controls with more robust solutions as threats evolve. AI Governance:You will work cross functionally with architecture and platform teams tomonitoralignment of solutions to AI Governance processes Contribute to Standards and Policies:You will providethought leadership for Information Security policies and standards for AIin collaboration with technology risk AI/Agent SME:Youwill provide AI/Agent subject matterexpertisefor AI Incidentsand Security Reviews, and helpdevelop incident response playbooks for AI-related security incidents "I am the person Capital Group is looking for." You have 8+yearsof experience in information security, application security, platform security, or penetration testing,DevSecOps, networksecurityand other security disciplines. You have experience securing AI platforms, whetherinternal AIplatforms or offerings such as CoPilot Studio, Amazon Bedrock, and/or Azure AI Gateway Proficient in Programming & ML Tool.Strong Python skillsrequired, with experience in AI/ML frameworks.Abilityto review and write ML code to implement security measures (e.g., model validation, adversarial testing) isdesired. You have5+ years of relevant professional experience ordemonstrated anequivalent level ofexpertisein security engineering, such as cloud, API, or platform security. You have3+ years of experience embedded identity, network, and encryption controls into enterprise platforms Youcaneffectively partner and collaborate with stakeholder teams. You have effective communication skills andthe abilityto outline security riskstoleadership. You are familiar with cloud and API security vendors and managed services providers. Preferred Qualifications: You have knowledge and experience with technologies including Kubernetes, Containers, CI/CD, and Cloud Service Providers You are familiar withfunctionand purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (ExamplesLangChain,LlamaIndex, etc.) You are familiar with key AI regulatory frameworks such as NIST AI RMF, MITRE ATLAS, GDPR, EU AI Act,etc You have information Security certifications (CISSP, SANS GIAC, CISA, etc.) "I can apply in less than 4 minutes." You've reviewed this job posting and you're ready to start the candidate journey with us. Apply now to move to the next step in our recruiting process. If this role isn't what you're looking for, check out our other opportunities and join our talent community. "I can learn more about Capital Group." At Capital Group, the success of the people who invest with us depends on the people in whom we invest. That's why we offer a culture, compensation and opportunities that empower our associates to build successful and prosperous careers. Through nine decades, our goal has been to improve people's lives through successful investing. We know that our history is a testament to the strength of the people we hire. More than 9,000 associates in 30+ offices around the world help our clients and each other grow and thrive every day. Find us on LinkedIn, Instagram, YouTube and Glassdoor. Southern California Base Salary Range: $179,273-$286,837San Antonio Base Salary Range: $147,378-$235,805New York Base Salary Range: $190,040-$304,064 In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings. You can learn more about our compensation and benefits here . * Temporary positions in the United States are excluded from the above mentioned compensation and benefit plans. We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.

People Drive Our Success Are you enthusiastic, highly motivated, and have a strong work ethic? If yes, come join our team! At Cathay Bank - we strive to provide a caring culture that supports your aspirations and success. We believe people are our most valuable asset and we proudly foster growth and development empowering you to achieve your professional goals. We have thrived for 60 years and persevered through many economic cycles due to our team members' drive and optimism. Together we can make a difference in the financial future of our communities. Apply today! What our team members are saying: Video Clip 1 Video Clip 2 Video Clip 3 Learn more about us at cathaybank.com GENERAL SUMMARY This position is responsible for ensuring that the Bank's Security operations and preventive controls are managed and maintained in accordance with established Information Security policies, standards and procedures, published regulations and industry best practices. Primarily responsible for the constant review of vendor security controls in comparison with policies and industry frameworks, risk assessments, determination of control gaps and their remediation. ESSENTIAL FUNCTIONS Performs vendor security risk assessments to determine inherent risk on proposed projects and assesses vendor security controls to determine residual risk. Evaluates the potential exposure to application security risks and threats based on industry security frameworks and recommends appropriate mitigation. Assesses security practices including Information Security governance, Identity and access control, Incident monitoring and response, Vulnerability assessment and Penetration tests, Network Security and Endpoint Security, among others. Acts as liaison with Third Party Risk Management, Information Technology and business department Relationship Managers related to vendor risk assessments. Reports information security risks and follows-up remediations. Remediates audit and regulatory findings and recommendations related to Information Security and Vendor Risk Management. QUALIFICATIONS Education: College degree in Information Technology or Information Security or equivalent; Security+, SSCP, CISSP, CISM or similar information security certifications preferred. Experience: Minimum two years of experience in Information Security Risk, Information Security Operations or Security Auditing. Proven experience on third-party risk management and vendor security assessments. Working knowledge of security practices such as Endpoint Security, Network Security, Security Operations and Security Governance required. Experience working with Vendor Risk Management (VRM) applications preferred. Skills/Ability: Proven ability to initiate and manage projects. Excellent communication and problem-solving skills. Strong inter-personal communication and collaboration skills. Self-starter, highly motivated, and able to work with general supervision. OTHER DETAILS $28.84 - $33.65 / hour Pay determined based on job-related knowledge, skills, experience, and location. This position may be eligible for a discretionary bonus. Cathay Bank offers its full-time employees a competitive benefits package which is a significant part of their total compensation. It is our goal to provide employees with a comprehensive benefits package to fit their needs which includes, coverage for medical insurance, dental insurance, vision insurance, life insurance, long-term disability insurance, and flexible spending accounts (FSAs), health saving account (HSA) with company contributions, voluntary coverages, and 401(k). Cathay Bank may collect personal information from potential job candidates and applicants. For more information on how we handle personal information and your applicable rights, please review our Privacy Policy. Cathay Bank is an Equal Opportunity and Affirmative Action Employer. We welcome applications for employment from all qualified candidates, regardless of race, color, ethnicity, ancestry, citizenship, gender, national origin, religion, age, sex (including pregnancy and related medical conditions, childbirth and breastfeeding), reproductive health decision-making, sexual orientation, gender identity and expression, genetic information or characteristics, disability or medical condition, military status or status as a protected veteran, or any other status protected by applicable law. Click here to view the "Know Your Rights: Workplace Discrimination is Illegal" Poster: Poster- English Poster- Spanish Poster- Chinese Traditional Poster- Chinese Simplified Cathay Bank endeavors to make **************************** to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact, Mickey Hsu, FVP, Employee Relations Manager, at or . This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

**BANC OF CALIFORNIA AND YOUR CAREER** Banc of California, Inc. (NYSE: BANC) is a bank holding company headquartered in Los Angeles with one wholly-owned banking subsidiary, Banc of California (the "bank"). Banc of California is one of the nation's premier relationship-based business banks focused on providing banking and treasury management services to small, middle-market, and venture-backed businesses. Banc of California offers a broad range of loan and deposit products and services, with full-service branches throughout California and Denver, Colorado, as well as full-stack payment processing solutions through BancEdge. The bank is committed to its local communities by supporting organizations that provide financial literacy and job training, small business support, affordable housing, and more. At Banc of California, our success is driven by our people, and we take pride in fostering an environment where everyone can reach their full potential. We embrace a culture of empowerment, progressive thinking, and entrepreneurial spirit, ensuring our team members have an opportunity to make an impact and play an important role in the future of Banc of California. Our core values - Entrepreneurialism, Operational Excellence, and Superior Analytics - empower us in creating a dynamic and inclusive workplace. We are committed to supporting your growth and well-being with comprehensive benefits, career development programs, a variety of employee resource groups, and more. TOGETHER WE WIN **THE OPPORTUNITY** Responsible for all aspects of cyber security operations including architecture, design, configuration, deployment, operation and management of cyber security tools, systems and processes. The position is involved with the implementation and maintenance of data security systems in both on premise and cloud environments. Performs all duties in accordance with the Company's policies and procedures, all U.S. state and federal laws and regulations, wherein the Company operates. **HOW YOU'LL MAKE A DIFFERENCE** + Builds, supports, monitors and enforces the security posture of the Bank using next-gen firewall, IDS/IPS, endpoint protection, DLP, encryption, SIEM, vulnerability management and other technologies and processes. + Conducts / coordinates security control audits, identifies potential gaps/risks and participates in the remediation of same. + Establishes and maintains Security Operations team triage and incident response playbooks to protect and recover information assets from unauthorized access, modification or destruction. + Assist in developing and implementing technical security standards to support the Bank's security needs and regulatory requirements including ISO2700x, CFPB, SOX, GLBA, NIST, FFIEC and PCI. + Provide subject matter expertise in all areas of Information Security technical operations, including analysis of computing environment, security testing and documentation, as well as investigations, software research, emerging technology research, vendor security analysis and participation in periodic audits. + Execute a reliable first-line-of defense via documented processes, controls, templates, and rigors. + Evaluate effectiveness of security testing and training, including penetration testing, security awareness training, and phishing campaigns. + Keeps abreast of the latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities pertaining to the Bank, and modify security control structure as required. + Maintains advanced knowledge and awareness of information security trends within the financial industry. + High level of personal integrity, the ability to professionally handle confidential matters, and project the appropriate level of urgency, judgment, and maturity. + Treat people with respect; keep commitments; inspire the trust of others; work ethically and with integrity; uphold organizational values; accept responsibility for own actions. + Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; promotes working environment free of harassment of any type. + Follows policies and procedures; completes tasks correctly and on time; supports the company's goals and values. + Performs the position safely, without endangering the health or safety to themselves or others and will be expected to report potentially unsafe conditions. The employee shall comply with occupational safety and health standards and all rules, regulations and orders issued pursuant to the OSHA Act of 1970, which are applicable to one's own actions and conduct. + Performs other duties and projects as assigned. **WHAT YOU'LL BRING** + Demonstrates knowledge of, adherence to, monitoring and responsibility for compliance with state and federal regulations and laws as they pertain to this position including but not limited to the following: Regulation Z (Truth in Lending Act), Regulation B (Equal Credit Opportunity Act), Fair Housing Act (FHA), Home Mortgage Disclosure Act (HMDA), Real Estate Settlement Procedures Act (RESPA), Fair Credit Reporting Act (FCRA), Bank Secrecy Act (BSA) in conjunction with the USA PATRIOT Act, Anti-Money Laundering (AML) and Customer Information Program (CIP), Right to Financial Privacy Act (RFPA, state and federal) and Community Reinvestment Act (CRA). + Security generalist, someone that thrives in fast-paced environments with diverse technologies, but can dive deep on your domain(s) expertise. + Interested in solving security challenges through partnership, technical awareness and assurance. + Adept at influence and driving change within the organization. + Self-starter with a hands-on style, a high level of energy, stamina and drive. + Able to present ideas clearly and gain agreement and group consensus. + Strong team player. + Ability to work with little to no supervision while performing duties + Bachelor's Degree, Information Systems, Computer Science, Information Security or related field desired. + Security Operations experience in financial services, healthcare, or other highly-regulated sector desired. + 5+ years IT security or Information Security experience with a proven ability to engage with business units and technical peers. + Experience and knowledge of Palo Alto firewalls + Highschool diploma or equivalent required **HOW WE'LL SUPPORT YOU** + **Financial Security:** You will be eligible to participate in the company's 401k plan which includes a company match and immediate vesting. + **Health & Well-Being:** We offer comprehensive insurance options including medical, dental, vision, AD&D, supplemental life, long-term disability, pre-tax Health Savings Account with employer contributions, and pre-tax Flexible Spending Account (FSA). + **Building & Supporting Your Family:** Banc of California partners with providers that offeradoption, surrogacy, and fertility assistance as well as paid parental leave and family support solutions including care options for your family. + **Paid Time Away:** Eligible team members receive paid vacation days, holidays, and volunteer time off. + **Career Growth Opportunities:** To support career growth of our team members, we offer tuition reimbursement, an annual mentorship program, leadership development resources, access to LinkedIn Learning, and more. **SALARY RANGE** The full-time base salary range for this position is $100,000.00 - $150,000.00 a year. The base salary ultimately offered is determined through a review of education, industry experience, training, knowledge, skills, abilities of the applicant in alignment with market data and other factors. Banc of California is an equal opportunity employer committed to creating a diverse workforce. All qualified applicants will receive consideration for employment without regard to their actual or perceived race (including traits associated with race, such as hair texture, hair type or protective hairstyles), religion or religious creed (including religious dress and grooming practices), color, sex (including pregnancy, childbirth, breastfeeding and related medical conditions), sexual orientation, gender, gender identity, gender expression, gender transitioning, citizenship status, national origin, ancestry, age, marital status, military or veteran status, medical condition, genetic information, or disability (mental or physical), requests for accommodation and any additional protected categories set forth in applicable federal, state or local laws. If you require reasonable accommodation as part of the application process, please contact Talent Acquisition. Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights (**************************** notice from the Department of Labor. Equal Opportunity Employer PacWest Bancorp and its affiliates are fully committed to the principles of equal opportunity and diversity. We take pride in building a workplace culture where all employees feel supported and respected, and have equal access to career and development opportunities without regard to race, religion/creed, color, national origin, age, marital status, ancestry, sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), gender identity/expression, sexual orientation, veteran status, physical or mental disability, medical condition, military status, genetic information, or any other characteristic protected by federal, state or local laws.

BANC OF CALIFORNIA AND YOUR CAREER Banc of California, Inc. (NYSE: BANC) is a bank holding company headquartered in Los Angeles with one wholly-owned banking subsidiary, Banc of California (the “bank”). Banc of California is one of the nation's premier relationship-based business banks focused on providing banking and treasury management services to small, middle-market, and venture-backed businesses. Banc of California offers a broad range of loan and deposit products and services, with full-service branches throughout California and Denver, Colorado, as well as full-stack payment processing solutions through BancEdge. The bank is committed to its local communities by supporting organizations that provide financial literacy and job training, small business support, affordable housing, and more. At Banc of California, our success is driven by our people, and we take pride in fostering an environment where everyone can reach their full potential. We embrace a culture of empowerment, progressive thinking, and entrepreneurial spirit, ensuring our team members have an opportunity to make an impact and play an important role in the future of Banc of California. Our core values - Entrepreneurialism, Operational Excellence, and Superior Analytics - empower us in creating a dynamic and inclusive workplace. We are committed to supporting your growth and well-being with comprehensive benefits, career development programs, a variety of employee resource groups, and more. TOGETHER WE WIN THE OPPORTUNITY Responsible for all aspects of cyber security operations including architecture, design, configuration, deployment, operation and management of cyber security tools, systems and processes. The position is involved with the implementation and maintenance of data security systems in both on premise and cloud environments. Performs all duties in accordance with the Company's policies and procedures, all U.S. state and federal laws and regulations, wherein the Company operates. HOW YOU'LL MAKE A DIFFERENCE Builds, supports, monitors and enforces the security posture of the Bank using next-gen firewall, IDS/IPS, endpoint protection, DLP, encryption, SIEM, vulnerability management and other technologies and processes. Conducts / coordinates security control audits, identifies potential gaps/risks and participates in the remediation of same. Establishes and maintains Security Operations team triage and incident response playbooks to protect and recover information assets from unauthorized access, modification or destruction. Assist in developing and implementing technical security standards to support the Bank's security needs and regulatory requirements including ISO2700x, CFPB, SOX, GLBA, NIST, FFIEC and PCI. Provide subject matter expertise in all areas of Information Security technical operations, including analysis of computing environment, security testing and documentation, as well as investigations, software research, emerging technology research, vendor security analysis and participation in periodic audits. Execute a reliable first-line-of defense via documented processes, controls, templates, and rigors. Evaluate effectiveness of security testing and training, including penetration testing, security awareness training, and phishing campaigns. Keeps abreast of the latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities pertaining to the Bank, and modify security control structure as required. Maintains advanced knowledge and awareness of information security trends within the financial industry. High level of personal integrity, the ability to professionally handle confidential matters, and project the appropriate level of urgency, judgment, and maturity. Treat people with respect; keep commitments; inspire the trust of others; work ethically and with integrity; uphold organizational values; accept responsibility for own actions. Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; promotes working environment free of harassment of any type. Follows policies and procedures; completes tasks correctly and on time; supports the company's goals and values. Performs the position safely, without endangering the health or safety to themselves or others and will be expected to report potentially unsafe conditions. The employee shall comply with occupational safety and health standards and all rules, regulations and orders issued pursuant to the OSHA Act of 1970, which are applicable to one's own actions and conduct. Performs other duties and projects as assigned. WHAT YOU'LL BRING Demonstrates knowledge of, adherence to, monitoring and responsibility for compliance with state and federal regulations and laws as they pertain to this position including but not limited to the following: Regulation Z (Truth in Lending Act), Regulation B (Equal Credit Opportunity Act), Fair Housing Act (FHA), Home Mortgage Disclosure Act (HMDA), Real Estate Settlement Procedures Act (RESPA), Fair Credit Reporting Act (FCRA), Bank Secrecy Act (BSA) in conjunction with the USA PATRIOT Act, Anti-Money Laundering (AML) and Customer Information Program (CIP), Right to Financial Privacy Act (RFPA, state and federal) and Community Reinvestment Act (CRA). Security generalist, someone that thrives in fast-paced environments with diverse technologies, but can dive deep on your domain(s) expertise. Interested in solving security challenges through partnership, technical awareness and assurance. Adept at influence and driving change within the organization. Self-starter with a hands-on style, a high level of energy, stamina and drive. Able to present ideas clearly and gain agreement and group consensus. Strong team player. Ability to work with little to no supervision while performing duties Bachelor's Degree, Information Systems, Computer Science, Information Security or related field desired. Security Operations experience in financial services, healthcare, or other highly-regulated sector desired. 5+ years IT security or Information Security experience with a proven ability to engage with business units and technical peers. Experience and knowledge of Palo Alto firewalls Highschool diploma or equivalent required HOW WE'LL SUPPORT YOU Financial Security: You will be eligible to participate in the company's 401k plan which includes a company match and immediate vesting. Health & Well-Being: We offer comprehensive insurance options including medical, dental, vision, AD&D, supplemental life, long-term disability, pre-tax Health Savings Account with employer contributions, and pre-tax Flexible Spending Account (FSA). Building & Supporting Your Family: Banc of California partners with providers that offer adoption, surrogacy, and fertility assistance as well as paid parental leave and family support solutions including care options for your family. Paid Time Away: Eligible team members receive paid vacation days, holidays, and volunteer time off. Career Growth Opportunities: To support career growth of our team members, we offer tuition reimbursement, an annual mentorship program, leadership development resources, access to LinkedIn Learning, and more. SALARY RANGE The full-time base salary range for this position is $100,000.00 - $150,000.00 a year. The base salary ultimately offered is determined through a review of education, industry experience, training, knowledge, skills, abilities of the applicant in alignment with market data and other factors. Banc of California is an equal opportunity employer committed to creating a diverse workforce. All qualified applicants will receive consideration for employment without regard to their actual or perceived race (including traits associated with race, such as hair texture, hair type or protective hairstyles), religion or religious creed (including religious dress and grooming practices), color, sex (including pregnancy, childbirth, breastfeeding and related medical conditions), sexual orientation, gender, gender identity, gender expression, gender transitioning, citizenship status, national origin, ancestry, age, marital status, military or veteran status, medical condition, genetic information, or disability (mental or physical), requests for accommodation and any additional protected categories set forth in applicable federal, state or local laws. If you require reasonable accommodation as part of the application process, please contact Talent Acquisition.

Job Description 170+ Years Strong. Industry Leader. Global Impact. At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share a commitment to integrity, vigilance, and excellence. Pinkerton is an inclusive employer who seeks candidates with diverse backgrounds, experiences, and perspectives to join our family of industry subject matter experts. The Senior Security System Project Engineer, assigned to a specific client, will be a key contributor to the overall physical security technology stack. The Engineer supports the architecture, health, programming, and development cycles of the physical security hardware and applications, from front-end to back-end. This role drives innovation and operational efficiencies by deploying emerging technologies, building deep integrations, and creating seamless experiences for end-users. As a physical security subject matter expert, there is a direct impact on the design of the client's next generation facilities through project management, providing technical guidance, and solving large-scale implementation issues while developing and communicating security design requirements to internal and external project partners. Responsibilities Represent Pinkerton's core values of integrity, vigilance, and excellence. Maintain a deep understanding of Genetec architecture and deployment infrastructure to ensure the integrity and reliability of the security system's functionality. Apply advanced troubleshooting capabilities with Windows, Linux, and cloud server deployments and possess nimble bug fix skills to ensure smooth deployment and seamless recovery during incidents or outages. Design and implement comprehensive physical security systems, including access control, CCTV, intrusion detection, and alarm systems, while ensuring scalability, reliability, and compliance with industry standards. Provide advanced technical support, troubleshoot complex issues, and develop maintenance schedules to ensure the reliability and performance of security systems. Ensure seamless integration of security systems with IT infrastructure, collaborate with IT teams, and conduct regular audits to maintain compliance with regulations and improve security practices. Plan, direct, and execute physical security system design and integration efforts, including the management of all security systems documentation, such as as-built plans, maintenance and repairs, and project close-out. Collaborate with construction and project-related teams to ensure all pre-development scopes of work are established and executed, and track all project-related issues, dependencies, and work with project team members to follow up on issues and status to ensure proper resolution. Partner with providers and vendors to discover and remediate vulnerabilities in security technologies. Assist with the development and management of vendor and provider efficiency and delivery quality through the creation and implementation of KPIs. Employ effective time management for systems programming, commissioning, and testing of devices spanning time zones including AMER/EMEA/APAC regions. Monitor team chat groups for after-hours project support and system maintenance-related troubleshooting. Manage physical/logical infrastructure which supports PACS, VMS, and a myriad of other systems, including maintenance support, installation of new systems, and other proactive initiatives to ensure systems are functioning with optimal performance with minimal downtime, as well as meeting and exceeding program SLAs. Assign and resolve system user issues as they arise through the system ticketing process. Perform audits of systems and policies and maintain tracking lists of all system issues proactively while implementing solutions along the way. Communicate internally with other technology partners, Project Leads, and externally with integrators. Provide system support to integrators on security technologies, including access control, video management systems, intercoms, and intrusion. Support the evaluation, integration, and implementation of new and existing technology solutions. Provide escalation support for the client's SOC, GSOC, and Security Operations teams. Understand the security standards and practices that go into a security design and manage security integrators across multiple time zones. Program, configure, and harden all technical security devices, apps, and platforms. Work with other senior managers within the business to maintain compliance with all security system requirements. Liaise with, meet with customers, and key contacts regularly to review contract performance and ensure that quality standards are maintained in accordance with SLAs and KPIs. All other duties, as assigned. Qualifications Bachelor's degree preferred with five or more years of access control application engineering and security project management experience. Knowledge of Windows, security systems, and technology applications that are Windows-dependent, preferred. Comprehensive knowledge of Security Systems and Technology, including, but not limited to Genetec Security Center, Synergis, Mercury Panels, Stentofon, Commend, HID, Axis, and Schlage. Understanding of how security systems and technology hardware interact with the network/IP. Familiarity with field troubleshooting techniques for low-voltage systems. Support and troubleshooting skills with networked devices with established global connectivity. Expert knowledge of Windows, Linux, and cloud-based servers and VM technologies. Able to build relationships with business partners involved with security systems program execution and deliverables. Communication skills across all levels of the organization. Able to maintain a vantage point with a comprehensive view of the clients, customers, and shared interests. Able to communicate highly technical information to non-technical individuals with consistent checks for understanding. Serve as a positive team member and leader. Able to analyze and synthesize broad, cross-business, or cross-discipline information that leads to breakthroughs or significant insight. Able to collaborate effectively with dynamic professionals from broad backgrounds. Effective written, verbal, and presentation skills. Able to work independently with little supervision. Able to review root causes and implement appropriate changes to ensure delivery of services that exceed client expectations. Computer skills; Microsoft Office. Working Conditions: With or without reasonable accommodation, requires the physical and mental capacity to effectively perform all essential functions; Regular computer usage. Occasional reaching and lifting of small objects and operating office equipment. Frequent sitting, Aavilable for on call after hours for emergency outages and incident management. Travel, as required. Pinkerton is an equal opportunity employer to all applicants and positions without regard to race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/prenatal status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any protected status by local, state, federal or country-specific law.

TITLE: INFORMATION SECURITY ENGINEERSTATUS: EXEMPTREPORTS TO: MANAGER - INFORMATION SECURITYDEPARTMENT: IT - INFORMATION SECURITY CODE: 11264GRADE: 21S PAY GRADE: $110,500.00 - $117,000.00 ANNUALLY GENERAL DESCRIPTION: The Information Security Engineer is responsible for securing our sensitive data and critical assets from current and emerging threats for Golden 1. This position utilizes business knowledge and technical experience of cybersecurity to provide a secure environment for Golden 1's technology and information needs. The Information Security Engineer works closely with technology, application teams and business units to develop and test security structures designed to protect the computer and network infrastructure. This position is responsible for performing technical assessments of risks, threats and vulnerabilities related to new and existing information systems and supporting process within Golden 1 and external vendor connections. TASKS, DUTIES, FUNCTIONS: Analyze, assess, and respond to various internal and external threats identified by intrusion detection system (IDS)/intrusion prevention systems (IPS), web application firewall, vulnerability scan results and other data sources. Provide recommendations to IT management and monitor to ensure that recommendations are effectively implemented. Perform vulnerability assessments and penetration testing to identify exposures and risks, and report findings to management. Communicate and collaborate with partner teams, service owners, Information Security, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings. Provide consultative security guidance on a constant stream of new products and technologies as a subject matter expert on Golden 1 projects and initiatives Advise and participate in the development of business systems designs, ensuring hardening standards and configurations meet information security policy and procedures. Work in conjunction with IT to ensure appropriate procedures and processes are in place and effective in the detection and prevention of system intrusions as well as in establishing and managing a functional anti- virus/malware/DLP policy. Determine ways to monitor, measure, test and report on the effectiveness and efficiency of information security controls as well as compliance with information security policies and procedure. Implementation, administration, and maintenance of IDS/IPS, URL filter, email gateway, certificate issuance and control, network management, identity access control, and other information security infrastructure and controls as necessary. Regularly review IDS/IPS/SIEM rules, wireless rogue access point detection configuration and procedures and practices to ensure optimal effectiveness of security in the business environment. Participate in creating access privileges, control structures and resources to ensure optimal efficiency and adherence to information security standards. Engage with internal and external auditors during examinations, providing support and assistance in addressing audit recommendations. Participate in the security development of network systems architecture, design, and ongoing review of system configuration in collaboration with relevant team members and external partners. Keep management updated on outstanding issues that are not resolved in a timely manner in accordance with established escalation procedures. Develop and maintain a clear understanding of the business area needs and incorporating these needs into technical solutions by updating, developing, and maintaining a thorough knowledge of credit union procedures, products, service, and data processing systems. Monitor state and federal laws and regulations related to credit union compliance including Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. - and privacy laws. Performs other job-related duties as necessary PHYSICAL SKILLS, ABILITIES, AND EXERTION UTILIZED IN THEPERFORMANCE OF THESE TASKS: Demonstrate strong oral and written communication skills with a focus on troubleshooting and error identification. Must possess sufficient manual dexterity to skillfully operate applicable computer hardware, a variety of hand tools and standard office equipment. ORGANIZATIONAL CONTACTS & RELATIONSHIPS: INTERNAL: All levels of staff and management. EXTERNAL: Vendors, service providers, organizational groups, and other financial institutions as needed. QUALIFICATIONS: EDUCATION: Bachelor of Science in Computer Science, Management Information Systems, Information Security Information Assurance or equivalent work experience. EXPERIENCE: 3 years' experience in organizational information security, cybersecurity, information assurance or providing security consulting services Working knowledge of traditional security controls and technologies, such as SIEM systems, IDS/IPS, public key infrastructure (PKI), IDAM systems, antivirus, and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls Strong technical and analytical skills, with a background in technology design, implementation, and delivery Working knowledge SIEM systems, firewalls, threat intelligence, security automation and orchestration solutions, IDS/IPS, data loss prevention (DLP) and other network and system monitoring tools Demonstrates understanding of network systems and applications including: DNS, LDAP, virtualization, Database design/hardening, Email/secure messaging, Data Loss Prevention, and end point protection. Demonstrate understanding of the NIST CSF and tracking KPIs to validate the cybersecurity program Demonstrates understanding of Windows, Linux, and cloud computing technologies, including software-, infrastructure- and platform-as-a-service, as well as public, private and hybrid environments. Strong sense of ethics, integrity, and professionalism Demonstrates the ability to articulate methodologies and concepts; communicate effectively in providing technical guidance and expertise to management and other staff PHYSICAL REQUIREMENTS: Prolonged sitting throughout the workday to accomplish tasks. Availability for emergency and on call duty 24 hours a day, 7 days a week, as needed. Occasional travel may be required. Lift and carry communications equipment and computer hardware weighing up to fifty pounds. Corrected vision in the normal range required to configure, test, and troubleshoot network server hardware and data. Hearing within normal range. May work additional work hours to accomplish tasks. LICENSES/CERTIFICATIONS: One of the following security certifications: CEH, Security +, SSCP, SANS GIAC, PCNSA, or equivalent Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. REV. 10/10/2025

**170+ Years Strong. Industry Leader. Global Impact.** At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share a commitment to integrity, vigilance, and excellence. Pinkerton is an inclusive employer who seeks candidates with diverse backgrounds, experiences, and perspectives to join our family of industry subject matter experts. TheSenior Security System Project Engineer,assigned to a specific client, will be a key contributor to the overall physical security technology stack. The Engineer supports the architecture, health, programming, and development cycles of the physical security hardware and applications, from front-end to back-end. This role drives innovation and operational efficiencies by deploying emerging technologies, building deep integrations, and creating seamless experiences for end-users. As a physical security subject matter expert, there is a direct impact on the design of the client's next generation facilities through project management, providing technical guidance, and solving large-scale implementation issues while developing and communicating security design requirements to internal and external project partners. **Responsibilities** + Represent Pinkerton's core values of integrity, vigilance, and excellence. + Maintain a deep understanding of Genetec architecture and deployment infrastructure to ensure the integrity and reliability of the security system's functionality. + Apply advanced troubleshooting capabilities with Windows, Linux, and cloud server deployments and possess nimble bug fix skills to ensure smooth deployment and seamless recovery during incidents or outages. + Design and implement comprehensive physical security systems, including access control, CCTV, intrusion detection, and alarm systems, while ensuring scalability, reliability, and compliance with industry standards. + Provide advanced technical support, troubleshoot complex issues, and develop maintenance schedules to ensure the reliability and performance of security systems. + Ensure seamless integration of security systems with IT infrastructure, collaborate with IT teams, and conduct regular audits to maintain compliance with regulations and improve security practices. + Plan, direct, and execute physical security system design and integration efforts, including the management of all security systems documentation, such as as-built plans, maintenance and repairs, and project close-out. + Collaborate with construction and project-related teams to ensure all pre-development scopes of work are established and executed, and track all project-related issues, dependencies, and work with project team members to follow up on issues and status to ensure proper resolution. + Partner with providers and vendors to discover and remediate vulnerabilities in security technologies. + Assist with the development and management of vendor and provider efficiency and delivery quality through the creation and implementation of KPIs. + Employ effective time management for systems programming, commissioning, and testing of devices spanning time zones including AMER/EMEA/APAC regions. + Monitor team chat groups for after-hours project support and system maintenance-related troubleshooting. + Manage physical/logical infrastructure which supports PACS, VMS, and a myriad of other systems, including maintenance support, installation of new systems, and other proactive initiatives to ensure systems are functioning with optimal performance with minimal downtime, as well as meeting and exceeding program SLAs. + Assign and resolve system user issues as they arise through the system ticketing process. + Perform audits of systems and policies and maintain tracking lists of all system issues proactively while implementing solutions along the way. + Communicate internally with other technology partners, Project Leads, and externally with integrators. + Provide system support to integrators on security technologies, including access control, video management systems, intercoms, and intrusion. + Support the evaluation, integration, and implementation of new and existing technology solutions. + Provide escalation support for the client's SOC, GSOC, and Security Operations teams. + Understand the security standards and practices that go into a security design and manage security integrators across multiple time zones. + Program, configure, and harden all technical security devices, apps, and platforms. + Work with other senior managers within the business to maintain compliance with all security system requirements. + Liaise with, meet with customers, and key contacts regularly to review contract performance and ensure that quality standards are maintained in accordance with SLAs and KPIs. + All other duties, as assigned. **Qualifications** Bachelor's degree preferred with five or more years of access control application engineering and security project management experience. + Knowledge of Windows, security systems, and technology applications that are Windows-dependent, preferred. + Comprehensive knowledge of Security Systems and Technology, including, but not limited to Genetec Security Center, Synergis, Mercury Panels, Stentofon, Commend, HID, Axis, and Schlage. + Understanding of how security systems and technology hardware interact with the network/IP. + Familiarity with field troubleshooting techniques for low-voltage systems. + Support and troubleshooting skills with networked devices with established global connectivity. + Expert knowledge of Windows, Linux, and cloud-based servers and VM technologies. + Able to build relationships with business partners involved with security systems program execution and deliverables. + Communication skills across all levels of the organization. + Able to maintain a vantage point with a comprehensive view of the clients, customers, and shared interests. + Able to communicate highly technical information to non-technical individuals with consistent checks for understanding. + Serve as a positive team member and leader. + Able to analyze and synthesize broad, cross-business, or cross-discipline information that leads to breakthroughs or significant insight. + Able to collaborate effectively with dynamic professionals from broad backgrounds. + Effective written, verbal, and presentation skills. + Able to work independently with little supervision. + Able to review root causes and implement appropriate changes to ensure delivery of services that exceed client expectations. + Computer skills; Microsoft Office. **Working Conditions:** With or without reasonable accommodation, requires the physical and mental capacity to effectively perform all essential functions; + Regular computer usage. + Occasional reaching and lifting of small objects and operating office equipment. + Frequent sitting, + Aavilable for on call after hours for emergency outages and incident management. + Travel, as required. Pinkerton is an equal opportunity employer to all applicants and positions without regard to race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/prenatal status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any protected status by local, state, federal or country-specific law. **Benefits** Benefit options include employer-paid life and AD&D, voluntary life and AD&D, medical, (HSA) Health Savings Account, (FSA) Flexible Savings Account, dental, vision, short-term disability, long-term disability, 401(K), paid time off (vacation, personal, sick, and holidays) and several employee assistance-related programs. This information provides a brief benefit overview. Upon the acceptance of an employment offer, the new employee will receive comprehensive plan details based on specific eligibility rules. **Posted Salary Range** USD $150,000.00 - USD $150,000.00 /Yr. Submit a Referral (************************************************************************************************************************************************* **Location** _US-CA-San Jose_ **ID** _2025-2303_ **Category** _Security Risk Management_ **Position Type** _Full-Time_ **Min Pay Rate** _USD $150,000.00/Yr._ **Max Pay Rate** _USD $150,000.00/Yr._ **Job Type** _Hybrid_ Pinkerton is an equal opportunity employer to all applicants and positions without regard to race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/prenatal status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any protected status by local, state, federal or country-specific law.

170+ Years Strong. Industry Leader. Global Impact. At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share a commitment to integrity, vigilance, and excellence. Pinkerton is an inclusive employer who seeks candidates with diverse backgrounds, experiences, and perspectives to join our family of industry subject matter experts. The Senior Security System Project Engineer, assigned to a specific client, will be a key contributor to the overall physical security technology stack. The Engineer supports the architecture, health, programming, and development cycles of the physical security hardware and applications, from front-end to back-end. This role drives innovation and operational efficiencies by deploying emerging technologies, building deep integrations, and creating seamless experiences for end-users. As a physical security subject matter expert, there is a direct impact on the design of the client's next generation facilities through project management, providing technical guidance, and solving large-scale implementation issues while developing and communicating security design requirements to internal and external project partners. Responsibilities Represent Pinkerton's core values of integrity, vigilance, and excellence. Maintain a deep understanding of Genetec architecture and deployment infrastructure to ensure the integrity and reliability of the security system's functionality. Apply advanced troubleshooting capabilities with Windows, Linux, and cloud server deployments and possess nimble bug fix skills to ensure smooth deployment and seamless recovery during incidents or outages. Design and implement comprehensive physical security systems, including access control, CCTV, intrusion detection, and alarm systems, while ensuring scalability, reliability, and compliance with industry standards. Provide advanced technical support, troubleshoot complex issues, and develop maintenance schedules to ensure the reliability and performance of security systems. Ensure seamless integration of security systems with IT infrastructure, collaborate with IT teams, and conduct regular audits to maintain compliance with regulations and improve security practices. Plan, direct, and execute physical security system design and integration efforts, including the management of all security systems documentation, such as as-built plans, maintenance and repairs, and project close-out. Collaborate with construction and project-related teams to ensure all pre-development scopes of work are established and executed, and track all project-related issues, dependencies, and work with project team members to follow up on issues and status to ensure proper resolution. Partner with providers and vendors to discover and remediate vulnerabilities in security technologies. Assist with the development and management of vendor and provider efficiency and delivery quality through the creation and implementation of KPIs. Employ effective time management for systems programming, commissioning, and testing of devices spanning time zones including AMER/EMEA/APAC regions. Monitor team chat groups for after-hours project support and system maintenance-related troubleshooting. Manage physical/logical infrastructure which supports PACS, VMS, and a myriad of other systems, including maintenance support, installation of new systems, and other proactive initiatives to ensure systems are functioning with optimal performance with minimal downtime, as well as meeting and exceeding program SLAs. Assign and resolve system user issues as they arise through the system ticketing process. Perform audits of systems and policies and maintain tracking lists of all system issues proactively while implementing solutions along the way. Communicate internally with other technology partners, Project Leads, and externally with integrators. Provide system support to integrators on security technologies, including access control, video management systems, intercoms, and intrusion. Support the evaluation, integration, and implementation of new and existing technology solutions. Provide escalation support for the client's SOC, GSOC, and Security Operations teams. Understand the security standards and practices that go into a security design and manage security integrators across multiple time zones. Program, configure, and harden all technical security devices, apps, and platforms. Work with other senior managers within the business to maintain compliance with all security system requirements. Liaise with, meet with customers, and key contacts regularly to review contract performance and ensure that quality standards are maintained in accordance with SLAs and KPIs. All other duties, as assigned. Qualifications Bachelor's degree preferred with five or more years of access control application engineering and security project management experience. Knowledge of Windows, security systems, and technology applications that are Windows-dependent, preferred. Comprehensive knowledge of Security Systems and Technology, including, but not limited to Genetec Security Center, Synergis, Mercury Panels, Stentofon, Commend, HID, Axis, and Schlage. Understanding of how security systems and technology hardware interact with the network/IP. Familiarity with field troubleshooting techniques for low-voltage systems. Support and troubleshooting skills with networked devices with established global connectivity. Expert knowledge of Windows, Linux, and cloud-based servers and VM technologies. Able to build relationships with business partners involved with security systems program execution and deliverables. Communication skills across all levels of the organization. Able to maintain a vantage point with a comprehensive view of the clients, customers, and shared interests. Able to communicate highly technical information to non-technical individuals with consistent checks for understanding. Serve as a positive team member and leader. Able to analyze and synthesize broad, cross-business, or cross-discipline information that leads to breakthroughs or significant insight. Able to collaborate effectively with dynamic professionals from broad backgrounds. Effective written, verbal, and presentation skills. Able to work independently with little supervision. Able to review root causes and implement appropriate changes to ensure delivery of services that exceed client expectations. Computer skills; Microsoft Office. Working Conditions: With or without reasonable accommodation, requires the physical and mental capacity to effectively perform all essential functions; Regular computer usage. Occasional reaching and lifting of small objects and operating office equipment. Frequent sitting, Aavilable for on call after hours for emergency outages and incident management. Travel, as required. Pinkerton is an equal opportunity employer to all applicants and positions without regard to race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/prenatal status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any protected status by local, state, federal or country-specific law. Benefits Benefit options include employer-paid life and AD&D, voluntary life and AD&D, medical, (HSA) Health Savings Account, (FSA) Flexible Savings Account, dental, vision, short-term disability, long-term disability, 401(K), paid time off (vacation, personal, sick, and holidays) and several employee assistance-related programs. This information provides a brief benefit overview. Upon the acceptance of an employment offer, the new employee will receive comprehensive plan details based on specific eligibility rules. Posted Salary Range USD $150,000.00 - USD $150,000.00 /Yr.

Figure is an AI Robotics company developing a general purpose humanoid. Our humanoid robot, Figure 02, is designed for commercial tasks and the home. We are based in San Jose, CA and require 5 days/week in-office collaboration. It's time to build. We are looking for a Security Engineer to join the Security & Privacy team at Figure, focusing on security of the robot as well as associated backend services. We are looking for excellent security engineers who have experience in breaking and building complex software systems, with experience in AI and embedded systems. Responsibilities Conduct security assessments of applications, embedded systems, back-end services, and business integrations, as well as build tooling for a secure development lifecycle Design technical solutions to mitigate security weaknesses on the robot and our service stack. Work with teams across the company to implement them. Build frameworks and systems to prevent classes of vulnerabilities Hunt for vulnerabilities and insecure coding patterns on our product stack (backend services and robot internal systems) Be a champion for security and user privacy Requirements Experience in several of the following application security domains: penetration testing, vulnerability research, security assessment, secure coding practices, security architecture & design, hardware security Strong software engineering (not scripting or automation) skills in C/C++, Rust, Golang, Python or similar Experience with securing embedded systems, including secure boot, secure identity, OTA, or others Solid foundation in web security, mobile security, or cryptography Ability to collaborate with internal and external stakeholders whilst prioritizing tasks and work independently under minimal supervision. BS in Computer Science, Engineering, Information Systems, or equivalent years of experience in a related technical field 3+ years of experience in the field of application security or related security role Passion for learning and helping others Excellent verbal and written communication skills, with high attention to detail The US base salary range for this full-time position is between $150,000 - $350,000 annually. The pay offered for this position may vary based on several individual factors, including job-related knowledge, skills, and experience. The total compensation package may also include additional components/benefits depending on the specific role. This information will be shared if an employment offer is extended.

It's fun to work in a company where people truly BELIEVE in what they're doing! We're committed to bringing passion and customer focus to the business. The Information Security Engineer is responsible for contributing to the corporate Information Security program by assisting in the identification, recommendation and implementation of industry leading application security tools and techniques. The incumbent will also maintain and update application security processes and procedures and train team members on any relevant updates. This position is remote, but local to the Temecula, CA office. Essential Functions Assist with the development, implementation, and administration of information security policies, standards, and procedures, adhering to industry best practices Assist in integrating regulatory compliance requirements (e.g., PCI, GLBA) into the organizational security roadmap Assist in ensuring that the corporate IT environment is secure and complies with all external audit requirements and federal standards Coordinate with IT Operations to ensure endpoints and network devices conform to security standards, and that security devices and controls are working as designed Assist in the identification, evaluation and implementation of industry leading application security tools and techniques Plan, coordinate, and implement security measures to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information Perform risk assessments and execute system tests to ensure proper functioning of data processing activities and security measures Identify potential security risks, and define and document remediation options or mitigating controls Perform security incident investigations including: chain of custody, containment measures, root cause analysis, and identification of preventive measures Define and assist in the management of an Incident Response Team that addresses potential or in-progress security events, establishing and adhering to escalation procedures and response times Perform information systems evidence gathering, to support e-discovery requests and messaging searches Perform security reviews on requests for new commercial software or material configuration changes to existing software Perform periodic internal IT security audit functions on IT operational controls, to include system access controls, firewall rule reviews, etc. Participate in on-call rotation Perform related duties as requested Essential Knowledge, Skills, & Abilities Excellent written and verbal communication skills required Solid presentation skills Significant knowledge of security-oriented regulatory requirements and compliance Excellent familiarity with IT security principles and practices including firewalling, hardening, data loss prevention, threat prevention, and identity management. Ability to provide technical guidance to less experienced team members Knowledge of the mortgage industry is helpful, but not required Commitment and ability to cultivate a diverse and inclusive work environment. Education Bachelor's degree in computer science, Engineering, Information Systems Security or a related field is required. Security class certifications strongly preferred Azure certifications preferred CISSP license preferred Experience 5+ years of related IT experience required 2+ years in an Information Security engineering role 3+ years of experience in a regulated IT environment including some combination of SOX, HIPAA, GLBA, PCI preferred Compensation and Benefits Covius offers an extensive benefits package for all employees, including medical, dental, vision and 401(k)! Compensation: $96,000 to $120,000 annually with a 10% AIP opportunity Application Guidelines: For best consideration, please submit your resume and application materials as soon as possible. Review of applications will begin immediately. Working Conditions Work is performed in a climate controlled indoor administrative office setting. The noise level in the work environment is usually quiet to moderate, depending upon the office or meeting location. Physical Demands and Activities While performing the duties of this job, the employee is frequently required to communicate. The employee frequently is required to remain stationary. The employee is frequently required to move about the office, operate a computer and other office machinery, such as calculator, copy machine, and computer printer; rarely position self to maintain files; rarely moves boxes weighing up to 10 lbs. Close and distance observation required with the ability to observe objects at close range in presence of glare or bright lighting (e.g., computer screen). Must possess the ability to communicate information and ideas so others will understand and have the ability to interact with external and internal stakeholders. Covius is committed to equal opportunity in all employment practices to all qualified applicants and employees without regard to race, color, religion, gender, gender identity, age, national origin, pregnancy, disability, genetics, marital status, military or veteran status or any other protected category as established by local, state, and federal law. This policy applies to all aspects of the employment relationship including recruitment and hiring, placement, promotion, transfer, compensation, disciplinary action, layoff, leaves of absence, training, and termination. All such employment decisions will be made without unlawful discrimination based on any prohibited basis. The essential functions, working conditions and physical demands described above are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position. Please note that all s are not intended to be all-inclusive. This job description is not designed to cover all activities, duties or responsibilities that are required of the employee for this job. Employees may be required to perform other duties at any time with or without notice to meet the ongoing needs of the organization. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: * Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. * Build-time controls: Managing applications/products security controls and activities during development. * Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities * Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. * Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. * Support or develop components of the security analytics platform. * Contribute to investigations, threat hunting, and incident response activities in a supporting role. * Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. * Support the security operations team with the vulnerability management lifecycle for products and services under your purview. * Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities * Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. * Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. * Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. * Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). * Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. * Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. * Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. * Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. * Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. * Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. * Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. * Experience engaging with vendors in design partnerships. * Experience overseeing vulnerability and threat management at the platform and application levels. * Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. * Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. $146,000 - $170,000 a year In addition to the above salary, this role may be eligible for a bonus. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap to design, build, implement, and operate security and fraud monitoring, detection, and response capabilities. Your Oversight Will Encompass Security & Fraud Monitoring, Detection, and Response: Identification of potential misuse and abuse cases, determining corresponding events associated with manifestation of such scenarios, design of identification and detection solutions -e.g., correlated/iterative event searches across log sources ranging from infrastructure to applications/SaaS platforms, testing, implementation, monitoring, and fine-tuning of these solutions, etc. Toolset design and operations: Design and build the monitoring, detection, and response platform, from tool selection and integration - e.g., SIEM, SOAR, agentic SOC, EDR, to daily operations/management Incident Response: Play a leading role in the definition, refinement, and execution of incident response activities. Overall Security Operations: Management and operation of security platforms/solutions outside monitoring, detection, and response platform. Support Embedded Product Security Team: Design, build, and implement monitoring and detection solutions for GoodLeap products and services. Essential Job Duties & Responsibilities Lead, participate in, and contribute to security and fraud monitoring, detection, and response activities, inclusive of investigations, threat hunting,etc. Create playbooks for specific incident response scenarios. Identify potential misuse and abuse cases in enterprise systems, propose solutions to detect these scenarios, and identify and implement monitoring and detection solutions for such scenarios. Support or develop components of the security analytics platform. Support embedded (product) security team. Support general security operations team with vulnerability management, tools management, and more. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in security event management, monitoring, threat hunting, incident response, playbook creation, orchestration/automations, etc. Experience with threat modeling methodologies. Expertise with EDR solutions/platforms, such as CrowdStrike, S1, Palo Alto Cortex EDR, etc. Experience with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. · Experience designing, configuring, and implementing security and fraud monitoring for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Experience working with and creating solutions based AI and ML toolsets - e.g., creation of AI skills, agents, MCP clients, vibe coding. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting teams outside of security - e.g., internal product teams and other cross-functional areas. Proficiency in writing automation scripts in multiple languages and integrating with REST/GraphQL APIs to orchestrate workflows between security tooling and third-party cloud/SaaS platforms, automating detection, response, and operational processes. · Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI.

About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: - Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. - Build-time controls: Managing applications/products security controls and activities during development. - Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Support or develop components of the security analytics platform. Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. Support the security operations team with the vulnerability management lifecycle for products and services under your purview. Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI.

About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: - Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. - Build-time controls: Managing applications/products security controls and activities during development. - Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Support or develop components of the security analytics platform. Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. Support the security operations team with the vulnerability management lifecycle for products and services under your purview. Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI.

About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap to design, build, implement, and operate security and fraud monitoring, detection, and response capabilities. Your Oversight Will Encompass Security & Fraud Monitoring, Detection, and Response: Identification of potential misuse and abuse cases, determining corresponding events associated with manifestation of such scenarios, design of identification and detection solutions -e.g., correlated/iterative event searches across log sources ranging from infrastructure to applications/SaaS platforms, testing, implementation, monitoring, and fine-tuning of these solutions, etc. Toolset design and operations: Design and build the monitoring, detection, and response platform, from tool selection and integration - e.g., SIEM, SOAR, agentic SOC, EDR, to daily operations/management Incident Response: Play a leading role in the definition, refinement, and execution of incident response activities. Overall Security Operations: Management and operation of security platforms/solutions outside monitoring, detection, and response platform. Support Embedded Product Security Team: Design, build, and implement monitoring and detection solutions for GoodLeap products and services. Essential Job Duties & Responsibilities Lead, participate in, and contribute to security and fraud monitoring, detection, and response activities, inclusive of investigations, threat hunting,etc. Create playbooks for specific incident response scenarios. Identify potential misuse and abuse cases in enterprise systems, propose solutions to detect these scenarios, and identify and implement monitoring and detection solutions for such scenarios. Support or develop components of the security analytics platform. Support embedded (product) security team. Support general security operations team with vulnerability management, tools management, and more. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in security event management, monitoring, threat hunting, incident response, playbook creation, orchestration/automations, etc. Experience with threat modeling methodologies. Expertise with EDR solutions/platforms, such as CrowdStrike, S1, Palo Alto Cortex EDR, etc. Experience with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. · Experience designing, configuring, and implementing security and fraud monitoring for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Experience working with and creating solutions based AI and ML toolsets - e.g., creation of AI skills, agents, MCP clients, vibe coding. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting teams outside of security - e.g., internal product teams and other cross-functional areas. Proficiency in writing automation scripts in multiple languages and integrating with REST/GraphQL APIs to orchestrate workflows between security tooling and third-party cloud/SaaS platforms, automating detection, response, and operational processes. · Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI.

About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: - Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. - Build-time controls: Managing applications/products security controls and activities during development. - Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Support or develop components of the security analytics platform. Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. Support the security operations team with the vulnerability management lifecycle for products and services under your purview. Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. In addition to the above salary, this role may be eligible for a bonus. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

This position is responsible for ensuring that the Bank's Security operations and preventive controls are managed and maintained in accordance with established Information Security policies, standards and procedures, published regulations and industry best practices. Primarily responsible for the constant review of vendor security controls in comparison with policies and industry frameworks, risk assessments, determination of control gaps and their remediation. ESSENTIAL FUNCTIONS Performs vendor security risk assessments to determine inherent risk on proposed projects and assesses vendor security controls to determine residual risk. Evaluates the potential exposure to application security risks and threats based on industry security frameworks and recommends appropriate mitigation. Assesses security practices including Information Security governance, Identity and access control, Incident monitoring and response, Vulnerability assessment and Penetration tests, Network Security and Endpoint Security, among others. Acts as liaison with Third Party Risk Management, Information Technology and business department Relationship Managers related to vendor risk assessments. Reports information security risks and follows-up remediations. Remediates audit and regulatory findings and recommendations related to Information Security and Vendor Risk Management. QUALIFICATIONS Education: College degree in Information Technology or Information Security or equivalent; Security+, SSCP, CISSP, CISM or similar information security certifications preferred. Experience: Minimum two years of experience in Information Security Risk, Information Security Operations or Security Auditing. Proven experience on third-party risk management and vendor security assessments. Working knowledge of security practices such as Endpoint Security, Network Security, Security Operations and Security Governance required. Experience working with Vendor Risk Management (VRM) applications preferred. Skills/Ability: Proven ability to initiate and manage projects. Excellent communication and problem-solving skills. Strong inter-personal communication and collaboration skills. Self-starter, highly motivated, and able to work with general supervision. OTHER DETAILS $28.84 - $33.65 / hour Pay determined based on job-related knowledge, skills, experience, and location. This position may be eligible for a discretionary bonus.