Security Architect Jobs in Boston, MA

About CyberArk: CyberArk (NASDAQ: CYBR), is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity - human or machine - across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world's leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit our CyberArk blogs or follow us on X, LinkedIn or Facebook. Job Description We are looking for a Cloud Security Architect to lead the design and development of security architecture, policies, and tools across our SaaS environments. The Cloud Security Architect will work with several Engineering and Product teams building our modern identity governance platform to continuously improve our security posture. The ideal candidate is familiar with information security industry best practices, modern automation tools and Cloud environment. We are looking for someone with a security mindset who "thinks like an attacker". You will spend part of your time "hands on" creating and deploying systems to ensure we maintain a best-in-class security posture, and part of your time planning, reviewing and evaluating how to meet upcoming and potential threats. What you need to succeed: * Perform risk assessment of proposed and existing system architecture for compliance with security best practices, recommending technical, administrative and physical controls to mitigate identified risks. * Develop service security and compliance requirements for SaaS multi tenant systems. * Design and develop cloud security architectures and perform architecture design reviews. * Design and develop frameworks and solutions to secure CI/CD pipelines. * Leading compliance efforts based on selected industry frameworks and compliance standards. * Implement, maintain and improve existing industry best practices of operational security controls such as: * Monitoring * Identity and access management * Encryption and data security * Self-auditing * Provide guidance to R&D and Product Management on defining and prioritizing development of secure SaaS offerings. * Prepare and deliver training and security awareness activities to the Engineering teams. * Acquire relevant knowledge, remain up-to-date, attend security conferences and be involved with the security community. * Drive and lead security processes, tools, methods, and knowledge and security enhancements. #LI-KR1 Qualifications * 5+ years of experience with software security (security researcher, security engineer, security architect). * Bachelor's Degree in Computer Science or related field, or additional 5+ years of experience * Experience in: * Infrastructure security, security SDLC and secure SaaS practices * Risk assessment and management, and threat modeling * Security reviews for code/design/architecture and requirements * Security compliance and frameworks such as FedRAMP or CSA CCM * Hardening procedures * Network administration and security * Identity management and authentication systems and protocols (Active Directory, LDAP, SAML, RADIUS) * Threat modeling practices * Extensive hands-on experience in: * Linux and Windows OS * Network architecture and security configurations * Experience doing architecture and design reviews * Thinking like an attacker * Excellent communication skills * A passion for the details * Deep understanding of Information Security in various environments * Demonstrated ability to take ownership and accountability of problems while collaborating with others * Ability to keep track of numerous detail-intensive, interdependent tasks and ensure their accurate completion * Ability to work a hybrid schedule in the Newton, MA area. Preferred: * Experience with FedRAMP certification * Hands-on experience with AWS security best practices and AWS services * Security standards and practices (CSA, OWASP, SANS, etc.) * Security of relational databases (MySQL, MS SQL Server, Oracle) * Security management certificates (CISSP, CSSLP, CISM, etc.) * Has presented at security conferences (BlackHat, OWASP, etc.) We know that no candidate is a perfect match for every role. If you're excited about this position and believe you can contribute to our mission, we'd love to hear from you. Additional Information CyberArk is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status. We are unable to sponsor or take over sponsorship of employment Visa at this time. The salary range for this position is $130,000 - $180,000/year, plus commissions or discretionary bonus, which will be based on the employee's performance. Base pay may also vary considerably depending on job-related knowledge, skills, and experience. The compensation package includes a wide range of medical, dental, vision, financial, and other benefits.

Ahold Delhaize is one of the world's largest food retail groups and a leader in both supermarkets and e-Commerce. Its family of great, local brands serves more than 50 million customers each week in Europe, the United States and Indonesia. Together, these brands employ more than 420,000 associates in more than 7,000 grocery and specialty stores. Our Global Support Office (GSO) is based in Zaandam in the Netherlands, but GSO associates also work in all the countries we serve. This team supports all our great local brands in finance, HR, IT, legal, communications, sustainable retailing, and other key functions. . We are looking for a seasoned Security Architect to develop and maintain the enterprise security reference architecture for Ahold Delhaize. In this role you are responsible for the security technology landscape overview and advising our IT and business partners on security requirements. Your team and office You will work closely with our Head of Cyber Strategy, innovation & Architecture to define the security strategy. You coordinate the yearly Group Cyber Security Office roadmap development and risk based priority setting process as part of the yearly budget cycle, collaborating closely with domain architects. Moreover, you work closely with Group Architecture, Brands and OpCos to ensure alignment with the latest business and IT strategy and priorities. Finally, you advise teams on security requirements and technology and vendor selection. About Ahold Delhaize We're Ahold Delhaize, one of the world's largest food retail groups and a leader in both supermarkets and e-commerce. Together with our 16 strong local retail brands in the United States, Europe and Indonesia, we make a meaningful difference in the lives of our brands' customers, our people and the world around us. We offer a highly dynamic, international work environment in which our associates thrive. Your new work environment As a Security Architect, you will be joining our Group Cyber Security department. Your colleagues will be working from both the USA and the Netherlands. You will be given the freedom and responsibility to take ownership of your work and broaden your horizons by working together with knowledgeable colleagues from different countries who have an abundance of expertise in many areas. The Group Cyber Security team is one of the few global teams with associates across all locations where Ahold Delhaize operates. You will work in an international environment with many diverse cultures and backgrounds. We have a vast and diverse IT landscape including traditional on-premises datacenters, OT environments and modern cloud workloads. Transitioning towards a Zero Trust based architecture is our goal and we need a strong Security Architecture team to make this happen! Additionally, you will conduct regular security assessments to identify potential vulnerabilities and areas for improvement. Your proactive approach will involve staying updated with the latest cybersecurity trends and threats, ensuring that our defenses remain robust and adaptive. We are looking for someone who can connect and engage easily as you will be working closely with other IT departments to make sure that our security principles are well aligned. We will continuously support you and help you build on your talents and skills for the future. Key responsibilities of your role Your role is highly diverse and with various responsibilities. Here are the key ones: 1. Security Strategy, Roadmap and Budget Cycle: Contribute to define the security architecture roadmap and the execution. You work with the domain architects to ensure the input for the roadmap from each domain is in line with the enterprise security reference architecture and security strategy. You are responsible for defining our roadmap and assist in the budget cycle. You will work closely with our Lead Security Architect to define strategy, align with our Group Cyber Security Office, Group Architecture and Opco's. 2. Enterprise Security Reference Architecture: You define and maintain enterprise security reference architectures, models, and principles, in line with IT enterprise architecture, security strategy and new technology and regulatory developments. You translate and maintain enterprise and IT strategy and technology innovations into requirements for the enterprise security reference architecture by using models and principles. You have a keen interest in staying up to date with all the newest updates and trends in the field of security. You conduct regular assessments of the security reference architecture and use the results as input to update reference architectures and to identify (new) risks and threats. 3. Security Technology Landscape: You will develop and update an overview of our security technology and vendor landscape and support in vendor selection and setting requirements. 4. Stakeholder Management: You will work with other Architecture teams to understand the IT and business strategies and collaborate with IT and business teams to advise on the enterprise security reference architecture and security requirement setting for new solutions. What's in it for you? Aside from what we ask of you in this role, we also have a great deal to offer you: plenty of growth opportunities and various cross-brand career options; flexible working hours; a hybrid working model (we ask you to spend at least 50% of your working time at the office); and the chance to drive meaningful change on a global scale. You can look forward to a good work-life balance, and the chance to work in an inclusive environment that wholeheartedly encourages growth and welcomes you just the way you are. You will be best geared for success if you meet the following requirements: * Master's degree in IT related field. * 8-10 years of hands-on work experience within large corporate IT environments and projects. * Have experience with security strategy development and execution within a large enterprise. * Are highly knowledgeable with enterprise security reference architectures, models, and principles. * Able to set and manage budgets. * Deep understanding of security technologies, frameworks, and best practices. * Deep understanding of security technology and vendor selection processes. * Strong knowledge of security risk management practices. * Ability to translate business priorities into effective security solutions. * Excellent communication and collaboration skills. * Last, but not least: strong stakeholder management skills. Apply now Are you keen to join our Security Architecture team? Even if you don't tick all (but do tick most )the boxes, but you still believe you have the personality and skills that make you a suitable candidate, we strongly encourage you to reach out to us. Apply now via the button on this page. At Ahold Delhaize and our local brands, we broadly define diversity as being inclusive of thoughts and skills, generational differences, LGBTQ+, gender, race and ethnicity, disabilities, nationalities and more, and we accept all people for who they are. The GSO sets global strategies frameworks, facilitates the sharing of best practice and encourages economies of scale. Great examples include sharing technology and digital know-how, so we can continue to lead in online and in-store retailing, setting global targets for healthy and sustainable products-including reducing food waste, use of plastics and making our products healthier to use and eat, and championing development for our future leaders-from learning about the digital mindset to leading our stores of the future. Under the federal Transparency in Coverage rule, group health plans are required to make publicly available machine-readable files that include in-network rates and out-of-network allowed amounts and billed charges. Click the link to view the in-network rates and out-of-network allowed amounts and billed charges under the welfare benefits plan in which GSO participates We are an equal opportunity employer. We comply with all applicable federal, state and local laws. Qualified applicants are considered without regard to sex, race, color, ancestry, national origin, citizenship status, religion, age, marital status (including civil unions), military service, veteran status, pregnancy (including childbirth and related medical conditions), genetic information, sexual orientation, gender identity, legally recognized disability, domestic violence victim status or any other characteristic protected by law.

Mission: Live at the intersection of app runtime & security. Protect applications in a fundamental way so that developers can build great application services and not be constantly looking over their shoulder. Bluerock is changing the landscape of App runtime security. As an Application Security Architect & Developer for BlueRock Security, you will: Understand common app runtime environments (Python, Java, JavaScript, etc.) and threats against them Develop innovative and practical security protection mechanisms to stop threats proactively via user space and Linux kernel space mechanisms Design and build both rapid prototypes and production code for detection and prevention of vulnerabilities and exploits Develop for the Cloud (AWS, Azure, GCP) and private data centers You could be a great fit for this role if you have: (Must Haves) At least 7+ years of experience in development of application security or monitoring for enterprise applications Strong technical understanding of how app runtimes work, how threats against runtimes work, and insight for how to protect applications Strong programming knowledge in Python, Java, Go, Rust, and C/C++ Experience with modern backend frameworks such as Django, Spring, Flask, NestJS, ASP.NET, etc. Experience with containers, Kubernetes services, Linux apps and Linux kernel Knowledge of best practices for Agile development and CI/CD-driven product development Experience with development in Cloud environments (AWS/ GCP/ Azure) Bachelor's degree or higher in computer science (or equivalent) Bonus/nice to have: Experience with micro-services Hands-on knowledge of AI and ML Experience with Linux Kernel security or monitoring and eBPF Experience with Open Telemetry and similar monitoring APIs and tools About BlueRock: BlueRock is a well-funded, early stage cybersecurity company founded by experienced security minded entrepreneurs. Our mission is to change the game in cybersecurity. Attackers are exploiting in hours. The dependency tree is exploding. Developers are drowning in vulnerability debt. BlueRock changes the game, enabling organizations to shift from chasing CVEs and exploits to proactively protecting the foundations of applications and computing, so that developers can build great applications without looking over their shoulders.

WHO YOU'LL WORK WITH You'll be based in our Atlanta or Waltham office as part of our Information Security team supporting our organization on a range of cloud/information security initiatives to implement data protection, cloud secure posture and risk management within their cloud environments. The activities include securing infrastructure as code, configuration management, accessing identity and access management, network security across multi-cloud environments, event monitoring and reporting, secure SDLC, risk assessments, cloud infrastructure entitlement management and incident response. WHAT YOU'LL DO As a Cloud Security Architect, you will enable the firm to leverage various Cloud technologies. With a thorough understanding of cloud architecture and Secure by Design, The Cloud Security Architect designs, develops, manages robust / secure / highly available and dynamic solutions for information systems intended to drive business objectives. The Cloud Security Architect should be proficient in all aspects of cloud security including identity &access management, defining organizational structure & policies, as well as utilizing cloud-native and third-party technologies.You will also be responsible for the maintenance of existing Cloud Security operational tasks and the continuous development of new security processes. Key to this role is ensuring that policies, controls, and solutions are continually monitored and improved, in response to new threats and business operations. The Cloud Security Architect will implement and maintain information security solutions to support multiple Cyber Security Frames such as NIST CSF, CIS, CSA, ISO27001, etc. You will provide cloud security standards & best practices within cloud environments designed for data protection, Cloud Secure Posture Management, and Risk Mitigation. The Cloud Security Architect will also support client-facing consulting services with technical assistance to all areas of the company, including supporting client engagements. QUALIFICATIONS Bachelor's or master's degree in information security, computer science or other technical discipline Practitioner experience working with cloud providers (e.g., AWS, Azure, GCP) Automation mindset and experience (e.g., Cloud Formation, Terraform, Ansible, Python) Technical understanding of a range of enterprise IT infrastructure and architectures for private, public and hybrid cloud models including web applications, databases, operating systems, servers and networking technologies Working knowledge of information security controls, guidelines and standards (e.g., ISO27000 series, OWASP, CSA CCM, CIS 20 Critical Security Controls, SOC 2, and NIST) Good understanding of privacy and data protection regulations (e.g., PCI DSS, HIPAA, FedRAMP or EU GDPR) Experience with a range of security technologies, processes and tooling around vulnerability management, patch management, firewalling, networking including IAM, SIEM/SOC, and DLP Experience designing, planning, implementing, provisioning and managing a cloud solution architecture

Newark, DE, United States Marlborough, MA, United States Santa Clara, CA, United States **Exciting Opportunity at Hologic: Become a Lead Product Security Architect!** Are you a cybersecurity enthusiast ready to make a significant impact in the healthcare industry? Join our dynamic team at Hologic's Breast & Skeletal Health Division, where you will champion a Secure by Design culture for our groundbreaking, life-saving medical devices. As a **Lead Product Security Architect** , you will play a crucial role in ensuring the security and integrity of our innovative healthcare solutions. This role may sit in Newark, DE, Santa Clara, CA, Marlborough, MA or can sit remotely. This is your chance to be part of something truly transformative and contribute to advancements in women's health. **Key Responsibilities:** **Champion Security Culture:** Lead the charge in embedding a Secure by Design culture across product teams. Ensure compliance with security standards and best practices, and represent our division in industry forums, information-sharing organizations, and standards groups. **Policy Enhancement:** Spearhead the continuous improvement of our Secure by Design policies and procedures, collaborating with functional teams to align our products with the latest security requirements and regulatory standards. **Security Tools and Automation:** Partner with DevOps to enhance our Security Tools capabilities, automation, and related processes, ensuring security excellence across our extensive portfolio of medical devices. **Security Engineer Support and Mentoring:** Provide guidance and mentorship to Product Security Engineers, driving security planning, design consistency, and overall excellence. **Documentation and Architecture:** Lead the creation and maintenance of security design documentation, architecture views, and diagrams for our products. **Design Strategy:** Participate in product design discussions to identify and integrate security requirements, considerations, and deliverables. Identify common security modules and resources that can be shared across all products. **Security Assessments:** Lead or support ongoing security assessments, including Threat Modeling, for Hologic products and remote connectivity solutions. Assess new products or projects for required security activities and deliverables. **Security Communication:** Lead and support security communications with external stakeholders and customers. Develop security resources, such as White Papers, and support Sales and Marketing efforts by highlighting our security excellence. **Education and Training:** Educate teams on securing our products, development environments, connected health solutions, and their operating environments. **Continuous Learning:** Stay ahead of the curve by keeping up with the latest security threats, regulatory changes, industry standards, and best practices. **Ideal Candidate Profile:** **Security Architecture and Design:** Possess a strong understanding of security architecture and design. **Change Champion:** Have a proactive and innovative mindset focused on enhancing and optimizing strategies, processes, and tools. **Travel Flexibility:** Be available for travel to Hologic offices, training, conferences, and customer sites. **Autonomous Alignment:** Work with minimal supervision while aligning with strategic intentions and corporate priorities. **Global Regulatory Environment:** Ensure continuous awareness and adherence to regulatory requirements for our products and environments. **Qualifications:** **Education:** Master's or Bachelor's degree in Computer Science, Management Information Science, Engineering, or a related technical field. **Medical Systems Knowledge:** Experience with medical information system administration and extensive knowledge of medical device security standards and regulations such as FDA Premarket Cybersecurity Guidance, IEC 81001-5-1, AAMI TIR57, AAMI SW96). **Regulated Industry Experience:** Experience in software development and verification within the medical device industry is preferred. **Experience:** 6+ years in: + Security Architecture and Design + Security policy, procedures, and standards creation + Cybersecurity Risk Assessment + Secure application development + Computer and network security + Microsoft Windows and Linux operating systems **Technical Skills:** + In-depth knowledge of the secure development lifecycle + Leading security design and architecture for embedded devices and complex applications + Expertise in secure coding standards and common vulnerabilities + Proficiency with industry-standard security tools (SAST, SCA, DAST, vulnerability scanning) + Leading Threat Modeling activities + Supporting Penetration Testing activities + Securing development and cloud environments (Azure preferred) + Strong communication skills, both verbal and written **Preferred Qualifications:** + Team Lead Experience: Experience supporting a team of security engineers. + Certifications: Security-related certifications (e.g., CISSP), OS (Windows, Linux), and networking (Cisco) certifications. + DoD ATO Compliance: Experience obtaining and maintaining Department of Defense (DoD) Authority to Operate (ATO) certifications. + Cloud Compliance: Experience in obtaining and maintaining industry-recognized certifications such as SOC 2, HITRUST, and FedRAMP. **So why join Hologic?** We are committed to making Hologic the company where top talent comes to grow. For you to succeed, we want to enable you with the tools and knowledge required and so we provide comprehensive training when you join as well as continued development and training throughout your career. We offer a competitive salary and annual bonus scheme, one of our talent partners can discuss this in more detail with you. If you have the right skills and experience and want to join our team, apply today. We can't wait to hear from you! The annualized base salary range for this role is $128,300 - $$200,600 and is bonus eligible. Final compensation packages will ultimately depend on factors including relevant experience, skillset, knowledge, geography, education, business needs and market demand. Agency and Third-Party Recruiter Notice: Agencies that submit a resume to Hologic must have a current executed Hologic Agency Agreement executed by a member of the Human Resource Department. In addition Agencies may only submit candidates to positions for which they have been invited to do so by a Hologic Recruiter. All resumes must be sent to the Hologic Recruiter under these terms or they will not be considered. Hologic, Inc. is proud to be an Equal Opportunity Employer inclusive of disability and veterans. LI-#DS1

Circle is a financial technology company at the epicenter of the emerging internet of money, where value can finally travel like other digital data - globally, nearly instantly and less expensively than legacy settlement systems. This ground-breaking new internet layer opens up previously unimaginable possibilities for payments, commerce and markets that can help raise global economic prosperity and enhance inclusion. Our infrastructure - including USDC, a blockchain-based dollar - helps businesses, institutions and developers harness these breakthroughs and capitalize on this major turning point in the evolution of money and technology. What you'll be part of: Circle is committed to visibility and stability in everything we do. As we grow as an organization, we're expanding into some of the world's strongest jurisdictions. Speed and efficiency are motivators for our success and our employees live by our company values: Multistakeholder, Mindfulness, Driven by Excellence and High Integrity. Circlers are consistently evolving in a remote world where strength in numbers fuels team success. We have built a flexible and diverse work environment where new ideas are encouraged and everyone is a stakeholder. What you'll be responsible for: Circle is seeking a passionate Lead Security Architect to design, implement, and maintain robust security solutions that ensure the integrity of our systems. This critical role requires a deep understanding of modern cloud-first architecture, with a preference for candidates who have experience applying these practices within Blockchain technologies and to the user endpoint level. As part of the Security Engineering team, you will collaborate closely with our Engineering teams to not only support the security of USDC but also challenge the current architecture, ensuring that it meets our present and, more importantly, future needs. By leading initiatives to enhance our security posture, you will play a vital role in shaping the long-term security strategy of Circle. If you are looking for an opportunity that combines technical challenge with the potential for professional growth in a forward-thinking organization, we would love to hear from you. This is a work from home position however all candidates must live in the Greater Boston, MA area and be available to come onsite upon short notice. What you'll work on: Develop and refine the security architecture for the organization, ensuring alignment with cloud-first principles while adapting to emerging technologies and threats. Propose technical architecture options for security risk, provides specialized technical advice to support the design and development of secure architectures and identify security controls to mitigate those risks. Integrate cloud-architecture principles to the user endpoint level to enhance the security posture and validate the integrity of systems. Assist in evaluations of security architecture that may include design assessment, risk assessment, threat modeling and code review. Provide on-site security support (e.g. network and endpoint) for executive leadership during key events. Collaborate with Engineering to embed security and enhance protocols for future needs. Engage in on-site assessments of cybersecurity and network integrity for key stakeholders. You will aspire to our four core values: Multistakeholder - you have dedication and commitment to our customers, shareholders, employees and families and local communities. Mindful - you seek to be respectful, an active listener and to pay attention to detail. Driven by Excellence - you are driven by our mission and our passion for customer success which means you relentlessly pursue excellence, that you do not tolerate mediocrity and you work intensely to achieve your goals. High Integrity - you seek open and honest communication, and you hold yourself to very high moral and ethical standards. You reject manipulation, dishonesty and intolerance. What you'll bring to Circle: Proven experience as a Security Architect or similar role, with a strong track record in designing and implementing robust security frameworks in cloud environments. Adept at conducting risk assessments, with the ability to translate complex technical concepts to non-technical stakeholders. Strong collaborative skills, demonstrated by effectively partnering with cross-functional teams to cultivate a proactive culture of security awareness and drive continuous improvement. Proven ability to communicate effectively and influence diverse stakeholders to swiftly resolve issues and align on organizational objectives. Excellent problem-solving abilities and a strategic mindset, capable of anticipating future security challenges and evolving architectural requirements. Enthusiasm for scalable, reproducible security practices. Self-motivated and creative problem-solver able to work independently with minimal guidance. Ability to manage multiple competing priorities and use good judgment to establish order or priorities on the fly. The ability to design and operate controls that are easy to test and audit. Experience working in financial services or financial technology desired. In-depth knowledge of security best practices, compliance standards, and regulatory requirements, particularly within the Financial and/or Blockchain industry. 7+ years of experience as a security engineer with a minimum of two years (can be overlapping) focusing on cybersecurity architecture. Experience/familiarity with Slack, Apple MacOS, and GSuite. Circle is on a mission to create an inclusive financial future, with transparency at our core. We consider a wide variety of elements when crafting our compensation ranges and total compensation packages. Starting pay is determined by various factors, including but not limited to: relevant experience, skill set, qualifications, and other business and organizational needs. Please note that compensation ranges may differ for candidates in other locations. Base Pay Range: $172,500 - $227,500 We are an equal opportunity employer and value diversity at Circle. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Additionally, Circle participates in the E-Verify Program in certain locations, as required by law. Should you require accommodations or assistance in our interview process because of a disability, please reach out to accommodations@circle.com for support. We respect your privacy and will connect with you separately from our interview process to accommodate your needs. #LI-Remote

360 IT Professionals is a Software Development Company based in Fremont, California that offers complete technology services in Mobile development, Web development, Cloud computing and IT staffing. Merging Information Technology skills in all its services and operations, the company caters to its globally positioned clients by providing dynamic feasible IT solutions. 360 IT Professionals work along with its clients to deliver high-performance results, based exclusively on the one of a kind requirement. Job Description We are looking to fill multiple full time positions as Information Security Architects in Cumberland RI. Qualifications A minimum of 5+ years of relevant security domain experience. 3+ years of hands on technical experience in network and perimeter security A minimum of 3 years in an architecture role and be able to lead/step up as needed Demonstrated expertise in integrating/developing security solutions in a 7x24 production environment Prior experience in defining the technology strategy for a large, global organization, and the ability to influence and persuade peers and colleagues in other reporting structures Strong Plus Skills: Industry recognized certifications such as CISA, CISM, CISSP, or SANS GIAC are a plus Virtualization Security experience is a strong plus (VMware ESX 6.x, Hytrust, Hypervisor, in-hypervisor malware control. Virtual NIC, NSX or equivalent.) Knowledge of risk assessment methodologies, IT policies and standards Knowledge of vulnerability identification tools, Qualys, Veracode, Qualys WAS. Additional Information In person interview is acceptable.

at Wind River Title PRINCIPAL SECURITY ARCHITECT Work Status: US Citizen; must be able to obtain UC security clearance Wind River is a global leader in delivering software for mission-critical intelligent systems. For more than four decades, the company has been an innovator and pioneer, powering billions of systems that require the highest levels of security, safety, and reliability. Wind River helps customers across automotive, aerospace, defense, industrial, medical, and telecommunications industries solve complex technology challenges on their journey toward the new intelligent machine economy. The company's software powers generation after generation of the safest, most secure systems in the world. Examples include playing a key role in NASA space missions such as Artemis I, the James Webb Space Telescope, and multiple Mars rovers. We've achieved recent 5G milestones including the world's first successful 5G data session with Verizon and building one of the largest Open RAN networks in the world with Vodafone. The company has received industry recognition for its technology innovation and leadership, and for its workplace culture, including global Great Place to Work certification and being named a “Top Workplace” for ten consecutive years. If you want to be part of a unique culture where the lived experience is based on our cultural attributes of growth mindset, customer-focus, and diversity, equity, inclusion & belonging, come join us and help advance the future software defined world. About the Opportunity As a Principal al Security Architect you will play a pivotal role in our mission. You'll work closely with product engineering, field teams, product management, and our customer-facing teams to drive our security strategy at the technology level, both internally and externally. To accomplish this you will need to be a skilled software, security and network architect and excellent communicator that can explain and drive the security vision with clean architectural principles, requirements, and messaging. The Principal Security Architect will have the highest level relevant technical skills coupled with an ability to effectively communicate specific business and technical solutions while building consensus on security-related decisions and features. The role requires a deep understanding of the latest hardware and software best practices for safe, scalable, reliable, compelling security solutions. The successful candidate will work with and across Wind River's state-of-the-art software technology teams spanning Real-Time Operating System (RTOS), Linux, hypervisor, cloud, and tooling technologies. These technology domains touch on all the market segments we cater to, including software-defined infrastructure, aerospace and defense, industrial automation, medical, automotive and more. To succeed in this role you must have a deep technical background in software engineering and systems engineering with an interest in staying current with leading-edge embedded, open-source and security technologies. You will be responsible for developing and presenting points-of-view on new security issues and technologies and establishing and evangelizing our security vision and architecture across the entire Wind River product portfolio. You will be expected to effectively communicate and influence developers, field engineers, sales, and product management within Wind River, establish yourself as a trusted advisor to our customers, and work with external subject matter experts and industry organizations to develop IT'S WHAT YOU KNOW BA/BSc degree (Computer Science, Engineering, or equivalent technical degree) or higher. 15+ years of relevant technical experience in the areas of software engineering, 5+ years of experience in security-related software architecture, design and/or implementation. Experience using security-related tools and considering use cases for security-related tooling. Demonstrated software programming proficiency with the ability to create and explain code examples. Familiarity with complex, product level embedded software architectures, APIs and toolkits. Familiar with secure software development practices including incident response and SDL. Familiar with industry-standard standards and frameworks such as NIST, FEDRAMP, SSDF, STIGs, and CIS benchmarks and how to bring systems into compliance Knowledge of security patterns, technologies and activities, such as threat assessments, perimeter mapping, attack surface evaluation, RBAC, single access point etc. Strong p

Extensive knowledge of HIPAA and HITECH. Knowledge of and experience with Information Security frameworks such as HiTRUST, NIST, or ISO 27001. Bachelor's degree in information security, information assurance, information technology, computer science, or a related discipline. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or related certification. Five (5) years in an information security operations or management role. Passion for the mission of Health Leads and strong commitment to Health Leads' core values: belief in collective strength and the power of shared work, constant and courageous learning, celebrating our victories and each other, and stepping up leaders in a common vision. Experience with information security for cloud environments and/or software-as-a-service (SaaS) platforms. Knowledge of security-related technologies and processes, including but not limited to: data loss prevention (DLP), identity and access management (IAM), endpoint security, vulnerability and configuration management, security information and event management (SIEM), incident response and digital forensics, disaster recovery/business continuity planning, network security (LAN/WAN). Ability to communicate complex ideas and information both verbally and writing, in a clear, concise, and effective manner to technical and non-technical audiences including customers and colleagues. Superior capabilities for partnering; ability to be effective as both a team member and as a leader of teams in defining objectives, staying on task and reaching consensus; soliciting participation, challenging ideas and summarizing accomplishments and planned actions. Show integrity and ethical behavior; respect confidentiality, business ethics and organizational standards. Ability to formulate the cost benefit of security initiatives in the context of overall business risk mitigation and the organization's operational objectives. Ability to compare, contrast and prioritize among alternative approaches to meet those objectives.

Boston Trust Walden Company is an independent, employee-owned firm that provides investment management services to institutional investors and private wealth clients. The firm manages approximately $16 billion in client assets. Boston Trust Walden distinguishes itself in several key ways, including: stable, diversified business model serving a variety of client types. compelling investment philosophy and excellent track record. longstanding leadership in ESG impact investing; and corporate culture grounded in shared values, as signified by the company's tagline, Principled Investing. Located in the heart of Boston at One Beacon Street, Boston Trust Walden employs fewer than 100 individuals. Boston Trust Walden's structure as an independent, employee-owned firm enables the firm to make business decisions that align with clients and employees for long-term success. The firm's structure and size help cultivate a collegial work environment where employees have ownership of their work, contribute to positive client outcomes, and are rewarded for their efforts. One of Boston Trust Walden's strategic priorities is to foster a positive workplace; this includes a commitment to diversity, equity, and inclusion. The firm believes this commitment is not only the right thing to do but also a matter of good governance and a critical component of long-term business success. When DEI values are infused into the workplace environment, the company and its employee's benefit. The firm is committed to taking meaningful steps to advance racial, ethnic, and gender equity in its workplace through retention, education, and recruitment initiatives. Boston Trust Walden Company is an Equal Opportunity Employer. Boston Trust Walden is committed to supporting equal employment opportunity and to promoting a workplace free of discrimination with regard to race, color, religious creed, national origin, genetic information, ancestry, sex, age, sexual orientation, gender identity, gender expression, physical or mental disability, parental status, marital status, veteran/US military status, pregnancy, citizenship status, or other legally protected status. The firm will make reasonable accommodations in the application process if requested by new job applicants. Position: Information Security Manager Job Summary Boston Trust Walden seeks a strategic and experienced Information Security Manager to lead and strengthen the firm's overall security posture, operational procedures, and control environment. This critical role is responsible for safeguarding firm and client data by managing core security functions, fostering cross-department collaboration, and proactively identifying and mitigating security risks. As the Information Security Manager, you will propose, implement, and maintain the firm's security policies, technologies, and controls. Additionally, you will lead phishing simulation exercises, conduct security and risk assessments, and oversee vendor due diligence reviews. The ideal candidate will demonstrate a strong commitment to cybersecurity, possess deep expertise in security principles and frameworks, and adopt a forward-thinking approach to evolving threats. You will manage day-to-day security operations, handle incident response, and drive continuous improvements to the firm's security program. Oversee security controls, including network and host intrusion detection and protection systems (IDS/IPS), identity access management systems (SSO, IdP), firewalls, security incident and event management systems (SIEM), mobile device management (MDM) systems, data classification and loss prevention systems (DLP), secure email gateways, and proxy systems. Key Responsibilities: Collaborate with Information Technology, Risk Management, and Compliance to analyze and strengthen security controls and implement comprehensive security requirements. Lead the implementation, documentation, and maintenance of information security policies, standards, procedures, and controls. Investigate security incidents, perform root cause analysis to identify indicators of compromise, and maintain documentation for corrective actions and improvements. Oversee third-party security providers to enhance controls and procedures. Manage the vulnerability lifecycle from identification to resolution and collaborate with IT teams to maintain secure baseline configurations. Monitor and analyze event logging across the organization, ensuring proper alerting is in place, reducing false positives, and identifying and correcting false negatives. Proactively identify and address gaps in security controls, working with teams across the business to ensure security measures are effectively implemented and maintained. Conduct information security reviews of external systems containing or utilizing firm or client NPPI. Stay current with the latest security technologies, trends, vulnerabilities, and emerging threats, providing expert guidance to stakeholders. Job Requirements: In-depth understanding of modern computing environments, including virtualization, cloud technologies, networks and protocols, data loss prevention, identity access management, multi-factor authentication, public key infrastructure and cryptography, intrusion detection, firewalls, mobile device management, proxies, vulnerability assessment tools, and incident response. Possess strong written and verbal communication skills, capable of producing policies, procedures, risk assessments, and audit responses aligned with internal and regulatory standards. Self-motivated and detail-oriented, capable of working independently while managing multiple priorities in a fast-paced, small-company environment. Proven ability to collaborate and communicate effectively with cross-functional teams and departments. Skilled in organizing, planning, and executing security initiatives that align with IT and business objectives. Strong interpersonal skills with the ability to build relationships with business partners and stakeholders at all levels. Able to influence decisions and promote a culture of security awareness throughout the organization. Education & Experience: Bachelor's degree or higher in computer science, information security, or related fields. Over 10 years in a dedicated security role, demonstrating increased responsibilities. Experience in Information Security domains such as information security governance, compliance, and regulations, as well as knowledge of frameworks like CIS, NIST, ISO 27001, and SOC reports. Professional certifications such as CISSP/CCSP, CySA+/CASP+, Security+ or GIAC are highly preferred.

Basic Qualifications Requires a Bachelor's degree in Systems Engineering, or a related Science, Engineering or Mathematics field. Also requires 5+ years of job-related experience, or a Master's degree plus 3 years of job-related experience. Agile experience preferred. CLEARANCE REQUIREMENTS: Department of Defense Secret security clearance is required at time of hire. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information. Due to the nature of work performed within our facilities, U.S. citizenship is required. Responsibilities for this Position We are seeking a Systems Security Engineer who has experience in the design and development of NSA-certified Cybersecurity devices. Key Responsibilities: Design and develop specifications for mission-critical NSA-certified Cybersecurity devices Collaborate with software and validation engineering teams to deliver high-speed data solutions Develop real-time multi-threaded Embedded System architecture using Model-based Systems Engineering (MBSE) tools and techniques Analyze and maintain system security requirements throughout product development lifecycle Conduct trade studies, perform functional analysis, and design system security. Preferred Skills and Experiences: NSA approved Cryptography/Encryption Security requirements analysis Real-Time multi-threaded Embedded System architecture and development Model-based Systems Engineering (MBSE) CISSP certification or similar INCOSE ASEP, CSEP, or ESEP certification We value candidates who possess: Drive to expand knowledge and experience in designing complex systems Ability to define project scope, schedule, and expected results Initiative to complete assignments and ability to engage in technical direction and leadership Our Commitment to You: An exciting career path with opportunities for continuous learning and development Research-oriented work with award-winning teams Competitive benefits package #CJ3 Salary Note This estimate represents the typical salary range for this position based on experience and other factors (geographic location, etc.). Actual pay may vary. This job posting will remain open until the position is filled. Combined Salary Range USD $133,499.00 - USD $140,000.00 /Yr. Company Overview General Dynamics Mission Systems (GDMS) engineers a diverse portfolio of high technology solutions, products and services that enable customers to successfully execute missions across all domains of operation. With a global team of 12,000+ top professionals, we partner with the best in industry to expand the bounds of innovation in the defense and scientific arenas. Given the nature of our work and who we are, we value trust, honesty, alignment and transparency. We offer highly competitive benefits and pride ourselves in being a great place to work with a shared sense of purpose. You will also enjoy a flexible work environment where contributions are recognized and rewarded. If who we are and what we do resonates with you, we invite you to join our high-performance team! Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you're a close but not exact match with the description, we hope you'll still consider applying. Want to learn more about life at Klaviyo? Visit careers.klaviyo.com to see how we empower creators to own their own destiny. As a Senior Security Trust & Compliance Analyst at Klaviyo, you'll work across the organization to support and mature our customer security questionnaires and internal security audits, both of which provide assurance to our customers while also enhancing the overall security of Klaviyo. You'll work on translating security concepts for your fellow Klaviyos and bolster security culture throughout the company, including by helping drive our security awareness and training, phishing testing, and internal security Q&A programs. This is your opportunity to take an active role in cybersecurity, applying and growing your expertise in security automation, risk analysis, control design, audit management, modern SaaS platform architectures, and many domains of information security (just about all of them!) What you'll be doing Automate and streamline our Security Trust & Compliance workflows, including control testing, evidence collection, identity governance, and security Q&As for employees and customers, with a penchant for creating excellent self-service experiences Own internal and external audits or examinations preparation; coordinate with stakeholders to ensure control evidence is appropriate, and develop action plans to correct findings/exceptions. Develop our security awareness programming, including creation of role-specific education, phishing training, and continuous education. Mentor and train other junior members of the team We'd love to hear from you if you have most of the following: Experience with GRC engineering or security automation in general Experience designing, assessing, and continuously monitoring modern security and privacy controls based on industry standards such as NIST 800-53, CIS Critical Security Controls, ISO 27002, etc. Experience owning or implementing security and privacy compliance audit programs for frameworks such as SOC 2, NIST CSF 2.0, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 42001, CSA STAR, GDPR, CCPA, SOX, etc. Knowledge of various enterprise SaaS applications, cloud infrastructure such as AWS, modern software engineering practices/tools, databases, operating systems, secure network design, and other technology relevant to cybersecurity We use Covey as part of our hiring and / or promotional process. For jobs or candidates in NYC, certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on April 3, 2025. Please see the independent bias audit report covering our use of Covey here Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Our salary range reflects the cost of labor across various U.S. geographic markets. The range displayed below reflects the minimum and maximum target salaries for the position across all our US locations. The base salary offered for this position is determined by several factors, including the applicant's job-related skills, relevant experience, education or training, and work location. In addition to base salary, our total compensation package may include participation in the company's annual cash bonus plan, variable compensation (OTE) for sales and customer success roles, equity, sign-on payments, and a comprehensive range of health, welfare, and wellbeing benefits based on eligibility. Please visit Klaviyo Rewards to find out more about our Total Rewards package. Your recruiter can provide more details about the specific salary/OTE range for your preferred location during the hiring process. Base Pay Range For US Locations:$120,000—$180,000 USD Get to Know Klaviyo We're Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we're developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators-ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you're ready to do the best work of your career, where you'll be welcomed as your whole self from day one and supported with generous benefits, we hope you'll join us. Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law. IMPORTANT NOTICE: Our company takes the security and privacy of job applicants very seriously. We will never ask for payment, bank details, or personal financial information as part of the application process. All our legitimate job postings can be found on our official career site. Please be cautious of job offers that come from non-company email addresses (@klaviyo.com), instant messaging platforms, or unsolicited calls. By clicking "Submit Application" you consent to Klaviyo processing your Personal Data in accordance with our Job Applicant Privacy Notice. If you do not wish for Klaviyo to process your Personal Data, please do not submit an application. You can find our Job Applicant Privacy Notice here and here (FR).

Are you a Cybersecurity compliance expert ready to take the lead in a dynamic, high-impact role? Join a globally recognized firm where you'll play a key role in shaping and strengthening our cybersecurity strategy. This is your chance to make a difference in a fast-paced, professional environment that values innovation, collaboration, and technical excellence. Why You'll Love This Role: Drive Security Initiatives - Lead firmwide cybersecurity programs, ensuring compliance with ISO 27001 and other industry standards. Be a Decision-Maker - Approve security risks, implement best practices, and enhance policies to safeguard critical systems. Third-Party & Risk Management - Oversee vendor risk assessments, vulnerability management, and client security audits. Lead & Mentor - Supervise a Compliance Analyst and provide strategic guidance across teams. Innovate & Protect - Collaborate with IT leadership to integrate cutting-edge security solutions into firm operations. What You Bring to the Table: 5+ years of cybersecurity experience in a complex IT environment. Strong knowledge of security frameworks (ISO 27001, NIST, etc.). Hands-on experience with security tools, compliance audits, and risk assessments. Leadership experience with a passion for mentoring and developing security professionals. Bachelor's degree in Cyber Security, Computer Science, or a related field. Security certifications (CISSP, CRISC, etc.) strongly preferred. Offer includes: Competitive salary: $145,000 - $170,000 Hybrid work environment Excellent benefits package A culture of excellence, diversity, and professional growth Ready to step into a leadership role where your expertise will make a real impact? Apply today and be a key player in securing the future of a top international firm. Apply to this post or email your resume directly to Dan Gilliam, email: **************************** Tags: Cybersecurity, IT, ISO, Compliance, Security Manager

We're looking for a hands-on, detail-oriented Information Security Manager to take ownership of our internal Information Security posture. In this role, you'll lead the implementation and management of our security operations, policies, and compliance processes. You'll work cross-functionally to ensure our systems, data, and employees follow best practices and meet relevant regulatory requirements. This is a foundational role for our security efforts-ideal for someone who enjoys building systems, and shaping policies in a small, fast-paced environment. Key Responsibilities Maintain and continuously improve the company's information security practices, tools, and procedures. Monitor internal systems for vulnerabilities or breaches, and lead incident response efforts when necessary. Develop, implement, and enforce security policies, standards, and procedures across the organization. Lead and manage compliance initiatives related to frameworks such as SOC 2, ISO 27001, and GDPR. Conduct internal risk assessments and coordinate third-party audits, ensuring timely remediation of findings. Oversee identity and access management (IAM), ensuring least-privilege principles are applied and maintained. Provide security training and awareness programs to employees across all departments. Evaluate and manage the security posture of third-party vendors and cloud services. Collaborate with engineering and IT teams to embed security best practices into systems and workflows. Stay current with emerging threats, technologies, and regulatory changes that may impact the company's security posture. Qualifications 7+ years of hands-on experience in information security, IT security, or a related field. Familiarity with common security and compliance frameworks (SOC 2, ISO 27001, NIST, GDPR, etc.). Strong understanding of modern IT infrastructure (cloud services, SaaS, access controls, security architecture, etc.). Excellent communication skills-you can translate complex security concepts for non-technical teams. Experience in a startup or small company environment is a plus. Nice to Have Relevant certifications (e.g., CISSP, CISM, CompTIA Security+, ISO 27001 Lead Implementer). Exposure to secure software development practices (DevSecOps, secure SDLC, etc.). Experience in security operations and/or incident response.

The VP & Chief Information Security Officer (CISO) reports to the SVP & Chief Information Officer and is a key member of the IT leadership team. The VP & CISO is responsible for developing, implementing, and maintaining a comprehensive cybersecurity strategy that protects the hospital's information assets, systems, and infrastructure. This includes establishing a multi-year roadmap, overseeing information security architecture, and ensuring regulatory compliance across the organization. The VP & CISO serves as a strategic advisor to executive leadership, the Audit Committee, and the Board of Trustees, effectively communicating risks and advocating for best practices in information security. This role will lead a dedicated security team and partner closely with cross-functional teams within a federated IT environment. This will include direct oversight of cybersecurity operations, incident response, governance, third-party risk management, and information security awareness programs. This is a strategic leadership role for a highly collaborative, service-driven, and visionary security professional. The ideal candidate will be an innovative thinker who balances risk with operational needs and who is passionate about protecting sensitive data in a mission-driven environment. This VP & CISO will: * Contribute to departmental goals, ensuring adherence to policies, procedures, quality, safety, and regulatory compliance. * Build credibility with senior leadership, clinicians, and staff by providing informed leadership and participating in IT Governance and prioritization. * Partner with CIO, CTO, and VP of Applications to define IT strategy aligned with the organizational and IT strategic plans. * Evaluate IT changes for security risks; advises leadership on balancing security with usability to support BCH's mission. * Lead development and enforcement of enterprise information security policies, procedures, and programs. * Define and drives a long-term security strategy and program to safeguard BCH's information assets. * Manage vendor relationships, resolves issues, and oversees vendor/third-party risk management processes. * Lead security-related due diligence and integration for M&A activities. * Collaborate across disciplines to ensure cybersecurity policies and standards are applied consistently. * Support business technology planning with current insights and future-state vision. * Ensure processes are in place for budgeting and lifecycle planning of strategic and tactical initiatives. Qualifications: * BA degree in a STEM discipline required; MA degree preferred. * CISSP, CISM, or CISA certification required; CSM/CSPO preferred. * 10+ years of IT or business leadership, with at least 5 years in a cybersecurity leadership role. * Experience in academic and healthcare industries preferred. * Extensive experience in security, regulatory compliance, and external audits. * Strong management, analytical, and communication skills; effective with clients and senior leadership. * Ability to evangelize IT security as essential to business operations; build trust and respect for security function. * Innovative leader skilled at motivating cross-functional, interdisciplinary teams. * In-depth knowledge of business risk, risk assessment, and risk-based decision-making. * Expertise in frameworks and standards: ISO 27001/27002, NIST, SANS-CAG, COBIT, COSO, ITIL, etc. * Well-versed in legal/regulatory requirements (PCI, HIPAA, FERPA, HI-TRUST, NIST). * Strong understanding of security impacts of cloud, SaaS, and IoT architectures. * Broad technical knowledge: OSI model, infrastructure, app dev, networks, enterprise architecture, etc. * Hands-on experience with security technologies: firewalls, IDS, encryption, IAM, MFA, anti-malware, etc. * Natural influencer and coalition builder; passionate about building high-performing teams. Boston Children's Hospital offers competitive compensation and unmatched benefits

Extensive knowledge of HIPAA and HITECH. Knowledge of and experience with Information Security frameworks such as HiTRUST, NIST, or ISO 27001. Bachelor's degree in information security, information assurance, information technology, computer science, or a related discipline. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or related certification. Five (5) years in an information security operations or management role. Passion for the mission of Health Leads and strong commitment to Health Leads' core values: belief in collective strength and the power of shared work, constant and courageous learning, celebrating our victories and each other, and stepping up leaders in a common vision. Experience with information security for cloud environments and/or software-as-a-service (SaaS) platforms. Knowledge of security-related technologies and processes, including but not limited to: data loss prevention (DLP), identity and access management (IAM), endpoint security, vulnerability and configuration management, security information and event management (SIEM), incident response and digital forensics, disaster recovery/business continuity planning, network security (LAN/WAN). Ability to communicate complex ideas and information both verbally and writing, in a clear, concise, and effective manner to technical and non-technical audiences including customers and colleagues. Superior capabilities for partnering; ability to be effective as both a team member and as a leader of teams in defining objectives, staying on task and reaching consensus; soliciting participation, challenging ideas and summarizing accomplishments and planned actions. Show integrity and ethical behavior; respect confidentiality, business ethics and organizational standards. Ability to formulate the cost benefit of security initiatives in the context of overall business risk mitigation and the organization's operational objectives. Ability to compare, contrast and prioritize among alternative approaches to meet those objectives.

divdivdivp id="is Pasted" style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;color:#2EBAE7;'Boston Trust Walden Company Overview/span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;'emspan style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;' /span/em/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;'Boston Trust Walden Company is an independent, employee-owned firm that provides investment management services to institutional investors and private wealth clients. The firm manages approximately $16 billion in client assets./span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;' /span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;'Boston Trust Walden distinguishes itself in several key ways, including:/span/pul style="list-style-type: disc;"lispan style='font-family:"Franklin Gothic Book",sans-serif;font-size:15px;'stable, diversified business model serving a variety of client types./span/lilispan style='font-family:"Franklin Gothic Book",sans-serif;font-size:15px;'compelling investment philosophy and excellent track record./span/lilispan style='font-family:"Franklin Gothic Book",sans-serif;font-size:15px;'longstanding leadership in ESG impact investing; and/span/lilispan style='font-family:"Franklin Gothic Book",sans-serif;font-size:15px;'corporate culture grounded in shared values, as signified by the company's tagline, em Principled Investing./em/span/li/ulp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;' /span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;'Located in the heart of Boston at One Beacon Street, Boston Trust Walden employs fewer than 100 individuals. Boston Trust Walden's structure as an independent, employee-owned firm enables the firm to make business decisions that align with clients and employees for long-term success. The firm's structure and size help cultivate a collegial work environment where employees have ownership of their work, contribute to positive client outcomes, and are rewarded for their efforts. /span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;' /span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;'One of Boston Trust Walden's strategic priorities is to foster a positive workplace; this includes a commitment to diversity, equity, and inclusion. The firm believes this commitment is not only the right thing to do but also a matter of good governance and a critical component of long-term business success. When DEI values are infused into the workplace environment, the company and its employee's benefit. The firm is committed to taking meaningful steps to advance racial, ethnic, and gender equity in its workplace through retention, education, and recruitment initiatives. /span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;' /span/pdiv style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;border:none;border-bottom:solid windowtext 1.5pt;padding:0in 0in 1.0pt 0in;'p style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;border:none;padding:0in;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;'Boston Trust Walden Company is an Equal Opportunity Employer. Boston Trust Walden is committed to supporting equal employment opportunity and to promoting a workplace free of discrimination with regard to race, color, religious creed, national origin, genetic information, ancestry, sex, age, sexual orientation, gender identity, gender expression, physical or mental disability, parental status, marital status, veteran/US military status, pregnancy, citizenship status, or other legally protected status./span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;border:none;padding:0in;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;' /span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;border:none;padding:0in;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;'The firm will make reasonable accommodations in the application process if requested by new job applicants./span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;border:none;padding:0in;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;' /span/p/divp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;' /span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;color:#2EBAE7;'Position: Information Security Manager/span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'strongspan style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;' /span/strong/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'strongspan style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;color:black;'Job Summary/span/strong/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;color:black;background:white;'Boston Trust Walden seeks a strategic and experienced Information Security Manager to lead and strengthen the firm's overall security posture, operational procedures, and control environment. This critical role is responsible for safeguarding firm and client data by managing core security functions, fostering cross-department collaboration, and proactively identifying and mitigating security risks./span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;color:black;background:white;' /span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;color:black;background:white;'As the Information Security Manager, you will propose, implement, and maintain the firm's security policies, technologies, and controls. Additionally, you will lead phishing simulation exercises, conduct security and risk assessments, and oversee vendor due diligence reviews. The ideal candidate will demonstrate a strong commitment to cybersecurity, possess deep expertise in security principles and frameworks, and adopt a forward-thinking approach to evolving threats. You will manage day-to-day security operations, handle incident response, and drive continuous improvements to the firm's security program. Oversee security controls, including network and host intrusion detection and protection systems (IDS/IPS), identity access management systems (SSO, IdP), firewalls, security incident and event management systems (SIEM), mobile device management (MDM) systems, data classification and loss prevention systems (DLP), secure email gateways, and proxy systems./span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;color:black;background:white;' /span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'strongspan style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;color:black;background:white;'Key Responsibilities:/span/strong/pul style="margin-bottom:0in;margin-top:0in;" type="disc"li style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Collaborate with Information Technology, Risk Management, and Compliance to analyze and strengthen security controls and implement comprehensive security requirements./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Lead the implementation, documentation, and maintenance of information security policies, standards, procedures, and controls./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Investigate security incidents, perform root cause analysis to identify indicators of compromise, and maintain documentation for corrective actions and improvements./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Oversee third-party security providers to enhance controls and procedures./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Manage the vulnerability lifecycle from identification to resolution and collaborate with IT teams to maintain secure baseline configurations./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Monitor and analyze event logging across the organization, ensuring proper alerting is in place, reducing false positives, and identifying and correcting false negatives./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Proactively identify and address gaps in security controls, working with teams across the business to ensure security measures are effectively implemented and maintained./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Conduct information security reviews of external systems containing or utilizing firm or client NPPI./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Stay current with the latest security technologies, trends, vulnerabilities, and emerging threats, providing expert guidance to stakeholders. /span/li/ulp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;color:black;background:white;' /span/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'strongspan style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;color:black;background:white;'Job Requirements:/span/strong/pul style="margin-bottom:0in;margin-top:0in;" type="disc"li style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'In-depth understanding of modern computing environments, including virtualization, cloud technologies, networks and protocols, data loss prevention, identity access management, multi-factor authentication, public key infrastructure and cryptography, intrusion detection, firewalls, mobile device management, proxies, vulnerability assessment tools, and incident response./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Possess strong written and verbal communication skills, capable of producing policies, procedures, risk assessments, and audit responses aligned with internal and regulatory standards./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Self-motivated and detail-oriented, capable of working independently while managing multiple priorities in a fast-paced, small-company environment./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Proven ability to collaborate and communicate effectively with cross-functional teams and departments./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Skilled in organizing, planning, and executing security initiatives that align with IT and business objectives./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Strong interpersonal skills with the ability to build relationships with business partners and stakeholders at all levels./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Able to influence decisions and promote a culture of security awareness throughout the organization. /span/li/ulp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'strongspan style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;color:black;background:white;' /span/strong/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'strongspan style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;' /span/strong/pp style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;text-align:justify;'strongspan style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;'Education /span/strongstrongspan style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;color:black;background:white;'amp; Experience:/span/strong/pul style="margin-bottom:0in;margin-top:0in;" type="disc"li style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Bachelor's degree or higher in computer science, information security, or related fields./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Over 10 years in a dedicated security role, demonstrating increased responsibilities. /span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Experience in Information Security domains such as information security governance, compliance, and regulations, as well as knowledge of frameworks like CIS, NIST, ISO 27001, and SOC reports./span/lili style='margin:0in;font-size:13px;font-family:"Times New Roman",serif;color:black;text-align:justify;'span style='font-size:15px;font-family:"Franklin Gothic Book",sans-serif;background:white;'Professional certifications such as CISSP/CCSP, CySA+/CASP+, Security+ or GIAC are highly preferred./span/li/ul/div/div /div

Basic Qualifications Requires a Bachelor's degree in Systems Engineering, or a related Science, Engineering or Mathematics field. Also requires 5+ years of job-related experience, or a Master's degree plus 3 years of job-related experience. Agile experience preferred. CLEARANCE REQUIREMENTS: Department of Defense Secret security clearance is required at time of hire. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information. Due to the nature of work performed within our facilities, U.S. citizenship is required. Responsibilities for this Position We are seeking a Systems Security Engineer who has experience in the design and development of NSA-certified Cybersecurity devices. Key Responsibilities: Design and develop specifications for mission-critical NSA-certified Cybersecurity devices Collaborate with software and validation engineering teams to deliver high-speed data solutions Develop real-time multi-threaded Embedded System architecture using Model-based Systems Engineering (MBSE) tools and techniques Analyze and maintain system security requirements throughout product development lifecycle Conduct trade studies, perform functional analysis, and design system security. Preferred Skills and Experiences: NSA approved Cryptography/Encryption Security requirements analysis Real-Time multi-threaded Embedded System architecture and development Model-based Systems Engineering (MBSE) CISSP certification or similar INCOSE ASEP, CSEP, or ESEP certification We value candidates who possess: Drive to expand knowledge and experience in designing complex systems Ability to define project scope, schedule, and expected results Initiative to complete assignments and ability to engage in technical direction and leadership Our Commitment to You: An exciting career path with opportunities for continuous learning and development Research-oriented work with award-winning teams Competitive benefits package ***Please note the person can be based out of our Dedham or Taunton, MA facilities. You will be onsite 100%. #CJ3 Salary Note This estimate represents the typical salary range for this position based on experience and other factors (geographic location, etc.). Actual pay may vary. This job posting will remain open until the position is filled. Combined Salary Range USD $133,499.00 - USD $140,000.00 /Yr. Company Overview General Dynamics Mission Systems (GDMS) engineers a diverse portfolio of high technology solutions, products and services that enable customers to successfully execute missions across all domains of operation. With a global team of 12,000+ top professionals, we partner with the best in industry to expand the bounds of innovation in the defense and scientific arenas. Given the nature of our work and who we are, we value trust, honesty, alignment and transparency. We offer highly competitive benefits and pride ourselves in being a great place to work with a shared sense of purpose. You will also enjoy a flexible work environment where contributions are recognized and rewarded. If who we are and what we do resonates with you, we invite you to join our high-performance team! Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you're a close but not exact match with the description, we hope you'll still consider applying. Want to learn more about life at Klaviyo? Visit careers.klaviyo.com to see how we empower creators to own their own destiny. As a Senior Security Trust & Compliance Analyst at Klaviyo, you'll work across the organization to support and mature our customer security questionnaires and internal security audits, both of which provide assurance to our customers while also enhancing the overall security of Klaviyo. You'll work on translating security concepts for your fellow Klaviyos and bolster security culture throughout the company, including by helping drive our security awareness and training, phishing testing, and internal security Q&A programs. This is your opportunity to take an active role in cybersecurity, applying and growing your expertise in security automation, risk analysis, control design, audit management, modern SaaS platform architectures, and many domains of information security (just about all of them!) What you'll be doing * Automate and streamline our Security Trust & Compliance workflows, including control testing, evidence collection, identity governance, and security Q&As for employees and customers, with a penchant for creating excellent self-service experiences * Own internal and external audits or examinations preparation; coordinate with stakeholders to ensure control evidence is appropriate, and develop action plans to correct findings/exceptions. * Develop our security awareness programming, including creation of role-specific education, phishing training, and continuous education. * Mentor and train other junior members of the team We'd love to hear from you if you have most of the following: * Experience with GRC engineering or security automation in general * Experience designing, assessing, and continuously monitoring modern security and privacy controls based on industry standards such as NIST 800-53, CIS Critical Security Controls, ISO 27002, etc. * Experience owning or implementing security and privacy compliance audit programs for frameworks such as SOC 2, NIST CSF 2.0, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 42001, CSA STAR, GDPR, CCPA, SOX, etc. * Knowledge of various enterprise SaaS applications, cloud infrastructure such as AWS, modern software engineering practices/tools, databases, operating systems, secure network design, and other technology relevant to cybersecurity We use Covey as part of our hiring and / or promotional process. For jobs or candidates in NYC, certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on April 3, 2025. Please see the independent bias audit report covering our use of Covey here Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Our salary range reflects the cost of labor across various U.S. geographic markets. The range displayed below reflects the minimum and maximum target salaries for the position across all our US locations. The base salary offered for this position is determined by several factors, including the applicant's job-related skills, relevant experience, education or training, and work location. In addition to base salary, our total compensation package may include participation in the company's annual cash bonus plan, variable compensation (OTE) for sales and customer success roles, equity, sign-on payments, and a comprehensive range of health, welfare, and wellbeing benefits based on eligibility. Please visit Klaviyo Rewards to find out more about our Total Rewards package. Your recruiter can provide more details about the specific salary/OTE range for your preferred location during the hiring process. Base Pay Range For US Locations: $120,000-$180,000 USD Get to Know Klaviyo We're Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we're developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators-ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you're ready to do the best work of your career, where you'll be welcomed as your whole self from day one and supported with generous benefits, we hope you'll join us. Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law. IMPORTANT NOTICE: Our company takes the security and privacy of job applicants very seriously. We will never ask for payment, bank details, or personal financial information as part of the application process. All our legitimate job postings can be found on our official career site. Please be cautious of job offers that come from non-company email addresses (@klaviyo.com), instant messaging platforms, or unsolicited calls. By clicking "Submit Application" you consent to Klaviyo processing your Personal Data in accordance with our Job Applicant Privacy Notice. If you do not wish for Klaviyo to process your Personal Data, please do not submit an application. You can find our Job Applicant Privacy Notice here and here (FR).