Security architect jobs in Colton, CA - 93 jobs

People Drive Our Success Are you enthusiastic, highly motivated, and have a strong work ethic? If yes, come join our team! At Cathay Bank - we strive to provide a caring culture that supports your aspirations and success. We believe people are our most valuable asset and we proudly foster growth and development empowering you to achieve your professional goals. We have thrived for 60 years and persevered through many economic cycles due to our team members' drive and optimism. Together we can make a difference in the financial future of our communities. Apply today! What our team members are saying: Video Clip 1 Video Clip 2 Video Clip 3 Learn more about us at cathaybank.com GENERAL SUMMARY This position is responsible for ensuring that the Bank's Security operations and preventive controls are managed and maintained in accordance with established Information Security policies, standards and procedures, published regulations and industry best practices. Primarily responsible for the constant review of vendor security controls in comparison with policies and industry frameworks, risk assessments, determination of control gaps and their remediation. ESSENTIAL FUNCTIONS Performs vendor security risk assessments to determine inherent risk on proposed projects and assesses vendor security controls to determine residual risk. Evaluates the potential exposure to application security risks and threats based on industry security frameworks and recommends appropriate mitigation. Assesses security practices including Information Security governance, Identity and access control, Incident monitoring and response, Vulnerability assessment and Penetration tests, Network Security and Endpoint Security, among others. Acts as liaison with Third Party Risk Management, Information Technology and business department Relationship Managers related to vendor risk assessments. Reports information security risks and follows-up remediations. Remediates audit and regulatory findings and recommendations related to Information Security and Vendor Risk Management. QUALIFICATIONS Education: College degree in Information Technology or Information Security or equivalent; Security+, SSCP, CISSP, CISM or similar information security certifications preferred. Experience: Minimum two years of experience in Information Security Risk, Information Security Operations or Security Auditing. Proven experience on third-party risk management and vendor security assessments. Working knowledge of security practices such as Endpoint Security, Network Security, Security Operations and Security Governance required. Experience working with Vendor Risk Management (VRM) applications preferred. Skills/Ability: Proven ability to initiate and manage projects. Excellent communication and problem-solving skills. Strong inter-personal communication and collaboration skills. Self-starter, highly motivated, and able to work with general supervision. OTHER DETAILS $28.84 - $33.65 / hour Pay determined based on job-related knowledge, skills, experience, and location. This position may be eligible for a discretionary bonus. Cathay Bank offers its full-time employees a competitive benefits package which is a significant part of their total compensation. It is our goal to provide employees with a comprehensive benefits package to fit their needs which includes, coverage for medical insurance, dental insurance, vision insurance, life insurance, long-term disability insurance, and flexible spending accounts (FSAs), health saving account (HSA) with company contributions, voluntary coverages, and 401(k). Cathay Bank may collect personal information from potential job candidates and applicants. For more information on how we handle personal information and your applicable rights, please review our Privacy Policy. Cathay Bank is an Equal Opportunity and Affirmative Action Employer. We welcome applications for employment from all qualified candidates, regardless of race, color, ethnicity, ancestry, citizenship, gender, national origin, religion, age, sex (including pregnancy and related medical conditions, childbirth and breastfeeding), reproductive health decision-making, sexual orientation, gender identity and expression, genetic information or characteristics, disability or medical condition, military status or status as a protected veteran, or any other status protected by applicable law. Click here to view the "Know Your Rights: Workplace Discrimination is Illegal" Poster: Poster- English Poster- Spanish Poster- Chinese Traditional Poster- Chinese Simplified Cathay Bank endeavors to make **************************** to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact, Mickey Hsu, FVP, Employee Relations Manager, at or . This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

Job Description Principal Cloud Security Architect Our client is seeking a Principal Cloud Security Architect to lead the development and execution of a secure cloud computing strategy for their enterprise environment. This is a highly visible role supporting critical cloud transformation and identity management initiatives, combining strategic architecture leadership with hands-on technical depth. The ideal candidate will help shape the organization's cloud security roadmap, mentor junior staff, and drive modernization across cloud and identity domains. Location: Irvine, CA (Hybrid - 4 days onsite, 1 day remote) Compensation: This job is expected to pay about $200,000 - $235,000 base + 10% bonus No Visa Sponsorship Available for this role What You'll Do Lead the overall cloud security architecture strategy, establishing standards, frameworks, and best practices. Collaborate with domain architects, SOC, and DevOps teams to ensure secure design and deployment across hybrid and cloud environments. Drive identity management strategy and architecture, guiding implementation and roadmap execution. Partner with engineering and operations teams to strengthen threat monitoring, vulnerability management, and incident response capabilities. Provide mentorship and technical guidance to junior cybersecurity staff, promoting a culture of security and process excellence. What Gets You the Job 15+ years in information security, including 5+ years in cloud security architecture. Deep understanding of cloud platforms (GCP, AWS, or Azure) and experience supporting cloud migrations or hybrid environments. Hands-on engineering experience with security controls, scripting, or automation for data analysis and problem solving. Strong background in identity management, threat detection, and vulnerability management within enterprise environments. Excellent communication skills with a collaborative, down-to-earth approach and ability to mentor others. If we are still actively screening for this role, our AI Recruiter, Avery, will email you to schedule a virtual meeting to learn more about your background. Irvine Technology Corporation (ITC) connects top talent with exceptional opportunities in IT, Security, Engineering, and Design. From startups to Fortune 500s, we partner with leading companies nationwide. Our AI recruiter, Avery, helps streamline the first step of your journey-so we can focus on what matters most: helping you grow. Join us. Let us ELEVATE your career! Irvine Technology Corporation provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, Irvine Technology Corporation complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.

Property: 101 INNOVATION (0008) Division: Innovation Technology (IT) The Principal Cloud Security Architect is responsible for developing and leading the secure cloud computing strategy for Irvine Company. This includes working with Infrastructure and Development groups to understand their Cloud Platform adoption plans, hosted application designs, and cloud management and monitoring methods. The principal cloud security architect will define architecture patterns and standards based on industry best practices and insights regarding application architecture and deployment in cloud environments. The Principal Cloud Security Architect will work collaboratively with domain architects and lead security engineers to build security controls and solutions compliant with approved architecture frameworks and standards. This role also applies their cloud security, network architecture, hardening, and logging enforcement skills to lead all technical operation teams with containment and remediation workstreams related to security incidents. Job Duties: * Leads the overall cloud security architecture strategy and technical framework including standards/guidelines/procedures/requirements for infrastructure and software development. * Enable the business through technical leadership to influence peers across Innovation Technology and Business Leadership to design and implement cybersecurity technology, and assist application and infrastructure teams secure implementation of technology. * Lead security assessments, identify gaps in existing security architecture, and recommend changes or improvement. * Lead assessment of appropriate vendor relationships related to information security tools, technology and cloud services; manage proof-of-concepts that enable the business while reducing risk; maintain currency with emerging technology; maintain security roadmap. Develop and maintain enterprise security requirements and controls that drive the selection of security tools as well as assist Business Units and IT in selecting solutions to meet their needs. * Create solutions that align enterprise security architecture frameworks and standards (e.g. SABSA, NIST 800-53, ISO 27002) with overall business and security strategy. * Participate as the primary security subject matter expert in the Information Technology Architecture Committee (ITAC) by reviewing risks of new technology, ensuring secure integration of technology and driving a secure architecture roadmap. * Maintain a leadership role in the Architecture Review Committee through extensive experience in security technology and cloud architecture to drive a balanced approach to Irvine Company's overall technical architecture. This responsibility also requires mentorship of domain architects to mature their techniques and to think beyond their specific area of responsibility. * Establish and manage the threat management/intelligence program (including threat modeling, assessment, hunting) to support the Security Operations Center (SOC) and integrate with the risk management functions. * Assist Security Operations to assess and investigate security incidents, and work with application and operations teams throughout the investigation cycle to ensure remediation, eradication and lessons learned are rolled back into daily operations. * Build and maintain the Secure Software Development Lifecycle (SSDLC) including the development of secure coding standards, testing services, testing infrastructure, and compliance processes. * Manage the development and maintenance of the data protection program including discovery, data-flow/mapping and Data Loss Prevention (DLP). * Help identify new exploits, threats, and mitigations for detection engineering and define and maintain domain and enterprise level threat modeling. * Mentor junior cybersecurity staff in cybersecurity technology, architectural methods and technical process development. Minimum Qualifications / Other Expectations: Education & Experience: * Bachelor's degree in computer science, engineering or related field. * 15+ years in information risk management and information security technology, including 5+ years in security architecture and 5+ years in a cloud environment. * Strong written and verbal communications skills with the ability to create and present technical recommendations to executive management as well as influence and persuade peers and others. * Demonstrate a deep understanding of cloud concepts and architectures with a focus for how security controls are applied to cloud-based technologies. Example cloud concepts include, but are not limited to: * Architecture & Networking * Identity & Access Management * Securing the CI/CD Pipeline * Secrets and Data Protection * Logging, Detection, and Response * Security Controls for Containers (e.g., Docker, Kubernetes) * Experience managing cloud projects. * Deep understanding and implementation of industry-leading practices for cloud security risks using frameworks and standards such as CIS Benchmarks, Cloud Security Alliance, NIST SP 800-144, 800-145, 800-291, and 800-322. * Experience advising business and technical leadership on cloud architecture and design concepts based on compliance and regulatory standards (e.g., PII, PCI-DSS, PHI, GDPR, HIPAA). * Demonstrated experience in designing security architectures to mitigate threats including Zero Trust, cloud environments, applications, network infrastructure and data integration/management. * Experience in identifying gaps in existing architectures. * Demonstrated experience in architecting and implementing large complex security solutions and programs (i.e. SOC, Identity Management, SSDLC, DLP). * Experience in architecting security for cloud environments (IaaS, PaaS, SaaS) as well as leveraging cloud based security solutions. * Hands on experience with leading strategic security technology solutions to enable business flexibility including SD-WAN, Wireless networks and IoT. * Experience managing multiple projects of diverse scope and effectively collaborating in a cross-functional team environment. * Demonstrated knowledge on how business enabling technology (e.g. IoT, A.I.) increases the threat landscape, while understanding how to apply technology and process to mitigate cyber risk. * Knowledge of risk management processes and experience in conducting risk assessments. * Demonstrated ability to develop and implement the overall cybersecurity architecture in alignment with the risk posture of the organization. * Ability to automate common tasks in programming/scripting language and strong knowledge of application programming interface (API) interaction methods. * Experience being a part of a highly technical team, including Incident Response, Security Engineering, or Forensics teams. * Experience as an engineer in incident response efforts. This should include hands on experience completing tasks such as malware detection and analysis, memory analysis, and disk forensics. Certifications: * IT security certifications (CISSP, CISM, GIAC, CEH, GCIH, GCFE, GXPN, CISSP-ISSAP, SABSA or similar) preferred. Compensation: Base Pay Range: $197,400.00 - $235,100.00 Actual placement within this range may vary based upon, but not limited to, relevant experience, time in role, base salary of internal peers, prior performance, business sector, and geographic location. The Company also offers competitive benefits for full time employees including paid time off, matching 401(k), and health benefits. About Us: Irvine Company is a privately held real estate investment company and master-planner committed to creating and sustaining communities that thrive for generations. Irvine Company is respected for its master planning and environmental stewardship of the Irvine Ranch in Orange County, including diversified operations throughout coastal California. Irvine Company brings to life neighborhoods and sustainable communities with a full range of housing, jobs, retail centers, schools, parks and open space. We take as much pride in our employee community as we do the communities we create. It's an environment populated with talented and experienced people, a collaborative spirit and abundant opportunities. Apply today to join our employee community, and learn more about Irvine Company, our legacy and our guiding principles. Irvine Company is committed to providing equal opportunity in all of our employment practices, including selection, hiring, promotion, transfer, compensation, termination, and training, without regard to race, religion, color, sex, sexual orientation, gender, gender identity, national origin, ancestry, citizenship status, marital status, pregnancy, age, medical condition, genetic information, military and veteran status, disability, or any other basis protected by federal, state, and local law. Reasonable accommodation is available for qualified individuals with disabilities, upon request. #LI-Onsite Nearest Major Market: Irvine California Nearest Secondary Market: Los Angeles Job Segment: Real Estate, Engineer, Architecture, Sales, Engineering APPLY NOW "

Sr. Information Security Engineer External Description: Alignment Healthcare is a data and technology driven healthcare company focused on partnering with health systems, health plans and provider groups to provide care delivery that is preventative, convenient, coordinated, and that results in improved clinical outcomes for seniors. We are experiencing rapid growth (backed by top private equity firms), and our team is looking for the best and brightest individuals. We love our customers and understanding them better makes it possible to provide the best clinical outcomes and care experience. Are you an Information Security Engineer with experience in automation, cloud technologies, and endpoint security? Would you like to work in an environment where your skills can be utilized effectively, and you have opportunities to make significant impact? If you are passionate about security and can reduce risk in practical ways that scale, we want to hear from you! Major Responsibilities Contributes to the daily operational aspects of the Information Security Team, primarily from a technical implementation perspective. Assists with break/fix of tools and automation that are owned by the Information Security Team. Works with internal and external customers on a variety of issues, from a simple security review of a mundane and routine ask, to a complex deep dive into a new feature implementation in O365, Azure, or AWS. Balances operational work (approximately 70% of the day) to help meet team SLAs, and project work (approximately 30% of the day) to meet assigned team deliverables. Contributes to the design, implementation, and documentation of new security tools. Collaborates with other internal information technology teams (networking, cloud, traditional architecture, developers, and data scientists) to support internal and external systems. Utilizes scripting and DevOps to provide automation and orchestration between: information security tools, such as the SIEM (Logstash, FortiSIEM, IBM QRadar, etc.); endpoint protection (Symantec, McAfee, Cylance, CrowdStrike Falcon, etc.); vulnerability scanners (Rapid7, Nessus, etc.); patch management (SCCM, Altiris, PDQ, etc.); other applications; OS' (Windows, MacOS, Linux, iOS, Android); cloud platforms (AWS, Azure); and IAM platforms (Active Directory, Okta, Auth0, PingIdentity, SAML, OIDC). Clearly documents designed automation and system relationships. Contributes and participates in the Information Security Team daily stand-ups and other meetings as necessary. Participates in regular reporting, maintaining accountability and transparency within the Information Security Team. Remains current on industry trends in cyber risk with industry standards (ISO 27001/2, NIST, CIS) and regulatory requirements (HIPAA, HITECH, HITRUST, etc.) Technical knowledge of common information security tools and systems: DLP, MAM/MDM, Firewall/VPN, endpoint protection, PKI, RBAC, IAM, etc. Demonstrated practical experience with one or more programming or scripting languages. (PowerShell, Python, C#, VB, VBA, Ruby, NodeJS, SQL, etc.) We're not picky, but you must be able to deliver practical automation! Demonstrated practical experience with one or more of the major cloud providers (AWS, Azure, GCP). Excellent oral and written communication skills, and an ability to present and discuss technical information in a way that establishes rapport and trust. Detail orientated, with an ability and desire to build to 100%, but being ok with building to 90% as tasked. An ability to be productive as an individual contributor with little supervision to meet agreed upon deliverables. Preferred Prior experience in the healthcare or a related HIPAA regulated industry. A working knowledge of the NIST CSF and/or CIS Critical Security Controls (CSC). A working knowledge of Git and GitHub. Previous experience contributing to projects using agile tools (Jira, Azure DevOps, Pivotal) and processes (Scrum, Kanban). One or more cloud security certifications. Education Bachelor's degree in Computer Science, Computer Engineering, or related technical discipline, and/or equivalent work experience. 3+ years' experience working in a technical, hands-on, information security role. One or more current security related certifications (e.g., CISSP, SANS GIAC, etc.) City: Orange State: California Location City: Orange Schedule: Full Time Location State: California Community / Marketing Title: Sr. Information Security Engineer Company Profile: Alignment Healthcare was founded with a mission to revolutionize health care with a serving heart culture. Through its unique integrated care delivery models, deep physician partnerships and use of proprietary technologies, Alignment is committed to transforming health care one person at a time. By becoming a part of the Alignment Healthcare team, you will provide members with the quality of care they truly need and deserve. We believe that great work comes from people who are inspired to be their best. We have built a team of talented and experienced people who are passionate about transforming the lives of the seniors we serve. In this fast-growing company, you will find ample room for growth and innovation alongside the Alignment community. EEO Employer Verbiage: On August 17, 2021, Alignment implemented a policy requiring all new hires to receive the COVID-19 vaccine. Proof of vaccination will be required as a condition of employment subject to applicable laws concerning exemptions/accommodations. This policy is part of Alignment's ongoing efforts to ensure the safety and well-being of our staff and community, and to support public health efforts. Alignment Healthcare, LLC is proud to practice Equal Employment Opportunity and Affirmative Action. We are looking for diversity in qualified candidates for employment: Minority/Female/Disable/Protected Veteran. If you require any reasonable accommodation under the Americans with Disabilities Act (ADA) in completing the online application, interviewing, completing any pre-employment testing or otherwise participating in the employee selection process, please contact ******************.

Sr. Cloud Security Architect - (250000OA) Description Who We AreThrough our service brands Hyundai Motor Finance, Genesis Finance, and Kia Finance, Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai, Genesis, and Kia customers and dealerships. We provide vehicle financing, leasing, subscription, and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow, innovate, and diversify, we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering, philanthropy, and the empowerment of our Employee Resource Groups. Together, we strive to be the leader in financing freedom of movement. We Take Care of Our PeopleAlong with competitive pay, as an employee of HCA, you are eligible for the following benefits:· Medical, Dental and Vision plans that include no-cost and low-cost plan options· Immediate 401(k) matching and vesting· Vehicle purchase and lease discounts plus monthly vehicle allowances· Paid Volunteer Time Off with company donation to a charity of your choice· Tuition reimbursement What to ExpectThe Sr. Cloud Security Architect is a strategic technical leader responsible for designing and implementing secure cloud architecture across multiple platforms and service models. This role ensures that enterprise cloud environments-including SaaS, PaaS, and IaaS-are resilient, compliant, and aligned with cybersecurity standards. The architect will work closely with the IT Infrastructure Platform team to integrate security into infrastructure services and cloud-native platforms, including securing the Microsoft 365 (M365) ecosystem. This role will champion the adoption of Zero Trust principles and industry best practices, working cross-functionally to elevate the organization's cloud security posture. What You Will Do1. Cloud Security Architecture & Design:· Design Secure Cloud Infrastructure Environments: design and implement secure cloud architecture across AWS, OCI, GCP and other platforms. · Assess and Secure IaaS, PaaS, SaaS solutions: Identify cybersecurity risk and remediation activities to ensure our SaaS solutions such a Salesforce, M365, and other solutions are aligned with industry's best practices to ensure the security of our data stored and processed within these services. · Secure AI Utilization: design and implement security controls for AI/ML workloads in cloud environments, including securing model training pipelines, protecting sensitive data, and mitigating risks associated with adversarial AI, model drift, and generative AI misuse. · Develop reference architectures and security patterns that align with Zero Trust principles. · Lead threat modeling and risk assessments for cloud and hybrid workloads. 2. Cloud Security Engineering, Implementation and Operations Support:· Cloud Security Solution Management: manage and monitor our cloud native security solutions and monitoring tools to ensure optimal performance and visibility. · Provide Support and Guidance for Security Operations: Provide technical leadership and guidance to our Security ops teams and lead incident responses related to Cloud security events. · Review, monitor and Optimize: review current Cloud solution implementations, optimize cloud security utilization and improve efficiency and integration when possible. Create continuous monitoring of Cloud Security Compliance. · Collaborate with infrastructure and DevOps teams to implement security controls including IAM, encryption, segmentation, and monitoring. · Integrate cloud security tools (CSPM, CWPP, CIEM) into CI/CD pipelines and runtime environments. · Drive automation and infrastructure-as-code (IaC) practices using tools. · Define cloud security monitoring requirements and integrate with SIEM and SOAR platforms. · Support incident response and forensic investigations related to cloud and hybrid environments. · Conduct root cause analysis and recommend architectural improvements to prevent recurrence. 3. Collaboration and Innovation:· Cross-Functional Collaboration: Partner with IT Infrastructure and IT Application teams, DevOps, IAM, DLP, Security Operations, Information Protection Governance and business units to integrate security into digital transformation initiatives, such as cloud migrations, fintech innovations, and core banking systems. · Technology Evaluation: Research and evaluate emerging cybersecurity technologies (e. g. , AI-driven threat detection, PasswordLess authentication) to enhance architectural resilience and efficiency. · Automation and Orchestration: Design automated security workflows using tools like SOAR platforms (e. g. , Splunk SOAR, Palo Alto Cortex) to improve incident response and operational efficiency. · Knowledge Sharing: Mentor junior architects and engineers, sharing best practices and fostering a culture of security awareness across the organization. · Act as a subject matter expert (SME) for cloud and hybrid security across the enterprise. · Influence strategic decisions around cloud adoption, migration, and modernization with a security-first mindset. 4. Compliance and Regulatory Alignment:· Regulatory Compliance: Ensure cloud security architecture meets financial regulations (e. g. , PCI DSS, GDPR, Korean SOX, FFIEC, NYDFS) through secure design, documentation, and audit-ready configurations. · Policy Development: Contribute to the development of cybersecurity policies and standards, ensuring architectural designs align with regulatory and organizational requirements. · Vendor Evaluation: Assess third-party vendors and Managed Security Service Providers (MSSPs) for compatibility with architectural designs and compliance needs· Promote and enforce industry best practices for cloud security architecture, operations, and governance. 5. Documentation and Reporting:· Architecture Documentation: Create and maintain detailed architectural diagrams, design documents, standards and runbooks to support implementation, audits, and incident response. · Executive Communication: Present architectural designs, risk assessments, and recommendations to the Director of Cybersecurity, CISO, and senior leadership, articulating business impacts. · Metrics and Validation: Develop metrics to validate architectural effectiveness (e. g. , threat detection coverage, compliance adherence) and drive continuous improvement. Qualifications What You Will Bring· Minimum 8 years progressive experience in cybersecurity with proven knowledge in cloud security architecture or engineering role designing secure cloud native systems. · 3+ years of experience in financial services, with a strong understanding of financial threats (e. g. , fraud, data breaches) and regulations (e. g. , PCI DSS, Korean SOX, GDPR). · Hands-on experience architecting secure network, cloud, and SaaS environments in complex, regulated industries. · Bachelor's degree in computer science, Information Security, or related field; Master's degree preferred· At least one of the following: CISSP, CCSP, CISM, TOGAF, or equivalent. · Hands-on security testing experience in cloud platforms, especially AWS and M365. · Cloud security certifications such as:o AWS Certified Security - Specialtyo Microsoft Azure Security Engineero Microsoft 365 Securityo Google Professional Cloud Security Engineero Other comparable certifications. Technical Skills:· Technical expert with deep experience in financial services, a strategic mindset, and the ability to align cybersecurity architecture with business objectives. · Expertise in network security (e. g. , NGFW, IDS/IPS, VPNs) and cloud security (AWS, Azure, Google Cloud, Oracle Cloud)· Proficiency in Microsoft 365 Security Tools: Microsoft Defender, Intune, Azure AD (Entra), ADFS· Knowledge of security frameworks such as NIST, ISO 27001, and COBIT. · Strong knowledge of Cloud Native Security solutions and monitoring technology - (AWS CloudTrail, SecurityHub, GuardDuty)· Experience with secure software development lifecycles (SDLC) and DevSecOps practices. · Familiarity with automation and scripting (e. g. , Python, PowerShell, Terraform) for infrastructure-as-code and security orchestration. · Hands-on experience with cloud security posture management (CSPM) and workload protection platforms. · Proficiency in IAM frameworks (RBAC, MFA, PAM) and DLP technologies (data classification, policy enforcement). · Strong knowledge of SIEM (e. g. , Splunk), SOAR, and threat intelligence platforms for architectural integration. · Deep experience in the design and implementation of robust security architectures for SaaS platforms, ensuring secure integration, data protection, and compliance with industry standards such as SOC 2, ISO 27001, and others. · Experience designing and implementing security controls for AI/ML workloads in cloud environments. · Knowledge of financial systems (e. g. , core banking platforms, payment gateways) and their security requirements. Soft Skills:· Strong problem-solving skills to address complex architectural challenges. · Excellent communication skills to articulate technical concepts to technical and non-technical stakeholders. · Strategic thinker with the ability to align cybersecurity architectures with business and regulatory goals. Preferred· Experience with AI-driven cybersecurity tools (e. g. , ReliaQuest GreyMatter, Rapid7, etc. ) for threat detection and response. · Familiarity with zero-trust architectures and emerging technologies, such as SASE or decentralized identity. · Knowledge of data encryption, tokenization, and secure API design for financial applications. · Experience working with MSSPs to integrate external security services. · Understanding of threat modeling frameworks. Work EnvironmentEmployees in this class are subject to extended periods of sitting, standing, and walking, vision to monitor and moderate noise levels. Work is performed in an at home and office environment. The posted salary range for this job takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; geographic location, and other business and organizational needs. Successful candidates may be hired anywhere in the salary range based on these factors. It is uncommon to hire candidates at or near the top of the range. California Privacy NoticeThis notice only applies to our applicants who reside in the State of California. The latest version of our Privacy Policy can be found here. This Privacy Policy provides you with notice, at or before the point of collection, about the categories of personal information to be collected from you, the purposes for which your personal information is collected or used, and whether that information is sold or shared, so that you can exercise meaningful control over our use of your personal information. We are providing this notice to comply with the California Consumer Privacy Act of 2018, as amended as amended by the California Privacy Rights Act of 2020 (“CCPA”). If you have any questions about CCPA regarding California residents or HCA team members, please contact the Privacy Team at Privacy2@hcs. com. Primary Location: United States-California-IrvineWork Locations: Headquarters 1 3161 Michelson Dr. Ste 1900 Irvine 92612Job: IT ApplicationJob Type: RegularOvertime Status: ExemptSchedule: Full-time Minimum Salary: $132,000. 00Maximum Salary: $204,600. 00Job Posting: Dec 1, 2025

Allied Universal , North America's leading security and facility services company, offers rewarding careers that provide you a sense of purpose. While working in a dynamic, welcoming, and collaborative workplace, you will be part of a team that contributes to a culture that positively impacts the communities and customers we serve. Job Description Allied Universal is hiring a Global Chief Information Security Officer (CISO). The Global Chief Information Security Officer (GCISO) will lead Allied Universal's global cybersecurity strategy and operations, serving as the single accountable executive for cybersecurity across all of Allied Universal's global operations, responsible for protecting the company's people, systems, and data. Allied Universal is the 3 rd largest employer in North America and the 7th largest employer in the world, with approximately 800,000 employees in more than 100 countries and territories. This role is responsible for defining, implementing, and maintaining a comprehensive, risk-based cybersecurity program designed to protect Allied Universal's assets and technology platforms against evolving threats. The GCISO must be both a strategic leader and a hands-on practitioner capable of translating complex technical risks into business terms, fostering a culture of cybersecurity accountability throughout the organization, and directly engaging in key operational, investigative, and incident-response activities when necessary. The GCISO reports directly to the Global General Counsel to ensure independent oversight and transparency to executive leadership and the Board, with a dotted-line reporting relationship to the Chief Technology Officer for alignment with technology architecture, strategy, and operations. The GCISO directly manages Regional Cybersecurity Leaders, who implement global standards and maintain local readiness while partnering closely with Regional Chief Information Officers (CIOs) to integrate cybersecurity requirements into regional IT operations and project delivery. The GCISO will operate out of our headquarters in Irvine, CA. RESPONSIBILITIES: Strategic Leadership: Develop and execute a global, risk-based cybersecurity strategy and program aligned with Allied Universal's business objectives Establish, communicate, and oversee governance of enterprise-wide cybersecurity policies, standards, and controls that are appropriate for the company's diverse global operations Lead, mentor and manage Regional Cybersecurity Leaders to promote consistency, accountability, and operational effectiveness across all regions Define and monitor key risk indicators, cybersecurity metrics, and maturity objectives to inform executive decision-making and drive ongoing program improvement Oversee global monitoring, detection, and response capabilities that provide 24×7 visibility into potential cyber risks and support timely containment activities Identify and assess emerging threats, technologies, and vulnerabilities to support informed planning and risk mitigation efforts Provide recommendations regarding cybersecurity investments and resource allocation, helping prioritize efforts based on risk, business impact, and value Collaboration and Stakeholder Engagement: Foster a culture of cybersecurity awareness, ownership, and accountability across all functions and geographies Coordinate, develop, and implement programs designed to train Allied Universal's workforce regarding the company's cybersecurity requirements, including applicable cybersecurity laws and requirements and responding to evolving cybersecurity threats Risk Management: Evaluate emerging threats and vulnerabilities, driving continuous improvement of the company's cybersecurity posture as appropriate Direct recurring global cybersecurity risk assessments; oversee associated cybersecurity risk management activities, including maintenance of a risk register, remediation tracking, and risk decisions Oversee periodic internal and external cybersecurity audits to verify adherence to policies, standards and regulatory requirements Report promptly on cybersecurity risks to relevant Allied Universal Leadership upon identifying risks that exceed tolerance levels Compliance: Support compliance with regulatory requirements as well as any Allied Universal and customer contractual obligations for cyber security Remain current and knowledgeable regarding applicable cybersecurity laws and regulations, including laws and regulations applicable to government contractors Lead on various external cybersecurity initiatives, including compliance for protecting sensitive data such as responding to regulators and customer audits Incident Response: Direct and continuously improve the enterprise incident-response program, including playbooks, tabletop exercises, and post-incident reviews Lead cross-functional coordination with Legal, Technology, Operations, and Regional CIOs to contain and recover from major cyber incidents Oversee specialized incident-response and investigative resources for critical events Provide timely updates to the CEO, Global General Counsel, and Board on incident status, impact, and remediation progress Assessments and Audits: Review and assess the effective deployment of cybersecurity technologies, tools and software by Allied Universal, third parties, and related vendors Coordinate and respond to various cybersecurity assessments, including, as required, certifications to process certain government-related data or other sensitive data Monitor and manage cybersecurity aspects of the third-party lifecycle and confirm that third parties' cybersecurity practices align with Allied Universal's cybersecurity risk tolerance Third-Party Due Diligence: Communicate/respond to requests regarding the effectiveness of Allied Universal's cybersecurity program regarding third-party diligence, selection, and monitoring (e.g., insurance, debt financing, public accounting, initial public offering, etc.) in coordination with Allied Universal Leadership, including IT, Legal and Procurement Communication and Reporting: Provide regular briefings to the CEO, Global General Counsel, and Board of Directors on cybersecurity posture, key risks, and, if applicable, major incidents. Communicate with internal and external stakeholders (including government and prime contractor customers) regarding Allied Universal's cybersecurity program Prepare and present reports on Allied Universal's cybersecurity posture to the CEO and Board of Directors, and other Allied Universal Leadership Business Continuity and Disaster Recovery: Partner with IT and Operations to ensure business-continuity and disaster-recovery programs incorporate cybersecurity risk considerations, are regularly tested, and effectively support enterprise resilience objectives QUALIFICATIONS (MUST HAVE): Bachelor's degree in computer science, Information Technology, cybersecurity, or a related field Minimum of fifteen (15) years of progressive experience in cybersecurity Minimum of seven (7) years in a senior management role in an information security function Experience in managing, responding to, and mitigating cyber incidents Experience or familiarity with government contracting and public and private company cybersecurity reporting requirements Hands-on cyber incident response coordination and oversight experience Expertise in risk-based frameworks (NIST CSF, ISO 27001, SOC 2, CMMC, NIST 800-171) and familiarity with applicable regulatory regimes (SEC, GDPR, state breach laws, etc.) Proven ability to engage with CEO, Board of Directors, and Executive Team on cybersecurity strategy and governance Ability to operate effectively as both strategist and practitioner, a player-coach who drives global cybersecurity direction while engaging hands-on to guide, mentor, and resolve complex technical and operational challenges Strong leadership skills as well as the ability to work and communicate (verbal, written, and interpersonal) effectively with other leadership and their teams An entrepreneurial and innovative mindset regarding cybersecurity development and operations A strong understanding of the business impact of cybersecurity policies, tools, and technologies, including leveraging existing assets and talent to efficiently manage cybersecurity spend PREFERRED QUALIFICATIONS (NICE TO HAVE): Recognized security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), etc. COMPENSATION AND BENEFITS: Base salary range: $275,000 to $350,000 (based on skills, qualifications, and relevant experience), annual bonus, equity package Medical, dental, vision, supplemental income plan with a company match, basic life, AD&D, and disability insurance Eight paid holidays annually, five sick days, and four personal days Executive Flex Vacation Plan Closing Allied Universal is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race/ethnicity, age, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, protected veteran status or relationship/association with a protected veteran, or any other basis or characteristic protected by law. For more information: *********** If you have difficulty using the online system and require an alternate method to apply or require an accommodation, please contact our local Human Resources department. To find an office near you, please visit: ***********/offices. Requisition ID 2026-1510953

GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: * Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. * Build-time controls: Managing applications/products security controls and activities during development. * Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities * Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. * Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. * Support or develop components of the security analytics platform. * Contribute to investigations, threat hunting, and incident response activities in a supporting role. * Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. * Support the security operations team with the vulnerability management lifecycle for products and services under your purview. * Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities * Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. * Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. * Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. * Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). * Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. * Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. * Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. * Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. * Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. * Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. * Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. * Experience engaging with vendors in design partnerships. * Experience overseeing vulnerability and threat management at the platform and application levels. * Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. * Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. $146,000 - $170,000 a year In addition to the above salary, this role may be eligible for a bonus. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Headquartered in the United States, TP-Link Systems Inc. is a leading global provider of networking devices and smart home products. Consistently ranked as the world's top provider of Wi-Fi devices, TP-Link is dedicated to delivering innovative solutions that improve people's lives by offering faster, more reliable connectivity. Serving customers in over 170 countries, we are committed to expanding our global footprint. At TP-Link Systems Inc., we believe that technology has the power to transform the world for the better. Our mission is to design reliable, high-performance products that connect users worldwide to the limitless possibilities of technology. We are driven by our core values of professionalism, innovation, excellence, and simplicity. Our goal is to help clients achieve outstanding global performance and to provide consumers with a seamless, effortless technology experience. TP-Link Systems Inc. is seeking a skilled and proactive Sr. Security Compliance Analyst who will be responsible for developing and overseeing TP-Link's enterprise security governance framework, ensuring compliance with regulatory requirements, industry standards, and internal policies. This individual will collaborate with cross-functional teams to embed security into business operations, manage risk, and enhance security resilience across TP-Link's enterprise ecosystem. Key Responsibilities: Security Governance & Policy Development Develop, implement, and maintain security policies, standards, and guidelines aligned with industry best practices (e.g., NIST, ISO 27001, CIS). Establish and lead a security governance framework to ensure consistent application of security controls across the enterprise. Risk Management & Compliance Identify, assess, and mitigate security risks across TP-Link's global operations. Ensure compliance with regulatory requirements such as GDPR, CCPA, NIST CSF, and other applicable cybersecurity frameworks. Oversee security audits, risk assessments, and third-party security evaluations. Partner with legal, IT, and business leaders to address security compliance gaps. Third-Party & Supply Chain Security Develop and enforce security requirements for vendors, suppliers, and third-party partners. Conduct security assessments of supply chain partners to identify and mitigate potential risks. Security Awareness & Training Develop and lead security awareness programs to educate employees on cybersecurity risks and best practices. Foster a security-first culture across all levels of the organization. Provide guidance and training on security governance processes for internal stakeholders. Incident Response & Continuous Improvement Support security incident response efforts by ensuring governance processes facilitate rapid detection and response. Lead post-incident analysis to refine security policies and controls. Monitor emerging threats, regulatory changes, and industry trends to evolve TP-Link's security governance strategies. Requirements Qualifications Education: Bachelor's degree in Computer Science, Cybersecurity, Information Security, or a related field. Experience: 5+ years of experience in security governance, risk management, or compliance in a global technology or networking company. Proven track record in developing and implementing security governance frameworks for enterprise security. Experience managing compliance with industry standards and regulations (ISO 27001, NIST CSF, SOC 2, GDPR, CCPA, etc.). Hands-on experience with supply chain security, third-party risk management, and vendor security assessments. Skills: Deep understanding of security frameworks (ISO 27001, NIST, CIS, SOC 2) and regulatory requirements. Strong expertise in risk management methodologies, security policy development, and compliance auditing. Proficient in conducting security assessments, third-party risk evaluations, and internal security reviews. Ability to communicate complex security concepts to business and technical stakeholders effectively. Strong leadership skills with experience in cross-functional collaboration and executive reporting. Benefits Salary range: $100,000-$150,000 Free snacks and drinks, and provided lunch on Fridays Fully paid medical, dental, and vision insurance (partial coverage for dependents) Contributions to 401k funds Bi-annual reviews, and annual pay increases Health and wellness benefits, including free gym membership Quarterly team-building events At TP-Link Systems Inc., we are continually searching for ambitious individuals who are passionate about their work. We believe that diversity fuels innovation, collaboration, and drives our entrepreneurial spirit. As a global company, we highly value diverse perspectives and are committed to cultivating an environment where all voices are heard, respected, and valued. We are dedicated to providing equal employment opportunities to all employees and applicants, and we prohibit discrimination and harassment of any kind based on race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Beyond compliance, we strive to create a supportive and growth-oriented workplace for everyone. If you share our passion and connection to this mission, we welcome you to apply and join us in building a vibrant and inclusive team at TP-Link Systems Inc. Please, no third-party agency inquiries, and we are unable to offer visa sponsorships at this time.

Responsible for driving the development, implementation, communication, and maintenance of loan Depot's technology policies, standards and procedures that are aligned to industry standards and regulatory requirements. Ensures that loan Depot technology processes adheres to regulatory requirements, manages risks effectively, and establishes strong governance practices. Develops and implements controls, monitors compliance, and supports risk management activities. Responsibilities: * Leads the development and implementation of comprehensive cybersecurity and IT policies, standards, and guidelines. * Continuously evaluates and updates cybersecurity and IT policies to ensure they remain current and effective. * Ensures policies comply with relevant laws, regulations, and industry standards (e.g., NIST, FFIEC, GLBA, NYDFS, SOX and PCI-DSS). * Collaborates with teams, working closely with IT, legal, compliance, and other departments, to gain a deep understanding of business needs to ensure cybersecurity policies align with business objectives. * Transforms complex information and documentation into simple concepts that are easy to understand by the end-users. * Offers specialized expertise and consultation to cross-functional teams to perform framework-oriented risk assessments, identify deficiencies, generate reports, and recommends prioritized, actionable solutions to mitigate risks and enhance loan Depot's overall security posture. * Stays informed about the latest cybersecurity threats, trends, and best practices. Ensures accurate and up-to-date records of policy reviews, risk assessments, training activities, and incident responses. * Benchmarks the organization's policies against industry standards and best practices. * Develops and implements governance frameworks for cybersecurity policy management. * Monitors key performance indicators, conducts gap analysis, risk assessments and implements frameworks, as needed. Tests and monitors effectiveness of controls. * Establishes a feedback loop and analyzes metrics to continuously improve cybersecurity policies based on audit findings, incident reviews, and emerging threats. * Actively leads and supports on internal and external audits and assessments of cybersecurity policies and practices. Accountable for ensuring identified audit and assessment findings and actions are tracked to closure. * Maintains comprehensive documentation of all cybersecurity policies, procedures, and related activities. Communicates policy requirements and updates to all relevant stakeholders. * Identifies opportunities for innovation and improvement in cybersecurity policy and practice. Proposes suitable mitigation strategies and verifies the effectiveness of remediation plans Requirements: * Bachelor's Degree in Information Security, Computer Science, Information Technology, or a related field preferred. * Minimum of six (6) + years' experience working in Cybersecurity GRC, policy development, risk management, or a similar field. * Experience with GRC tools (e.g., Archer, ServiceNow, OneTrust). * Proficiency in using data analysis and reporting tools (e.g., Excel, Power BI). * Relevant certifications such as CISM and/or CISA are highly desirable. Why work for #teamloan Depot: * Competitive compensation package based on experience, skillset and overall fit for #TeamloanDepot. * Inclusive, diverse, and collaborative culture where people from all backgrounds can thrive * Work with other passionate, purposeful, and customer-centric people * Extensive internal growth and professional development opportunities including tuition reimbursement * Comprehensive benefits package including Medical/Dental/Vision * Wellness program to support both mental and physical health * Generous paid time off for both exempt and non-exempt positions About loan Depot: loan Depot (NYSE: LDI) is a digital commerce company committed to serving its customers throughout the home ownership journey. Since its launch in 2010, loan Depot has revolutionized the mortgage industry with a digital-first approach that makes it easier, faster, and less stressful to purchase or refinance a home. Today, as the nation's second largest non-bank retail mortgage lender, loan Depot enables customers to achieve the American dream of homeownership through a broad suite of lending and real estate services that simplify one of life's most complex transactions. With headquarters in Southern California and offices nationwide, loan Depot is committed to serving the communities in which its team lives and works through a variety of local, regional, and national philanthropic efforts. Base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay for this role is between $99,000 and $136,500. Your base pay will depend on multiple individualized factors, including your job-related knowledge/skills, qualifications, experience, and market location. We are an equal opportunity employer and value diversity in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

**AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life - such as energy, infrastructure, chemicals and minerals - safely, efficiently and more sustainably.** **We're the first software business in the world to have our sustainability targets validated by the SBTi, and we've been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We've also recently been named as one of the world's most innovative companies.** **If you're a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at AVEVA Careers (**************************************** .** **For more information about our privacy policy and how to manage cookies, visit our** **Privacy Policy (**************************************************************************************************************************** **.** **Position:** Principal Security Engineer - Application Security & Incident Response **Location:** Calgary Canada/ Lake Forest, CA **Type:** Full time- Hybrid **Path:** Individual Contributor **Salary Range:** $123,500.00 - $205,900.00 **About the Role:** We're looking for a **Principal Security Engineer** to lead our application security efforts and help protect our global technology environment. This is a hands-on, high-impact role for someone with deep expertise in application security, a strong development background, and real-world breach response experience. You'll work across engineering and product teams to identify vulnerabilities, guide secure development, and respond to security incidents. As part of our global 24×7 security team, you'll help ensure continuous coverage and rapid response to emerging threats. **Key Responsibilities:** + Lead application security practices across development and deployment workflows. + Identify and remediate vulnerabilities in collaboration with engineering teams. + Monitor for threats and respond to security incidents across global environments. + Apply breach response experience to strengthen threat modeling and security controls. + Stay ahead of emerging threats and translate insights into actionable improvements. + Develop secure coding standards and mentor teams on best practices. + Work as part of a global 24×7 team to ensure consistent security coverage. **Required Qualifications:** + Strong development background with experience in secure coding and software engineering. + Proven experience in application security and incident response. + Proven experience securing cloud applications (e.g., Azure, AWS, GCP). + At least **two years operating at Principal level** or in a senior technical leadership role. + Strong understanding of secure development practices and threat modeling. + Experience with cloud-native environments, CI/CD pipelines, and containerized applications. + Excellent communication and stakeholder engagement skills. **Preferred Qualifications:** + Certifications like CSSLP, OSWE, or GWAPT. + Experience with automated security tools and analysis platforms. + Familiarity with compliance frameworks (e.g., GDPR, PCI-DSS, ISO 27001). + Understanding of the NIS Directive and its impact on security operations. **R&D at AVEVA** Our global team of 2000+ developers work on an incredibly diverse portfolio of over 75 industrial automation and engineering products, which cover everything from data management to 3D design. AI and cloud are at the centre of our strategy, and we have over 150 patents to our name. Our track record of innovation is no fluke - it's the result of a structured and deliberate focus on learning, collaboration and inclusivity. If you want to build applications that solve big problems, join us. **AVEVA requires all successful applicants to undergo and pass a comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria.** **AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.** **Come and join AVEVA to create the transformative technology that enables our customers to engineer a better world.** Empowering you with pioneering tech AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life - such as energy, infrastructure, chemicals and minerals - safely, efficiently and more sustainably. We're the first software business in the world to have our sustainability targets validated by the SBTi, and we've been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We've also recently been named as one of the world's most innovative companies. If you're a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at AVEVA Careers (**************************************** . For more information about our privacy policy and how to manage cookies, visit our Privacy Policy (*********************************************************************************************************************** .

Job Title: Security Engineer Employment Type: Full-Time (Only USC/GC candidates) The client is looking for a Security Engineer with expertise in firewall security, cloud security, and DevSecOps to join our team! If you have a passion for cybersecurity, risk assessment, and compliance, this is a great opportunity to work on cutting-edge security solutions. Key Responsibilities: Implement and manage security controls in Azure cloud environments. Review and enhance Palo Alto Firewall security rules and policies. Conduct vulnerability assessments and penetration testing to identify risks. Manage security monitoring tools for real-time threat detection and response. Ensure compliance with industry standards (SOX, PCI) and support security audits. Collaborate with DevOps & IT teams to integrate security best practices. Develop and maintain incident response plans and security awareness programs. Required Skills & Qualifications: 3+ years of experience in information security or IT. Strong knowledge of firewall security, cloud security, and DevSecOps. Experience with security tools such as: Palo Alto Firewall Crowdstrike EDR, IDP, Filevantage ArcticWolf, Delinea, Checkpoint Harmony, Automox Bachelor's degree in Computer Science, IT, or a related field (preferred).

The System Security Engineer Level II is required to be a highly skilled and hands-on security engineer, and will be responsible for helping to maintain and expand the infrastructure of the entire Cambro network, ensuring that they are protected from cyber threats and attacks, ensuring compliance, and responding to incidents. In this role, the responsibility is to manage, monitor, and maintain our Network IT infrastructure from CVEs, cyber threats, manage and implement device firmware and software updates. Also, the role is required to assist in projects and initiatives to support, upgrade, and maintain our technical environment to improve network security. The role requirement is to be proficient with cybersecurity frameworks including NIS, ISO27001/27002, CIS, HIPAA, CCPA/CPRA and GDPR. The role requires to have a multi-disciplined background including experience with Cybersecurity Operations, firewalls, IDS/IPS, switches, VLANs, routing protocols, IPsec, VPN tunnels, multi factor authentication and e-mail security. In addition, they must have a solid understanding of virtualized servers, Windows workstations and services. This role is required to have the network monitoring skills and technologies for detecting unusual activity, investigate security breaches and lead incidence response. ESSENTIAL JOB FUNCTIONS • Monitor network traffic for anomalies, investigate alerts and respond to security incidents. • Conduct regular vulnerability scans, risk assessments, patch management and mitigation across network devices. • Ensure adherence to cybersecurity frameworks including NIS, ISO27001/27002, CIS, HIPAA, CCPA/CPRA and GDPR. • Able to proactively scan servers and network devices for vulnerable ports and protocols and rogue devices. • Manage our firewall environment with the ability to create route policies and apply cybersecurity recommendations • Install and configure Network Equipment (Switches, Firewalls, and other networking hardware) • Perform (Layer 2) switch administration and configuration on Cisco/Ruckus switches. Including configuring LAGs, interfaces, creating trunks, creating, and managing segmented VLANs. • Possess a solid understanding of Windows Server services and roles including installation and configuration • Create certificates for network devices and servers that have a web management capability • A strong understanding of Windows Active Directory and can design, implement, and configure and troubleshoot Active Directory issues • Create, Manage and Deploy Group Policy Objects (GPO's) to deploy applications and implement security including windows firewalls • Effectively use PowerShell to automate and standardize administrative tasks • Capable of installing a Linux VM and execute basic Linux commands and managing Linux appliances • Manage our virtualized server environment managing, creating VM's and patching the VMware environment. • Strong understanding of Virtual Switches, Port Groups (Distributed and Standard) • Manage the Active Backup for Business on Synology and other advanced Synology administration features • Maintain and monitor Backup solutions. • Manage our users email accounts using the cloud service M365 from Microsoft • Responsible for creating and maintaining server and network documentation to include tasks and procedures • Proactively monitor our network using a variety of tools to help identify potential network and server issues • Assist in patching our entire infrastructure when needed using a variety of tools • Maintains strong technical abilities, knowledge of new and changing technologies • Prepare for emergencies by creating and/or updating action plans • Jumping into time-sensitive projects wherever needed • Showing flexibility and a willingness to learn • Maintain healthy communication with IT Staff, IT Customers and Vendors • Actively participate in IT Infrastructure and Operations projects, managing, completing, communicating, and fully documenting assigned tasks and deliverables. • Maintain reliable and consistent attendance, including being punctual, and dependable in order to meet the needs of the department and the organization. • Execute each essential duty satisfactorily to perform job successfully. • Follows all safety procedures required in work area, wears PPE as needed, attends all safety meetings, and reports safety issues regarding equipment or unsafe/hazardous conditions. • Performs effectively as a team member, able to work well with others, open to receiving and give feedback, and treats everyone with respect. • Takes ownership of own work and behavior, accepts accountability for own actions, encourages solutions, and communicates status of work/projects. • Follow all department quality standards/criteria. Raise concerns and issues to immediate manager. • Able to understand and demonstrate Cambro company culture, display company core values (Safety, Quality, Respect, and Service). • Understands department's key performance indicators and contributes to achieve these goals both individually and as a team. • Maintains reliable and consistent attendance, including being punctual, dependable, and flexible to potential schedule changes to meet the needs of the department and the organization. • Executes each essential duty satisfactorily to perform job successfully. • Follows all safety procedures required in work area, wears PPE as needed, attends all safety meetings, and reports safety issues regarding equipment or unsafe/hazardous conditions. • Performs effectively as a team member, able to work well with others, open to receive and give feedback, and treats everyone with respect. • Takes ownership of own work and behavior, accepts accountability for own actions, encourages solutions, and communicates status of work/projects. • Follows all department quality standards/criteria. Raises concerns and issues to management. • Understands department's key performance indicators (KPIs) and contributes to achieve these goals both individually and as a team. • Other duties as needed or required. ADDITIONAL RESPONSIBILITIES • Ability to be on call 24 hours a day, 7 days a week for global operations, by periodically providing off-hours, evening, and weekend support to accommodate maintenance windows and issue resolution • Occasional travel to various Cambro locations domestically and internationally as required (15%) • May occasionally guide less experienced associates to help with technical projects • Some travel may be required. REQUIRED QUALIFICATIONS The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. • Bachelor's degree (B.A.) from a four-year accredited college or university. • 5-10 years of experience in IT security, network, administration, and support roles. • Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form. • Ability to adapt and adjust plans to meet changing needs. • Proficient in Microsoft Office Suite • Experience with Fortinet solutions, EDR, email security solutions • Solid knowledge of cybersecurity frameworks including NIS, ISO27001/27002, CIS, HIPAA, CCPA/CPRA and GDPR. • Solid working knowledge of Layer 2 (VLANs, Inter-VLANs, VTP Domains, bridge groups, MVRP, ACL's) technologies and network segmentation. • Strong knowledge of DNS records including reverse zones and maintaining DNS records • Strong DHCP Knowledge to include DHCP Fail over and able to configure DCHP relay on Switches • Solid understanding of routing protocols, static routes and ARP cache • Proficient in creating and implementing certificates on layer 2 devices (Switches, Firewalls, Linux Appliances) • Strong troubleshooting skills and possess the ability to find security and network issues in a timely manner • Strong Windows administration skills including Active Directory/GPO's and security policies • Solid working knowledge of Virtualization, such as VMware ESXi servers and vCenter 7.x • Solid working knowledge of Veeam/Bacula/Exagrid backup software to manage backup and restore procedures • Must be able to follow instructions and procedures and ask questions if something is unclear • Excellent documentation skills including ability to create network drawings • Self-motivated and energetic with the ability to manage time efficiently without supervision and to work effectively under pressure • Strong customer service and communication skills • Excellent organizational skills and strong sense of urgency • Familiarity with various network types including LANs, WANs, SDWAN, WLANs, SANs, and VoIP networks • Great accuracy and attention to detail PREFERRED QUALIFICATIONS • Experience in Business Continuity and disaster recovery is a plus • Knowledge of Ruckus Access Points and Switches • Knowledge of IBMi PHYSICAL DEMANDS The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Sitting, walking, standing, bending at the neck, bending at the waist, squatting, climbing, kneeling, crawling, twisting at the neck and waist, repetitive use of hands, simple grasping, power grasping, fine manipulation, pushing and pulling, reaching above and below the shoulder, carrying/lifting up to 50 lbs. Driving cars and other IT equipment Working around equipment and machinery Exposure to excessive noise Exposure to dust, gas, fumes or chemicals Working at heights Use of special visual or auditory protective equipment Walking on uneven ground PPE Requirements Safety glasses Steel-toe slip-resistant shoes - When in production area Hearing protection (e.g. ear plugs, ear muffs) - When in production area Face covering (mask) in accordance with company policy. Hardhat/bump camp IT Application COMPENSATION RANGE: $97,000- $120,000 Salary may vary based on experience. CAMBRO is proud to be an equal-opportunity workplace. All qualified applicants will receive consideration for employment without regard to and will not be discriminated against based upon race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic information, military or veteran status, or other characteristics protected by law.

Country: United States of America Onsite U.S. Citizen, U.S. Person, or Immigration Status Requirements: Active and transferable U.S. government issued security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance Security Clearance: Secret - Current At Raytheon, the foundation of everything we do is rooted in our values and a higher calling - to help our nation and allies defend freedoms and deter aggression. We bring the strength of more than 100 years of experience and renowned engineering expertise to meet the needs of today's mission and stay ahead of tomorrow's threat. Our team solves tough, meaningful problems that create a safer, more secure world. Raytheon is seeking a well-qualified Systems Security Engineer II (P2) to join our Systems Security Engineering (SSE) team in developing solutions to protect the Warfighter's technology advantage. Systems Security Engineering creates holistic security solutions leveraging Cyber Security, Software Assurance and Supply Chain Risk Management to support Program Protection Implementation on embedded weapons systems. Join our highly visible team and perform technically challenging assignments, which will directly contribute to protecting our nation and our Warfighters. This is an onsite position at Raytheon in Fullerton, CA. What You Will Do Lead the patch team, ensuring on-time delivery of patches to our customer Perform analysis on cybersecurity collected data and test results Validate secure configuration of routers, switches, firewalls, servers, operating systems, applications, and other assets, using DoD approved scanning and assessment tools such as Nessus, STIG, Evaluate STIG, and/or RADIX Create and maintain Linux Bash and Python scripts Create patch artifacts such as patch media and information assurance posture reports Qualifications You Must Have Typically requires a Bachelor's Degree in Science, Technology, Engineering or Mathematics (STEM) and 2 years of prior relevant experience Active and transferable U.S. government issued DoD Secret security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance Experience in System Security Engineering, computer technology reverse engineering, cybersecurity or embedded security Qualifications We Prefer Experience with scrum planning and scrum tools such as Jira Experience in the SSE implementation throughout the entire life cycle Experience contributing to a team environment for the purpose of developing creative solutions to technical problems Cyber Certifications in accordance with DoDD 8570/DoDD 8140 such as CISSP, GSLC, CEH Experience supporting the development of Risk Management Framework (RMF) documents and controls validation testing for Authority to Operate (ATO) accreditations Candidate must exhibit an exceptional degree of ingenuity, creativity and resourcefulness Excellent communication, technical writing, oral presentation and interpersonal skills What We Offer Our values drive our actions, behaviors, and performance with a vision for a safer, more connected world. At RTX we value: Trust, Respect, Accountability, Collaboration, and Innovation Relocation Eligible - Relocation assistance is available As part of our commitment to maintaining a secure hiring process, candidates may be asked to attend select steps of the interview process in-person at one of our office locations, regardless of whether the role is designated as on-site, hybrid or remote. The salary range for this role is 72,000 USD - 144,000 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate's work experience, location, education/training, and key skills.Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement.Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company's performance.This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply.RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window. RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans' Readjustment Assistance Act. Privacy Policy and Terms: Click on this link to read the Policy and Terms

**Country:** United States of America ** Onsite **U.S. Citizen, U.S. Person, or Immigration Status Requirements:** Active and transferable U.S. government issued security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance **Security Clearance:** Secret - Current At Raytheon, the foundation of everything we do is rooted in our values and a higher calling - to help our nation and allies defend freedoms and deter aggression. We bring the strength of more than 100 years of experience and renowned engineering expertise to meet the needs of today's mission and stay ahead of tomorrow's threat. Our team solves tough, meaningful problems that create a safer, more secure world. Raytheon is seeking a well-qualified **Systems Security Engineer II (P2)** to join our Systems Security Engineering (SSE) team in developing solutions to protect the Warfighter's technology advantage. Systems Security Engineering creates holistic security solutions leveraging Cyber Security, Software Assurance and Supply Chain Risk Management to support Program Protection Implementation on embedded weapons systems. Join our highly visible team and perform technically challenging assignments, which will directly contribute to protecting our nation and our Warfighters. This is an onsite position at Raytheon in Fullerton, CA. **What You Will Do** + Lead the patch team, ensuring on-time delivery of patches to our customer + Perform analysis on cybersecurity collected data and test results + Validate secure configuration of routers, switches, firewalls, servers, operating systems, applications, and other assets, using DoD approved scanning and assessment tools such as Nessus, STIG, Evaluate STIG, and/or RADIX + Create and maintain Linux Bash and Python scripts + Create patch artifacts such as patch media and information assurance posture reports **Qualifications You Must Have** + Typically requires a Bachelor's Degree in Science, Technology, Engineering or Mathematics (STEM) and 2 years of prior relevant experience + Active and transferable U.S. government issued DoD Secret security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance + Experience in System Security Engineering, computer technology reverse engineering, cybersecurity or embedded security **Qualifications We Prefer** + Experience with scrum planning and scrum tools such as Jira + Experience in the SSE implementation throughout the entire life cycle + Experience contributing to a team environment for the purpose of developing creative solutions to technical problems + Cyber Certifications in accordance with DoDD 8570/DoDD 8140 such as CISSP, GSLC, CEH + Experience supporting the development of Risk Management Framework (RMF) documents and controls validation testing for Authority to Operate (ATO) accreditations + Candidate must exhibit an exceptional degree of ingenuity, creativity and resourcefulness + Excellent communication, technical writing, oral presentation and interpersonal skills **What We Offer** + Our values drive our actions, behaviors, and performance with a vision for a safer, more connected world. At RTX we value: Trust, Respect, Accountability, Collaboration, and Innovation + Relocation Eligible - Relocation assistance is available **_As part of our commitment to maintaining a secure hiring process, candidates may be asked to attend select steps of the interview process in-person at one of our office locations, regardless of whether the role is designated as on-site, hybrid or remote._** The salary range for this role is 72,000 USD - 144,000 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate's work experience, location, education/training, and key skills. Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement. Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company's performance. This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply. RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window. _RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans' Readjustment Assistance Act._ **Privacy Policy and Terms:** Click on this link (******************************************************** to read the Policy and Terms Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

What you do Be responsible for Pre Sales Support & End User Support for, but not limited to the design, configuration, and operation of complete building low voltage systems, including fire, security, and other low voltage control sub-systems (i.e. lighting, nurse call, data networks, etc.) to meet the intent of the project requirements. Accountable to field teams for quality, timeliness and efficiency of designs. Develops complex software programs, commissions and troubleshooting to ensure proper operations of the building control system. Provides detailed information and submittals to communicate design and operation to customers, consultants, Johnson Controls field installation team and subcontractors. How will you do it - Sales Support and End User Support · Possible job walks with the Sales Team on the initial design phase · Designs and configures are technically complex building control systems as defined by the contract documents. · Creates flow diagrams, sequence of operations, bill of material, network layouts and electrical schematics as required. · Develop and tests software programs necessary to operate the system per the project requirements' intent. · Coordinates the creation of necessary drawings and equipment schedules for submittals and installation. · Assists in the loading and commissioning of all system and network-level controllers as required. · Assists in validation of complete system functionality and troubleshoots problems with subcontractors and other trades to ensure proper operation. · Provides field change information to the project team for the creation of as-built drawings and software. · Keeps management and JCI contractor or customer informed of job progress and issues. · Assists in performing site-specific training for owner/operator on the total building control system. · Participates in release meeting with the project field team. · Performs value engineering to provide cost effective results while maintaining customer satisfaction. · Adheres to safety standards. · High degree of employee and subcontractor safety. What we look for Required Qualifications · Minimum of seven years of experience, or an associate degree in a related technical field with seven years of relevant work experience required. · Demonstrated knowledge of the construction, mechanical, electrical, or HVAC service industry. · Demonstrated knowledge of mechanical drawings, electrical wiring diagrams, control theory, automatic temperature controls, building automation systems and other building subsystems. · Demonstrated experience in the integration of low voltage building sub-systems using various industry protocols (i.e. LON, BACnet, etc.). · Ability to relate technical knowledge to a non-technical audience. · Demonstrated advanced computer skills required, particularly computer-related drafting tools, such as Visio. Preferred Qualifications · Bachelor's degree in engineering with a minimum of five years of experience, or an associate degree in a related technical field with seven years of relevant work experience required. · Understanding of IP networking for building automation systems. · Understanding of Tridium/Niagara Framework HIRING SALARY RANGE: $100K to $125K (Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, location and alignment with market data.) This role offers a competitive Bonus plan that will take into account individual, group, and corporate performance. This position includes a competitive benefits package. For details, please visit the About Us tab on the Johnson Controls Careers site at ***************************************** Johnson Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, sexual orientation, gender identity, status as a qualified individual with a disability or any other characteristic protected by law. To view more information about your equal opportunity and non-discrimination rights as a candidate, visit EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit here.

Full-time Description For nearly 50 years, CSA has delivered integrated technology and operational support services to meet the defense and federal sector's most complex enterprise needs. Working from operations centers and shipyards to training sites and program offices, CSA deploys experienced teams, innovative tools, and proven processes to advance federal missions. Client Solution Architects (CSA) is currently seeking an Information Systems Security Officer to support a program at Grafenwoehr, Germany. Works with System Administrators (SA), Command Information System Security Manager (ISSM), other Information System Security Officers (ISSOs), multiple Branch Heads, multiple Program Managers (PMs) and a project strategist in support of the completion of a mixture of Certification and Accreditation (C&A) boundaries consolidated into overarching master boundaries in support of information assurance policy and regulations. In addition to C&A package development, the individual will be responsible for the day-to-day operations as an ISSO. How Role will make an impact: Develop and maintain an organizational or system-level cybersecurity program that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures. Provide support to the System Owner and the ISSM for maintaining the appropriate operational IA posture for a system, program, or enclave. Provide support to the customer on all matters involving the security of their information systems. Assist with the management of all security aspects of the information system and as assigned performs day-to-day security operations of the system. Assist in the development of the system security policy and ensures compliance with that policy on a routine basis. Prepare, validate, and maintain security documentation including, but not limited to: system security plan (SSP), risk assessment (RA), contingency plan (CP), privacy impact assessment (PIA), eAuthentication assessment, FIPS categorization. Provide configuration management for security-relevant information system software, hardware, and firmware, controlling changes to the system and assessing the security impact of those changes. Identify and mitigate security business and system risks. Identify and manage POA&Ms through remediation as well as develop corrective action plans for each POA&M. Maintain a repository for all organizational or system-level cybersecurity-related documentation such as RMF processes within eMASS or other automated process. Maintain Defense Information Technology Portfolio Registry (DITPR) for client systems and software. Ensure implementation of Information System (IS) security measures and procedures, including reporting incidents to the Command Information System Security Manger (ISSM) and appropriate reporting chains as well as coordinating system-level responses to unauthorized disclosures in accordance with DoDM 5200.01 Vol 3 for classified information or DoDM 5200.01 Vol 4 for CUI, respectively. Implement and enforce all DoD IS and Platform Information Technology (PIT) system cybersecurity policies and procedures, as defined by cybersecurity-related documentation. Ensure that all users have the requisite security clearances and access authorization, and are aware of their cybersecurity responsibilities for DoD IS and PIT systems under their purview before being granted access to those systems. In coordination with the ISSM, initiate protective or corrective measures when a cybersecurity incident or vulnerability is discovered. Establish a process for authorized users to report all cybersecurity-related events and potential threats and vulnerabilities to the ISSO. Ensure that all DoD IS cybersecurity-related documentation is current and accessible to properly authorized individuals. Ensures proper Configuration Management procedures are followed. Prior to implementation and contingent upon necessary approval with the ISSM. Initiates requests for temporary and permanent exception, deviations, or waivers to IA requirements such as Plan of Action and Milestones (POA&Ms). Ensures IA and IA-enabled software, hardware and firmware comply with appropriate security configuration guides. Provide status updates of assigned duties to the appropriate agency heads as defined in their respective Service Level Agreement (SLA). Respond to all applicable data calls, CTO's, FRAGO's, IAVA's ,etc within the requested timeframe. Attend all Cybersecurity Workforce Meetings when requested. Perform as needed system administration on JLCCTC or other simulations or interface systems as needed. Perform as needed technical operations, setup and tear down of servers, systems and integration tools; maintaining RMF compliance; providing input to exercise design and technical planning products. Support as needed other set-up, transition, and break down for all training and training support activities pertaining to this task order. Participate in individual training, seminars, conferences, exercise/experiment planning events, site surveys, and exercise and training events and supports the planning and preparation processes and product development as needed. Requirements What you'll need to join our award-winning team: Clearance: Must possess and maintain an active U.S. Top Secret/SCI security clearance with the ability to pass a CI/Polygraph exam Education: A bachelor's degree plus 3 years of recent related experience OR an associate's degree plus 7 years of recent related experience OR a major certification plus 7 years of recent related experience OR 11 years of recent related experience. DoD Approved 8570 Baseline Certification for a minimum of IAM Level II. Five (5) years' experience within the past 10 years, in planning simulation exercise architectures, supervising implementation of communication systems, and integration of Army Mission Command Systems in support of distributed exercises. Five (5) years' experience in information technology management What Sets you apart: A working knowledge of RMF and the security authorization processes and procedures. Knowledge of NIST Special Publications and their counterparts, especially SP800- 37, SP800-53, ICD 503, and CNSS 1253. Ability to communicate clearly and present information to the customer in a format they can understand. Experience in several of the following areas: knowledge of current security tools, hardware and software security implementation; different communication protocols; and encryption techniques/tools. Familiarity with commercial security products, security authorization techniques, security incident management, and PKI and authorization services. Must be able to prioritize tasks, deliver solutions on time and be a team player with the ability to work independently and proactively while being flexible and prioritizing competing priorities, often under time constraints. Have strong analysis, oral and written communication, and change management skills with ability to plan, organize, prioritize, track, manage, and learn new skills. It is preferred that a candidate have at least one year of experience under the DoD Information Assurance Certification and Accreditation Process (DIACAP) and/or Risk Management Framework (RMF) accreditation process and has a familiarity with Enterprise Mission Assurance Support Service (eMASS). Technical familiarity with Windows 7 Enterprise/Windows 10 Professional, Windows Server 2012, and Red Hat Linux. Experience with providing IA or IT support to a US Army client desirable, but not required. Proficiency with using the Internet and with Microsoft Office products including e-mail, Word, Excel, Access and Project is required. Outstanding work ethic and personal integrity. Superior analytical and problem-solving skills. Ability to document and update processes. Ability to perform tasks under deadlines. Ability to work with senior Government and Industry leaders. Possess a very high degree of attention to detail. Capable of working at a computer terminal for extended periods. Ability to work 12-hour shifts, day or night, for consecutive days up to 4 weeks. • Outstanding interpersonal and written communication skills.

Alignment Health is breaking the mold in conventional health care, committed to serving seniors and those who need it most: the chronically ill and frail. It takes an entire team of passionate and caring people, united in our mission to put the senior first. We have built a team of talented and experienced people who are passionate about transforming the lives of the seniors we serve. In this fast-growing company, you will find ample room for growth and innovation alongside the Alignment Health community. Working at Alignment Health provides an opportunity to do work that really matters, not only changing lives but saving them. Together. This position is responsible for identifying, analyzing, and helping with remediate security vulnerabilities within our applications. This role requires a strong understanding of application security principles, hands-on experience with various security testing methodologies, and excellent communication skills to collaborate effectively with development teams and other stakeholders. Job Responsibilities: Conduct static application security testing (SAST), dynamic application security testing (DAST), and interactive application security testing (IAST) on a continuous basis. Identify, triage, and validate security vulnerabilities using both automated tools and manual review. Work closely with software development and DevOps teams to provide clear, actionable guidance on how to fix vulnerabilities and implement secure coding practices. Help integrate security controls and checks into the software development lifecycle (SDLC) and CI/CD pipelines. Drive and support application security reviews and threat modeling. Manage and configure a suite of application security tools, ensuring their effective use and reporting. Stay up-to-date with the latest security threats, trends, and technologies, and conduct research on new vulnerabilities and attack vectors. Contribute to the creation and maintenance of application security policies, standards, and procedures to guide development teams and ensure compliance. Develop and deliver security awareness and secure coding training to engineering teams. Support and lead third-party penetration testing. Job Requirements: Experience: Required: 5-7+ years of progressive experience in information security, with a strong focus on application security testing and vulnerability management. Proven track record of working directly with developers and engineering teams to identify and remediate security vulnerabilities in a fast-paced environment. Experience in a large-scale enterprise environment with complex application portfolios. Preferred: Experience in healthcare or another highly regulated field. Education: Required: Bachelor's degree or equivalent work experience in Computer Science, Information Security, or a related technical discipline. Preferred: Relevant professional certifications such as Offensive Security Certified Professional (OSCP), GIAC Web Application Penetration Tester (GWAPT), or Certified Secure Software Lifecycle Professional (CSSLP) are highly desirable. ISC2 Certified Information Systems Security Professional (CISSP) Specialized Skills: Required: Experience with general threat hunting techniques and tools. Experience with one or more programming languages (i.e., C#, Scala, Python). Essential Physical Functions: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 1. While performing the duties of this job, the employee is regularly required to talk or hear. The employee regularly is required to stand, walk, sit, use hand to finger, handle or feel objects, tools, or controls; and reach with hands and arms. 2. The employee frequently lifts and/or moves up to 10 pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus. Pay Range: $113,332.00 - $169,999.00 Pay range may be based on a number of factors including market location, education, responsibilities, experience, etc. Alignment Health is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, age, protected veteran status, gender identity, or sexual orientation. *DISCLAIMER: Please beware of recruitment phishing scams affecting Alignment Health and other employers where individuals receive fraudulent employment-related offers in exchange for money or other sensitive personal information. Please be advised that Alignment Health and its subsidiaries will never ask you for a credit card, send you a check, or ask you for any type of payment as part of consideration for employment with our company. If you feel that you have been the victim of a scam such as this, please report the incident to the Federal Trade Commission at ******************************* If you would like to verify the legitimacy of an email sent by or on behalf of Alignment Health's talent acquisition team, please email ******************.

Job Description Headquartered in the United States, TP-Link Systems Inc. is a leading global provider of networking devices and smart home products. Consistently ranked as the world's top provider of Wi-Fi devices, TP-Link is dedicated to delivering innovative solutions that improve people's lives by offering faster, more reliable connectivity. Serving customers in over 170 countries, we are committed to expanding our global footprint. At TP-Link Systems Inc., we believe that technology has the power to transform the world for the better. Our mission is to design reliable, high-performance products that connect users worldwide to the limitless possibilities of technology. We are driven by our core values of professionalism, innovation, excellence, and simplicity. Our goal is to help clients achieve outstanding global performance and to provide consumers with a seamless, effortless technology experience. TP-Link Systems Inc. is seeking a skilled and proactive Sr. Security Compliance Analyst who will be responsible for developing and overseeing TP-Link's enterprise security governance framework, ensuring compliance with regulatory requirements, industry standards, and internal policies. This individual will collaborate with cross-functional teams to embed security into business operations, manage risk, and enhance security resilience across TP-Link's enterprise ecosystem. Key Responsibilities: Security Governance & Policy Development Develop, implement, and maintain security policies, standards, and guidelines aligned with industry best practices (e.g., NIST, ISO 27001, CIS). Establish and lead a security governance framework to ensure consistent application of security controls across the enterprise. Risk Management & Compliance Identify, assess, and mitigate security risks across TP-Link's global operations. Ensure compliance with regulatory requirements such as GDPR, CCPA, NIST CSF, and other applicable cybersecurity frameworks. Oversee security audits, risk assessments, and third-party security evaluations. Partner with legal, IT, and business leaders to address security compliance gaps. Third-Party & Supply Chain Security Develop and enforce security requirements for vendors, suppliers, and third-party partners. Conduct security assessments of supply chain partners to identify and mitigate potential risks. Security Awareness & Training Develop and lead security awareness programs to educate employees on cybersecurity risks and best practices. Foster a security-first culture across all levels of the organization. Provide guidance and training on security governance processes for internal stakeholders. Incident Response & Continuous Improvement Support security incident response efforts by ensuring governance processes facilitate rapid detection and response. Lead post-incident analysis to refine security policies and controls. Monitor emerging threats, regulatory changes, and industry trends to evolve TP-Link's security governance strategies. Requirements Qualifications Education: Bachelor's degree in Computer Science, Cybersecurity, Information Security, or a related field. Experience: 5+ years of experience in security governance, risk management, or compliance in a global technology or networking company. Proven track record in developing and implementing security governance frameworks for enterprise security. Experience managing compliance with industry standards and regulations (ISO 27001, NIST CSF, SOC 2, GDPR, CCPA, etc.). Hands-on experience with supply chain security, third-party risk management, and vendor security assessments. Skills: Deep understanding of security frameworks (ISO 27001, NIST, CIS, SOC 2) and regulatory requirements. Strong expertise in risk management methodologies, security policy development, and compliance auditing. Proficient in conducting security assessments, third-party risk evaluations, and internal security reviews. Ability to communicate complex security concepts to business and technical stakeholders effectively. Strong leadership skills with experience in cross-functional collaboration and executive reporting. Benefits Salary range: $100,000-$150,000 Free snacks and drinks, and provided lunch on Fridays Fully paid medical, dental, and vision insurance (partial coverage for dependents) Contributions to 401k funds Bi-annual reviews, and annual pay increases Health and wellness benefits, including free gym membership Quarterly team-building events At TP-Link Systems Inc., we are continually searching for ambitious individuals who are passionate about their work. We believe that diversity fuels innovation, collaboration, and drives our entrepreneurial spirit. As a global company, we highly value diverse perspectives and are committed to cultivating an environment where all voices are heard, respected, and valued. We are dedicated to providing equal employment opportunities to all employees and applicants, and we prohibit discrimination and harassment of any kind based on race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Beyond compliance, we strive to create a supportive and growth-oriented workplace for everyone. If you share our passion and connection to this mission, we welcome you to apply and join us in building a vibrant and inclusive team at TP-Link Systems Inc. Please, no third-party agency inquiries, and we are unable to offer visa sponsorships at this time.

About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: - Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. - Build-time controls: Managing applications/products security controls and activities during development. - Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Support or develop components of the security analytics platform. Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. Support the security operations team with the vulnerability management lifecycle for products and services under your purview. Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. In addition to the above salary, this role may be eligible for a bonus. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.