Security architect jobs in Concord, NH

*****CANDIDATE MUST BE US Citizen (due to contractual/access requirements)***** **To foster collaboration and team synergy, this position follows a hybrid model. Employees within a 50-mile radius of our Pittsburgh, Buffalo, or Camp Hill locations will be required to work from the office on Tuesdays, Wednesdays, and Thursdays.** Execute a process to develop a security architecture that processes information of various levels of sensitivity. The security architecture must be compliant with existing enterprise technical security control requirements models. Produce gap analysis documentation to identify any gaps between specific technical security requirements and the architecture of the system and provide detailed technical recommendations on appropriate mitigation measures. Advise and consult clients responsible for the architecture, design, implementation, and deployment of technical security controls on appropriate application of existing security services to solve their problems or enable new business opportunities. Research and evaluate new security technologies to be used as point solutions to gaps where the project is unable to take advantage of or needing greater functionality than reusable enterprise security services. The security architecture work will include network security, network defense, operating system security identity, authentication and authorization, data protection, application security, activity audit and monitoring, mobile computing security, and partner/vendor access to corporate systems/data. **ESSENTIAL RESPONSIBILITIES** + Enhance security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members. + Determine security requirements by evaluating business strategies and requirements; conducting system security and vulnerability analyses and risk assessments; identifying integration issues; preparing cost estimates. + Plan security systems by evaluating network and security technologies. + Implement security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures. + Enhance department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments. + May begin to provide leadership and mentoring in the areas of expertise and architecture to peers, developers, management and business users including technical expertise, coaching, and ad-hoc training. + Support assurance compliance to required standards, procedures, guidelines and processes. + Other duties as assigned or requested. **REQUIRED EDUCATION** + Bachelor's degree in Information Systems, Computer Science, Information Security, or Engineering, or relevant experience and/or education as determined by the company in lieu of bachelor's degree **PREFERRED EDUCATION** + Master's degree in Computer Science, Information Security or related field **EXPERIENCE** **_Minimum:_** + 5 - 7 years' experience architecting solutions + 5 - 7 years' experience in Information Security + Experience communicating with business partners **_Preferred:_** + 7 - 10 years' experience architecting solutions **SKILLS** + Business communication skills, both written and verbal and able to solve unconventional problems + Understanding of the TCP/IP protocol stack, application protocols such as SNMP, SMTP, DNS, and DHCP; IPSec and SSL VPNs; SSL/TLS protocol knowledge + Understanding of the information technology and information security industries, their current developments, trends, issues, and fundamental concepts + In-depth expertise in analyzing a wide spectrum of technical systems and services robustness and needs, and making practical recommendations to address them + Detailed knowledge of web, mobile, and client application security vulnerabilities, attack methods, and countermeasures + Experience with common information security management frameworks, such as HITRUST, ISO 27001, CobiT, ITIL + Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common protocols (RADIUS, LDAP, KERBEROS, SAML, etc.) + Participate in evaluations and recommend solutions to support enterprises security controls including: networking, firewalls, IDS/IPS, data loss prevention, application security, infrastructure security, and data security **REQUIRED LICENSURE** None **PREFERRED LICENSURE** Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), etc. **TRAVEL REQUIREMENT:** 0%- 25% **LANGUAGE REQUIREMENT (** **_other than English_** **)?** None **PHYSICAL, MENTAL DEMANDS AND WORKING CONDITIONS** ( _The physical, mental demands and working conditions described here are representative of those that must be met by an employee to successfully perform the essential function of their job. Reasonable accommodations will be made when necessary to enable individuals with disabilities to perform the essential duties of the position, to the extent that they do not cause undue hardship._ **_Position Type:_** Office-Based **_Office-Based Positions_** An employee in this position works in an office environment. The position frequently requires the employee to communicate effectively with others both inside and outside the workplace (e.g., in person, via telephone, via email). The employee must be able to understand, interpret and analyze data, solve problems, concentrate, and research, use available technological resources and systems (e.g., computers and computer programs), multi-task, prioritize, and meet multiple deadlines to complete essential tasks. The employee generally works in a fast-paced and frequently stressful environment, must attend work on a regular and reliable basis as well as adhere to all workplace policies, and may be called upon to work outside regular business hours. Teaches/Trains others regularly Occasionally Travels regularly from the office to various work sites or from site-to-site Occasionally Works primarily out-of-the office selling products/services (Sales employees) Never Physical Work Site Required Yes **_Most On-The-Road Positions_** An employee in this position may work in a home or company office environment but is also frequently driving to and from various locations to perform the work off-site. The position frequently requires the employee to communicate effectively with others both inside and outside the workplace (e.g., in person, via telephone, via email). The employee must be able to understand, interpret and analyze data, solve problems, concentrate, and research, use available technological resources and systems (e.g., computers and computer programs), multi-task, prioritize, and meet multiple deadlines to complete essential tasks. The employee generally works in a fast-paced and frequently stressful environment, must attend work on a regular and reliable basis as well as adhere to all workplace policies, and may be called upon to work outside regular business hours. **_Non-Office-Based Positions_** An employee in this position is frequently required to move throughout the workplace, sit, stand and walk, use hands and fingers to hold objects, tools or controls, possess fine motor skills (e.g., to write and operate a computer or to steer transportation equipment), possess gross motor skills (e.g., to carry items), reach with hands and arms, climb stairs and ladders, balance, stoop, kneel crouch and crawl, communicate effectively, and talk and hear. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus. The employee must be able to work in a busy environment where decisions often must be made quickly, must attend work on a regular and reliable basis, must adhere to all workplace policies, and may be called upon to work outside regular business hours. This work occurs in a [example: warehouse, hospital or provider's office or mailroom]. Lifting: up to 10 pounds Does Not Apply Lifting: 10 to 25 pounds Does Not Apply Lifting: 25 to 50 pounds Does Not Apply **ADDITIONAL INFORMATION** **Changes Approved By:** Kathleen Thompson **_Disclaimer:_** _The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job._ **_Compliance Requirement:_** _This position adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies_ As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company's Handbook of Privacy Policies and Practices and Information Security Policy. Furthermore, it is every employee's responsibility to comply with the company's Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements. **Pay Range Minimum:** $78,900.00 **Pay Range Maximum:** $147,500.00 _Base pay is determined by a variety of factors including a candidate's qualifications, experience, and expected contributions, as well as internal peer equity, market, and business considerations. The displayed salary range does not reflect any geographic differential Highmark may apply for certain locations based upon comparative markets._ Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law. We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below. For accommodation requests, please contact HR Services Online at ***************************** California Consumer Privacy Act Employees, Contractors, and Applicants Notice Req ID: J272809

This role has been designed as 'Hybrid' with an expectation that you will work on average 2 days per week from an HPE office. Who We Are: Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today's complex world. Our culture thrives on finding new and better ways to accelerate what's next. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE. Job Description: As a Cloud Native Security Distinguished Technologist, you will provide technical leadership and strategic direction for securing cloud-native platforms, applications, and workloads. You will act as a thought leader and subject matter expert, collaborating with cross-functional teams to architect and implement security solutions that protect our organization and customers. This role requires deep expertise in cloud-native technologies, security best practices, and a passion for driving innovation in the cloud security domain. Key Responsibilities: Strategic Leadership: * Define and drive the cloud-native security strategy for the organization. * Influence and guide the adoption of security-first principles across the Cloud Platform Organization and its products. Architecture and Design: * Architect secure cloud-native solutions, ensuring compliance with industry standards and regulatory requirements. * Design security controls for containerized workloads, microservices, Kubernetes environments, and serverless architectures. * Develop and implement strategies for secure CI/CD pipelines and DevSecOps practices. Innovation and Thought Leadership: * Lead research and development of emerging security technologies and practices in cloud-native environments. * Represent the organization in industry forums, conferences, and technical communities. * Publish white papers, blogs, and other thought leadership content to share insights and influence the broader industry. Collaboration and Mentorship: * Partner with engineering teams, product managers, and security specialists to embed security into the development lifecycle. * Mentor and guide security engineers, architects, and other technical professionals within the organization. Risk Management and Incident Response: * Define risk assessment methodologies tailored to cloud-native environments. * Collaborate with security operations teams to respond to security incidents and drive continuous improvement in detection and response capabilities. Compliance and Governance: * Lead efforts to ensure cloud-native solutions adhere to regulatory and compliance standards (e.g., GDPR, HIPAA, SOC 2). * Define policies and frameworks for secure cloud-native operations. Qualifications: * Technical Expertise: * 15+ years of experience driving cloud security architecture and application security controls for large complex cloud native applications and platforms. * Deep knowledge of cloud platforms (e.g., AWS, Azure, GCP) and associated security services. * Hands-on experience in KMS, Secret Manager, WAF, CSPM tools like Wiz, Web application security, AI Security threat modelling and designing security controls for AI agentic systems. * Strong knowledge of Network Security (IDS/IPS), Threat modelling, SAST, DAST, SCA, and Pen testing. * Expertise in containerization technologies (e.g., Docker, Kubernetes) and orchestration security. * Good understanding of OpenID Connect (OIDC) protocol, Security Assertion Markup Language (SAML), and Privileged Access Management (PAM) strategy. * Familiarity with serverless computing, APIs, identity and access management (IAM), and zero-trust architecture principles. * Leadership and Influence: * Proven track record of driving strategies that influence security practices across large organizations. * Experience in mentoring senior technical teams and providing thought leadership. * Soft Skills: * Exceptional communication and collaboration skills, with the ability to influence stakeholders across technical and non-technical domains. * Strong analytical and problem-solving abilities, with a focus on delivering innovative solutions. * Certifications (Preferred): * Certified Kubernetes Security Specialist (CKS). * Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP). * Cloud security certifications such as AWS Certified Security Specialty, Google Professional Cloud Security Engineer, or Microsoft Certified: Azure Security Engineer Associate. Additional Skills: Cloud Architectures, Cross Domain Knowledge, Design Thinking, Development Fundamentals, DevOps, Distributed Computing, Microservices Fluency, Full Stack Development, Release Management, Security-First Mindset, User Experience (UX) What We Can Offer You: Health & Wellbeing We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing. Personal & Professional Development We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have - whether you want to become a knowledge expert in your field or apply your skills to another division. Unconditional Inclusion We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. Let's Stay Connected: Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE. #unitedstates #executive, #greenlakecloudplatform Job: Engineering Job Level: TCP_07 States with Pay Range Requirement The expected salary/wage range for a U.S.-based hire filling this position is provided below. Actual offer may vary from this range based upon geographic location, work experience, education/training, and/or skill level. If this is a sales role, then the listed salary range reflects combined base salary and target-level sales compensation pay. If this is a non-sales role, then the listed salary range reflects base salary only. Variable incentives may also be offered. Information about employee benefits offered can be found at ******************************************************* USD Annual Salary: $170,000.00 - $412,500.00 HPE is an Equal Employment Opportunity/ Veterans/Disabled/LGBT employer. We do not discriminate on the basis of race, gender, or any other protected category, and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment Opportunity. Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities. HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories. No Fees Notice & Recruitment Fraud Disclaimer It has come to HPE's attention that there has been an increase in recruitment fraud whereby scammer impersonate HPE or HPE-authorized recruiting agencies and offer fake employment opportunities to candidates. These scammers often seek to obtain personal information or money from candidates. Please note that Hewlett Packard Enterprise (HPE), its direct and indirect subsidiaries and affiliated companies, and its authorized recruitment agencies/vendors will never charge any candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process. The credentials of any hiring agency that claims to be working with HPE for recruitment of talent should be verified by candidates and candidates shall be solely responsible to conduct such verification. Any candidate/individual who relies on the erroneous representations made by fraudulent employment agencies does so at their own risk, and HPE disclaims liability for any damages or claims that may result from any such communication.

Meta's Product Security team is seeking a experienced hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses. Your skills will be the foundation of security initiatives that protect the security and privacy of over two billion people. You will be relied upon to provide engineering and product teams with the web, mobile, or native code security expertise necessary to make informed product decisions. Come help us make life hard for the bad guys. **Required Skills:** Product Security Engineer, AI Responsibilities: 1. Security Reviews: perform manual design and implementation reviews of products and services that make up the Meta ecosystem, like Instagram, WhatsApp, Oculus, Portal, and more 2. Developer Guidance: provide guidance and education to developers that help prevent the authoring of vulnerabilities 3. Automated Analysis and Secure Frameworks: build automation (static and dynamic analysis) and frameworks with software engineers that enable Meta to scale consistently across all of our products **Minimum Qualifications:** Minimum Qualifications: 4. BS or MS in Computer Science or a related field, or equivalent experience 5. 8+ years of experience finding vulnerabilities in interpreted languages. Knowledge of best practice secure code development 6. Experience with exploiting common security vulnerabilities 7. Knowledge of common exploit mitigations and how they work 8. Coding and scripting experience in one or more general purpose languages **Preferred Qualifications:** Preferred Qualifications: 9. Experience creating software that enables security processes, especially those leveraging AI/ML for automation or augmentation 10. Experience integrating or building AI-powered tools to assist with vulnerability detection, code review, or threat modeling 11. Experience creating software that enables security processes 12. 8+ years of experience finding vulnerabilities in C/C++ code 13. Contributions to the security community (public research, blogging, presentations, bug bounty) 14. Demonstrated ability to collaborate with AI researchers or engineers to apply AI in security workflows **Public Compensation:** $177,000/year to $251,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better. Join us and build an exceptional experience for yourself, and a better working world for all. The exceptional EY experience. It's yours to build. EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. Today's world is fuelled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team helps protect the EY brand and build client trust. Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value. **The opportunity** Cyber Triage and Forensics (CTF) Incident Analyst will work as a senior member of the technical team responsible for security incident response for EY. The candidate will work as an escalation point for suspect or confirmed security incidents. Responsibilities include performing digital forensic analysis, following security incident response standard methodologies, malware analysis, identify indicators of compromise, support remediation or coordinate remediation efforts of a security incident, and develop documentation to support the security incident response process. **Your key responsibilities** + Investigate, coordinate, bring to resolution, and report on security incidents as they are brought up or identified + Forensically analyze end user systems and servers found to have possible indicators of compromise + Analysis of artifacts collected during a security incident/forensic analysis + Identify security incidents through 'Hunting' operations within a SIEM and other relevant tools + Interface and connect with server owners, system custodians, and IT contacts to pursue security incident response activities, including: obtaining access to systems, digital artifact collection, and containment and/or remediation actions + Provide consultation and assessment on perceived security threats + Maintain, manage, improve and update security incident process and protocol documentation + Regularly provide reporting and metrics on case work + Resolution of security incidents by identifying root cause and solutions + Analyze findings in investigative matters, and develop fact based reports + Be on-call to deliver global incident response **Skills and attributes for success** + Resolution of security incidents by identifying root cause and solutions + Analyze findings in investigative matters, and develop fact-based reports + Proven integrity and judgment within a professional environment + Ability to appropriately balance work/personal priorities **To qualify for the role you must have** + Bachelors or Masters Degree in Computer Science, Information Systems, Engineering or a related field + 5+ years experience in incident response, computer forensics analysis and/or malware reverse engineering; + Understanding of security threats, vulnerabilities, and incident response; + Understanding of electronic investigation, forensic tools, and methodologies, including: log correlation and analysis, forensically handling electronic data, knowledge of the computer security investigative processes, malware identification and analysis; + Be familiar with legalities surrounding electronic discovery and analysis; + Experience with SIEM technologies (i.e. Splunk); + Deep understanding of both Windows and Unix/Linux based operating systems; **Ideally, you'll also have** + Hold or be willing to pursue related professional certifications such as GCFE, GCFA or GCIH + Background in security incident response in Cloud-based environments, such as Azure + Programming skills in PowerShell, Python and/or C/C++ Understanding of the best security practices for network architecture and server configuration **What we look for** + Demonstrated integrity in a professional environment + Ability to work independently + Have a global mind-set for working with different cultures and backgrounds + Knowledgeable in business industry standard security incident response process, procedures, and life cycle + Excellent teaming skills + Excellent social, communication, and writing skills **What we offer you** The compensation ranges below are provided in order to comply with United States pay transparency laws. Other geographies will follow their local salary guidelines, which may not be a direct conversion of published US salary range/s. At EY, we'll develop you with future-focused skills and equip you with world-class experiences. We'll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more . We offer a comprehensive compensation and benefits package where you'll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $87,700 to $164,000. The salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $105,200 to $186,400. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you'll decide how much vacation time you need based on your own personal circumstances. You'll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. **Are you ready to shape your future with confidence? Apply today.** EY accepts applications for this position on an on-going basis. For those living in California, please click here for additional information. EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. **EY | Building a better working world** EY is building a better working world by creating new value for clients, people, society, and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy, and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY's Talent Shared Services Team (TSS) or email the TSS at ************************** .

Country: United States of America Onsite U.S. Citizen, U.S. Person, or Immigration Status Requirements: Active and transferable U.S. government issued security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance Security Clearance: DoD Clearance: Top Secret Collins Aerospace is seeking an Sr. Information Systems Security Manager (ISSM) who strives for excellence and has a passion to be part of a team that strengthens our nation and improves the security of our world. Collins Aerospace work environment is passionate, highly collaborative and provides engineers with the freedom to strengthen and expand their skills, explore new and creative ideas, and work closely with our nation's finest service members all while embracing integrity, innovation, and work-life balance. As the site ISSM you will have an end-to-end Cybersecurity Program for all classified and controlled information systems at our Maryland Office facility. You will partner with Program Management, Engineering, and the Cognizant Security Agency (DCSA) obtain and sustain ATO on schedule, mentor a growing ISSO team, and keep our environment audit ready every day. **This is an ONSITE position at our Westford, MA Location** What YOU will do: Lead RMF/JSIG/DAAPM execution - architect secure solutions, prepare authorization packages, brief Security Control Assessments, and drive POA&M closure. Experience with DFARS ************, NIST SP 800-171, and/or CMMC requirements. Familiarity with Controlled Unclassified Information (CUI) safeguarding requirements and related DoD compliance standards. Own continuous monitoring - vulnerability & patch management (ACAS/Nessus, SCAP, STIGs), log analysis (Splunk), account management, media control, incident response, and annual self-inspection. Develop people & process - coach ISSOs, refine SOPs, track metrics, and present status to senior leadership and customers. Interface with external stakeholders - act as the single voice to DCSA, SAPCO, and other Cognizant Security Agencies for all cybersecurity matters. Qualifications YOU Must Have: Typically requires a University Degree and minimum 10 years prior relevant experience or an Advanced Degree in a related field and minimum 7 years of experience U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance. U.S. government issued Secret security clearance required prior to start date. 5 years in DoD/IC Cybersecurity as ISSM or IAM-III equivalent (CISSP, CISM, GSLC).; Proven delivery of ATO for SAP or SCI systems; prior Enterprise ISSM experience. Qualifications We Prefer: Proven leadership of multi-disciplinary teams and successful ATO delivery for SAP or SCI systems Expert knowledge of NISPOM (32 CFR 117), JSIG, RMF (NIST 800-37/-53), ICD-503, and DAAPM, oversight/execution of A&A processes. Experience with DevSecOps pipelines, Zero Trust architecture, and Identity Access Management. Experience executing DISA STIG/SRG hardening across Linux and Windows. Background in network/systems security (architecture, topology, protocols, components, principles). Hands-on with ACAS, SCAP, STIG Viewer, DISA SRGs, and SIEM/Vulnerability Tools SPLUNK, NESSUS etc. Master's in Cybersecurity, Computer Science, or related engineering field. CISSP-ISSEP / ISSMP or PMP. What We Offer: Some of our competitive benefits packages include: Medical, dental, and vision insurance. Three weeks of vacation for newly hired employees. Generous 401(k) plan that includes employer matching funds and separate. employer retirement contribution, including a Lifetime Income Strategy option. Tuition reimbursement program. Student Loan Repayment Program. Life insurance and disability coverage. Optional coverages you can buy pet insurance, home and auto insurance, additional life and accident insurance, critical illness insurance, group legal, ID theft protection. Birth, adoption, parental leave benefits. Ovia Health, fertility, and family planning. Adoption Assistance. Autism Benefit. Employee Assistance Plan, including up to 10 free counseling sessions. Healthy You Incentives, wellness rewards program. Doctor on Demand, virtual doctor visits. Bright Horizons, child, and elder care services. Teladoc Medical Experts, second opinion program. And more! Mission Systems: Do you want to be a part of something bigger? A team whose impact stretches across the world, and even beyond? At Collins Aerospace, our Mission Systems team helps civilian, military and government customers complete their most complex missions - whatever and wherever they may be. Our customers depend on us for intelligent and secure communications, missionized systems for specialized aircraft and spacecraft and collaborative space solutions. By joining our team, you'll have your own critical part to play in ensuring our customer succeeds today while anticipating their needs for tomorrow. Are you up for the challenge? Join our mission today. WE ARE REDEFINING AEROSPACE. * Please consider the following role type definitions as you apply for this role. Onsite: Employees who are working in Onsite roles will work primarily onsite. This includes all production and maintenance employees, as they are essential to the development of our products. Regardless of your role type, collaboration and innovation are critical to our business and all employees will have access to digital tools so they can work with colleagues around the world - and access to Collins sites when their work requires in-person meetings. At Collins, the paths we pave together lead to limitless possibility. And the bonds we form - with our customers and with each other -- propel us all higher, again. Apply now and be part of the team that's redefining aerospace, every day. As part of our commitment to maintaining a secure hiring process, candidates may be asked to attend select steps of the interview process in-person at one of our office locations, regardless of whether the role is designated as on-site, hybrid or remote. The salary range for this role is 124,000 USD - 250,000 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate's work experience, location, education/training, and key skills.Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement.Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company's performance.This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply.RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window. RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans' Readjustment Assistance Act. Privacy Policy and Terms: Click on this link to read the Policy and Terms

**About Us** **As a digital and cybersecurity services company, Stratascale exists to help the Fortune 1000 transform the way they use technology to advance the business, generate revenue, and respond quickly to market demands. We call it Digital Agility.** **To learn more about how we're shaping the future of digital business and a more secure world, visit stratascale.com.** **Job Description Summary** The Senior Security Consultant - Penetration Testing is a critical role within Stratascale's Adversarial Operations team who will assist in leading and supporting the development and delivery of a diverse range of continuous threat and exposure management consulting, penetration testing, and operational service programs to a portfolio of our clients. This position is remote with a Home Office setup as determined by Stratascale management. **Role Description** + Perform penetration testing against complex environments covering both external, internal, web application, and other forms of offensive security engagements. + Consult and document attack surface, threats, and vulnerability improvements based on team's overall assessment of client's environment. + Perform full assessment and threat modeling against industry best practices to identify control weaknesses and assess the effectiveness of existing controls. + Perform root cause analysis on identified vulnerabilities and attack surface weaknesses to determine technical solutions to be presented to client along with recommendations for remediations. + Collaborate with client's security teams to understand mitigation or resolutions for findings discovered by analysts. + Review threat intelligence for specific threat vectors that align with client's industry or potentially impacted by to utilize in attack path modeling. + Assist in defining, measuring, and quantifying business risk and vulnerability impacts to clients their stakeholders. + Provide subject matter expertise and technical support on remediation, cloud security, governance, compliance, and core infrastructure systems. + Assist customers with strategies, use of platforms, technical and compliance analysis, and implementing automation. + Develop and deliver governance models, security frameworks, compliance reporting, and security assessments. + Collaborate with internal sales and technical teams to support the solution sales cycle, qualify opportunities, and ensure successful solution delivery. + Identify customer needs and requirements, recommend appropriate solutions, and proactively identify areas for improvement. + Execute consulting projects by creating and completing deliverables, ensuring client needs and practice obligations are met. + Develop and deliver training content, curricula, and workforce development programs, including in-person and remote sessions. + Participate in customer and internal meetings, providing technical guidance and facilitating discussions. + Stay educated on new product technologies, industry trends, and emerging capabilities within the practice. + Develop and optimize cross practice capabilities, collaborate with peer practice leaders, and mentor other consultants. **Behaviors and Competencies** + Communication: Can effectively communicate complex ideas and information to diverse audiences, facilitate effective communication between others, and mentor others in effective communication. + Relationship Building: Can take ownership of complex team initiatives, collaborate with diverse groups, and drive results through effective relationship management. + Self-Motivation: Can take ownership of complex personal or professional initiatives, collaborate with others when necessary, and drive results through self-motivation. + Negotiation: Can take ownership of complex negotiations, collaborate with others, and drive consensus. + Impact and Influence: Can rally a team or group towards a common goal, creating a positive and persuasive influence. + Business Development: Can take ownership of significant business initiatives, collaborate with various stakeholders, and drive business results. + Emotional Intelligence: Can use emotional information to guide thinking and behavior, manage and/or adjust emotions to adapt to environments or achieve one's goal(s), and help others do the same. + Detail-Oriented: Can oversee multiple projects, maintaining a high level of detail orientation, identifying errors or inconsistencies in work, and ensuring accuracy across all tasks. + Follow-Up: Can take ownership of tasks, collaborate with others in managing follow-ups, and drive results through effective task completion. + Presenting: Can effectively use visual aids, storytelling, and persuasive techniques to enhance presentations and engage audiences. + Delegation: Can delegate responsibilities across a team, balancing workload, and ensuring all members understand their roles. + Analytical Thinking: Can use advanced analytical techniques to solve complex problems, draw insights, and communicate the solutions effectively. + Critical Thinking: Can integrate and synthesize information from various sources to inform strategic decision-making and problem-solving. + Technical Troubleshooting: Can take ownership of complex technical problems, collaborate with others to manage solutions, and drive results in problem resolution. **Skill Level Requirements** + Expertise in planning, executing, and leading penetration tests across networks, web and mobile applications, APIs, wireless, and cloud environments, including scoping, rules of engagement, and debriefs. - Intermediate + Proficiency with offensive security methodologies and frameworks such as PTES, OWASP (WSTG/MASVS/ASVS), MITRE ATT&CK, and threat modeling to drive risk-based testing. - Intermediate + Deep hands-on experience with common offensive tooling and techniques, including reconnaissance, enumeration, exploitation, post-exploitation, lateral movement, and data exfiltration, along with strong operational security practices. - Intermediate + Ability to assess and attack cloud services (AWS, Azure, GCP) including IAM misconfigurations, storage, serverless, container/orchestration, and cloud networking, and communicate cloud-specific remediation guidance. - Intermediate + Strong web application testing skills including auth flows, access control, injection, deserialization, SSRF, XXE, business logic abuse, and modern app architectures (SPAs, microservices, GraphQL, WebSockets). - Intermediate + Working knowledge of Active Directory and Azure AD attack paths (Kerberoasting, constrained/unconstrained delegation, ACL abuses, LAPS/MAPS, certificate services), and the ability to simulate realistic enterprise attack chains. - Intermediate + Proficiency with social engineering and phishing engagements, including payload development, infrastructure setup, pretexting, and measurement aligned to customer policies and legal constraints. - Intermediate + Competence in scripting and automation to accelerate testing and proof-of-concept development using Python, PowerShell, Bash, and basic Go or JavaScript as needed. - Intermediate + Ability to develop clear exploit proofs-of-concept, reproduce vulnerabilities reliably, and validate fixes; familiarity with exploit development fundamentals is a plus. - Intermediate + Strong reporting and communication skills, including writing executive summaries and technical reports with reproducible steps, risk ratings, and actionable remediation, and presenting findings to both technical and non-technical stakeholders. - Intermediate + Experience collaborating in red/purple team exercises, working with blue teams, and translating findings into detection and hardening recommendations (e.g., SIEM detections, EDR tuning, hardening baselines). - Intermediate + Familiarity with vulnerability management workflows, responsible disclosure practices, and integration of pen test results into remediation programs and retesting cycles. - Intermediate + Proficiency with productivity and documentation tools such as Word, Excel, PowerPoint, and Outlook to efficiently produce statements of work, test plans, and final reports. - Intermediate **Other Requirements** + Completed Bachelor's Degree in a related field or relevant work experience required + 5-7 years of hands-on penetration testing/red team experience delivering engagements for mid-to-large enterprises, including leading complex assessments. + Ability to travel to SHI, Partner, Customer events, and on-site testing engagements as needed. + Advanced industry certifications preferred (e.g., OSCP, OSEP, OSWE, GXPN, GPEN, CRTO, CRTP, PNPT; CISSP or CSSLP a plus). + Demonstrated understanding of legal/ethical considerations, testing authorization, and safe handling of client data The estimated annual pay range for this position is $165,000 - $205,000 which includes a base salary and bonus. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending. Equal Employment Opportunity - M/F/Disability/Protected Veteran Status

ARA is a leading C5ISR company that designs, manufactures, tests and installs innovative technologies that provide the national security community with unparalleled situational awareness, threat detection, and communications capabilities. Our disruptive, integrated solutions, assemblies and subsystems rise to the challenging demands of discerning, mission-critical customers. We leverage our capabilities to meet and exceed the requirements of our customers and empower them to remain ahead of evolving threats and complexities in a dynamic security landscape. Job Summary We are seeking an Information Systems Security Manager (ISSM) is responsible for leading and advancing the company's industrial and information security and Communications Security (COMSEC) programs in compliance with government and corporate requirements. This position oversees the protection of classified and sensitive information systems, ensuring adherence to DoD, NISPOM, and Risk Management Framework (RMF) standards. The ISSM will drive security strategy, manage day-to-day operations, and collaborate with leadership, IT, and external partners to maintain accreditation, mitigate risk, and ensure the highest levels of cybersecurity posture. This role requires a balance of strategic vision, technical expertise, and hands-on execution in safeguarding mission-critical systems and data. Essential Functions Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. Knowledge of and experience implementing the requirements of the DCSA Assessment and Authorization Guide (DAAG) or prior experience with the DCSA Assessment and Authorization Process Manual (DAAPM). Evaluate and implement security solutions that meet requirements for classified information systems (IS) including system security requirements, configuration management and change control. Conduct vulnerability and risk assessments and support certification and accreditation activities. Support and coordinate COMSEC responsibilities including proper handling, accountability, storage, distribution, and destruction of COMSEC material in accordance with NSA and DoD requirements. Ensure integration of COMSEC procedures into information systems security processes and incident response actions. Manage relationship with assigned DoD Information Systems Security Professionals (ISSPs) and customer security controls assessors SCAs Submit and manage all authorization-to-operate (ATO) packages in Enterprise Mission Assurance Support Service (eMASS) Prepare and maintain security documentation, including System Security Plans (SSPs), Risk Assessment Reports (RARs), and Plans of Action and Milestones (POA&Ms). Ensure accurate maintenance of security records and hardware/software inventories. Oversee internal audits and inspections, coordinate responses and corrective actions. Monitor for anomalies, investigate incidents, and coordinate response and mitigation. Advise on Co-Utilization Agreements and ensure compliance with configuration management and security protocols. Work with the FSO to ensure alignment between IS security, industrial security, and COMSEC program requirements. Support the Facility Security Officer and participate in the Insider Threat Working Group. Assist with Cybersecurity Maturity Model Certification (CMMC) and RMF continuous monitoring activities. Provide training and guidance for staff on information system security procedures and COMSEC handling procedures. Collaborate with IT teams, auditors, and management to ensure compliance and continuous improvement. Prepare and present regular security status reports. Perform other related security duties as assigned. Position Qualifications In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire. Competency Statements Adaptability - Adapts to change, open to new ideas and responsibilities Communication - Ability to communicate thoughts clearly, both oral and written in an honest, open and timely manner Job Knowledge - Understands facets of job, aware of duties and responsibilities, keeps job knowledge current Technical Skill - Possesses the knowledge and skills needed to perform a job or role effectively Dependability - Meets deadlines, works independently or in a team environment, is accountable, maintains focus, good attendance record Quality - Strives to eliminate errors, accurate work is a priority, seeks opportunities to improve products Ethics - Honest, accountable, maintains confidentiality Initiative / Take Ownership - Takes action, seeks new opportunities, strives to see projects to completion, meaning own your job and see it through Decision Making - Problem solve and critical thinking skills, be able to reach a decision, takes thoughtful approach when considering options, seeks input from others, makes difficult decisions Customer Focus - Understands and can meet the needs in a customer-centric (Internal and External) environment and build strong relationships. Promotes a positive image of the company and strives to solve issues raised by customers. Experience and Skills DoD Top Secret eligibility with in-scope background investigation (Tier 5) Minimum 5 years of experience in information or industrial security. Knowledge of NISPOM, JSIG, and DISA STIGs. CISSP, CISM, or equivalent certification. Experience with risk management, incident response, and security authorization packages. Strong understanding of information security principles and compliance requirements. Proficiency in developing and implementing security policies and procedures. Experience auditing environments with multiple operating systems (Windows, Linux, helpful). Strong analytical, organizational, leadership, and communication skills. Ability to manage initiatives of moderate scope independently and collaboratively Education Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field Antenna Research Associates, Inc. is an equal opportunity employer committed to a policy of non-discrimination and affirmative action. We do not discriminate based on race, color, religion, sex, national origin, disability, protected veteran status, or any other legally protected status. #LI-onsite

Company DescriptionJobs for Humanity is partnering with Capital One to build an inclusive and just employment ecosystem. Therefore, we prioritize individuals coming from the following communities: Refugee, Neurodivergent, Single Parent, Blind or Low Vision, Deaf or Hard of Hearing, Black, Hispanic, Asian, Military Veterans, the Elderly, the LGBTQ, and Justice Impacted individuals. This position is open to candidates who reside in and have the legal right to work in the country where the job is located. Company Name: Capital One Job Description201 Third Street (61049), United States of America, San Francisco, CaliforniaSenior Manager, Information Security Office Consultant At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other teams within Capital One to push the envelope. You are comfortable with Cloud Service technologies like Storage Services, Security & Access Control Management, Container Services, and API Implementation and Management. You are familiar with various Cloud computing models to include IaaS, PaaS, and SaaS along with their architectural differences. Security is essential to what we do here, from protecting our customers to our associates. What You'll Do: Act as a central Information Security point of contact for the Enterprise Platform team Coordinate and execute proactive Information Security consulting to the business and technology teams covering Infrastructure Security, Resiliency, Data Security, Network Architecture and Design, and User Access Management Serve as an expert in Capital One's Information Security capabilities, solutions, policies, procedures and standards Influence customers to leverage security capabilities and solutions to shift and integrate security to the left in the development processes Escalate and manage cyber security risk Provide ad hoc support on special Information Security hot topics for the business Provide regular updates to executive leadership with your line of business on the overall Information Security health and risk environment Work with line of business leadership to anticipate their objectives and needs to better serve the line of business Product security consulting in Authentication/Access Management /Identity application and experienced in Authentication and industry-standard protocol for authorization/authorization Basic Qualifications: High School Diploma, GED or equivalent certification At least 8 years of experience working in cybersecurity or information technology At least 7 years of experience providing guidance and oversight of Security concepts At least 7 years of experience performing security risk assessments and security architecture reviews At least 7 years of experience with architecture, software design, networking, and cloud infrastructure At least 5 years of experience with cloud security engineering Preferred Qualifications: Bachelor's Degree 3+ years of experience in securing a public cloud environment (e.g. AWS, GCP, Azure) 4+ years of experience in IAM or related areas Experience building software utilizing public cloud (e.g. AWS, GCP, Azure) Familiarity with Cloud patch management practices such as system rehydration and image management Experience utilizing Agile methodologies Experience with Software Security Architecture Experience with Application Security Experience with Threat Modeling Experience with Penetration Testing or Vulnerability Management Experience with integrating SaaS products into an Enterprise Environment Experience with securing Container services Splunk-Fu / Enterprise Monitoring experience Financial services industry experience Professional certifications such as AWS Certified Solutions Architect and Certified Information Systems Security Professional (CISSP) Experience in Offensive and Defensive Security techniques Experience in a regulated environment Strong conceptual thinking, influence and communication skills At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. New York City (Hybrid On-Site): $230,100 - $262,700 for Sr Manager, Cyber TechnicalSan Francisco, California (Hybrid On-Site): $243,800 - $278,200 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex (including pregnancy, childbirth or related medical conditions), race, color, age, national origin, religion, disability, genetic information, marital status, sexual orientation, gender identity, gender reassignment, citizenship, immigration status, protected veteran status, or any other basis prohibited under applicable federal, state or local law. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at ************** or via email at [email protected]. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to [email protected] Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).

Country: United States of America Onsite U.S. Citizen, U.S. Person, or Immigration Status Requirements: Active and transferable U.S. government issued security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance Security Clearance: DoD Clearance: Top Secret Collins Aerospace is seeking an Information Systems Security Manager (ISSM) who strives for excellence and has a passion to be part of a team that strengthens our nation and improves the security of our world. Collins Aerospace work environment is passionate, highly collaborative and provides engineers with the freedom to strengthen and expand their skills, explore new and creative ideas, and work closely with our nation's finest service members all while embracing integrity, innovation, and work-life balance. As the site ISSM you will own the end-to-end Cybersecurity Program for all classified and controlled information systems at our Westford, MA facility. You will partner with Program Management, Engineering, and the Cognizant Security Agency (DCSA) obtain and sustain ATO on schedule, mentor a growing ISSO team, and keep our environment audit ready every day. **This is an ONSITE position at our Westford, MA Location** What YOU will do: Lead RMF/JSIG/DAAPM execution - architect secure solutions, prepare authorization packages, brief Security Control Assessments, and drive POA&M closure. Own continuous monitoring - vulnerability & patch management (ACAS/Nessus, SCAP, STIGs), log analysis (Splunk), account management, media control, incident response, and annual self-inspection. Develop people & process - coach ISSOs, refine SOPs, track metrics, and present status to senior leadership and customers. Interface with external stakeholders - act as the single voice to DCSA, SAPCO, and other Cognizant Security Agencies for all cybersecurity matters. Qualifications YOU Must Have: U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance. U.S. government issued Secret security clearance required prior to start date. Typically requires a University Degree and minimum 8 years prior relevant experience or an Advanced Degree in a related field and minimum 5 years of experience. 5 years in DoD/IC Cybersecurity as ISSM or IAM-III equivalent (CISSP, CISM, GSLC).; Proven delivery of ATO for SAP or SCI systems; prior Enterprise ISSM experience. Qualifications We Prefer: Proven leadership of multi-disciplinary teams and successful ATO delivery for SAP or SCI systems Expert knowledge of NISPOM (32 CFR 117), JSIG, RMF (NIST 800-37/-53), ICD-503, and DAAPM, oversight/execution of A&A processes. Experience with DevSecOps pipelines, Zero Trust architecture, and Identity Access Management. Experience executing DISA STIG/SRG hardening across Linux and Windows. Background in network/systems security (architecture, topology, protocols, components, principles). Hands-on with ACAS, SCAP, STIG Viewer, DISA SRGs, and SIEM/Vulnerability Tools SPLUNK, NESSUS etc. Master's in Cybersecurity, Computer Science, or related engineering field. CISSP-ISSEP / ISSMP or PMP. What We Offer: Some of our competitive benefits package includes: Medical, dental, and vision insurance. Three weeks of vacation for newly hired employees. Generous 401(k) plan that includes employer matching funds and separate. employer retirement contribution, including a Lifetime Income Strategy option. Tuition reimbursement program. Student Loan Repayment Program. Life insurance and disability coverage. Optional coverages you can buy pet insurance, home and auto insurance, additional life and accident insurance, critical illness insurance, group legal, ID theft protection. Birth, adoption, parental leave benefits. Ovia Health, fertility, and family planning. Adoption Assistance. Autism Benefit. Employee Assistance Plan, including up to 10 free counseling sessions. Healthy You Incentives, wellness rewards program. Doctor on Demand, virtual doctor visits. Bright Horizons, child, and elder care services. Teladoc Medical Experts, second opinion program. And more! Learn More & Apply Now! team. Join Collins Aerospace to help us revolutionize the aerospace industry today! Do you want to be a part of something bigger? A team whose impact stretches across the world, and even beyond? At Collins Aerospace, our Mission Systems team helps civilian, military and government customers complete their most complex missions - whatever and wherever they may be. Our customers depend on us for intelligent and secure communications, missionized systems for specialized aircraft and spacecraft and collaborative space solutions. By joining our team, you'll have your own critical part to play in ensuring our customer succeeds today while anticipating their needs for tomorrow. Are you up for the challenge? Join our mission today. * Please consider the following role type definitions as you apply for this role. Onsite: Employees who are working in Onsite roles will work primarily onsite. This includes all production and maintenance employees, as they are essential to the development of our products. Regardless of your role type, collaboration and innovation are critical to our business and all employees will have access to digital tools so they can work with colleagues around the world - and access to Collins sites when their work requires in-person meetings. At Collins, the paths we pave together lead to limitless possibility. And the bonds we form - with our customers and with each other -- propel us all higher, again and again. Apply now and be part of the team that's redefining aerospace, every day. As part of our commitment to maintaining a secure hiring process, candidates may be asked to attend select steps of the interview process in-person at one of our office locations, regardless of whether the role is designated as on-site, hybrid or remote. The salary range for this role is 101,000 USD - 203,000 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate's work experience, location, education/training, and key skills.Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement.Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company's performance.This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply.RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window. RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans' Readjustment Assistance Act. Privacy Policy and Terms: Click on this link to read the Policy and Terms

**Country:** United States of America ** Onsite **U.S. Citizen, U.S. Person, or Immigration Status Requirements:** Active and transferable U.S. government issued security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance **Security Clearance:** DoD Clearance: Top Secret Collins Aerospace is seeking an Sr. Information Systems Security Manager (ISSM) who strives for excellence and has a passion to be part of a team that strengthens our nation and improves the security of our world. Collins Aerospace work environment is passionate, highly collaborative and provides engineers with the freedom to strengthen and expand their skills, explore new and creative ideas, and work closely with our nation's finest service members all while embracing integrity, innovation, and work-life balance. As the site ISSM you will have an end-to-end Cybersecurity Program for all classified and controlled information systems at our Maryland Office facility. You will partner with Program Management, Engineering, and the Cognizant Security Agency (DCSA) obtain and sustain ATO on schedule, mentor a growing ISSO team, and keep our environment audit ready every day. **_**This is an ONSITE position at our Westford, MA Location**_** **What YOU will do:** + Lead RMF/JSIG/DAAPM execution - architect secure solutions, prepare authorization packages, brief Security Control Assessments, and drive POA&M closure. + Experience with DFARS ************, NIST SP 800-171, and/or CMMC requirements. + Familiarity with Controlled Unclassified Information (CUI) safeguarding requirements and related DoD compliance standards. + Own continuous monitoring - vulnerability & patch management (ACAS/Nessus, SCAP, STIGs), log analysis (Splunk), account management, media control, incident response, and annual self-inspection. + Develop people & process - coach ISSOs, refine SOPs, track metrics, and present status to senior leadership and customers. + Interface with external stakeholders - act as the single voice to DCSA, SAPCO, and other Cognizant Security Agencies for all cybersecurity matters. **Qualifications YOU Must Have:** + Typically requires a University Degree and minimum 10 years prior relevant experience or an Advanced Degree in a related field and minimum 7 years of experience + U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance. + U.S. government issued Secret security clearance required prior to start date. + 5 years in DoD/IC Cybersecurity as ISSM or IAM-III equivalent (CISSP, CISM, GSLC).; + Proven delivery of ATO for SAP or SCI systems; prior Enterprise ISSM experience. **Qualifications We Prefer:** + Proven leadership of multi-disciplinary teams and successful ATO delivery for SAP or SCI systems + Expert knowledge of NISPOM (32 CFR 117), JSIG, RMF (NIST 800-37/-53), ICD-503, and DAAPM, oversight/execution of A&A processes. + Experience with DevSecOps pipelines, Zero Trust architecture, and Identity Access Management. + Experience executing DISA STIG/SRG hardening across Linux and Windows. + Background in network/systems security (architecture, topology, protocols, components, principles). + Hands-on with ACAS, SCAP, STIG Viewer, DISA SRGs, and SIEM/Vulnerability Tools SPLUNK, NESSUS etc. + Master's in Cybersecurity, Computer Science, or related engineering field. + CISSP-ISSEP / ISSMP or PMP. **What We Offer:** Some of our competitive benefits packages include: + Medical, dental, and vision insurance. + Three weeks of vacation for newly hired employees. + Generous 401(k) plan that includes employer matching funds and separate. employer retirement contribution, including a Lifetime Income Strategy option. + Tuition reimbursement program. + Student Loan Repayment Program. + Life insurance and disability coverage. + Optional coverages you can buy pet insurance, home and auto insurance, additional life and accident insurance, critical illness insurance, group legal, ID theft protection. + Birth, adoption, parental leave benefits. + Ovia Health, fertility, and family planning. + Adoption Assistance. + Autism Benefit. + Employee Assistance Plan, including up to 10 free counseling sessions. + Healthy You Incentives, wellness rewards program. + Doctor on Demand, virtual doctor visits. + Bright Horizons, child, and elder care services. + Teladoc Medical Experts, second opinion program. + And more! Mission Systems: Do you want to be a part of something bigger? A team whose impact stretches across the world, and even beyond? At Collins Aerospace, our Mission Systems team helps civilian, military and government customers complete their most complex missions - whatever and wherever they may be. Our customers depend on us for intelligent and secure communications, missionized systems for specialized aircraft and spacecraft and collaborative space solutions. By joining our team, you'll have your own critical part to play in ensuring our customer succeeds today while anticipating their needs for tomorrow. Are you up for the challenge? Join our mission today. **WE ARE REDEFINING AEROSPACE.** * Please consider the following role type definitions as you apply for this role. Onsite: Employees who are working in Onsite roles will work primarily onsite. This includes all production and maintenance employees, as they are essential to the development of our products. _Regardless of your role type, collaboration and innovation are critical to our business and all employees will have access to digital tools so they can work with colleagues around the world - and access to Collins sites when their work requires in-person meetings._ At Collins, the paths we pave together lead to limitless possibility. And the bonds we form - with our customers and with each other -- propel us all higher, again. Apply now and be part of the team that's redefining aerospace, every day. **_As part of our commitment to maintaining a secure hiring process, candidates may be asked to attend select steps of the interview process in-person at one of our office locations, regardless of whether the role is designated as on-site, hybrid or remote._** The salary range for this role is 124,000 USD - 250,000 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate's work experience, location, education/training, and key skills. Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement. Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company's performance. This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply. RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window. _RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans' Readjustment Assistance Act._ **Privacy Policy and Terms:** Click on this link (******************************************************** to read the Policy and Terms Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Job Description Jumpstart your career as a Cybersecurity professional with BAE Systems, supporting and protecting information systems critical to national security at one of the leading companies in Aerospace and Defense. Develop your Information Assurance (IA) career through hands on application, work with seasoned professionals, and a training and development plan designed to grow your skills in a fast paced, team-based environment. If you are looking to learn, influence, and help develop top cyber technologies, applications, and processes that protect and service our customers wherever they may be air, land, and sea come join our award-winning security team here at Electronic Systems (ES). In this Cybersecurity, Information Systems Security Officer position you will make impacts in the following ways; * Responsible for supporting adherence to all aspects of a rigorous Risk Management Framework (RMF) compliance program as stipulated by NISPOM/DAAPM, JSIG, ICD 503, STIGs and associated NIST publications. * Partner with the Information System Security Manager (ISSM) to maintain Authority to Operate (ATO) approvals for various systems by adhering to the Risk Management Framework (RMF). * Support cybersecurity efforts throughout the RMF process for one or more assigned programs(s) to include the enforcement of System Security Plans, Plans of Action and Milestones (POA&Ms), assessing and auditing systems security controls. Because of the need for consistent, in-person collaboration and/or the requirement to perform all work onsite due to the nature of this particular role, it will be performed full-time on site. This means work will be conducted on location at a BAE Systems facility 100% of the time.Required Education, Experience, & Skills * SECRET Clearance is required for this position * Minimum of High School Diploma with 3 or more years of experience or Degree and 2 years of experience required * IAM Level I certification commensurate with DoD 8570.1M requirements (or ability to obtain certification within 6 months) * High level of personal motivation and initiative to learn and acquire new skills, and adapt seamlessly to an ever-changing security environment * Customer focused, excellent communicator and ability to work with limited supervision. * Strong organizational skills * Able to interface with other IA team members, other security disciplines (industrial security, physical security, special programs security, etc.), and program personnel * Basic understanding of simple networks, operations systems and computer functions. * Coursework in a technical discipline (i.e. programming/scripting, systems administration, cybersecurity/information assurance, etc.) Preferred Education, Experience, & Skills * Top Secret Clearance * Bachelor's Degree in relevant field * IAM Level I certification commensurate with DoD 8570.1M requirements * Working knowledge of system functions, security policies, technical security safeguards, and operational security measures. * Working knowledge of information security technology * Working knowledge of information security management and compliance * Experience with auditing and certifying compliance of various systems (Windows, Linux, Network Devices and peripherals). * Experience with the preparation of Assessment and Authorization (A&A) documents and procedures * Experience with development and delivery of IA-related briefings and training material. * Experience with compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC). Pay Information Full-Time Salary Range: $77809 - $132275 Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience. Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20+ hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics. About BAE Systems Electronic Systems BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts - defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team-making a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference. Electronic Systems (ES) is the global innovator behind BAE Systems' game-changing defense and commercial electronics. Exploiting every electron, we push the limits of what is possible, giving our customers the edge and our employees opportunities to change the world. Our products and capabilities can be found everywhere - from the depths of the ocean to the far reaches of space. At our core are more than 14,000 highly talented Electronic Systems employees with the brightest minds in the industry, we make an impact - for our customers and the communities we serve. This position will be posted for at least 5 calendar days. The posting will remain active until the position is filled, or a qualified pool of candidates is identified.

**Introduction** A career in IBM Software means you'll be part of a team that transforms our customer's challenges into solutions. Seeking new possibilities and always staying curious, we are a team dedicated to creating the world's leading AI-powered, cloud-native software solutions for our customers. Our renowned legacy creates endless global opportunities for our IBMers, so the door is always open for those who want to grow their career. IBM's product and technology landscape includes Research, Software, and Infrastructure. Entering this domain positions you at the heart of IBM, where growth and innovation thrive. **Your role and responsibilities** We are looking for a senior-level Product Security Engineer to help scale our software supply chain and application security functions, providing innovative solutions across the HashiCorp suite of industry-leading products available as cloud, self-managed, and community offerings. At HashiCorp, we're on a mission to enable organizations to provision, secure, connect, and run any infrastructure for any application. Our security team plays a critical role in this mission by ensuring the security and integrity of our products throughout their lifecycle. Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy while also collaborating effectively across engineering, product, and security teams. In this role, your responsibilities will include: * Contribute to solutions that secure the software supply chain for HashiCorp products, across our cloud, self-managed, and community product portfolio. * Monitor supply chain security threats and vulnerabilities impacting HashiCorp products and services, develop mitigations, and assess/communicate associated risks to stakeholders. * Serve as subject matter expert (SME) on multiple supply chain and application security areas (e.g., ASPM, SCA, SAST, DAST, container security, etc.) * Contribute to the development and maintenance of security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, and vulnerability management systems. * Research emerging supply chain attack vectors and techniques, helping identify potential threats to HashiCorp's products. * Collaborate with cross-functional teams to implement security standards and participate in secure code reviews. The product security supply chain and application security team is composed of security engineers working to ensure HashiCorp delivers secure software to its customers. We provide tools and services that support product engineering teams at HashiCorp, embedding security into the development processes. We are primarily responsible for security scanning, secure code review, application security posture management, and contributing to vulnerability management across our entire product portfolio. This role offers opportunities to: * Work with and learn from experienced security engineers. * Develop technical expertise across HashiCorp's diverse product portfolio. * Build relationships with industry peers and contribute to the broader security community. * Drive initiatives that have significant impact on product security. We're looking for a candidate with strong written and verbal communication skills, knowledge of supply chain and application security topics, who brings a pragmatic approach to security, and has the ability to empathize with engineers and product managers across the company. Please note, as communication is a critical aspect of how we work, a cover letter is a great way to provide a sample of how you communicate. In your cover letter, describe why you're interested in working at HashiCorp, and what draws you to this role in particular. **Required technical and professional expertise** * 8+ years of security experience. * Experience building or maintaining security automation within CI/CD pipelines; proficient with GitHub Advanced Security and GitHub Actions security considerations. * Ability to balance security requirements with engineering velocity. * Practical knowledge of application and infrastructure security testing methodologies and tools (SAST, DAST, SCA, Container security). * Familiarity with modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem. * Experience with secure development practices and their integration into broader engineering activities. * Understanding of software supply chain security concepts, such as SBOM generation and vulnerability management best practices. * Experience working with and supporting product engineering teams in cloud environments. **Preferred technical and professional experience** * Familiarity with container security and Kubernetes or Nomad environments. IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

Mainframe Security EngineerRemote - United StatesJR012476 **Requirements:** + U.S. Citizenship is required. + Must pass a Federal Background Check. **Key Responsibilities:** + Administer security for RACF, ACF2, and Top Secret logon IDs, datasets, and resource rules. + Provision user access in response to ServiceNow tickets within defined SLAs. + Monitor system security policies and investigate violations/incidents. + Perform and review daily, weekly, and monthly audit reports. + Liaise with business units and technical support teams. + Prepare ad hoc reports and deliver presentations for customer support. + Ensure adherence to security standards across the environment. + Provide 24×7 on-call support as required. + Utilize Vanguard and/or IBM zSecure security products. + iSeries security knowledge is a plus. + Manage and lead large projects or tasks as needed. + Project management skills are highly desired. **Technical Skills:** + Proficient in TSO, JCL, IBM Utilities, JES2, and ISPF. + Experience with REXX or other programming languages is desired. + CICS security administration experience preferred. + Experience with Vanguard and/or IBM zSecure security products is desired. + Familiarity with IAM (Identity Access Management), MFA (Multi-Factor Authentication), and PAM (Privileged Access Management) is desired. + Strong PC skills, including Microsoft Outlook, Word, Excel, and PowerPoint. **General Knowledge:** + z/OS experience is highly desired. + Knowledge of other mainframe security products is a plus. **Personal Skills:** + Strong written and verbal communication skills. + Excellent organizational skills with the ability to manage multiple concurrent projects and work as part of a global team. + Ability to work independently and take initiative. + Strong analytical and problem-solving skills. + Effective team player who can work independently in a fast-paced environment. + Self-starter, detail-oriented, and able to multitask. **Education & Certifications:** + Bachelor's or Master's degree preferred. + CISSP, CISA, CISM, or ITIL certification is a plus. **Why Ensono?** Ensono is a place to make better happen - for our clients and for your career. You can do great things through innovation or collaboration, by learning or volunteering, or to promote diversity and inclusion. You can do great things for your own health or for a healthier planet. Whatever it means to you to do great things we want Ensono to be the place you can do it. We are a client-facing business, but we do encourage clients to allow us to work remotely most of the time so if you are not required to be on a client site, you can choose to work from home or in our Ensono offices. Some of our benefits include: + Unlimited Paid Days Off + Three health plan options through Blue Cross Blue Shield + 401k with company match + Eligibility for dental, vision, short and long-term disability, life and AD&D coverage, and flexible spending accounts + Paid Maternity Leave, Paternity Leave, and Sabbatical Leave + Education Reimbursement, Student Loan Assistance or 529 College Funding + Enhanced fertility coverage + Wellness program + Depending on location, ability to take Flexible work schedule + Advantage of fitness centers As of the date of this posting, a good faith estimate of the current pay scale for this role is **$90,000 to $135,000** annually based on a full-time schedule. Please note that placement in the range may vary based on numerous factors including but not limited to skills, experience, internal equity, and business needs. In addition to base salary, other compensation programs, depending on eligibility, include an annual bonus plan based on company and individual performance and an equity grant under our Associate Equity Appreciation Program. Ensono is an Equal Opportunity/Affirmative Action employer. We are committed to providing equal employment to our Associates and building a diverse and inclusive workforce. All qualified applicants will be considered without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or other legally protected basis, in accordance with applicable law. Pay transparency nondiscrimination statement/posting OFCCP's pay transparency policy can be found on OFCCP's website (*********************************************************************************************** . If you need accommodation at any point during the application or interview process, please let your recruiter know or email ****************************** . JR012476

Rightworks offers the only intelligent cloud purpose-built for accounting firms and professionals. Backed by award-winning support, our fully managed IT and applications ensure customers have secure, reliable, on-demand access to their technology. We provide a curated software ecosystem that simplifies the complexity of running an accounting firm or small business, supported by a community of thought leaders, peer networks, and educational resources. Our success is made possible by leveraging decades of specialized experience in leading accounting firms, SMBs and technology companies. Thousands of Firms and SMBs count on us to run their business every day. We have a great team, we're growing fast, and have a winning culture based on innovation, teamwork, and mutual respect. Job Overview: The Chief Information Security Officer (CISO) will be responsible for defining and executing the company's enterprise-wide security strategy across internal systems, customer-facing MSP offerings, and SaaS products. The CISO will ensure the confidentiality, integrity, and availability of all systems and data while positioning Rightworks as a trusted leader in secure cloud services for the accounting industry. As a direct report to the CTO, the CISO will play a strategic role in overall technology leadership. This position participates as a strong voice in the technical leadership team, with specific responsibilities for leading and executing Rightworks Security strategy and operations. This is a hybrid position, with 3 days per week in our Nashua, NH headquarters. Responsibilities: Enterprise Security Leadership: Own the overall security strategy for internal systems, networks, and data assets across Rightworks. MSP & Hosting Security: Design and enforce robust security controls for Rightworks' Managed IT and hosting services, ensuring compliance with industry and national standards and requirements. SaaS & Product Security: Support application and public cloud stack security for Rightworks solutions, embedding “security by design,” and supporting DevSecOps cultural transformation. Cloud Security Architecture: Ensure secure architecture around integration between public cloud, private cloud, and IT systems. Champion and govern identity and access management (IAM), encryption standards, zero-trust frameworks, and secure DevOps practices. Lead efforts to harden APIs, integrations, and third-party connectors through audit and testing Rightworks technology systems. Customer & Industry Engagement: Act as the company's external security authority, engaging with customers, partners, and industry groups to represent Rightworks as a thought leader in cybersecurity for accounting professionals. Partner with Sales and Customer Success to reassure large enterprises and key customers about data protection and continuity of service. Be a strong voice at the table on behalf of Rightworks with our customers. Lead and listen, bringing industry perspective and expertise to the table. Partner with product engineering, infrastructure, and operations teams to integrate security practices into development pipelines. Identify areas of opportunity for our organization to improve. Governance, Risk & Compliance (GRC): Establish and lead the company's GRC programs, policies, and risk management frameworks. Ensure adherence to applicable regulations and certifications. Security Incident Response & Resilience: Build and maintain robust security incident detection, response, and recovery plans; lead post-mortem analyses and continuous improvement initiatives. Security Operations & Monitoring: Oversee 24/7 security operations, including threat intelligence, vulnerability management, and monitoring of cloud and MSP environments. Lead Operations of Security Products and Systems: Oversee implementation of customer facing security solutions, including endpoint management and office management. Team Leadership: Build and mentor a high-performing security team, developing leadership capacity and instilling a culture of proactive risk management. Engage as a senior leader in our organization, mentoring engineering and infrastructure leaders, and contributing to enterprise architecture strategy. Requirements: Proven leadership experience as a CISO, VP Security, or senior security executive within a SaaS, MSP, or cloud-hosting environment at scale. Added plus if provided solutions to accounting organizations, departments, and functions. Demonstrated expertise in: Cloud Security (Azure, AWS, multi-tenant environments) . MSP security models (endpoints, networks, client environments). SaaS product security, including secure Software Development Life Cycle and DevSecOps practices. Experience engaging directly with customers and serving as a trusted external voice on cybersecurity topics. Track record of developing and implementing incident response and risk management programs. Ability to balance strategic security leadership with hands-on operational oversight. Experience in private equity-backed companies or demonstrated ability to operate in such an environment preferred. This includes being entrepreneurial, metric-driven, and skilled at managing budgets, top-line revenue, and bottom-line profitability. Strong leadership, mentoring, and executive succession potential. Executive presence with excellent communication, presentation, and board-level reporting skills. Excellent communication and presentation skills, both written and verbal. Possesses a command for communicating complex ideas into simple and understandable concepts. Strong leadership and interpersonal skills to help build relationships and effective teams. Ability to work across organizational lines, command respect, and influence. Demonstrated success partnering and collaborating internally and externally with executive level management and with all functions of an organization. Proven success in creating and leading geographically dispersed teams. Successful track record of recruiting and fielding an "A" team through hiring and internal development programs. Preferred education, yet relevant experience is most crucial: Bachelor's degree in computer science, Information Systems, or related field preferred. Security certifications are highly desirable: (e.g. Certified Information Systems Security Professional, Certified Information Security Manager, Certified Information Systems Auditor, and Certified Cloud Security Professional). Personal Characteristics: Entrepreneurial and growth-oriented mindset. Metrics driven with financial acumen and budget discipline. Strong executive presence with the ability to engage customers and industry peers. Results-driven, with a passion for measurable security outcomes. Collaborative leader, able to build trust across engineering, operations, and executive teams. High integrity and commitment to customer trust. Innovative and intellectually curious, staying ahead of emerging threats and technologies. Eligibility Requirements: This role is open to US Citizens or permanent residents authorized to work in the United States. Rightworks LLC is unable to offer visa sponsorship. Due to specific state regulations, we are unable to accept applications from residents of California, Hawaii, or Alaska. Relocation will not be offered for this position. Compensation: The On-Target Earnings (OTE) range for this role is $260,000-$350,000. Benefits: To provide best-in-class solutions, we need a best-in-class team. We offer competitive salaries to recruit the best talent. We provide company-paid short and long-term disability insurance, life insurance and a generous 401K match. We offer highly affordable medical, dental, vision coverage, and many other valuable benefits. We offer flexible PTO, and numerous paid holidays, affording you the time to be there for what is important in your life. We encourage giving back to our communities by providing paid volunteer time off. We are proud to be an Equal Opportunity Employer! This job description may not be inclusive of all assigned duties, responsibilities, or aspects of the job described, and may be amended at any time at the sole discretion of the employer.

Ready to be pushed beyond what you think you're capable of? At Coinbase, our mission is to increase economic freedom in the world. It's a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform - and with it, the future global financial system. To achieve our mission, we're seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company's hardest problems. Our ******************************** is intense and isn't for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there's no better place to be. While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported. The Application Security organization at Coinbase is seeking to hire an experienced Offensive Security Engineer specializing in Web3 penetration testing and Web3 bug bounty program management and optimization. In this role, you will collaborate with the Bug Bounty Program Lead to drive Web3 bug bounty triage, validation, and strategic initiatives aimed at increasing program efficiency, maturity, and hacker engagement. You will work closely with whitehat hackers, security engineers, and cross-functional teams to enhance Coinbase's security posture through an effective bug bounty program. Additionally, you will perform penetration tests on Web3 technologies and applications, ensuring the security of Coinbase's blockchain-based products and services. *What you'll be doing (ie. job duties):* * Conduct security assessments of Web3 products and services, including smart contracts, DeFi protocols, and blockchain infrastructure. * Collaborate with partner teams to enhance detection and response capabilities for Web3 vulnerabilities. * Stay informed on emerging security trends, advisories, and academic research in the Web3 space. * Lead Web3 bug bounty triage and validation, ensuring timely and accurate assessments of reported vulnerabilities. * Develop and implement strategies to incentivize high-quality bug bounty submissions and engage with the hacker community. * Manage the Web3 bug bounty program, including scope updates, researcher communication, and payout disbursements. * Analyze bug bounty data to identify trends, common vulnerabilities, and areas for improvement. * Collaborate with engineering teams to prioritize and remediate vulnerabilities identified through the bug bounty program. * Mentor and train junior security engineers in Web3 bug bounty triage and analysis. * Provide on-call support for critical Web3 bug bounty-related incidents. * Document and report on Web3 bug bounty metrics and program effectiveness. *What we look for in you (ie. job requirements):* * Bachelor's or Master's degree in Computer Science, Cybersecurity, Software Engineering, or a related field. * 3+ years of experience in Web3 application security and penetration testing. * Proven track record of identifying critical vulnerabilities across the blockchain protocol stack, Web2, and Web3 components. * Extensive knowledge of the blockchain ecosystem, including L1/L2 networks, DeFi protocols, and staking mechanisms. * Deep understanding of Web2 security concepts and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25). * Strong analytical skills to identify trends and patterns in vulnerabilities. * Excellent communication skills for engaging with internal teams. * Passion for security and a drive to improve Web3 security posture. * Ability to work independently and take ownership of penetration testing initiatives. * Energy and self-drive for continuous learning in the rapidly evolving crypto space. * Excellence in clear, direct, and kind communication with technical and non-technical stakeholders. * Experience building relationships with product, engineering, and security teams. *Nice to haves:* * Participation in CTFs, bug bounty programs, or open-source security research. * Expertise in Application Security, Network Security, or Cloud Security. * Relevant security certifications (e.g., OSCP, GPEN). * Experience developing and implementing security tooling to support bug bounty triage and analysis. * Experience with bug bounty programs and platforms, including triage, validation, and researcher communication. * Strong analytical skills to identify trends and patterns in bug bounty submissions. * Excellent communication skills to effectively engage with bug bounty researchers. Position ID: P69494 \#LI-remote *Pay Transparency Notice:* Depending on your work location, the target annual salary for this position can range as detailed below. Full time offers from Coinbase also include bonus eligibility + equity eligibility**+ benefits (including medical, dental, vision and 401(k)). Pay Range: $152,405-$179,300 USD Please be advised that each candidate may submit a maximum of four applications within any 30-day period. We encourage you to carefully evaluate how your skills and interests align with Coinbase's roles before applying. Commitment to Equal Opportunity Coinbase is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the *********************************************** in certain locations, as required by law. Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations*********************************** *Global Data Privacy Notice for Job Candidates and Applicants* Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available ********************************************************** By submitting your application, you are agreeing to our use and processing of your data as required. *AI Disclosure* For select roles, Coinbase is piloting an AI tool based on machine learning technologies to conduct initial screening interviews to qualified applicants. The tool simulates realistic interview scenarios and engages in dynamic conversation. A human recruiter will review your interview responses, provided in the form of a voice recording and/or transcript, to assess them against the qualifications and characteristics outlined in the job description. For select roles, Coinbase is also piloting an AI interview intelligence platform to transcribe and summarize interview notes, allowing our interviewers to fully focus on you as the candidate. *The above pilots are for testing purposes and Coinbase will not use AI to make decisions impacting employment*. To request a reasonable accommodation due to disability, please contact accommodations[at]coinbase.com

The Team The Security Reference team within Fidelity Fund and Investment Operations (FFIO) is a global investment data management organization that specializes in the sourcing and processing security data within MDM (Master Data Management) system. GDS provides data services for trading, accounting, compliance, performance and analytical data in support of global investment decision making organizations. Security Reference, a division of GDS, specializes in managing, integrating and validating vendor and Fidelity-defined data associated with investment entities (securities, issues, brokers, funds, portfolios and index data). Our work is highly collaborative and involves close coordination and superb communication with our clients, global team members, and key business and technology partners across Fidelity. The Principal Data Analyst will work with business partners to resolve complex data inquiries while providing high level of customer service. They will support Security Reference and Corporate Hierarchy Data operations in Merrimack NH, ensuring accuracy, timeliness, and compliance with governance standards. This team provides hands-on support to trading desks, enabling efficient and accurate investment decision-making. Knowledge in various loan instruments including Term Loans, Revolvers, and Real Estate Loans, as well Equity securities (Common Stocks, Preferred Stocks) that are used in the Direct Lending space. Experience with both private loans and syndicated loans is also preferred. The Expertise You Have * Bachelor's degree in Business/Finance or related field required * Financial Services Industry experience working with reference data preferred * Knowledge in various loan instruments including Term Loans, Revolvers, and Real Estate Loans * Knowledge in with Equity securities (Common Stocks, Preferred Stocks) that are used in the Direct Lending space. * Experienced in managing projects and/or small teams of people in and agile environment * Ability to multi-task, work under pressure, and meet tight deadlines * Teammate who takes initiative and thinks across Fidelity * Hands on work style with can do attitude with strong desire to make things happen * Preferred reporting tools experience such as SQL, Bloomberg and CusipWeb a plus The Skills You Bring * Strong leader and mentor that builds productive and collaborate relationships with team members * You are a team who takes initiative and leads to achieve team goals * Highly motivated, flexible, quality focused team player with excellent organizational skills * Ability to work at different levels of detail and can concisely summarize complex issues * Solid organizational and project management skills to navigate high volume setting with tight deadlines * Demonstrated ability to work independently and collaboratively with all levels of staff, management and other business partners * Strong learning agility to quickly understand and connect key concepts and dependencies The Value You Deliver * Formulates both tactical and strategic plans to increase productivity and to reduce risk * Liaise with customer, business partners, and systems to translate business requirements into data requirements, evaluating and recommending data solutions * Make recommendations for global operational enhancements * Participates in new product forums and works with GDS management consultancy team to stay abreast of industry news and developments * Reviews database queries to analyze and validate data for problem resolution for ad-hoc customer questions or issues * Participates and/or leads Operations Support projects and initiatives involving multiple business partners, provide subject matter expertise Note: Fidelity will not provide immigration sponsorship for this position Certifications: Category: Investment Operations Most roles at Fidelity are Hybrid, requiring associates to work onsite every other week (all business days, M-F) in a Fidelity office. This does not apply to Remote or fully Onsite roles. Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.

ARA is a leading C5ISR company that designs, manufactures, tests and installs innovative technologies that provide the national security community with unparalleled situational awareness, threat detection, and communications capabilities. Our disruptive, integrated solutions, assemblies and subsystems rise to the challenging demands of discerning, mission-critical customers. We leverage our capabilities to meet and exceed the requirements of our customers and empower them to remain ahead of evolving threats and complexities in a dynamic security landscape. Job Summary We are seeking an Information Systems Security Manager (ISSM) is responsible for leading and advancing the company's industrial and information security and Communications Security (COMSEC) programs in compliance with government and corporate requirements. This position oversees the protection of classified and sensitive information systems, ensuring adherence to DoD, NISPOM, and Risk Management Framework (RMF) standards. The ISSM will drive security strategy, manage day-to-day operations, and collaborate with leadership, IT, and external partners to maintain accreditation, mitigate risk, and ensure the highest levels of cybersecurity posture. This role requires a balance of strategic vision, technical expertise, and hands-on execution in safeguarding mission-critical systems and data. Essential Functions Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. Knowledge of and experience implementing the requirements of the DCSA Assessment and Authorization Guide (DAAG) or prior experience with the DCSA Assessment and Authorization Process Manual (DAAPM). Evaluate and implement security solutions that meet requirements for classified information systems (IS) including system security requirements, configuration management and change control. Conduct vulnerability and risk assessments and support certification and accreditation activities. Support and coordinate COMSEC responsibilities including proper handling, accountability, storage, distribution, and destruction of COMSEC material in accordance with NSA and DoD requirements. Ensure integration of COMSEC procedures into information systems security processes and incident response actions. Manage relationship with assigned DoD Information Systems Security Professionals (ISSPs) and customer security controls assessors SCAs Submit and manage all authorization-to-operate (ATO) packages in Enterprise Mission Assurance Support Service (eMASS) Prepare and maintain security documentation, including System Security Plans (SSPs), Risk Assessment Reports (RARs), and Plans of Action and Milestones (POA&Ms). Ensure accurate maintenance of security records and hardware/software inventories. Oversee internal audits and inspections, coordinate responses and corrective actions. Monitor for anomalies, investigate incidents, and coordinate response and mitigation. Advise on Co-Utilization Agreements and ensure compliance with configuration management and security protocols. Work with the FSO to ensure alignment between IS security, industrial security, and COMSEC program requirements. Support the Facility Security Officer and participate in the Insider Threat Working Group. Assist with Cybersecurity Maturity Model Certification (CMMC) and RMF continuous monitoring activities. Provide training and guidance for staff on information system security procedures and COMSEC handling procedures. Collaborate with IT teams, auditors, and management to ensure compliance and continuous improvement. Prepare and present regular security status reports. Perform other related security duties as assigned. Position Qualifications In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire. Competency Statements Adaptability - Adapts to change, open to new ideas and responsibilities Communication - Ability to communicate thoughts clearly, both oral and written in an honest, open and timely manner Job Knowledge - Understands facets of job, aware of duties and responsibilities, keeps job knowledge current Technical Skill - Possesses the knowledge and skills needed to perform a job or role effectively Dependability - Meets deadlines, works independently or in a team environment, is accountable, maintains focus, good attendance record Quality - Strives to eliminate errors, accurate work is a priority, seeks opportunities to improve products Ethics - Honest, accountable, maintains confidentiality Initiative / Take Ownership - Takes action, seeks new opportunities, strives to see projects to completion, meaning own your job and see it through Decision Making - Problem solve and critical thinking skills, be able to reach a decision, takes thoughtful approach when considering options, seeks input from others, makes difficult decisions Customer Focus - Understands and can meet the needs in a customer-centric (Internal and External) environment and build strong relationships. Promotes a positive image of the company and strives to solve issues raised by customers. Experience and Skills DoD Top Secret eligibility with in-scope background investigation (Tier 5) Minimum 5 years of experience in information or industrial security. Knowledge of NISPOM, JSIG, and DISA STIGs. CISSP, CISM, or equivalent certification. Experience with risk management, incident response, and security authorization packages. Strong understanding of information security principles and compliance requirements. Proficiency in developing and implementing security policies and procedures. Experience auditing environments with multiple operating systems (Windows, Linux, helpful). Strong analytical, organizational, leadership, and communication skills. Ability to manage initiatives of moderate scope independently and collaboratively Education Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field Antenna Research Associates, Inc. is an equal opportunity employer committed to a policy of non-discrimination and affirmative action. We do not discriminate based on race, color, religion, sex, national origin, disability, protected veteran status, or any other legally protected status. #LI-onsite

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. Lead IAM work for new customer onboardings and migrations. Collaborate with CAH Account Management, Application Teams, and Customers to design, implement, and test federated SSO solution based on customer login requirements. Provide technical guidance and act as primary point of contact for business partners and customer related to IAM work for onboarding. Additional responsibilities include supporting application integrations and enhancing SSO self service application onboarding. **Responsibilities:** + **Customer Onboarding IAM Efforts - Strategy & Execution :** Lead the planning, design, and execution for Customer Onboarding via federated SSO, ensuring alignment with overall business and security objectives. This includes assessing multiple Cardinal Health e-commerce applications, understanding login requirements for new/existing customers, designing, testing and implementing solutions etc to ensure top notch user login experience and enhancing Cardinal Health's security posture. + **Collaboration & Communication:** Coordinate cross-functional teams, including Customer Business and IT teams, Cardinal Health's Account Management/Sales and Application teams, Information Security and others to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical internal and external stakeholders. + **Application Integration Leadership:** Lead the integration of various enterprise applications (SaaS, on-premise, custom-built) with our core IAM infrastructure, ensuring secure authentication, authorization, and user provisioning/de-provisioning. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Solution Design & Implementation:** Design, implement, and maintain IAM solutions including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Role-Based Access Control (RBAC) frameworks. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications:** + **Education:** Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent practical experience. + **Experience:** 5+ years of progressive experience as an IAM Engineer, designing and implementing enterprise scale solutions with significant experience in supporting M&A integration projects preferred. + **Technical Expertise:** + Extensive knowledge and experience with authentication standards and technologies such as SSO (SAML, OAuth, OpenID Connect), MFA + Proficiency in directory services (e.g., Active Directory, Azure AD, LDAP). + Hands-on experience with leading IAM platforms (e.g., Okta, Microsoft Azure AD, CyberArk, ForgeRock, Ping Identity, SailPoint). + Strong understanding of security principles, risk management, and access control models (e.g., RBAC). + Familiarity with Zero Trust architecture principles. + Familiarity with AI/ML concepts and their practical application in security and risk management, especially in IAM context. + Strong communication and interpersonal skills to collaborate effectively with various teams and stakeholders. + Detail-oriented mindset to ensure precise access control configurations and compliance. + Excellent problem-solving and analytical abilities to troubleshoot access issues and design solutions for unique business requirements + Must be a self-starter who takes full ownership of projects from inception to completion , holding oneself accountable for the security and operation integrity of IAM platform. + Ability to manage multiple priorities and meet tight deadlines in a fast-paced M&A environment. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

Your Future. Secured. ISC2 is a force for good. As the world's leading nonprofit member organization for cybersecurity professionals, our core values - Integrity, Advocacy, Commitment, Inclusion, and Excellence - drive everything we do in support of our vision of a safe and secure cyber world. Our globally recognized, award-winning portfolio of certifications provide an independent and globally recognized endorsement of cybersecurity knowledge, skills and experience for all career levels. Our charitable arm, the Center for Cyber Safety and Education, enables ISC2 and our members to serve the public by educating the most vulnerable about cyber risks and empowering access to enter and thrive in the cyber profession. Learn more at ISC2 online and connect with us on Twitter, Facebook and LinkedIn. When you join ISC2, you'll demonstrate your commitment to an inclusive and equitable environment. Your support of the unique perspectives and experiences shared by our global cybersecurity workforce and profession will be recognized. We invite you to take an active role in helping us create a true sense of belonging across our organization - an environment of authenticity, trust, empowerment and connectedness that empowers all of our successes. Learn more. **Position Summary** The Application Security Engineer will be an integral part of the security team and will work cross-functionally with several lines of business to ensure the secure delivery of products and applications. The Application Security Engineer will be expected to attend stand-ups and strategy sessions to identify areas of risk and offer consulting on best practices. The Application Security Engineer will act as a champion and will formalize the integration of application security into our current processes and tools. **Responsibilities** The Application Security Engineer will be expected to facilitate technical design reviews, perform code analysis, offer remediation recommendations, perform manual and dynamic security testing, and document and present all findings. The Application Security Engineer will work closely with the Development, Release, and QA teams to identify and coordinate security testing, validate, test, and vet both internally and externally developed applications. As an Application Security Engineer, you will act as a DevSecOps Engineer that will be responsible for secure application delivery as well as the underlying infrastructure. The Application Security Engineer must be comfortable with securing cloud-based products in environments such as AWS, Azure and Salesforce. Additionally, this position will provide security risk assessments, create threat models and assist the team with vulnerability testing. Additionally, this position manages the ISC2 responsible reporting program that supports the organization's secure application delivery objectives. In addition to the daily duties described, the individual will assist the security engineering team in the management of security technologies administered by the group (e.g., WAF, Firewall, IDS, and SEIM). This would be an "as needed" function, which is primarily to provide coverage for those duties when individuals on the security engineering team are out of the office for training or vacation. Additionally, the Application Security Engineer will be expected to participate in the Incident Response team and act as a Subject Matter Expert when dealing with the continuity of our operations and when responding with cyber incidents. + Conduct security assessments: Perform comprehensive security assessments of applications, including static code analysis, dynamic application testing, and penetration testing. Identify vulnerabilities, weaknesses, and potential attack vectors. + Secure code review: Review application source code to identify security flaws, such as insecure authentication mechanisms, input validation vulnerabilities, and potential injection attacks. Provide recommendations for remediation and best practices for secure coding. + Threat modeling: Collaborate with development teams to identify and assess potential threats and risks associated with the application. Use threat modeling techniques to prioritize security controls and countermeasures. + Develop and implement security controls: Design, develop, and implement security controls and countermeasures to protect applications against common security threats, such as cross-site scripting (XSS), cross-site request forgery (CSRF), and SQL injection. Implement secure coding practices and security guidelines. + Vulnerability management: Establish and maintain a vulnerability management program for applications. Track and prioritize vulnerabilities based on their severity and impact. Coordinate with development teams to ensure timely remediation of identified vulnerabilities. + Security testing automation: Develop and maintain automated security testing tools and scripts to streamline the application security testing process. Integrate security testing into the continuous integration and deployment (CI/CD) pipeline. + Security training and awareness: Conduct security training and awareness programs and determine skills training needs for development teams, promoting secure coding practices andawareness of common security vulnerabilities. Stay updated with the latest security trends, attack techniques, and best practices. + Incident response: Provide support during security incidents or breaches related to applications. Participate in incident response activities, including containment, investigation, and remediation. + Compliance and regulatory requirements: Ensure that applications adhere to relevant security compliance standards, industry regulations, and data privacy requirements (e.g., GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability)). Collaborate with compliance teams to address any compliance-related concerns. + Security documentation and reporting: Prepare and maintain security documentation, including security policies, procedures, and guidelines. Generate periodic reports on the security posture of applications and present findings to relevant stakeholders. Other responsibilities include: + Maintain and manage all pipelines from a security perspective. + Onboard new pipelines for security tooling. + Keep pipeline diagrams up to date with current security details. + Serve as the primary SME for the DAST scanner.This includes configuration, testing, vulnerability management, and remediation oversight. + Recommend continuous improvements for the SAST scanner. + Security code release approvals + Maintain and manage the WAF, including signatures, configuration, and threat intel feeds. + Serve as the SME and provide recommendations for ongoing improvements. + Establish baseline WAF signatures for XD Prod following the Silverline migration. + Baseline WAF signatures after code releases. + Serve as the primary point of contact for vetting bug reports and managing the informed disclosure process. + Assist with attestation data gathering. + Support and assist with threat modeling. + Act as the formal backup for the threat modeling and attestation processes. + Review and approve Security Assessment Review reports as needed. + Perform other duties as required. **Behavioral Competencies** + Ability to demonstrate and support the ISC2 Core Values: Integrity, Excellence, Inclusion, Advocacy and Commitment + Function as an architect, who can conduct architecture reviews of new systems and solutions. + Serve as a builder who can build and integrate application security in our SDLC. + Act as a collaborator, who likes to engage with the team and the industry. + Serve as a team player, who will jump in and assist in other security functions as needed. + Function as a leader, who will use your knowledge and to train and guide developers and engineers. + Demonstrate a passion for application security, creative and critical thinking, strong analysis skills, the ability to work in a fast-paced environment, and have familiarity with agile, continuous integration, and continuous deployment. + Experience in securing SaaS-delivered offerings in multiple cloud environments deployed with automation & orchestration. **Qualifications** + Ability to write some code, as needed, to conduct security-focused testing. + Application Experience with common testing tools such as Veracode, Fortify, Zap, Burp, and fiddler, among others. + Application Understanding of common vulnerabilities & remediation. + Application Knowledge and understanding of automation and scripting languages. + Design & code review skills. + A solid understanding of Microsoft platforms such as .NET, Windows, C#, Azure. + General Knowledge of cloud security, API (Application Programming Interface) security, and associated best practices. **Education and Work Experience** + Bachelor's degree in computer science, information systems, related engineering field. Will consider a high school diploma and 10+ years of relevant work experience, as well as current additional credentials (CCSP, GDSP, etc..) in lieu of a degree. + A CISSP and CSSLP are required for this position. + 8+ years of experience in Information Security. + 8+ years of experience with static and dynamic analysis for coding and vulnerability identification and remediation. + 5+ years of Secure Development experience. + Application Experience with implementing Secure Development Lifecycle in an agile environment. + First-hand experience with architectural reviews, application reviews, and penetration testing. + Application Experience with Continuous Integration processes, particularly with building security practices into the pipeline. **Physical and Mental Demands** + Ability to travel up to 10% of time. May also include overnight travel. + Work extended hours, when necessary. + Work in an office environment using dual monitor computer screens. + Sitting for extended periods. **Equal Employment Opportunity Statement** All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic as protected by applicable law. Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process. **Job Locations** _US-Remote_ **Posted Date** _4 weeks ago_ _(11/19/2025 1:29 PM)_ **_Job ID_** _2025-2253_ **_\# of Openings_** _1_ **_Category_** _Information Security_