Security architect jobs in Guilford, PA - 42 jobs

SNC's Military Fellowship Program partners with programs such as SkillBridge and Hiring Our Heroes to provide fellowship opportunities to service members transitioning to the civilian workforce. These fellowships include up to six months of on-the-job industry training for eligible service members. During this time, participants gain valuable work experience in the civilian sector and build professional networks as they prepare for their transition to full-time civilian work. NOTE: You must be currently serving on active duty to be eligible for this fellowship program. This program is not for veterans who have already separated from the military. As a Systems Security Engineer, you will be using your skills and expertise to design, test, and implement our secure operating systems, networks, security monitoring, and tuning. You'll be responsible for the management of our IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions, conducting risk and vulnerability assessments, and developing and implementing security controls. You'll research, evaluate, and recommend new security tools, techniques, and technologies in alignment with our IT security strategy and introduce them to the enterprise.The ISR (Intelligence, Surveillance & Reconnaissance), Aviation, and Security (IAS) business area is a leader in ISR and aviation, it is a leading prime manned and unmanned aircraft systems integrator for innovative, high-performance ISR and aviation systems. Its end-to-end Command, Control, Computers, Communications and Intelligence, Surveillance & Reconnaissance (C4ISR) capabilities encompass design, integration, test, certification, ground/flight training and complete logistics support. IAS tailors solutions to customer cost, performance, and schedule requirements and designs to consistently exceed expectations - with an unrivaled record of on time and on (or under) budget deliveries. Qualifications You Must Have: Currently serving as active duty military and be eligible to participate in the DoD SkillBridge program Bachelor's degree in Systems Security, Network Engineering, Information Technology, or related Engineering discipline and typically 2+ years of relevant experience Relevant experience may be considered in lieu of required education Qualifications We Prefer: ISSM CAP, CISSP, or CISM Certification ISSE CAP, CISSP-ISSEP Certification ISSO Security+, CISA, or CASP+ Certification MCSE, Linux, and/or CCNP Security Certification At Sierra Nevada Company, LLC (SNC) we deliver customer-focused technology and best-of-breed integrations in the aerospace and defense sectors. SNC has been honored as one of the most innovative U.S. companies in space, a Tier One Superior Supplier for the U.S. Air Force, and as one of America's fastest-growing companies. Learn more about SNC This posting will be open for application for a minimum of 5 days and may be extended based on business needs. Estimated Starting Salary Range: $85,768.30 - $117,931.40. Compensation varies depending on a wide array of factors, such as candidates' key skills, relevant work experience, and education/training/certifications. The disclosed range estimate may be adjusted for any applicable geographic differential associated with the location at which the position may be filled. SNC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with 150% match up to 6%, life insurance, 3 weeks paid time off, tuition reimbursement, and more. IMPORTANT NOTICE: To conform to U.S. Government international trade regulations, applicant must be a U.S. Citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State or U.S. Department of Commerce. Learn more about the background check process for Security Clearances. SNC is a global leader in aerospace and national security committed to moving the American Dream forward. We're known and respected for our mission and execution focus, agility, and disruptive and rapid innovation. We provide leading edge technologies and transformative solutions that support our nation's most critical security needs. If you are mission-focused, thrive in collaborative environments, and want to make our country stronger with state-of-the-art technologies that safeguard freedom, join our team! SNC is an Equal Opportunity Employer committed to an environment free of discrimination. Employment decisions are made based on merit without regard to race, color, age, religion, sex, national origin, disability, status as a protected veteran or other characteristics protected by law.

This job provides Information Security and Risk Management services for the Organization. Works with peers within security, HM Health Solutions customers and application teams to ensure alignment with current and future security needs. Manages activities of various Information Security personnel. Makes decisions on personnel actions (promotions, hiring, terminations, etc.). Develops talent, addresses resource management, cultivates capabilities of staff, planning and coordination of work, and managing performance. Conducts the oversight of security technology products for network, systems, and data. Controls expenses within the operating unit and is responsible for meeting budget goals. Actively contributes to the Information Security ans Risk Management (ISRM) strategic planning process by working with the Directors to develop and implement department strategic plans and action steps that support the corporate strategic objectives. Actively involved in the coordination, implementation, problem solving, communication, and training of new technologies and processes, as they are developed and moved into the environment. Develops and presents Information Security awareness and training programs. **ESSENTIAL RESPONSIBILITIES** + Perform management responsibilities including, but not limited to: involved in hiring and termination decisions; coaching and development; rewards and recognition; performance management and staff productivity. + Plan, organize, staff, direct and control the day-to-day operations of the department; develop and implement policies and programs as necessary; may have budgetary responsibility and authority. + Provide oversight of all aspects of project management to ensure continuous improvement of processes: negotiate and collaborate with leadership and staff to develop security solutions and options; develop and adhere to internal standards and strategies; ensure adherence to approved methodologies; coordinate resources, time, contingency plans and risk management. + Provide leadership to the department: lead and champion organizational change; encourage participation in activities that support relationship development; champion information security innovation; encourage and enforce proper training in regards to security issues. + Ensure compliance to Corporate and Information Security policies, standards and procedures. + Communicate effectively with all levels of the organization: facilitate meetings; plan, design and provide presentations; represent HM Health Solutions with outside entities; prepare divisional procedures, policies, reports and correspondence; spread awareness of new and existing security threats; provide oversight regarding metrics, funding, budgets and resources. + Other duties as assigned or requested. **EDUCATION** **Required** + Bachelor's Degree in Information Security, Information Systems, Information Assurance, Computer Science or related field **Substitutions** + 6 years of relevant experience substitution for a Bachelor's Degree **Preferred** + Master's Degree in Computer Science, Information Security or related field **EXPERIENCE** **Required** + 7 - 10 years in Information Security and/or Information Risk Management and/or Information Technology + 7 - 10 years in developing, communicating and presenting Information Security and Risk Management concepts to varying audiences + 1 - 3 years in mentoring others in a leadership role + 1 - 3 years in Staff Management + 1 - 3 years in developing and executing strategic plans to realize business objectives **Preferred** + 10 - 15 years in Information Security and/or Information Risk Management and/or Information Technology + Experience managing an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-83 cyber security framework + Experience supporting SSAE 16 or SOC 2 Security Trust Principle audits + Experience establishing budgets and meeting fiduciary goals + Security industry organization participation/leadership (HITRUST, ISACA, InfraGard, ISC2, ISSA, etc.) **LICENSES AND CERTIFICATIONS** **Required** + None **Preferred** + Certified Information Systems Security Professional (CISSP) **OR** + Certified Information Security Manager (CISM) **OR** + Certified in Risk and Information Systems Controls (CRISC) **OR** + Information Technology Infrastructure Library (ITIL) **SKILLS** + Knowledge of regulatory requirements such as Health Insurance Portability and Accountability Act (HIPPA), Payment Card Industry Data Security Standards (PCI DSS), and FIPS-140 + Strong teamwork and interpersonal skills + Experience in leading process improvement initiatives + Ability to motivate high performance, multi-discipline teams + Demonstrated competency in project execution + Demonstrated abilities in relationship management **Languages (Other than English)** None **Travel Requirement** 0% - 25% **PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS** **Position Type** Office-Based Teaches/Trains others regularly Frequently Travels regularly from the office to various work sites or from site-to-site Occasionally Works primarily out-of-the office selling products/services (Sales employees) Does Not Apply Physical Work Site Required Yes Lifting: up to 10 pounds Does Not Apply Lifting: 10 to 25 pounds Does Not Apply Lifting: 25 to 50 pounds Does Not Apply **_Disclaimer:_** _The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job._ **_Compliance Requirement_** _: This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies._ _As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company's Handbook of Privacy Policies and Practices and Information Security Policy._ _Furthermore, it is every employee's responsibility to comply with the company's Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements._ **Pay Range Minimum:** $108,000.00 **Pay Range Maximum:** $201,800.00 _Base pay is determined by a variety of factors including a candidate's qualifications, experience, and expected contributions, as well as internal peer equity, market, and business considerations. The displayed salary range does not reflect any geographic differential Highmark may apply for certain locations based upon comparative markets._ Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law. We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below. For accommodation requests, please contact HR Services Online at ***************************** California Consumer Privacy Act Employees, Contractors, and Applicants Notice Req ID: J269753

The Instagram Security Ecosystems team is seeking a product-focused security engineer interesting in enabling Instagram product teams to develop features with a focus on security and user safety. You will be relied upon to directly work with Instagram engineers, hardening both product features and our protective frameworks that make life harder for bad actors on the Instagram platform. **Required Skills:** Product Security Engineer, Instagram Responsibilities: 1. Threat Modeling and Security Architecture: Work directly with product managers and technical leads on threat models and security architecture for novel Instagram features or products 2. Security Reviews: Perform manual design and implementation reviews of web, mobile, and native code 3. Developer Guidance: Provide guidance and education to developers that help prevent the authoring of vulnerabilities 4. Automated Analysis and Secure Frameworks: Work with other security teams to improve Instagram's static and dynamic analysis and frameworks to scale coverage 5. Bug Bounty: Help provide technical guidance to our world class bug bounty program and independent security researchers 6. Industry Impact: Push the industry forward through conference talks and open source projects to contribute broadly to security for the world **Minimum Qualifications:** Minimum Qualifications: 7. B.S. or M.S. in Computer Science, Cybersecurity, or related field, or equivalent experience 8. 8+ years of experience finding vulnerabilities in interpreted languages (Python, PHP) 9. Extensive, proven experience in threat modeling and secure systems design 10. Experience with exploiting common security vulnerabilities **Preferred Qualifications:** Preferred Qualifications: 11. Product software engineering or product management experience 12. Experience in security consulting or other leadership-facing security advisory roles 13. Familiarity with cybersecurity investigations, abuse operations, and/or security incident response 14. Contributions to the security community (public research, blogging, presentations, bug bounty, etc.) **Public Compensation:** $184,000/year to $257,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Security Engineer (RMF) Job Category: Information TechnologyTime Type: Full time Minimum Clearance Required to Start: TS/SCI with PolygraphEmployee Type: RegularPercentage of Travel Required: Up to 10%Type of Travel: Local* * * The Opportunity: We are seeking a skilled Security Engineer (RMF) to support the Defense Intelligence Agency (DIA) at the National Center for Medical Intelligence (NCMI) in Ft. Detrick, Maryland. This role focuses on implementing and managing cybersecurity for IT systems using the Risk Management Framework (RMF), ensuring systems meet federal and DoD security standards to achieve and maintain Authority to Operate (ATO). The Security Engineer will work closely with System Owners, Information System Security Officers (ISSOs), and Enterprise ISSMs to develop security documentation, apply compliance controls, and support the full system lifecycle from design through authorization. Responsibilities: Documentation - Develop and maintain RMF artifacts including System Security Plans (SSP), Security Assessment Reports (SAR), Security Assessment Plans (SAP), and Plans of Action and Milestones (POA&M). Compliance & Hardening - Apply DISA STIGs/SRGs, implement NIST 800-53 controls, and perform system hardening across Windows/Linux environments. Assessment & Remediation - Conduct vulnerability scans using tools like Nessus, ACAS, and SCAP. Analyze scan results and manage remediation efforts to reduce risk. Authorization Support - Support the Assessment & Authorization (A&A) process to obtain and sustain ATOs. Manage XACTA data requirements and ensure alignment with DIA RMF processes. Continuous Monitoring - Perform ongoing security monitoring and reporting to maintain system compliance and health. Review logs and alerts using tools such as Splunk and SolarWinds. Coordination & Collaboration - Work closely with System Owners, ISSOs, Enterprise ISSMs, and other engineering teams to develop security plans, respond to incidents, and ensure consistent implementation of cybersecurity policies. DevOps & System Support - Maintain DevOps pipelines, manage deployments, and support integration and production environments. Handle outages, account management, and security updates. Qualifications: Required: TS/SCI with the ability to successfully pass a Polygraph exam. DoD 8570 IAT Level II or higher (e.g., Security+, GSEC) certification. Experience with Cybersecurity, system engineering, or related field. Proven experience executing RMF and supporting ATOs in DoD or intelligence environments. Technical Expertise with TCP/IP, Windows/Linux security, Solarwinds, Splunk, STIG Viewer, ACAS, Nessus and eMASS. Experience with NIST RMF, DoD Instructions (DoDI 8510.01, 8500.01, 8500.02), ICD 503. Familiarity with USG C2S cloud environments. BS degree in Computer Science, Data Science, Math, or a Medical field with 8 years of experience. Desired: Experience in medical or intelligence organizations. Experience integrating COTS into GOTS applications. Familiarity with NIST SP 800-144, 800-145, and other relevant cybersecurity publications. - ________________________________________________________________________________________ What You Can Expect: A culture of integrity. At CACI, we place character and innovation at the center of everything we do. As a valued team member, you'll be part of a high-performing group dedicated to our customer's missions and driven by a higher purpose - to ensure the safety of our nation. An environment of trust. CACI values the unique contributions that every employee brings to our company and our customers - every day. You'll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality. A focus on continuous growth. Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground - in your career and in our legacy. Your potential is limitless. So is ours. Learn more about CACI here. ________________________________________________________________________________________ Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here. The proposed salary range for this position is: $86,600 - $181,800 CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. We are seeking a highly skilled and experienced Identity and Access Management (IAM) Engineer to join our team. In this pivotal role, you will be instrumental in designing, implementing, and managing IAM solutions that secure our enterprise applications and facilitate the secure, efficient, and seamless integration of identity and access systems in context of our rapid growth through Mergers and Acquisitions. You will ensure robust access controls, streamline user experiences, and maintain operational continuity across our diverse IT landscape. The ideal candidate will have deep technical expertise in modern IAM principles, protocols and products along with strong management and communication skills. **Responsibilities:** + **Application Integration Leadership:** Lead the integration of various enterprise applications (SaaS, on-premise, custom-built) with our core IAM infrastructure, ensuring secure authentication, authorization, and user provisioning/de-provisioning. + **M&A Integration Strategy & Execution:** Lead the planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Solution Design & Implementation:** Design, implement, and maintain IAM solutions including Single Sign-On (SSO), Multi-Factor Authentication (MFA), Privileged Access Management (PAM), and Role-Based Access Control (RBAC) frameworks. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications:** + **Education:** Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent practical experience. + **Experience:** 5+ years of progressive experience as an IAM Engineer, designing and implementing enterprise scale solutions with significant experience in supporting M&A integration projects preferred. + **Technical Expertise:** + Proficiency in directory services (e.g., Active Directory, Azure AD, LDAP). + Extensive knowledge and experience with authentication standards and technologies such as SSO (SAML, OAuth, OpenID Connect), MFA, and privileged access management (PAM). + Hands-on experience with leading IAM platforms (e.g., Okta, Microsoft Azure AD, CyberArk, ForgeRock, Ping Identity, SailPoint). + Experience with scripting languages (e.g., PowerShell, Python) for automation and integration. + Strong understanding of security principles, risk management, and access control models (e.g., RBAC). + Understanding of DevOps practices. + Familiarity with Zero Trust architecture principles. + Familiarity with AI/ML concepts and their practical application in security and risk management, especially in IAM context. + **M&A Specific Skills:** Proven track record of managing complex integration projects, including assessing existing IAM capabilities, workflow, systems, and processes of acquired entities. Ability to navigate the complexities of integrating diverse identity infrastructures. + Strong communication and interpersonal skills to collaborate effectively with various teams and stakeholders. + Detail-oriented mindset to ensure precise access control configurations and compliance. + Excellent problem-solving and analytical abilities to troubleshoot access issues and design solutions for unique business requirements + Must be a self-starter who takes full ownership of projects from inception to completion , holding oneself accountable for the security and operation integrity of IAM platform. + Ability to manage multiple priorities and meet tight deadlines in a fast-paced M&A environment. + Adaptability to stay ahead of evolving IAM technologies and security threats. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

Ready to be pushed beyond what you think you're capable of? At Coinbase, our mission is to increase economic freedom in the world. It's a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform - and with it, the future global financial system. To achieve our mission, we're seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company's hardest problems. Our ******************************** is intense and isn't for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there's no better place to be. While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported. The Application Security organization at Coinbase is seeking to hire an experienced Offensive Security Engineer specializing in Web3 penetration testing and Web3 bug bounty program management and optimization. In this role, you will collaborate with the Bug Bounty Program Lead to drive Web3 bug bounty triage, validation, and strategic initiatives aimed at increasing program efficiency, maturity, and hacker engagement. You will work closely with whitehat hackers, security engineers, and cross-functional teams to enhance Coinbase's security posture through an effective bug bounty program. Additionally, you will perform penetration tests on Web3 technologies and applications, ensuring the security of Coinbase's blockchain-based products and services. *What you'll be doing (ie. job duties):* * Conduct security assessments of Web3 products and services, including smart contracts, DeFi protocols, and blockchain infrastructure. * Collaborate with partner teams to enhance detection and response capabilities for Web3 vulnerabilities. * Stay informed on emerging security trends, advisories, and academic research in the Web3 space. * Lead Web3 bug bounty triage and validation, ensuring timely and accurate assessments of reported vulnerabilities. * Develop and implement strategies to incentivize high-quality bug bounty submissions and engage with the hacker community. * Manage the Web3 bug bounty program, including scope updates, researcher communication, and payout disbursements. * Analyze bug bounty data to identify trends, common vulnerabilities, and areas for improvement. * Collaborate with engineering teams to prioritize and remediate vulnerabilities identified through the bug bounty program. * Mentor and train junior security engineers in Web3 bug bounty triage and analysis. * Provide on-call support for critical Web3 bug bounty-related incidents. * Document and report on Web3 bug bounty metrics and program effectiveness. *What we look for in you (ie. job requirements):* * Bachelor's or Master's degree in Computer Science, Cybersecurity, Software Engineering, or a related field. * 3+ years of experience in Web3 application security and penetration testing. * Proven track record of identifying critical vulnerabilities across the blockchain protocol stack, Web2, and Web3 components. * Extensive knowledge of the blockchain ecosystem, including L1/L2 networks, DeFi protocols, and staking mechanisms. * Deep understanding of Web2 security concepts and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25). * Strong analytical skills to identify trends and patterns in vulnerabilities. * Excellent communication skills for engaging with internal teams. * Passion for security and a drive to improve Web3 security posture. * Ability to work independently and take ownership of penetration testing initiatives. * Energy and self-drive for continuous learning in the rapidly evolving crypto space. * Excellence in clear, direct, and kind communication with technical and non-technical stakeholders. * Experience building relationships with product, engineering, and security teams. *Nice to haves:* * Participation in CTFs, bug bounty programs, or open-source security research. * Expertise in Application Security, Network Security, or Cloud Security. * Relevant security certifications (e.g., OSCP, GPEN). * Experience developing and implementing security tooling to support bug bounty triage and analysis. * Experience with bug bounty programs and platforms, including triage, validation, and researcher communication. * Strong analytical skills to identify trends and patterns in bug bounty submissions. * Excellent communication skills to effectively engage with bug bounty researchers. Position ID: P69494 \#LI-remote *Pay Transparency Notice:* Depending on your work location, the target annual salary for this position can range as detailed below. Full time offers from Coinbase also include bonus eligibility + equity eligibility**+ benefits (including medical, dental, vision and 401(k)). Pay Range: $152,405-$179,300 USD Please be advised that each candidate may submit a maximum of four applications within any 30-day period. We encourage you to carefully evaluate how your skills and interests align with Coinbase's roles before applying. Commitment to Equal Opportunity Coinbase is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the *********************************************** in certain locations, as required by law. Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations*********************************** *Global Data Privacy Notice for Job Candidates and Applicants* Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available ********************************************************** By submitting your application, you are agreeing to our use and processing of your data as required. *AI Disclosure* For select roles, Coinbase is piloting an AI tool based on machine learning technologies to conduct initial screening interviews to qualified applicants. The tool simulates realistic interview scenarios and engages in dynamic conversation. A human recruiter will review your interview responses, provided in the form of a voice recording and/or transcript, to assess them against the qualifications and characteristics outlined in the job description. For select roles, Coinbase is also piloting an AI interview intelligence platform to transcribe and summarize interview notes, allowing our interviewers to fully focus on you as the candidate. *The above pilots are for testing purposes and Coinbase will not use AI to make decisions impacting employment*. To request a reasonable accommodation due to disability, please contact accommodations[at]coinbase.com

BACKGROUND The National Biodefense Analysis and Countermeasures Center (NBACC) is a one-of-a-kind facility located on Fort Detrick in Frederick MD and is dedicated to defending the nation against biological threats. Its work supports DHS and National biodefense preparedness planning, response, emerging threat characterization and bioforensic analyses. It is the first national laboratory created by DHS in response to biodefense gaps identified following the Amerithrax attacks of 2001 and has been operated by the Battelle National Biodefense Institute (BNBI) since 2006. Since its inception, NBACC and its staff have filled critical shortfalls in our scientific knowledge of biological agents needed to protect the public and defend the Nation from biological threats, whether naturally occurring, accidental, or deliberate and provided federal law enforcement with scientific data to support the investigation and attribution of biocrimes and protection of the US bioeconomy. NBACC includes two centers: the National Bioforensic Analysis Center (NBFAC), which conducts the technical analyses in support of federal law enforcement investigations, and the National Biological Threat Characterization Center (NBTCC), which conducts experiments and studies to obtain data required for a better understanding of biological vulnerabilities and hazards. Together these centers offer a unique national resource for understanding the risks posed by biological agents and emerging technologies to inform biodefense policy and response planning and the operational capability to support the investigation, prosecution, and prevention of biocrimes and bioterrorism. PRIMARY FUNCTION The Information Systems Security Officer, Classified (ISSO, Classified) advises the Network Security Manager (NSM), IT Manager, and System Owner on NBACC Information Systems security matters for the systems assigned. This individual must ensure that NBACC IT Systems are compliant with DHS information security policies, regulations and requirements and must complete and maintain assigned system Authorization and Accreditation (A&A) requirements. The ISSO, Classified, serves as the primary point of contact for all security matters related to the assigned systems and supports the NSM to ensure implementation of an Information Security Program is maintained throughout NBACC. MINIMUM REQUIRED QUALIFICATIONS Bachelor's Degree (or equivalent), preferably in Cybersecurity and/or Computer and Information Systems related studies and a minimum of 4 years of related experience. Certified Information Systems Security Professional (CISSP) preferred, although other security certifications will be considered. Federal cybersecurity policy and compliance experience are required. Experience working in a secure environment is desired. Strong understanding and working knowledge of information security principles and risk assessment/risk management techniques. Experience with security technologies including vulnerability scanning, firewalls & log analysis, host-based detection tools, Security Event and Incident Management (SEIM), antivirus, network packet analyzers, malware analysis, and forensics tools. Ability to interpret, analyze, and report significant event findings and anomalies in accordance with computer network directives. Experience managing COMSEC is highly desired. Skills and experience to support laboratory activities and work in accordance with NBACC's management system (e.g., ISO). Must be a citizen of the United States, able to obtain and maintain an interim secret clearance leading to a top-secret suitability for DHS. SCI clearance required. Participation in the Immunization Program, Medical Surveillance Program and/or enrollment in the Personnel Reliability (PRP) is required. May be required to participate in NBACC's alternative work and/or on-call schedule, dependent upon business needs. PRIMARY RESPONSIBILITIES Serves as the principal point of contact for all IT security aspects pertaining to the classified IT systems for which the ISSO is responsible. Familiarity with 4300C policies. Works closely with the Component ISSM and DHS CISO staff, as appropriate, to interpret and apply IT security policies and procedures. Ensures that the NSM and the IT Manager are kept informed of all pertinent matters involving security or non-compliance of IT systems. Works with other ISSOs and the NSM as needed, to maintain, enhance and optimize the technologies that are currently deployed within the organization. Works with system owners to document system vulnerabilities and weaknesses in Plans of Action and Milestones (POA&Ms) and to initiate corrective actions. Employs automated tools approved by the DHS CISO, such as Nessus, CSAM, SwimLane, Crowdstrike. Ensures that all NBACC personnel receive computer security awareness training as part of the onboarding process and ensures that all security measures are in place with NBACC personnel offboarding. In addition, ensures that all security procedures are in place and performed in the case of terminated employee specifically to prevent unauthorized access. Responsible for performing vulnerability scanning and analysis, eliminating false-positives, and providing administrators with relevant reports to assist in mitigating or removing actual threats. Performs monitoring and data correlation to events of interest using multiple tools such as system event logs, IPS/IDS logs, network traffic, anti-virus console and client end-point software. Maintains all documentation and security artifacts detailing the information systems purpose, implemented controls, inventory of hardware, firmware, and software, configurations and other security relevant details. Develops and maintains the system security plan for every IT system assigned. Evaluates proposed modifications to assigned NBACC classified information systems, ensures modifications meet regulatory compliance and provides input on the impact of system changes to security to the NSM. Assists in the development of system modifications and system change proposals and ensures that security procedures are in place and performed to prevent unauthorized access. Performs tuning for security monitoring products and customizes tools to automate security processes and event correlation, as needed. Audits and evaluates back-up and disaster recovery plans to identify weaknesses. Researches the latest information technology security trends to increase the organization's situational awareness and stay up to date on the latest methods attackers are using to infiltrate computer systems. Recommends tools and implementation of security controls based on directives, vulnerability matrix, and threat advisories. Provides summary reports of events and activities and delivers metric reports as needed. Must be a team player, communicate clearly, be open to hearing ideas and suggestions from others, diffuse situations, and exercise empathy and patience with colleagues. Must have the ability to multi-task, maintain composure under pressure, and utilize effective time management skills to prioritize tasks. Must be a self-starter driven by an eagerness to succeed, maintain flexibility, adapt to change in a productive and positive manner, learn new concepts, and utilize critical thinking to resolve complex problems. Maintains appropriate records. Performs other duties as assigned/authorized.

Members Achieve More isn't just a tagline for us, it's part of everything we do! We're looking for passionate individuals to join our team to help us maintain that focus every day. Want to work somewhere that's remained strong for 90 years, that encourages you to learn, grow, and pursue your dreams? If yes, then read on... The Information Security Operations Engineer III focuses on preventing Technology- based crime, hacking, intentional or inadvertent modification, disclosure, or destruction to an organization's information systems and Information Technology (IT) assets and intellectual property. The Engineer hunts for threats within our ecosystem, focusing on exposure and eradication by leveraging data analysis techniques, human intuition, expert security knowledge, and proactive monitoring. The individual is responsible for ensuring the enterprise is configured in accordance with industry best practice from organizations such as NIST, SANS, OWASP, and CIS. The incumbent supports multiple security-related platforms and technologies, interfacing with others within the IT organization and other internal business units and external customers/partners. Resources to do the job require the ability to display an in-depth understanding of new trends and technologies related to IT security and compliance and contribute to the company IT security strategy and roadmap. The position reports to the Information Security Operations Manager and works closely with other areas within the Information Technology Service (ITS) organization. Schedule: Monday - Friday 8:00am - 4:00pm or 9:00am - 5:00pm In this position, you will Security Monitoring and Incident Response: Monitor security alerts and logs from various sources (e.g., SIEM systems, IDS/IPS, firewalls). Investigate and respond to security incidents, including performing root cause analysis and remediation. Participate in the incident response process, including documentation and communication. Vulnerability Management: Conduct regular vulnerability assessments and scans to identify potential security weaknesses. Work with IT teams to prioritize and remediate vulnerabilities. Endpoint and Network Security: Implement and manage endpoint protection solutions (e.g., antivirus, anti-malware). Ensure network security through the configuration and management of firewalls, VPNs, and intrusion detection/prevention systems. Security Tools and Technologies: Maintain and optimize security tools and technologies (e.g., SIEM, DLP, encryption tools). Assist in the evaluation and deployment of new security technologies. Threat Intelligence and Research: Stay updated on the latest security threats and vulnerabilities through threat intelligence feeds and research. Apply threat intelligence to enhance security monitoring and defenses. Collaboration and Communication: Collaborate with IT and other departments to ensure integrated security across systems and networks. Communicate effectively with stakeholders regarding security issues and initiatives. Other duties as assigned. Qualifications: Bachelors: Business Administration/Management, Bachelors: Computer and Information Science, Bachelors: Computer Engineering (Required), Bachelors: Management Information Systems, Bachelors (Required) Any equivalent combination of experience and education. | Required Experience working with SIEM systems, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), file integrity monitoring (FIM), DLP, and other network and system monitoring tools. | Required Professional security certifications such as CISSP, CEH, Security+, CISA, CCSP, CHFI, or CCNA highly recommended. | Not Required Working knowledge/experience with network systems, security principles, applications, and risk and compliance initiatives such as Gramm-Leach Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), and the General Data Protection Regulation (GDPR) | RequiredCCNA - Cisco Systems, CCSP - ISC2, CEH - EC-Council, Certified Information Systems Security Professional (CISSP) - ISC2, CHFI - EC-Council, CISA - ISACA, Security+ - CompTIA

Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future. Position Overview The Mid Information System Security Officer (ISSO) (IAM 2) will support the Defense Security Cooperation Agency (DSCA) Cybersecurity (CYBR) team by providing expertise in Risk Management Framework (RMF) activities, security control assessments, controls validation, and continuous monitoring. The role involves ensuring compliance with RMF, IT, and Federal Information System Controls Audit Manual (FISCAM) guidelines, and supporting the cybersecurity responsibilities detailed in the DSCA CYBR Service Catalog. Work Location: Hybrid (Strongly preferred to live near Washington, DC / Mechanicsburg, PA is also an option) 3 days a week Remote, 2 days a week in Office. Clearance: Active Secret Clearance Job Responsibilities and/or Success Factors * Produce all required DOD compliance documentation for RMF, Audit Response and Remediation, Cyber Task Orders, Required Scorecards, Privacy documentation, and other compliance requirements as detailed in the DSCA CYBR Service Catalog. * Draft and coordinate cybersecurity-related documentation to meet required standards, controls, and metrics. * Support all steps of the RMF process (Steps 0-6) required to gain and maintain DOD Information Network (DODIN) and agency commercial network authority to operate. * Assist in categorization, control selection, implementation, and tailoring support, as well as support of assessments from the ISSO role. * Prepare and validate controls in eMASS packages for assessment and review. * Ensure that control requirements are well-defined and that necessary documentation and evidence are gathered for validation and assessment. * Work in the DOD GRC tool Enterprise Mission Assurance Support Service (eMASS) to support control validation. * Conduct continuous monitoring of information systems to detect vulnerabilities, threats, and security incidents. * Utilize security tools and technologies to perform regular scans, assessments, and analysis of system vulnerabilities. * Maintain and update continuous monitoring processes and procedures to ensure they are effective and aligned with organizational requirements. * Assist in the configuration and maintenance of security tools and technologies provided by the CSSP. * Assist in the detection, analysis, and response to cybersecurity incidents. * Participate in incident response activities, including triage, containment, eradication, and recovery. * Document and report on incident response activities, providing detailed analysis and recommendations for improvement. * Provide support to the Watch Officer in monitoring and managing cybersecurity events and incidents. * Maintain situational awareness of the organization's security posture and emerging threats. * Assist with the performance of daily and ad hoc/on-demand vulnerability scans, monthly audit scans, and monthly discovery scans. * Provide weekly vulnerability compliance reporting to ISSMs. * Review and adjust assets, subnets, credentials, and policies to properly manage C5ISR provided Assured Compliance Assessment Solution (ACAS) solutions. * Track and ensure configuration compliance of Enterprise Security Services (ESS) Suite with RMF, ATO, and Inspection requirements. * Assist with the maintenance of completed security waiver forms in coordination with EADSD and ISSM (PMO). * Work with TSD to implement effective scanning, COAMS System Registration, and Continuous Monitoring Scoring (CMRS) Tagging. * Maintain and update Ports, Protocols, and Services Management (PPSM) records, including emergency and exception requests. * Support the maintenance and accuracy of DoD Allow List entries. * Maintain accurate and up-to-date documentation of all RMF, IT, and FISCAM controls validation activities. * Prepare and submit regular reports on the status of security controls, RMF activities, and DevSecOps pipeline security. * Provide detailed documentation and evidence to support security assessments and audits. * Support the maintenance and configuration needed to maintain accurate ingestion of logs from all assets. * Provide summaries of events/incidents, including time of event/incident, anomalous activity identified, asset names and IPs, affected users, and POC for outreach/additional actions. * Complete Cybersecurity Incident Reporting Forms and assist with the detection and analysis of cybersecurity events and incidents. * Support accurate IR POC list, accurate hardware/software and IP inventory, and accurate summary of event/incident. * Document efforts involved in mitigating cybersecurity-related events/incidents that occur within the enterprise. * Support the generation of performance monitoring reports to monitor asset availability. * Support the generation of system health and security posture reports for system owners and ISSMs. * Support accurate hardware and software inventory, accurate ingestion of logs from all assets, and accurate system performance and security posture baselines. * Conduct specified areas of focus/detail for trend analysis. * Support migration information provided by affected system ISSM and report vulnerabilities to appropriate system ISSMs/POCs. * Assist with the reporting to outside agencies, including JFHQ, battle stations, external leadership, and other DOD Agencies. * Support the correlated agency-level POA&Ms with the coordination of POA&Ms from DSCA to outside entities. * Help complete the Cybersecurity Incident Reporting Form, including additional inputs such as personnel logs, system logs, event logs, and accurate software and hardware inventory list. Education and Minimum Qualifications * Must be a US Citizen * Active Secret Clearance * Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field is required OR additional four (4) years of experience * Strong understanding of Risk Management Framework (RMF) processes and security control assessments, including experience with categorization, control selection, implementation, and assessment. * Minimum of two (2) years of relevant experience in cybersecurity, information assurance, or a related field. * Experience in IT controls validation and familiarity with Federal Information System Controls Audit Manual (FISCAM) guidelines. * Experience in incident response, continuous monitoring, and vulnerability management. * Proficiency in using security assessment tools and platforms such as eMASS (Enterprise Mission Assurance Support Service). * Familiarity with continuous monitoring processes and tools. * Experience with incident response processes and tools. * Knowledge of cybersecurity frameworks and standards, such as NIST, ISO 27001, and CIS Controls. Desired Qualifications: * Certifications such as CSSP, CISM, CISA, CAP, Security+, or equivalent is highly desirable. * Experience with OKTA * Experience as an ISSO or otherwise prior experience with IT Risk Management Framework Support. AAP Statement We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.

We are looking for a hands on WorkDay developer. This person will fully understand how the HCM modules work and will be able to customize workflows and finetune the system. They will be highly focused on Performance Management and Performance Metrics within workday. Job Description: Experience with industry standard Red Team testing tools (Cobalt Strike, Mythic C2, Rubeus, Bloodhound, Covenant, etc.); or the ability to demonstrate equivalent knowledge Expert understanding of how an Advanced Persistent Threat could compromise a financial institution without using phishing Expert understanding of Red Team concepts, tools, and automation strategies Expert understanding of MITRE ATT&CK framework tactics, techniques, and procedures Expert understanding of measuring and rating vulnerabilities based on principal characteristics of a vulnerability Expert understanding of Windows and Linux system hardening concepts and techniques Expert understanding of modifying payloads to bypass detections like EDR Expert understanding of how to compromise a company without using phishing Strong understanding with at least one scripting language (Python, Ruby, PowerShell, Bash, etc.) Experience with at least one cloud environment (AWS, GCP, Azure) Experience attacking cloud, on-prem and/or hybrid environments from initial access all the way through actions on objective Previous experience of Red Team project delivery to include creation and execution of statement of work, risk mitigation strategies, and working with stakeholders to remediate findings Experience of using multi operating system command and control tools Experience developing custom attack tradecraft or modifying existing tools Experience using automated configuration management such as Chef Experience discovering and exploiting vulnerabilities in AI systems Experience of conducting Offensive Security and/or Red Team exercises against mac OS, iOS, or ChromeOS Recognized industry certifications such as, but not limited to, GPEN, GXPN, GREM, eCPTX, eCPPT, OSCP, OSWE, CISSP, CPSA, CRT, etc Knowledgeable in Industry Security standards (i.e.: TIBER-EU, CBEST, NIST Cyber Security Framework, ISO27002, etc.) Knowledgeable in Agile project management Responsibilities : This role will be responsible for participating in the execution of Red Team cyber exercises of internal and internet facing information systems and infrastructure to identify misconfigurations and cyber security vulnerabilities that could be exploited by a threat actor to gain unauthorized access to computer systems and data In addition, the role will require participation in Purple Team exercises to help the Blue Team improve their detection capabilities This is a perfect opportunity for the right person to become a key part of a team of highly skilled cybersecurity professionals who execute a pivotal role in protecting and defending national critical infrastructure Lead red team exercises against a hybrid environment using threat intelligence and the MITRE ATT&CK Framework Participate in purple team exercises that are intelligence driven to test cyber detections Build and maintain Red and Purple team infrastructure, automating functions where possible Continually research new offensive security tactics, techniques, and procedures and communicate knowledge of the same to other team members Conduct ad-hoc offensive security testing using industry standard tools and/or internally developed tools Lead report creation activities including compromise narratives and detailed technical findings with appropriate risk severity ratings, tactical and strategic recommendations to reduce risk levels, peer review of team's deliverables Assist cyber defense teams during incident investigations providing subject matter expertise on attacker tradecraft and mindset Interface with other information security departments, as well as other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation Active contributor to Red and Purple Team activities for internal presentations and conferences Regards, All done! Your application has been successfully submitted! Other jobs

The Information Security Engineer focuses on a specific category of security (Network, Server, Identity and Access, Endpoint, Application) and serves as the subject matter expert in that category. They are responsible for performing the threat modeling, control analysis, control design and roadmap for that category. They lead security projects, designs solutions, consult with other IT teams to provide secure designs, create best-practices and guidelines, manage themselves and teams to their roadmaps, etc. MUST HAVE: • 5+ years of IT experience implementing enterprise-wide application solutions • Extensive experience with the McAfee security suite (specifically): o ePolicy Orchestrator (ePO) o Virus Scan Enterprise (VSE) o Host Intrusion Prevention (HIPS) o Data Loss Prevention (DLP) o Full Disk Encryption (EEPC, FDE, MDE, etc.) o Virus Scan for Virtual Environments (MOVE) o Rogue Sensor Detection (RSD) • Demonstrated experience with at least one programming/scripting language (Python, Ruby, Perl, Powershell, etc.) • Demonstrated experience with securing all aspects of an enterprise • Demonstrated experience in understanding networking technologies and protocols • Demonstrated systems administration experience with Windows and UNIX-based operating systems • Must have technology passion and staying current with emerging security trends • Excellent verbal & written communication and presentation skills. Must be able to communicate effectively to executive and developer levels. • Thorough understanding of business concepts, SDLC, security issues, software market and networking standards • Experience with new technology evaluations, software package selection and buy vs. build analysis • Strong ability to influence others outside of their direct area of control and seen as a team player • Experience managing multiple projects with diverse requirements and competing priorities • Project management and business analysis skills • Must be willing to occasionally travel globally and alter daily work schedule to meet with global community • Strong English oral/written communication, presentation, and organizational skills Additional Information All your information will be kept confidential according to EEO guidelines

Trustmark's mission is to improve wellbeing - for everyone. It is a mission grounded in a belief in equality and born from our caring culture. It is a culture we can only realize by building trust. Trust established by ensuring associates feel respected, valued and heard. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture of diversity and inclusion where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. At Trustmark, we have a commitment to welcoming people, no matter their background, identity or experience, to a workplace where they feel safe being their whole, authentic selves. A workplace made up of diverse, empowered individuals that allows ideas to thrive and enables us to bring the best to our colleagues, clients and communities. We are seeking a highly skilled Cyber Security Engineer to join our team and play a pivotal role in safeguarding our organization's digital assets. The ideal candidate will possess a deep understanding of cybersecurity principles, a strong technical background, and a passion for protecting sensitive information. You will be responsible for engineering, implementing and monitoring security measures for the protection of Trustmark's computer systems, networks and information. The role helps identify and define system security requirements as well as develop detailed cyber security designs. **Responsibilities:** + Design, implement, and maintain security architectures, systems, and solutions to protect critical infrastructure and data. + Conduct vulnerability assessments and penetration testing to identify and mitigate risks. + Develop and implement security policies, standards, and procedures. + Monitor security systems and respond to incidents promptly and effectively. + Stay up-to-date with the latest cybersecurity threats and trends. + Collaborate with cross-functional teams to ensure security is integrated into all aspects of the business. + Provide technical guidance and support to internal stakeholders. **Qualifications:** + Bachelor's degree in Computer Science, Information Technology, or a related field or + 3-5 Years of network engineering or cyber engineering experience + Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001). + Proficiency in network security, systems security, application security, and data security. + Hands-on experience with security tools and technologies (e.g., firewalls, intrusion detection systems, encryption, SIEM). + Excellent problem-solving and analytical skills. + Strong communication and interpersonal skills. + Ability to work independently and as part of a team. **Preferred Qualifications:** + Certifications such as CISSP, CISA, or CEH. + Experience with cloud security (e.g., AWS, Azure, GCP). + Knowledge of scripting and programming languages (e.g., Python, PowerShell). Brand: Trustmark Come join a team at Trustmark that will not only utilize your current skills but will enhance them as well. Trustmark benefits include health/dental/vision, life insurance, FSA and HSA, 401(k) plan, Employee Assistant Program, Back-up Care for Children, Adults and Elders and many health and wellness initiatives. We also offer a Wellness program that enables employees to participate in health initiatives to reduce their insurance premiums. **For the fourth consecutive year we were selected as a Top Workplace by the Chicago Tribune.** The award is based exclusively on Trustmark associate responses to an anonymous survey. The survey measured 15 key drivers of engaged cultures that are critical to the success of an organization. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, sexual identity, age, veteran or disability. Join a passionate and purpose-driven team of colleagues who contribute to Trustmark's mission of helping people increase wellbeing through better health and greater financial security. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. Introduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match. When you join Trustmark, you become part of an organization that makes a positive difference in people's lives. You will play a vital role in delivering on our mission of helping people increase wellbeing through better health and greater financial security. Our customers tell us they simply appreciate the personal attention and knowledgeable service. Others tell us we've changed their lives. At Trustmark, you'll be part of a close-knit team. You'll enjoy abundant opportunities to grow your career. That's why so many of our associates stay at Trustmark and thrive. Trustmark benefits from more than 100 years of experience but pairs that rich history with a palpable sense of optimism, growth and excitement for what's ahead - and beyond. This is a place where associates bring their whole selves to work each day. A place where you can be yourself. Whatever your beyond is, you can achieve it at Trustmark.

Posting Number Stu379P Working Title Security/Ticket Enforcement/Special Events Personnel FLSA Student Pay Level A Advertised Pay Rate 10.00/hr Position Status FWS/REG Department Student Emp Public Safety Job Summary/Basic Function This position is open for students to work any day from Sun-Saturday, not to exceed 25 hours per week. Position will include a variety of assignments including locking buildings, parking ticket enforcement, performing set-up for special events, traffic control and security at athletic events. Securing and monitoring buildings Writing parking tickets Blocking off spaces with saw horses for speical events Helping officers with traffic control Performing security at athletic events Other duties that may be assigned within this position Minimum Qualifications Knowledge of the campus along with the parking rules and regulations established by the Shepherd University Police Department. Ability to be customer service friendly. Independently resolve problems that arise. Be accountable and timely with duties. Preferred Qualifications Posting Date 07/08/2025 Close Date Special Instructions Summary

SNC's Military Fellowship Program partners with programs such as SkillBridge and Hiring Our Heroes to provide fellowship opportunities to service members transitioning to the civilian workforce. These fellowships include up to six months of on-the-job industry training for eligible service members. During this time, participants gain valuable work experience in the civilian sector and build professional networks as they prepare for their transition to full-time civilian work. NOTE: You must be currently serving on active duty to be eligible for this fellowship program. This program is not for veterans who have already separated from the military. As a Systems Security Engineer, you will be using your skills and expertise to design, test, and implement our secure operating systems, networks, security monitoring, and tuning. You'll be responsible for the management of our IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions, conducting risk and vulnerability assessments, and developing and implementing security controls. You'll research, evaluate, and recommend new security tools, techniques, and technologies in alignment with our IT security strategy and introduce them to the enterprise. The ISR (Intelligence, Surveillance & Reconnaissance), Aviation, and Security (IAS) business area is a leader in ISR and aviation, it is a leading prime manned and unmanned aircraft systems integrator for innovative, high-performance ISR and aviation systems. Its end-to-end Command, Control, Computers, Communications and Intelligence, Surveillance & Reconnaissance (C4ISR) capabilities encompass design, integration, test, certification, ground/flight training and complete logistics support. IAS tailors solutions to customer cost, performance, and schedule requirements and designs to consistently exceed expectations - with an unrivaled record of on time and on (or under) budget deliveries. **Qualifications You Must Have:** + Currently serving as active duty military and be eligible to participate in the DoD SkillBridge program + Bachelor's degree in Systems Security, Network Engineering, Information Technology, or related Engineering discipline and typically 2+ years of relevant experience + Relevant experience may be considered in lieu of required education **Qualifications We Prefer:** + ISSM CAP, CISSP, or CISM Certification + ISSE CAP, CISSP-ISSEP Certification + ISSO Security+, CISA, or CASP+ Certification + MCSE, Linux, and/or CCNP Security Certification At Sierra Nevada Company, LLC (SNC) we deliver customer-focused technology and best-of-breed integrations in the aerospace and defense sectors. SNC has been honored as one of the most innovative U.S. companies in space, a Tier One Superior Supplier for the U.S. Air Force, and as one of America's fastest-growing companies. Learn more about SNC (********************************************* This posting will be open for application for a minimum of 5 days and may be extended based on business needs. Estimated Starting Salary Range: $85,768.30 - $117,931.40. Compensation varies depending on a wide array of factors, such as candidates' key skills, relevant work experience, and education/training/certifications. The disclosed range estimate may be adjusted for any applicable geographic differential associated with the location at which the position may be filled. SNC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with 150% match up to 6%, life insurance, 3 weeks paid time off, tuition reimbursement, and more (********************************************** . **IMPORTANT NOTICE:** To conform to U.S. Government international trade regulations, applicant must be a U.S. Citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State or U.S. Department of Commerce. Learn more about the background check process for Security Clearances. (**************************** SNC is a global leader in aerospace and national security committed to moving the American Dream forward. We're known and respected for our mission and execution focus, agility, and disruptive and rapid innovation. We provide leading edge technologies and transformative solutions that support our nation's most critical security needs. If you are mission-focused, thrive in collaborative environments, and want to make our country stronger with state-of-the-art technologies that safeguard freedom, join our team! SNC is an Equal Opportunity Employer committed to an environment free of discrimination. Employment decisions are made based on merit without regard to race, color, age, religion, sex, national origin, disability, status as a protected veteran or other characteristics protected by law.

Meta Security is looking for a threat intelligence investigator with extensive experience in investigating cyber threats with an intelligence-driven approach. You will be proactively responding to a broad set of security threats, as well as tracking actor groups with an interest or capability to target Meta and its employees. You will also be identifying the gaps in current detections and preventions by long-term intelligence tracking and research, and working with cross-functional stakeholders to improve Meta's security posture. You will help the team establish, lead and execute multi-year roadmaps that improve research efficiency and quality across the team, and drive improvements to stakeholder management across a broad range of intelligence requirements. **Required Skills:** Detection & Response Security Engineer, Threat Intelligence Responsibilities: 1. Influence and align the team's vision and strategy. Collaboratively prioritize and deliver specific multi-year roadmaps and projects 2. Build, cultivate, and maintain impactful relationships with intelligence stakeholders to identify and facilitate solutions to increase the impact of the team's work 3. Refine operational metrics, key performance indicators, and service level objectives to measure Intelligence research and services 4. Lead cross-functional projects to improve the security posture of Meta's infrastructure, such as red team operations, surface detection coverage expansion and vulnerability management discussions 5. Track threat clusters posing threats to Meta's infrastructure and employees, and identify, develop and implement countermeasures on our corporate network 6. Investigate, mitigate, and forecast emerging technical trends and communicate effectively with actionable suggestions to different types of audiences 7. Work closely with incident responders to provide useful and timely intelligence to enrich ongoing investigations 8. Improve the tooling of threat cluster tracking and intelligence data integration to existing systems **Minimum Qualifications:** Minimum Qualifications: 9. 8+ years threat intelligence experience 10. B.S. or M.S. in Computer Science or related field, or equivalent experience 11. Be a technical and process subject matter expert regarding Security Operations and Threat Intelligence services 12. Experience developing and delivering information on threats, incidents and program status for leadership 13. Expertise with campaign tracking techniques and converting tracking results to long term countermeasures 14. Expertise with threat modeling frameworks, such as Diamond Model or/and MITRE ATT&CK framework 15. Experience intelligence-driven hunting to spot suspicious activities in the network and identify potential risks 16. Proven track record of managing and executing on short term and long term projects 17. Ability to work with a team spanning multiple locations/time zones 18. Ability to prioritize and execute tasks with minimal direction or oversight 19. Ability to think critically and qualify assessments with solid communications skills 20. Coding or scripting experience in one or more scripting languages such as Python or PHP **Preferred Qualifications:** Preferred Qualifications: 21. Experience recruiting, building, and leading technical teams, including performance management 22. Experience close collaborating with incident responders on incident investigations 23. Experience in threat hunting including leveraging intelligence data to proactively identify and iteratively investigates suspicious behavior across networks and systems 24. Familiarity with malware analysis or network traffic analysis 25. Familiarity with nation-state, sophisticated criminal, or supply chain threats 26. Familiarity with file-based or network-based rules and signatures for detection and tracking of complex threats, such as YARA or Snort 27. Experience in one or more query languages such as SQL 28. Experience authoring production code for threat intelligence tooling 29. Experience conducting large scale data analysis 30. Experience working across the broader security community **Public Compensation:** $184,000/year to $257,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Job Category: Information Technology Time Type: Full time Minimum Clearance Required to Start: TS/SCI with Polygraph Employee Type: Regular Percentage of Travel Required: Up to 10% Type of Travel: Local * * * The Opportunity: We are seeking a skilled Security Engineer (RMF) to support the Defense Intelligence Agency (DIA) at the National Center for Medical Intelligence (NCMI) in Ft. Detrick, Maryland. This role focuses on implementing and managing cybersecurity for IT systems using the Risk Management Framework (RMF), ensuring systems meet federal and DoD security standards to achieve and maintain Authority to Operate (ATO). The Security Engineer will work closely with System Owners, Information System Security Officers (ISSOs), and Enterprise ISSMs to develop security documentation, apply compliance controls, and support the full system lifecycle from design through authorization. Responsibilities: * Documentation - Develop and maintain RMF artifacts including System Security Plans (SSP), Security Assessment Reports (SAR), Security Assessment Plans (SAP), and Plans of Action and Milestones (POA&M). * Compliance & Hardening - Apply DISA STIGs/SRGs, implement NIST 800-53 controls, and perform system hardening across Windows/Linux environments. * Assessment & Remediation - Conduct vulnerability scans using tools like Nessus, ACAS, and SCAP. Analyze scan results and manage remediation efforts to reduce risk. * Authorization Support - Support the Assessment & Authorization (A&A) process to obtain and sustain ATOs. Manage XACTA data requirements and ensure alignment with DIA RMF processes. * Continuous Monitoring - Perform ongoing security monitoring and reporting to maintain system compliance and health. Review logs and alerts using tools such as Splunk and SolarWinds. * Coordination & Collaboration - Work closely with System Owners, ISSOs, Enterprise ISSMs, and other engineering teams to develop security plans, respond to incidents, and ensure consistent implementation of cybersecurity policies. * DevOps & System Support - Maintain DevOps pipelines, manage deployments, and support integration and production environments. Handle outages, account management, and security updates. Qualifications: Required: * TS/SCI with the ability to successfully pass a Polygraph exam. * DoD 8570 IAT Level II or higher (e.g., Security+, GSEC) certification. * Experience with Cybersecurity, system engineering, or related field. * Proven experience executing RMF and supporting ATOs in DoD or intelligence environments. * Technical Expertise with TCP/IP, Windows/Linux security, Solarwinds, Splunk, STIG Viewer, ACAS, Nessus and eMASS. * Experience with NIST RMF, DoD Instructions (DoDI 8510.01, 8500.01, 8500.02), ICD 503. * Familiarity with USG C2S cloud environments. * BS degree in Computer Science, Data Science, Math, or a Medical field with 8 years of experience. Desired: * Experience in medical or intelligence organizations. * Experience integrating COTS into GOTS applications. * Familiarity with NIST SP 800-144, 800-145, and other relevant cybersecurity publications. * ________________________________________________________________________________________ What You Can Expect: A culture of integrity. At CACI, we place character and innovation at the center of everything we do. As a valued team member, you'll be part of a high-performing group dedicated to our customer's missions and driven by a higher purpose - to ensure the safety of our nation. An environment of trust. CACI values the unique contributions that every employee brings to our company and our customers - every day. You'll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality. A focus on continuous growth. Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground - in your career and in our legacy. Your potential is limitless. So is ours. Learn more about CACI here. ________________________________________________________________________________________ Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here. The proposed salary range for this position is: $86,600 - $181,800 CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. **Responsibilities:** + **M&A Integration Execution:** Collaborate and engage with IAM Lead and other business partners on planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Design and Implement Sailpoint IIQ Solutions:** Configure and customize Sailpoint IIQ components (Lifecycel Manager, Compliance Manager etc). Also develop workflows, rules, and connectors for identity governance. + **Application integration with Sailpoint IIQ:** Integrate Sailpoint IIQ with enterprise applications, directories and cloud platforms in addition to developing and maintaining connectros for provisioning and de-provisioning. + **Sailpoint IIQ Development and Scripting:** Write and maintain BeanShell scripts, Java code and XML configurations, develop customer Sailpoint tasks and workflows. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications** + Experience with SailPoint IdentityIQ (IIQ) is a must + Experience with SailPoint IIQ Integrations (Workday, Active Directory/LDAP, Webservices, SCIM, JDBC, SAP) + Experience implementing Life Cycle Manager (LCM) Configuration workflow tasks that model business functions, including Lifecycle Requests (Role or Entitlement), Lifecycle Events (Joiner, Mover, or Leaver), and LCM Workflow Details (Workflows and Subprocesses) + Solid understanding of the SailPoint object model, rules, and policies + Experience with both lifecycle manager (LCM) and compliance manager (CM) modules + Knowledge of Active Directory, LDAP, Workday, and cloud platforms (GCP, MS Entra ID) is required + Proven track record of successful IAM implementations including large scale enterprise deployments. + Experience working within regulatory standards and requirements such as, SOX, HIPAA, GDPR etc. is desired. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

Job Description BACKGROUND The National Biodefense Analysis and Countermeasures Center (NBACC) is a one-of-a-kind facility located on Fort Detrick in Frederick MD and is dedicated to defending the nation against biological threats. Its work supports DHS and National biodefense preparedness planning, response, emerging threat characterization and bioforensic analyses. It is the first national laboratory created by DHS in response to biodefense gaps identified following the Amerithrax attacks of 2001 and has been operated by the Battelle National Biodefense Institute (BNBI) since 2006. Since its inception, NBACC and its staff have filled critical shortfalls in our scientific knowledge of biological agents needed to protect the public and defend the Nation from biological threats, whether naturally occurring, accidental, or deliberate and provided federal law enforcement with scientific data to support the investigation and attribution of biocrimes and protection of the US bioeconomy. NBACC includes two centers: the National Bioforensic Analysis Center (NBFAC), which conducts the technical analyses in support of federal law enforcement investigations, and the National Biological Threat Characterization Center (NBTCC), which conducts experiments and studies to obtain data required for a better understanding of biological vulnerabilities and hazards. Together these centers offer a unique national resource for understanding the risks posed by biological agents and emerging technologies to inform biodefense policy and response planning and the operational capability to support the investigation, prosecution, and prevention of biocrimes and bioterrorism. PRIMARY FUNCTION The Information Systems Security Officer, Classified (ISSO, Classified) advises the Network Security Manager (NSM), IT Manager, and System Owner on NBACC Information Systems security matters for the systems assigned. This individual must ensure that NBACC IT Systems are compliant with DHS information security policies, regulations and requirements and must complete and maintain assigned system Authorization and Accreditation (A&A) requirements. The ISSO, Classified, serves as the primary point of contact for all security matters related to the assigned systems and supports the NSM to ensure implementation of an Information Security Program is maintained throughout NBACC. MINIMUM REQUIRED QUALIFICATIONS Bachelor's Degree (or equivalent), preferably in Cybersecurity and/or Computer and Information Systems related studies and a minimum of 4 years of related experience. Certified Information Systems Security Professional (CISSP) preferred, although other security certifications will be considered. Federal cybersecurity policy and compliance experience are required. Experience working in a secure environment is desired. Strong understanding and working knowledge of information security principles and risk assessment/risk management techniques. Experience with security technologies including vulnerability scanning, firewalls & log analysis, host-based detection tools, Security Event and Incident Management (SEIM), antivirus, network packet analyzers, malware analysis, and forensics tools. Ability to interpret, analyze, and report significant event findings and anomalies in accordance with computer network directives. Experience managing COMSEC is highly desired. Skills and experience to support laboratory activities and work in accordance with NBACC's management system (e.g., ISO). Must be a citizen of the United States, able to obtain and maintain an interim secret clearance leading to a top-secret suitability for DHS. SCI clearance required. Participation in the Immunization Program, Medical Surveillance Program and/or enrollment in the Personnel Reliability (PRP) is required. May be required to participate in NBACC's alternative work and/or on-call schedule, dependent upon business needs. PRIMARY RESPONSIBILITIES Serves as the principal point of contact for all IT security aspects pertaining to the classified IT systems for which the ISSO is responsible. Familiarity with 4300C policies. Works closely with the Component ISSM and DHS CISO staff, as appropriate, to interpret and apply IT security policies and procedures. Ensures that the NSM and the IT Manager are kept informed of all pertinent matters involving security or non-compliance of IT systems. Works with other ISSOs and the NSM as needed, to maintain, enhance and optimize the technologies that are currently deployed within the organization. Works with system owners to document system vulnerabilities and weaknesses in Plans of Action and Milestones (POA&Ms) and to initiate corrective actions. Employs automated tools approved by the DHS CISO, such as Nessus, CSAM, SwimLane, Crowdstrike. Ensures that all NBACC personnel receive computer security awareness training as part of the onboarding process and ensures that all security measures are in place with NBACC personnel offboarding. In addition, ensures that all security procedures are in place and performed in the case of terminated employee specifically to prevent unauthorized access. Responsible for performing vulnerability scanning and analysis, eliminating false-positives, and providing administrators with relevant reports to assist in mitigating or removing actual threats. Performs monitoring and data correlation to events of interest using multiple tools such as system event logs, IPS/IDS logs, network traffic, anti-virus console and client end-point software. Maintains all documentation and security artifacts detailing the information systems purpose, implemented controls, inventory of hardware, firmware, and software, configurations and other security relevant details. Develops and maintains the system security plan for every IT system assigned. Evaluates proposed modifications to assigned NBACC classified information systems, ensures modifications meet regulatory compliance and provides input on the impact of system changes to security to the NSM. Assists in the development of system modifications and system change proposals and ensures that security procedures are in place and performed to prevent unauthorized access. Performs tuning for security monitoring products and customizes tools to automate security processes and event correlation, as needed. Audits and evaluates back-up and disaster recovery plans to identify weaknesses. Researches the latest information technology security trends to increase the organization's situational awareness and stay up to date on the latest methods attackers are using to infiltrate computer systems. Recommends tools and implementation of security controls based on directives, vulnerability matrix, and threat advisories. Provides summary reports of events and activities and delivers metric reports as needed. Must be a team player, communicate clearly, be open to hearing ideas and suggestions from others, diffuse situations, and exercise empathy and patience with colleagues. Must have the ability to multi-task, maintain composure under pressure, and utilize effective time management skills to prioritize tasks. Must be a self-starter driven by an eagerness to succeed, maintain flexibility, adapt to change in a productive and positive manner, learn new concepts, and utilize critical thinking to resolve complex problems. Maintains appropriate records. Performs other duties as assigned/authorized.

The Information Security Engineer focuses on a specific category of security (Network, Server, Identity and Access, Endpoint, Application) and serves as the subject matter expert in that category. They are responsible for performing the threat modeling, control analysis, control design and roadmap for that category. They lead security projects, designs solutions, consult with other IT teams to provide secure designs, create best-practices and guidelines, manage themselves and teams to their roadmaps, etc. MUST HAVE: • 5+ years of IT experience implementing enterprise-wide application solutions • Extensive experience with the McAfee security suite (specifically): o ePolicy Orchestrator (ePO) o Virus Scan Enterprise (VSE) o Host Intrusion Prevention (HIPS) o Data Loss Prevention (DLP) o Full Disk Encryption (EEPC, FDE, MDE, etc.) o Virus Scan for Virtual Environments (MOVE) o Rogue Sensor Detection (RSD) • Demonstrated experience with at least one programming/scripting language (Python, Ruby, Perl, Powershell, etc.) • Demonstrated experience with securing all aspects of an enterprise • Demonstrated experience in understanding networking technologies and protocols • Demonstrated systems administration experience with Windows and UNIX-based operating systems • Must have technology passion and staying current with emerging security trends • Excellent verbal & written communication and presentation skills. Must be able to communicate effectively to executive and developer levels. • Thorough understanding of business concepts, SDLC, security issues, software market and networking standards • Experience with new technology evaluations, software package selection and buy vs. build analysis • Strong ability to influence others outside of their direct area of control and seen as a team player • Experience managing multiple projects with diverse requirements and competing priorities • Project management and business analysis skills • Must be willing to occasionally travel globally and alter daily work schedule to meet with global community • Strong English oral/written communication, presentation, and organizational skills Additional Information All your information will be kept confidential according to EEO guidelines