Security architect jobs in Haverhill, MA - 263 jobs

A leading cloud technology firm in Boston seeks a Principal Cloud Security Architect to evaluate cloud architectures for security gaps. This role involves reviewing IAM configurations and network designs while identifying risks and misconfigurations in AWS, Azure, and GCP environments. Candidates should have extensive experience in cloud security architecture and document complex systems effectively. The position offers competitive compensation at $40 - $80 an hour, providing an opportunity to influence robust security practices. #J-18808-Ljbffr

40 Water Street - 40 Water Street Boston, Massachusetts 02109 United States Leveraging cybersecurity fundamentals, you will possess a strong understanding of cybersecurity principles, threat landscape, risk management and compliance requirements (such as GDPR, HIPPA, PCI DSS) Security Architecture Design: Proficiency in designing secure cloud architectures, including network security, identity and access management (IAM), data protection, encryption, and secure application development practices. Network Security: Expertise in designing secure cloud network architectures including VPCs, virtual network segmentation, network security groups (NSGs), Cloud Firewalls, VPN gateways, IDS/IPS, and DDoS protection. Data Security and Encryption: Knowledge of data protection techniques such as encryption, data masking, tokenization, and data loss prevention (DLP) Identity and Access Management (IAM) Compliance and Governance: Understanding of regulatory compliance requirements and best practices for ensuring Cloud environments meet industry standards and regulatory mandates. This may include knowledge of Azure Policy, Azure Blueprints, GCP Security Command Center, AWS Compliance Center and other compliance assessment tools. Experience with multiple cloud service providers (AWS, GCP, Azure) with deep knowledge in at least one major Cloud service provider Fundamental understanding of security in cloud and how it differs from on-premise Extensive hands-on experience in Terraform and CI/CD processes and an understanding of DevSecOps pipelines/workflows Experience in working in a highly regulated environment such as banking, financial services or government (regional/network borders etc.) Bachelor s degree in computer science, Information Systems or related course of study required or equivalent work experience. Related master s degree a plus Security certifications in (CISSP, GIAC, Security+) Additional Information Benefits of Working Here An inclusive workplace that promotes diversity and collaboration. Access to ongoing learning and development opportunities. Competitive compensation and benefits package. Flexibility to support work-life balance. Comprehensive health benefits for you and your family. Generous paid leave and holidays. Wellness program and employee assistance. Pay Range: $160,000 - $215,000 The range shown represents a grouping of relevant ranges currently in use at Publicis Sapient. Actual range for this position may differ, depending on location and specific skillset required for the work itself. As part of our dedication to an inclusive and diverse workforce, Publicis Sapient is committed to Equal Employment Opportunity without regard for race, color, national origin, ethnicity, gender, protected veteran status, disability, sexual orientation, gender identity, or religion. We are also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at *************************** Your information will be kept confidential according to EEO guidelines. Company Description Publicis Sapient is a digital transformation partner helping established organizations get to their future, digitally-enabled state, both in the way they work and the way they serve their customers. We help unlock value through a start-up mindset and modern methods, fusing strategy, consulting and customer experience with agile engineering and problem-solving creativity. United by our core values and our purpose of helping people thrive in the brave pursuit of next, our 20,000+ people in 53 offices around the world combine experience across technology, data sciences, consulting and customer obsession to accelerate our clients' businesses through designing the products and services their customers truly value. Looking for the latest openings or want to get rewarded for recommending a peer? #J-18808-Ljbffr

Develops and executes programs and processes to reduce information security risk and strengthen Oracle's security posture. Responsibilities Supports the strengthening of Oracle's security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas. Risk Management: Brings advanced level skills to assess the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in very complex, business‑critical environments. May conduct and document very complex information security risk assessments. May assist in the creation and implementation of security solutions and programs. Regulatory Compliance: Brings advanced level skills to manage programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO‑27001, PCI‑DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Participates in industry forums monitoring developments in regulatory compliance. Threat and Vulnerability Management: Brings advanced level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in‑depth analysis of ambiguous information is required. Incident Management and Response: Brings advanced level skills to respond to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks. May operate as Incident Commander on serious incidents. Digital Forensics: Brings advanced level skills to conduct data collection, preservation and forensic analysis of digital media independently, where an advanced understanding of forensic techniques is required. Other areas of focus may include duties providing advanced level skills and knowledge to manage Information Security Education, Training and Awareness programs. In a Corporate Security role, may manage the creation, review and approval of corporate information security policies. Mentors and trains other team members. Compiles information and reports for management. Qualifications Disclaimer: Certain US customer or client‑facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates. Range and benefit information provided in this posting are specific to the stated locations only US: Hiring Range in USD from: $104,200 to $223,400 per annum. May be eligible for bonus and equity. Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle's differing products, industries and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. Oracle US offers a comprehensive benefits package which includes the following: Medical, dental, and vision insurance, including expert medical opinion Short term disability and long term disability Life insurance and AD&D Supplemental life insurance (Employee/Spouse/Child) Health care and dependent care Flexible Spending Accounts Pre‑tax commuter and parking benefits 401(k) Savings and Investment Plan with company match Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non‑overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation. 11 paid holidays Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours. Paid parental leave Adoption assistance Employee Stock Purchase Plan Financial planning and group legal Voluntary benefits including auto, homeowner and pet insurance The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted. Career Level - IC4 About Us As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's challenges. We've partnered with industry‑leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity. We know that true innovation starts when everyone is empowered to contribute. That's why we're committed to growing an inclusive workforce that promotes opportunities for all. Oracle careers open the door to global opportunities where work‑life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs. We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_************* or by calling *************** in the United States. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law. Request a referral from an Oracle employee. See who works here #J-18808-Ljbffr

A leading software solutions company is seeking a Senior Product Security Engineer to enhance their product security function. In this role, you will collaborate closely with R&D teams to ensure security is integrated into the cloud offerings, including multi-cloud environments. Responsibilities include monitoring vulnerabilities, executing security assessments, and contributing to secure software architecture. Candidates should have extensive experience in security practices, particularly in cloud environments. This position offers a hybrid work arrangement within the United States. #J-18808-Ljbffr

A leading security technology firm is looking for a Senior Java Engineer to design, develop, and maintain cloud-native SaaS solutions for their RSA ID Plus platform. Candidates should have over 5 years of experience in Java and cloud-native applications. This role emphasizes collaboration within a distributed team to deliver secure Identity and Access Management products. The position offers a competitive salary range of $90k to $195k along with comprehensive benefits including flexible paid time off and a 401(k) retirement plan. #J-18808-Ljbffr

A leading car alternative service in Boston is seeking a Senior Security Engineer to protect its applications and physical locations. This role involves collaborating across teams to enhance security standards while managing web application vulnerabilities and incidents. The ideal candidate should have experience with Web Application Firewalls and incident management, alongside a proactive approach to security. Competitive salary of $112.5K-$155K with benefits starts from day one. #J-18808-Ljbffr

Information Security Engineer 3 page is loaded## Information Security Engineer 3locations: Portland, ME: Boston, MAtime type: Full timeposted on: Posted Todayjob requisition id: R20174****About the Team/Role****We're the Global Information Security Team at WEX, responsible for implementing and operating security technologies and processes throughout WEX. We partner closely with internal teams and customers to assure WEX operates in a secure and compliant manner. Our team holds itself to a high-standard and we collaborate closely with one another to ensure strong, reliable and effective relationships. We own our results and we take pride of ownership in everything we do. **We need help!** Changing the world isn't easy, and we have a lot of work ahead of us. From securing applications, data centers and cloud resources, we've got more work than we can handle and we're looking for great people to come along for the ride. We are looking for an application security engineer is responsible for ensuring the secure function of software security and familiarity with multiple general security practices and toolsets**How you'll make an impact** **Culturally, you're:*** A highly motivated security engineer who loves working on small, high performing teams that interface with the entire enterprise* A collaborative, solid communicator who works well with your team and stakeholders to drive projects from inception to completion* Someone who cares deeply for team results but is able to work independently to deliver high quality solutions for projects and operational tasks* Comfortable balancing the need to move fast with the realities of working in a highly regulated organization* Someone who thrives in situations where details and accuracy are vital* A skilled worker that has the motivation, expertise, and work ethic to operate independently across global time zones, and who is able to complete tasks and deliverables with minimal oversight* Work closely with Enterprise IT teams on securing Wex's infrastructure and applications* Able to mentor other engineers both technically and professionally**Technically, you:*** Engineer, implement, and monitor security measures to protect the enterprise* Configure and troubleshoot security infrastructure devices* Regularly review configurations and develop improvement plans* Develop technical solutions and new security tools to help mitigate security findings* Write comprehensive reports including assessment-based findings, outcomes and recommendations for security enhancement.* Have a general background in IT, Security, and supporting processes* Deep experience working with compliance and regulatory frameworks such as PCI-DSS, HIPAA/HITRUST, SOX, GDPR, NIST, etc.**Experience you'll bring*** Have 3-5 years of experience in Enterprise Information Security Engineering* Have 3-5 years of broad experience with security technologies such as NextGen AV (EDR), DLP, email security (SPF, DMARC, DKIM), web filtering, HSM, Key and Certificate management, or Identity and Access Management* Have a strong, practical understanding of modern cloud IT infrastructure, networking, and security engineering concepts* Are able to troubleshoot network and security issues within a complex environment* Have 3-5 years of experience in engineering solutions which meet security, compliance, and business needs* Can commit and deliver on very specific project/delivery timelines with minimal supervision* Are able work in an on-call rotation which may include some night and weekend shifts* Have excellent customer support skills, both written and verbal* Have 3-5 years of experience Linux and Unix operating systems* Have 3-5 years of experience with securing applications and enabling secure communication through HTTPS**It would be nice if you*** Have cloud experience with AWS and Azure* Experience working with AI/LLM Security* Experience working with Splunk* Experience working with CrowdStrike* Experience with automation technologies (SOAR) and writing code for automation* Experience working with Fortanix, Venafi, or similar Pay Range: $102,000.00 - $135,000.00WEX is a global commerce platform that helps businesses solve for operational complexities like employee benefits, managing and mobilizing fleets, and streamlining payments.With over 6,500 employees, we work with large and small companies in more than 200 countries and territories, and can tailor our services to meet the unique needs of their businesses.We hire people who share our passion for continuous innovation and client service that is unparalleled in the industry. Offering comprehensive and market competitive benefits, our offerings are designed to support your personal and professional well-being. If you're looking for a growing career - come be part of WEX today. To learn more about our employee benefits, please .WEX is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex, race, color, age, national origin, religion, sexual orientation, gender identity, protected veteran status, disability or other protected status. WEX promotes a drug-free workplace.Qualified individuals with a disability have the right to request a reasonable accommodation. If you require a reasonable accommodation as a result of your disability at any point in the job application process, please submit your request through our .This form is for accommodation requests only and cannot be used to inquire about the status of applications. #J-18808-Ljbffr

A leading technology firm is seeking an experienced Cybersecurity Engineer to implement and maintain cloud network security systems. The role includes daily monitoring of security alerts, incident response, and collaboration with engineering teams. Candidates must have a minimum of 4 years in cybersecurity engineering, proficiency in AWS, and familiarity with security technologies. This position offers a supportive team environment and flexibility in work location, as well as competitive benefits. #J-18808-Ljbffr

Security & IT Engineer About the Role We're looking for a hands‑on Security & IT Engineer to own and strengthen Givzey's security posture while managing our internal IT infrastructure. This is a hybrid role combining security engineering, cloud infrastructure management, and IT operations. You'll be responsible for everything from ensuring SOC 2 / ISO compliance and securing AWS environments to managing employee devices and implementing company‑wide security best practices. This role is perfect for someone who can think strategically about risk and compliance while still getting into the weeds of configuration, automation, and incident response. About Givzey: Givzey is a Boston‑based, rapidly growing digital fundraising solutions company, built by fundraisers for nonprofit organizations. Join a fast‑growing, mission‑driven team working across two innovative platforms: Givzey, the first donor commitment management platform revolutionizing nonprofit fundraising, and Version2.ai, a cutting‑edge AI platform helping individuals and organizations create their most authentic, effective digital presence. As an engineer at the intersection of philanthropy and artificial intelligence, you'll build scalable, high‑impact solutions that empower nonprofit fundraisers and redefine how people tell their stories online. We're a collaborative, agile team that values curiosity, autonomy, and purpose. Whether you're refining AI‑driven experiences or architecting tools for the future of giving, your work will help shape meaningful technology that makes a difference. What You'll Do Security & Compliance Own and evolve our information security program, including policies, controls, and procedures aligned with SOC 2, ISO 27001, and other frameworks. Conduct regular security risk assessments and audits; maintain continuous compliance readiness. Manage vulnerability scanning, penetration testing, and incident response processes. Oversee access control, identity management, and data protection across all systems. Partner with legal and operations teams to ensure vendor and data processing compliance. Cloud Infrastructure Security Secure and manage AWS infrastructure (IAM, networking, encryption, logging, monitoring, etc.). Implement security automation for configuration management, secrets management, and incident alerts. Collaborate with engineering teams to embed security into CI/CD pipelines and software lifecycle. IT Administration Manage company devices (Macs) using MDM and endpoint protection tools. Set up and maintain SSO, MFA, and access control across tools and services. Handle onboarding/offboarding from a security and IT perspective. Support internal IT operations and ensure systems run securely and smoothly. Governance & Culture Build a strong security culture through training, awareness, and best practices. Stay current on emerging security threats and compliance standards. What You'll Bring 5+ years of experience in IT, DevOps, or security engineering roles. Hands‑on experience with AWS, IAM, and cloud security tools. Strong familiarity with SOC 2, ISO 27001, and related compliance frameworks (TX‑RAMP). Understanding of network security, identity & access management, and incident response. Comfortable being both strategic and tactical - from writing policies to hardening infrastructure. Bonus: experience with Pulumi #J-18808-Ljbffr

A federal services provider located in Boston is seeking a Cyber Security Engineer to enhance software security for federal clients. The ideal candidate will possess a Bachelor's degree in a relevant field and experience with DevSecOps tools. Responsibilities include implementing security in software, maintaining security processes, and conducting assessments. This role promises to offer impactful career opportunities within a company that emphasizes employee ownership and diversity. #J-18808-Ljbffr

Who You'll Work With As a modern technology company, our Slalom Technologists are disrupting the market and bringing to life the art of the possible for our clients. We have passion for building strategies, solutions, and creative products to help our clients solve their most complex and interesting business problems. We surround our technologists with interesting challenges, innovative minds, and emerging technologies As a Consultant or Senior Consultant, you will collaborate with cross-functional teams, including IT, security, and business units, to design and implement Google Cloud-based application innovation solutions. You will work alongside experienced cloud architects, data scientists, and other specialists, ensuring the successful delivery of scalable, cloud-native applications and AI-powered solutions. What You'll Do * Stay current with security trends, technologies, and best practices around Google Cloud solutions, leveraging tools like Cloud IAM, Cloud Security Command Center, BeyondCorp, and Cloud Armor. * Define and guide transformational security strategies for Google Cloud environments, ensuring alignment with Google's Zero Trust and BeyondCorp principles. * Translate complex regulatory requirements (e.g., GDPR, SOC 2, HIPAA) and technology standards into actionable functional and technical requirements for cloud and hybrid environments, ensuring security and compliance. * Lead teams through various phases of gap analyses, including security assessments, remediation planning, roadmap development, and implementation of remediation actions using Google Cloud-native tools. * Deliver on the vision, architecture, execution, and quality assurance of security projects on Google Cloud, driving initiatives that secure enterprise workloads and data. * Guide stakeholders and senior leaders on aligning security solutions with broader business goals, ensuring the architecture follows Google Cloud's security best practices and roadmap. * Establish security architecture patterns based on Google Cloud security frameworks and industry standards to meet the unique needs of enterprise clients. * Collaborate with other Google Cloud architects and security teams to continuously improve security knowledge assets and best practices, ensuring the most effective security solutions for clients. * Design and architect solutions to secure Generative AI models and applications against adversarial attacks, prompt injection, and their potential misuse for malicious cyber activities. What You'll Bring * Proven experience with Google Cloud security architecture, with hands-on experience in tools like Cloud IAM, VPC Service Controls, Cloud DLP, and Cloud Armor. * Strong background in defining and implementing Zero Trust and BeyondCorp security models within Google Cloud environments. * Familiarity or direct experience with Identity and Access Management (IAM), Data Protection, Vulnerability Management, and Cloud Security solutions in Google Cloud. * Extensive experience with security design patterns specific to Google Cloud, as well as hybrid and multi-cloud security architecture. * Experience in security and risk advisory consulting, particularly related to cloud security transformations. * Ability to lead the development and implementation of cloud security roadmaps aligned with business goals and compliance needs. * Familiarity with Google Cloud's Artificial Intelligence (AI) capabilities (e.g., Vertex AI, Generative AI services, Model Armor) including their applications, associated security risks (e.g., prompt injection, data poisoning, privacy concerns), and proven strategies for implementing security controls, governance, and responsible AI practices. * Relevant certifications are strongly desired, including (but not limited to): * GCP Professional Security Engineer * GCP Professional Cloud Architect * CISSP * Security+ About Us Slalom is a fiercely human business and technology consulting company that leads with outcomes to bring more value, in all ways, always. From strategy through delivery, our agile teams across 52 offices in 12 countries collaborate with clients to bring powerful customer experiences, innovative ways of working, and new products and services to life. We are trusted by leaders across the Global 1000, many successful enterprise and mid-market companies, and 500+ public sector organizations to improve operations, drive growth, and create value. At Slalom, we believe that together, we can move faster, dream bigger, and build better tomorrows for all. Compensation and Benefits Slalom prides itself on helping team members thrive in their work and life. As a result, Slalom is proud to invest in benefits that include meaningful time off and paid holidays, parental leave, 401(k) with a match, a range of choices for highly subsidized health, dental, & vision coverage, adoption and fertility assistance, and short/long-term disability. We also offer yearly $350 reimbursement account for any well-being-related expenses, as well as discounted home, auto, and pet insurance. Slalom is committed to fair and equitable compensation practices. For this position the base salary pay ranges are listed below. In addition, individuals may be eligible for an annual discretionary bonus. Actual compensation will depend upon an individual's skills, experience, qualifications, location, and other relevant factors. The salary pay range is subject to change and may be modified at any time. East Bay, San Francisco, Silicon Valley: * Consultant: $120,000-$177,000 * Senior Consultant: $140,000-$203,000 San Diego, Los Angeles, Orange County, Seattle, Houston, New Jersey, New York City, Westchester, Boston, Washington DC: * Consultant: $110,000-$162,000 * Senior Consultant: $130,000-$186,000 All other locations: * Consultant: $105,000-$148,000 * Senior Consultant: $115,000-$171,000 EEO and Accommodations Slalom is an equal opportunity employer and is committed to inclusion, diversity, and equity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veterans' status, or any other characteristic protected by federal, state, or local laws. Slalom will also consider qualified applications with criminal histories, consistent with legal requirements. Slalom welcomes and encourages applications from individuals with disabilities. Reasonable accommodations are available for candidates during all aspects of the selection process. Please advise the talent acquisition team if you require accommodations during the interview process. We are accepting applications until 12/31.

Extensive knowledge of HIPAA and HITECH. Knowledge of and experience with Information Security frameworks such as HiTRUST, NIST, or ISO 27001. Bachelor's degree in information security, information assurance, information technology, computer science, or a related discipline. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or related certification. Five (5) years in an information security operations or management role. Passion for the mission of Health Leads and strong commitment to Health Leads' core values: belief in collective strength and the power of shared work, constant and courageous learning, celebrating our victories and each other, and stepping up leaders in a common vision. Experience with information security for cloud environments and/or software-as-a-service (SaaS) platforms. Knowledge of security-related technologies and processes, including but not limited to: data loss prevention (DLP), identity and access management (IAM), endpoint security, vulnerability and configuration management, security information and event management (SIEM), incident response and digital forensics, disaster recovery/business continuity planning, network security (LAN/WAN). Ability to communicate complex ideas and information both verbally and writing, in a clear, concise, and effective manner to technical and non-technical audiences including customers and colleagues. Superior capabilities for partnering; ability to be effective as both a team member and as a leader of teams in defining objectives, staying on task and reaching consensus; soliciting participation, challenging ideas and summarizing accomplishments and planned actions. Show integrity and ethical behavior; respect confidentiality, business ethics and organizational standards. Ability to formulate the cost benefit of security initiatives in the context of overall business risk mitigation and the organization's operational objectives. Ability to compare, contrast and prioritize among alternative approaches to meet those objectives.

Are you a Cybersecurity compliance expert ready to take the lead in a dynamic, high-impact role? Join a globally recognized firm where you'll play a key role in shaping and strengthening our cybersecurity strategy. This is your chance to make a difference in a fast-paced, professional environment that values innovation, collaboration, and technical excellence. Why You'll Love This Role: Drive Security Initiatives - Lead firmwide cybersecurity programs, ensuring compliance with ISO 27001 and other industry standards. Be a Decision-Maker - Approve security risks, implement best practices, and enhance policies to safeguard critical systems. Third-Party & Risk Management - Oversee vendor risk assessments, vulnerability management, and client security audits. Lead & Mentor - Supervise a Compliance Analyst and provide strategic guidance across teams. Innovate & Protect - Collaborate with IT leadership to integrate cutting-edge security solutions into firm operations. What You Bring to the Table: 5+ years of cybersecurity experience in a complex IT environment. Strong knowledge of security frameworks (ISO 27001, NIST, etc.). Hands-on experience with security tools, compliance audits, and risk assessments. Leadership experience with a passion for mentoring and developing security professionals. Bachelor's degree in Cyber Security, Computer Science, or a related field. Security certifications (CISSP, CRISC, etc.) strongly preferred. Offer includes: Competitive salary: $145,000 - $170,000 Hybrid work environment Excellent benefits package A culture of excellence, diversity, and professional growth Ready to step into a leadership role where your expertise will make a real impact? Apply today and be a key player in securing the future of a top international firm. Apply to this post or email your resume directly to Dan Gilliam, email: **************************** Tags: Cybersecurity, IT, ISO, Compliance, Security Manager

The Research Architect for Dynamic Application Security Testing (DAST) is responsible for overseeing the security capabilities of Veracode's dynamic scanner offerings. Responsibilities · Conduct research and development for automating web application attacks. · Conduct research for improving techniques for detection of vulnerabilities. · Develop attack signatures for specific classes of vulnerabilities. · Define developer focused specifications for new attacks. · Work with management to set priorities and goals for Veracode's DAST offerings. · Keep up to date with the latest features in web browsers, web application development techniques, and web application vulnerabilities. · Develop test cases to demonstrate vulnerabilities and ensure products' ability to identify them in an automated fashion. · Actively engage with the security research community through speaking at industry conferences, publishing independent research, posting on the Veracode blog, and other means. The Research Architect for Dynamic Application Security Testing (DAST) is responsible for overseeing the security capabilities of Veracode's dynamic scanner offerings. Responsibilities · Conduct research and development for automating web application attacks. · Conduct research for improving techniques for detection of vulnerabilities. · Develop attack signatures for specific classes of vulnerabilities. · Define developer focused specifications for new attacks. · Work with management to set priorities and goals for Veracode's DAST offerings. · Keep up to date with the latest features in web browsers, web application development techniques, and web application vulnerabilities. · Develop test cases to demonstrate vulnerabilities and ensure products' ability to identify them in an automated fashion. · Actively engage with the security research community through speaking at industry conferences, publishing independent research, posting on the Veracode blog, and other means. This is a deeply technical role that requires significant knowledge around modern web development technologies and practices. You not only understand common web vulnerabilities, but understand how to find them in an automated fashion. You will need to follow upcoming trends and how they may have implications for security. It's also crucial that you're an effective communicator, as you'll collaborate frequently with engineers to guide them in implementing the specifications you create. You'll also need: · 5+ years of practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits. · 3+ years of software development experience. · Deep understanding of web browsers (i.e. security features, DOM, JavaScript, etc.). · Deep understanding of common client side and server side web application vulnerabilities and how to exploit them (e.g. SQL injection, cross-site scripting, etc.). · Ability to learn new programming languages and/or technologies quickly and independently · Ability to balance novelty of attacks with the restrictions automation demands. · Experience with automated application security testing products (SAST, DAST, etc.) a plus. · Genuine enthusiasm, not just aptitude, for application security. Up to 20% of your time will be allocated for independent research, and this means you'll need interesting, relevant project ideas. · Prototyping ability - the skill to hack something together quick and dirty to solve a problem and demonstrate feasibility. · Excellent attention to detail, quality, and customer satisfaction. Consulting experience a plus. · Strong analytical, organizational, and technical writing skills. · B.S. in Computer Science or equivalent industry experience. Skills & Requirements This is a deeply technical role that requires significant knowledge around modern web development technologies and practices. You not only understand common web vulnerabilities, but understand how to find them in an automated fashion. You will need to follow upcoming trends and how they may have implications for security. It's also crucial that you're an effective communicator, as you'll collaborate frequently with engineers to guide them in implementing the specifications you create. You'll also need: · 5+ years of practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits. · 3+ years of software development experience. · Deep understanding of web browsers (i.e. security features, DOM, JavaScript, etc.). · Deep understanding of common client side and server side web application vulnerabilities and how to exploit them (e.g. SQL injection, cross-site scripting, etc.). · Ability to learn new programming languages and/or technologies quickly and independently · Ability to balance novelty of attacks with the restrictions automation demands. · Experience with automated application security testing products (SAST, DAST, etc.) a plus. · Genuine enthusiasm, not just aptitude, for application security. Up to 20% of your time will be allocated for independent research, and this means you'll need interesting, relevant project ideas. · Prototyping ability - the skill to hack something together quick and dirty to solve a problem and demonstrate feasibility. · Excellent attention to detail, quality, and customer satisfaction. Consulting experience a plus. · Strong analytical, organizational, and technical writing skills. · B.S. in Computer Science or equivalent industry experience.

New England College of Optometry seeks an entry level Information Security Manager to develop, implement, and oversee a robust information security strategy and program. This critical role involves establishing and enforcing policies, procedures, and technologies to protect the confidentiality, integrity, and availability of institutional and student data. The Information Security Manager will be responsible for risk assessment, incident response, security operations, and ensuring compliance with all relevant regulations and standards. This role requires strong leadership, technical expertise, and excellent communication skills to collaborate effectively across the institution. Responsibilities * Develop, implement, and oversee a robust information security strategy and program in alignment with institutional goals and industry best practices. * Establish and maintain institutional information security policies, standards, and guidelines, ensuring they are regularly reviewed, updated, and communicated. * Manage security operations, including monitoring, detection, prevention, response, and analysis of security threats and vulnerabilities. * Lead and coordinate the information security incident response team, managing security breaches & ensuring timely and effective resolution and post-incident analysis. * Conduct regular risk assessments and penetration testing to identify and mitigate potential security vulnerabilities across systems, networks, and applications. * Ensure compliance with national and international regulatory frameworks (e.g., FERPA, HIPAA, ISO 27001, SOC 2) relevant to the organization. * Oversee security awareness training programs for all employees to promote a culture of security consciousness. * Manage the security budget and evaluate, select, and implement appropriate security tools and technologies. * Report on the status of the security program, vulnerabilities, and incidents to executive leadership. * Work on "special projects" as assigned by the Chief Information Officer. * Other duties as assigned. Requirements * Experience in designing, implementing, and managing enterprise-level information security programs and strategy. * Technical knowledge of network security, application security, cloud security (e.g., AWS, Azure, GCP), and endpoint protection technologies. * Understanding of risk management methodologies and security frameworks (e.g., ISO 27001, NIST, CIS Controls). * Experience leading security incident response and forensic analysis. * Strong communication and interpersonal skills, with the ability to explain complex security issues to technical and non-technical audiences. * Knowledge of networking principles, including wireless networking. * Excellent written and verbal communication skills, professional appearance, punctuality and a sense of urgency. * Experience working with Active Directory and Google Cloud Platform. * Ability and willingness to learn new technologies. Preferred Background/Skills * Professional certifications such as CISSP, CISM, or relevant SANS certifications. * Experience with Governance, Risk, and Compliance (GRC) tools and processes. * Exceptional organizational skills, with the ability to prioritize projects and tasks. * Familiarity with scripting languages (e.g., Python, PowerShell) for security automation. * Ability to write reports and document steps for knowledge sharing. * Ability to work efficiently and independently with minimal supervision. * Excellent customer service and communications skills. Education * Bachelor's degree in Computer Science, Information Technology, Information Security, or a related technical field. Experience * A minimum of 2 years of progressive experience in the field of information security. NECO is an Equal Opportunity employer and encourages all qualified candidates to apply. New England College of Optometry offers a robust benefits program including: * 3 plan options for BCBS medical coverage (employer subsidized at 75% or greater) * Mental Health and Wellness benefits * BCBS Dental * Discounted vision services * 13 paid holidays and generous paid time off for sick, vacation, and personal days * Employer-paid life insurance, and short-term and long-term disability * Voluntary Insurance: life, critical illness, hospital indemnity, accident, * Voluntary Benefits: employee discounts and pet insurance * 9% employer contribution to a 403(b) retirement plan after 1 year of service with no vesting schedule or match requirement * Qualified Public Service Loan Forgiveness Employer

Full-time Description New England College of Optometry seeks an entry level Information Security Manager to develop, implement, and oversee a robust information security strategy and program. This critical role involves establishing and enforcing policies, procedures, and technologies to protect the confidentiality, integrity, and availability of institutional and student data. The Information Security Manager will be responsible for risk assessment, incident response, security operations, and ensuring compliance with all relevant regulations and standards. This role requires strong leadership, technical expertise, and excellent communication skills to collaborate effectively across the institution. Responsibilities Develop, implement, and oversee a robust information security strategy and program in alignment with institutional goals and industry best practices. Establish and maintain institutional information security policies, standards, and guidelines, ensuring they are regularly reviewed, updated, and communicated. Manage security operations, including monitoring, detection, prevention, response, and analysis of security threats and vulnerabilities. Lead and coordinate the information security incident response team, managing security breaches & ensuring timely and effective resolution and post-incident analysis. Conduct regular risk assessments and penetration testing to identify and mitigate potential security vulnerabilities across systems, networks, and applications. Ensure compliance with national and international regulatory frameworks (e.g., FERPA, HIPAA, ISO 27001, SOC 2) relevant to the organization. Oversee security awareness training programs for all employees to promote a culture of security consciousness. Manage the security budget and evaluate, select, and implement appropriate security tools and technologies. Report on the status of the security program, vulnerabilities, and incidents to executive leadership. Work on "special projects" as assigned by the Chief Information Officer. Other duties as assigned. Requirements Experience in designing, implementing, and managing enterprise-level information security programs and strategy. Technical knowledge of network security, application security, cloud security (e.g., AWS, Azure, GCP), and endpoint protection technologies. Understanding of risk management methodologies and security frameworks (e.g., ISO 27001, NIST, CIS Controls). Experience leading security incident response and forensic analysis. Strong communication and interpersonal skills, with the ability to explain complex security issues to technical and non-technical audiences. Knowledge of networking principles, including wireless networking. Excellent written and verbal communication skills, professional appearance, punctuality and a sense of urgency. Experience working with Active Directory and Google Cloud Platform. Ability and willingness to learn new technologies. Preferred Background/Skills Professional certifications such as CISSP, CISM, or relevant SANS certifications. Experience with Governance, Risk, and Compliance (GRC) tools and processes. Exceptional organizational skills, with the ability to prioritize projects and tasks. Familiarity with scripting languages (e.g., Python, PowerShell) for security automation. Ability to write reports and document steps for knowledge sharing. Ability to work efficiently and independently with minimal supervision. Excellent customer service and communications skills. Education Bachelor's degree in Computer Science, Information Technology, Information Security, or a related technical field. Experience A minimum of 2 years of progressive experience in the field of information security. NECO is an Equal Opportunity employer and encourages all qualified candidates to apply. New England College of Optometry offers a robust benefits program including: 3 plan options for BCBS medical coverage (employer subsidized at 75% or greater) Mental Health and Wellness benefits BCBS Dental Discounted vision services 13 paid holidays and generous paid time off for sick, vacation, and personal days Employer-paid life insurance, and short-term and long-term disability Voluntary Insurance: life, critical illness, hospital indemnity, accident, Voluntary Benefits: employee discounts and pet insurance 9% employer contribution to a 403(b) retirement plan after 1 year of service with no vesting schedule or match requirement Qualified Public Service Loan Forgiveness Employer

The Principal Cloud Security Architect evaluates cloud architectures, identity models, permissions, and security controls across large-scale environments. This role focuses on identifying architectural risks, misconfigurations, and long‑term security design gaps. What You'll Do Assess cloud architectures (AWS, Azure, GCP) for security gaps Review IAM configurations, network segmentation, and resource policies Identify misconfigurations, privilege risks, and insecure patterns Summarize architectural flaws and provide structured mitigation guidance Validate alignment with security frameworks and best practices Support recurring assessments of cloud environments and deployment patterns What You Bring Must-Have: Deep experience in cloud security architecture Strong understanding of IAM, network design, and cloud service models Ability to document complex architectures in clear, structured form Nice-to-Have: Experience with multi-cloud, zero‑trust, or high‑compliance environments $40 - $80 an hour #J-18808-Ljbffr

A leading automotive service company in Downtown Boston seeks a dedicated Senior Security Engineer to safeguard its web and mobile applications, manage various security incidents, and ensure compliance with safety standards. This role requires collaboration across teams to implement defense strategies and educate staff on security practices. Self-starters with expertise in threat management and a solid understanding of compliance frameworks will thrive in this vibrant environment. Join the mission to revolutionize car ownership and enjoy competitive pay and exceptional benefits. #J-18808-Ljbffr

A leading technology firm is seeking a skilled professional to develop and execute programs that reduce information security risk and strengthen their security posture. Candidates will support risk management, regulatory compliance, and incident response activities. The role demands advanced skills in handling information security assessments and managing compliance with various standards. Competitive salary and comprehensive benefits are provided in this dynamic environment. #J-18808-Ljbffr