Sr. Offensive Security Engineer, Information Security Assurance & Response
Security Architect Job 91 miles from Hopewell
Job DescriptionMerrick Bank employees share in our mission to delight our customers and empower underserved consumers to achieve their credit goals. In return, we delight our associates; ensuring they are noticed, heard, appreciated and understand the importance of their role(s). For over 20 years, our Guiding Principles of; doing the right thing, putting the customer first, and Earn, Learn, Have Fun (aka E.L.F.), have defined who we are as an Employer of Choice. Give Yourself Credit, Work at Merrick!
Position Summary:
The Senior Offensive Security Engineer operates, monitors, and improves information security processes and systems that protect the Bank’s data, customers, and computer systems from business disruption, data/identity compromise, cyber fraud, and regulatory criticism. This role focuses on application and development security, application penetration testing capabilities, and cloud infrastructure/platform security.
Essential Functions:
Key Offensive Security responsibilities include:
Conducting Red Team Exercises to simulate Advanced Persistent Threats (APTs) against web, mobile, and cloud-based applications to identify security weaknesses and assess the effectiveness of security controls.
Perform in-depth manual and automated penetration testing against Cloud and On Prem Networks and applications to discover vulnerabilities and weaknesses that could be exploited.
Work with development teams to identify potential security threats early in the software development lifecycle (SDLC) and provide recommendations to mitigate risks.
Develop and enhance tools, scripts, and frameworks to automate testing and reporting processes, including setting up continuous integration (CI) security checks.
Document findings in detailed, actionable reports for both technical and non-technical stakeholders. Communicate effectively with developers, engineers, and executive leadership on remediation strategies.
Collaborate with Blue Team (defensive security), DevOps, and engineering teams to improve detection and response capabilities.
Stay updated on the latest security threats, vulnerabilities, and exploits, and apply this knowledge to enhance Red Team operations.
Each Security Engineer is also responsible to cross-train and be familiar with other security functions as assigned:
Security Monitoring & Response - Detects and responds to security events by identifying, reporting, mitigating, and recovering from security incidents.
Security Control Engineering and Operations - Enables and protects business services with appropriate access, endpoint, network, data storage, and data loss prevention controls, including vulnerability and controls testing.
Security Risk & Program Management - Assesses and advises technology and business groups by identifying, prioritizing, managing, and reporting security risk.
Performs other duties as assigned.
Compliance with Laws & Regulations:
Responsible for complying with all of the Bank’s internal control policies and procedures.
Responsible for understanding and complying with all laws and regulations to which the Bank is subject.
Responsible for communicating problems in operations, noncompliance with the code of conduct, noncompliance with laws and regulations, policy violations, or illegal acts.
Education and Experience:
Bachelor’s degree in computer science, Cybersecurity, Information Security, or a related field. Equivalent experience will also be considered.
5-8+ years of experience in application security, penetration testing, or Red Team operations.
Summary of Qualifications:
Proficient in programming/scripting languages such as C#, Python, JavaScript, PowerShell, Bash, or other relevant to security testing.
Strong Foundational Linux skills.
Expertise in using security testing tools (e.g., Burp Suite, Nessus, C2 Frameworks, SQLMap, NMAP etc.).
Strong knowledge of web application frameworks, APIs, microservices, and cloud environments (AWS, Azure, GCP).
Familiarity with Secure Software Development Lifecycle (SSDLC) and DevSecOps practices.
Familiarity with highly regulated industries, and specifically the banking industry (including FDIC regulations) is preferred.
Demonstrated skills with security concepts, defense-in-depth strategies, security tools, and protocols.
“White-hat” mentality, with a healthy sense of paranoia (security awareness and risk).
Positive, inquisitive, can-do attitude.
Self-starter, requires minimal oversight to perform as expected, work well independently and as part of a team.
Comfortably perform well under pressure, deliver to commitments on tight deadlines.
Meticulous attention to detail.
Passion for cybersecurity and technology trends, news, and hacking techniques.
Work Environment/Physical Demands:
May require some travel to company, partner, or vendor locations for various job duties.
May require some lifting of up to 50 pounds to rack/maintain IT or security equipment
Security Responsibilities - General:
This classification requires heightened security awareness to safeguard the Bank's data, including customer non-public personal information. This security level means that the job includes exposure to all categories of Bank data, including customer non-public personal information.
General Disclosure:
The above statements reflect the general information considered necessary to describe the principal functions of the job and should not be considered as a detailed description of all work requirements that may be inherent to the position. In addition, the incumbent may be called upon to personally handle projects or assignments not usually related to the position’s day-to-day activities. Understand and comply with laws and regulations that are applicable to my job function. Understand and comply with company policies and procedures that are applicable to my job function.
We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location. Our benefits offerings include medical, dental, vision, life insurance, 401(k) plan with company match, paid vacation time, sick time, as well as other benefits and programs to meet the needs of our employees. Further details will be shared during the interview or offer process, as appropriate and applicable.
We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable law which includes (but may not be limited to) a review of factors including drug testing and employment/personal references.
Apply Now
IT Cyber Security Risk Analyst
Security Architect Job 91 miles from Hopewell
Hi
Hope your day has been going well so far!
IT Cyber Security Rick Analyst
Contract
Pittsburgh, PA - onsite
Pay Range: $80/hr - $85/hr (The pay may be negotiable based on experience, education, geographic location, and other factors.)
4+ years experience in IT operations, IT audit, security, or risk management.
Strong analytical and problem-solving skills; ability to decipher and prioritize questions accordingly.
Strong interpersonal skills.
Proven solid written and oral communication skills with the ability to effectively communicate status, risks, and remediations to executive management.
ISO 27001 standard knowledge is highly desirable.
Governance and Risk Certification is a plus (CRISC, CISM, CISA, or CISSP) What will your typical day look like?
Equal Opportunity Employer, Veterans, or Disabled
Benefit offerings available for our associates include medical, dental, vision, life insurance, short-term disability, additional voluntary benefits, an EAP program, commuter benefits, and a 401K plan.
Our benefit offerings provide employees the flexibility to choose the type of coverage that meets their individual needs. In addition, our associates may be eligible for paid leave, including paid sick leave or any other paid leave required by federal, state, or local law, as well as holiday pay where applicable. Disclaimer: These benefit offerings do not apply to client-recruited jobs and jobs that are direct hires to a client.
To read our Candidate Privacy Information Statement, which explains how we will use your information, please visit ******************************************
The Company will consider qualified applicants with arrest and conviction records by federal, state, and local laws and/or security clearance requirements, including, as applicable:
The California Fair Chance Act
Los Angeles City Fair Chance Ordinance
Los Angeles County Fair Chance Ordinance for Employers
San Francisco Fair Chance Ordinance
Cyber Security Analyst
Security Architect Job 91 miles from Hopewell
Information Security Risk Analyst
As a member of the Information Security Assurance team, you will be responsible for staying abreast of developments within the field and contribute to directional strategy by considering all present risks internally and externally. You'll work with partners to drive thoughtful remediation and enhancements to the organization's risk posture. This role requires advanced understanding of challenges and common threats. This person will be responsible for developing, implementing, and operating a strategic, risk-based program for the Enterprise Information Security Team.
What do we want to know about you?
You must have:
Bachelor's degree in Business, Technology, Cyber Security, Technology Risk Management or min. 4 years of equivalent experience.
4+ years experience within IT operations, IT Audit, Security or Risk management.
Strong analytical and problem-solving skills; ability to decipher and prioritize asks accordingly.
Strong interpersonal skills.
Knowledge of industry Risk management frameworks, common mitigation practices, and\ Organizational control management.
Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant information security controls.
Demonstrate an understanding of business processes, internal risk management strategies, IT controls, and how they interact together.
Demonstrate proficiency in process formulation and improvement.
Knowledge of operational security capabilities including access control, network security, secure configuration and vulnerability management, intrusion detection, security monitoring and incident response.
Proven solid written and oral communication skills with the ability to effectively communicate status, risks, and remediations to executive management.
ISO 27001 standard knowledge is highly desirable.
Governance and Risk Certification a plus (CRISC, CISM, CISA, or CISSP)
What will your typical day look like?
The ideal candidate will have experience building, operating, and maturing effective programs to manage Information Security Risks and their remediations.
Comprehensive Risk Identification, Assessment & Analysis:
Lead and conduct comprehensive risk assessment to identify, prioritize and quantify potential and existing security threats and vulnerabilities across the organization's systems, network, and applications.
Utilize risk analysis methodologies and tools to assess the effectiveness of existing security controls and identify areas for improvement.
Provide expert guidance on risk mitigation strategies and control implementation to minimize exposure to security risks.
Develop risk management methodologies tailored to the organization's specific risk profile and business priorities.
Collaborate with stakeholders to establish risk tolerance levels and develop risk mitigation plans.
Risk Remediation Planning & Execution:
Develop remediation plans based on the findings of risk assessments, prioritizing actions to address critical vulnerabilities and mitigate high-risk threats.
Work closely with relevant stakeholders to implement security controls and measures to remediate identified risks effectively.
Monitor the progress of remediation efforts and provide regular updates to management on the status of risk mitigation initiatives.
Conduct post-remediation reviews and analysis to validate the effectiveness of remediation activities and identify any residual risks.
Risk-Awareness Culture:
Drive clear, concise, pragmatic outcomes with senior business and technology leaders that balance risk with business objectives.
Develop and implement security awareness programs and initiatives to educate employees on security risks, best practices, and their role in maintaining a secure environment.
Foster a culture of accountability and responsibility for information security by encouraging active participation in risk identification, reporting, and mitigation efforts.
Promote open communication channels for reporting concerns and potential risks, and ensure timely resolution and escalation as needed.
Business Awareness & Continual Improvement:
Anticipate the needs of leadership and facilitate as well as motivate those around you to identify solutions that both improve the security of our environment and advance business objectives.
Maintain an external network to ensure our organization continuously analyzes new threats, trends, innovations, etc. to ensure our strategy and priorities stay appropriately aligned.
Present balanced viewpoints of options and recommendations based on strong front-to-back understanding of existing capabilities and frameworks combined with a strong understanding of emerging technologies and best practices.
Be curious about our business and seek to understand.
Create an environment of continual improvement both inside and outside of direct team.
Bring new ideas, methods, and approaches to this role. Leverage own expertise to challenge the status quo and drive decisions and actions necessary to improve our business processes and related technology
Physical Demands:
• Employee is required to work on a computer for up to 8 hours per day
• Employee may be in a sitting position for several hours per day
• Employee must be able to read small text on computer screens/monitors
• Employee is regularly required to talk and hear
Work Environment:
The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment. During visits to areas of operations, may be exposed to extreme cold or hot weather conditions, fumes or airborne particles, toxic or caustic chemicals, and loud noise
Vulnerability / Cloud Security Engineer - Qualys
Security Architect Job 91 miles from Hopewell
Job DescriptionDescription:
Due to client requirement, applicants must be willing and able to work on a w2 basis. For our w2 consultants, we offer a great benefits package that includes Medical, Dental, and Vision benefits, 401k with company matching, and life insurance.
Rate: $70 - $82 / hr. w2
Responsibilities:
Consults on a senior level and provides professional support for major components of the company's information security infrastructure.
Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms in diverse system environments.
Consults with the business and operational infrastructure personnel regarding new and existing technologies.
Recommends new security tools to management and reports and provides guidance and expertise in their implementation.
Reviews and analyzes highly complex data and information to provide insights, conclusions and actionable recommendations.
Defines, implements, and applies area-wide security and/or COB policies and standards by leveraging in-depth knowledge of globally accepted information security and/or COB principles.
Addresses high risk security concerns or incidents.
Recommends course of action to mitigate risk and ensures that appropriate standards are established and published.
Contributes to the achievement of area objectives.
Experience Requirements:
10-12 years of experience in information security or related technology experience
Qualys is a key skill (manage scan, know how to use the tool) – Container (Docker) / Vulnerability Mgt Security must (6-8+ years)
Cloud Vulnerability compliance understanding cloud architecture and design with emphasis on vulnerability management, discovery, remediation, and general security operations practices with a focus on cloud IaaS / PaaS / SaaS and their native security platforms on cloud providers such as AWS, Google Cloud Platform, Microsoft Azure (including Sentinel)
Strong knowledge of large-scale cloud (public or private) environments, enterprise cloud environments, cloud policy and policy as code highly preferred
Experience in designing and development of automation tools and infrastructure to run service-oriented stacks on an internal data centers
Skills, experience, and other compensable factors will be considered when determining pay rate. The pay range provided in this posting reflects a W2 hourly rate; other employment options may be available that may result in pay outside of the provided range.
W2 employees of Eliassen Group who are regularly scheduled to work 30 or more hours per week are eligible for the following benefits: medical (choice of 3 plans), dental, vision, pre-tax accounts, other voluntary benefits including life and disability insurance, 401(k) with match, and sick time if required by law in the worked-in state/locality.
Please be advised- If anyone reaches out to you about an open position connected with Eliassen Group, please confirm that they have an Eliassen.com email address and never provide personal or financial information to anyone who is not clearly associated with Eliassen Group. If you have any indication of fraudulent activity, please contact ********************.
About Eliassen Group:
Eliassen Group is a leading strategic consulting company for human-powered solutions. For over 30 years, Eliassen has helped thousands of companies reach further and achieve more with their technology solutions, financial, risk & compliance, and advisory solutions, and clinical solutions. With offices from coast to coast and throughout Europe, Eliassen provides a local community presence, balanced with international reach. Eliassen Group strives to positively impact the lives of their employees, clients, consultants, and the communities in which they operate.
Eliassen Group is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
Don’t miss out on our referral program! If we hire a candidate that you refer us to then you can be eligible for a $1,000 referral check!
Security Engineer - Ubuntu
Security Architect Job 91 miles from Hopewell
Job Description
This is an exciting opportunity to join an industry leading software security team, and help protect the open source community and Ubuntu users from emerging threats. Canonical is building a team to provide security coverage across a wide range of different ecosystems and environments, and work to make the world a better, safer place.
As part of the Ubuntu team, you will work with the best and brightest people in technology to monitor, triage, respond to and document new and existing vulnerabilities in open source software. The role will involve collaboration with internal teams and external partners, to identify and prioritize issues and track progress.
The role can also include a number of other activities, including security assessment and code review, internal tooling developments, community engagement, security hardening and feature development and industry collaboration participation.
This job involves international travel several times a year, usually for one week and requires the ability to be productive in a globally distributed team through self-discipline and self-motivation.
What you'll do
Analyze, fix, and test vulnerabilities in Ubuntu packages
Keep track of vulnerabilities in Ubuntu releases as they are discovered, researched and fixed (using internal software tools)
Collaborate with other teams in the Ubuntu community and with upstream developers where appropriate, to exchange or develop vulnerability patches and make sure that Ubuntu includes the very best security features
Audit source code for vulnerabilities
Who you are
You have a thorough understanding of the common categories of security vulnerabilities and techniques for fixing them
You are familiar with coordinated disclosure practices
You are familiar with open source development tools and methodologies
You are skilled in one or more of C, Python, go, Rust, Java, Ruby or PHP
You have excellent logic, problem-solving, troubleshooting, and decision-making skills
You can clearly and effectively communicate with the team and Ubuntu community members
We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity we will give your application fair consideration.
#LI-Remote
Salesforce Architect (Hybrid)
Security Architect Job 91 miles from Hopewell
Job Description
Are you passionate about Salesforce and love creating innovative solutions that make a difference? At TruSummit, we’re looking for a talented Salesforce Solution Architect to bring your expertise to our clients and help us build cutting-edge solutions together. You’ll take ownership of the solutions you recommend, ensuring they’re not only effective but scalable and future-proof. You'll also get the chance to mentor and inspire your fellow teammates while solving exciting business challenges.
What You’ll Do:
Work with stakeholders to understand their business needs and design solutions that make a real impact.
Recommend and implement the best solutions for complex requirements, considering all the pros and cons.
Tackle large-scale challenges and create secure, high-performing solutions that maximize Salesforce’s full potential.
Collaborate with clients and team members to develop prototypes and proofs of concept, refining solutions based on feedback.
Own the design of Salesforce (and possibly other systems) for Sales, Service, and platform solutions, ensuring they’re scalable and follow industry best practices.
Build custom Salesforce objects, workflows, fields, and validation rules to support the business’s unique processes.
Guide system releases and deployments, ensuring a smooth transition between environments.
Advise on Salesforce integrations with other platforms for seamless data flow.
Mentor developers and work cross-departmentally to optimize the use of Salesforce.
Stay on top of the latest Salesforce features and make recommendations to keep our solutions cutting-edge.
Monitor system performance and troubleshoot any issues to keep things running smoothly.
Analyze platform usage and adoption, offering insights and recommendations to drive engagement and success.
What You’ll Bring:
A college degree or equivalent professional experience.
At least 5 years of experience leading Salesforce projects.
3+ years as a Salesforce Architect, ideally working in a center-of-excellence model.
2+ years of hands-on Salesforce administration, including creating/deploying Flows, Lightning components, Apex classes, and more.
Salesforce Certified Solution Architect (preferred).
Strong communication and relationship-building skills.
Experience in leading projects using Agile/Scrum or waterfall methodologies.
A strategic mindset and the ability to bring ideas to life visually and in writing.
A passion for mentoring and guiding teams to success.
Active participation in the Salesforce community is a big plus!
Hybrid position based out of Pittsburgh (3-4 days onsite)
If you’re excited to bring your Salesforce expertise to a collaborative, fast-growing environment where your ideas are valued and your skills will make a real impact, we’d love to hear from you!
TruSummit Solutions is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. All applicants must be authorized to work in the United States.
Powered by JazzHR
9TG8mLq1Dg
Azure Cloud Security Architect
Security Architect Job 91 miles from Hopewell
Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services. Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results. We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions. Join our dynamic team and make your mark on the payments technology landscape of tomorrow.
Summary of This Role
You will serve as part of a larger team dedicated with the vision to provide a flexible and reliable cloud platform, maximizing the ability to realize its benefits while reducing risks. In this role you will work closely together with product owners and overall cloud architects to help build a secure and robust enterprise-grade cloud platform. You will guide and design our efforts to increase the security posture in Azure.
What Part Will You Play?
Designing security services in cloud-based programs based on pre-defined architecture frameworks
Maintain and improve the security posture of the Azure platform
Overlook the process of identifying and remediating vulnerabilities
Define security controls and policies, access to data, and monitor alerts to ensure that data, apps, containers, infrastructure, and networks are protected.
Design access configurations within a cloud solution environment using the defense-in-depth principle
Design network security including in a hybrid context with traditional network centric controls
Implement and use cloud native tools like Log Analytics, Azure Monitor, Azure Security Center and Azure Sentinel
What Are We Looking For in This Role?
Minimum Qualifications
Bachelor's Degree
Relevant Experience or Degree in: in Information Security or Computer Science
Typically Minimum 4+ Years Relevant Exp
Prior experience must be as an Information Security Analyst, or related role.
One or more of the following (or similar) -CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, Security +, CGEIT
Experience with other Cloud Platforms like AWS and Google Cloud is nice-to-have
Preferred Qualifications
Prefer that candidate has 10 years of prior experience and must be as an Information Security Architect or substantially similar role. Expert understanding of regulatory audit requirements and able to independently assess and design complete dev/sec/ops
What Are Our Desired Skills and Capabilities?
Skills / Knowledge - Having broad expertise or unique knowledge, uses skills to contribute to development of company objectives and principles and to achieve goals in creative and effective ways. Barriers to entry such as technical committee review may exist at this level.
Job Complexity - Works on significant and unique issues where analysis of situations or data requires an evaluation of intangibles. Exercises independent judgment in methods, techniques and evaluation criteria for obtaining results. Creates formal networks involving coordination among groups.
Supervision - Acts independently to determine methods and procedures on new or special assignments. May supervise the activities of others.
Network Engineering/Architecture - Acts as the department subject matter expert in TCP/IP network connectivity, subnet segmentation, security zones, secure ports/protocols, network authentication/authorization, security tools and their applicability (WAF, IPS, Sandbox, etc.).
Systems Engineering/Architecture - Acts as a department subject matter expert in Operating system infrastructure, including Windows, Linux, containers, container orchestration and Virtual Machines. Must understand system authentication options, user rights within systems, user authentication/authorization, least privilege, Group Policy, Automation tooling (Puppet, chef, ansible) and local security agents/tools (Anti-Virus, Whitelisting, forensics, firewall, etc.)
Encryption/Cryptography - Acts as the TSYS subject matter expert in the use of digital certificates, root certificate trust, and how to encrypt/decrypt network traffic. Sets standards for the interpretation of data that must be encrypted at rest, and how to assure encryption key
Global Payments Inc. is an equal opportunity employer. Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. If you wish to request reasonable accommodations related to applying for employment or provide feedback about the accessibility of this website, please contact ******************.
Enterprise Security Architect
Security Architect Job 91 miles from Hopewell
Enterprise Security Architect Duration: Full Time Interview mode: Inperson Brand new role
Serve as a member of the enterprise architecture team, providing technical security insight that aligns with business objectives and security requirements. Establish and evangelize the security architecture (principles, policies, standards and patterns) to development groups, business groups and other stakeholders; Govern adherence to the architecture golden rules. Analyze gaps between current and target security architecture and develops plans to close the gaps.
Responsibilities:
Works with IT departments, information security architects, technical architects, data custodians, and governance groups to develop and update Client security policies, standards, procedures, and solutions for secure application architecture. Ensures that security practices are aligned with Client's overall business strategies.
Advises and drives the security maturity of the development lifecycle including secure coding and system security for operations. Recommends and implements changes in security procedures and practices using best-in-class information to ensure that Client is maintaining best-in-class security practices.
Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs. Conducts Penetration Test, Vulnerability, and Risk assessments to improve the security architecture and security product toolset.
Prepares system security reports by collecting, analyzing, and summarizing data and trends. Executes validation by external vendors.
Verifies security systems and network configurations by developing and implementing test scripts while monitoring adherence to standards in architecture, application design, development, and testing frameworks.
Qualifications
Qualifications:
Bachelor degree with Master preferred. Security certification required.
7 to 10 years of experience operating in a cloud environment (e.g. Azure, AWS, Rackspace) along with at least 5 years working in a dedicated information security role with a focus on Security Architecture for at least 3 years.
7 to 10 years of experience with PaaS, IaaS, SaaS, and/or mobile architecture
Solid experience with security hacking tools and techniques.
Solid understanding in application architectures and technology including web applications, mobile technology, identity and access management, security event and incident management as well as web security controls (e.g. Web Application Firewall, Database Activity Monitor, Distributed Denial of Service controls, etc.)
Extensive working knowledge of web application security best practices to include, but not limited to, Cloud Security Alliance controls matrix, OWASP Top 10.
Experience with compliance standards such as HIPAA, CMS, SOX, GLBA; as well as security frameworks such as SANS 20 CSC, CoBIT, or NIST.
Previous involvement with developing and/or maintaining an Enterprise Security Architecture. Familiarity with TOGAF is a plus
Strong understanding and experience of software development methodologies and life cycles
Excellent written and verbal communications skills required, with the ability to explain advanced concepts to audiences of varying levels
Can be counted on to exceed goals successfully, very bottom-line orientated while steadfastly pushes self and others for results.
Has working knowledge of web application security best practices to include, but not limited to, Cloud Security Alliance controls matrix, OWASP Top 10.
Demonstrated ability to make sound decisions using a mixture of analysis, wisdom, experience, and judgement coupled with a strong ability to learn on the fly (quickly learns new tasks, open to change).
Certifications, licenses or registrations: Security+, CISSP, CISA, CEH
Proven ability to organize/manage multiple priorities coupled with the flexibility to quickly adapt to ever-changing business needs.
Additional Information
All your information will be kept confidential according to EEO guidelines.
Azure Cloud Security Architect
Security Architect Job 91 miles from Hopewell
Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services. Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results. We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions. Join our dynamic team and make your mark on the payments technology landscape of tomorrow.
Summary of This Role
You will serve as part of a larger team dedicated with the vision to provide a flexible and reliable cloud platform, maximizing the ability to realize its benefits while reducing risks. In this role you will work closely together with product owners and overall cloud architects to help build a secure and robust enterprise-grade cloud platform. You will guide and design our efforts to increase the security posture in Azure.
What Part Will You Play?
* Designing security services in cloud-based programs based on pre-defined architecture frameworks
* Maintain and improve the security posture of the Azure platform
* Overlook the process of identifying and remediating vulnerabilities
* Define security controls and policies, access to data, and monitor alerts to ensure that data, apps, containers, infrastructure, and networks are protected.
* Design access configurations within a cloud solution environment using the defense-in-depth principle
* Design network security including in a hybrid context with traditional network centric controls
* Implement and use cloud native tools like Log Analytics, Azure Monitor, Azure Security Center and Azure Sentinel
What Are We Looking For in This Role?
Minimum Qualifications
* Bachelor's Degree
* Relevant Experience or Degree in: in Information Security or Computer Science
* Typically Minimum 4+ Years Relevant Exp
* Prior experience must be as an Information Security Analyst, or related role.
* One or more of the following (or similar) -CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, Security +, CGEIT
* Experience with other Cloud Platforms like AWS and Google Cloud is nice-to-have
Preferred Qualifications
* Prefer that candidate has 10 years of prior experience and must be as an Information Security Architect or substantially similar role. Expert understanding of regulatory audit requirements and able to independently assess and design complete dev/sec/ops
What Are Our Desired Skills and Capabilities?
* Skills / Knowledge - Having broad expertise or unique knowledge, uses skills to contribute to development of company objectives and principles and to achieve goals in creative and effective ways. Barriers to entry such as technical committee review may exist at this level.
* Job Complexity - Works on significant and unique issues where analysis of situations or data requires an evaluation of intangibles. Exercises independent judgment in methods, techniques and evaluation criteria for obtaining results. Creates formal networks involving coordination among groups.
* Supervision - Acts independently to determine methods and procedures on new or special assignments. May supervise the activities of others.
* Network Engineering/Architecture - Acts as the department subject matter expert in TCP/IP network connectivity, subnet segmentation, security zones, secure ports/protocols, network authentication/authorization, security tools and their applicability (WAF, IPS, Sandbox, etc.).
* Systems Engineering/Architecture - Acts as a department subject matter expert in Operating system infrastructure, including Windows, Linux, containers, container orchestration and Virtual Machines. Must understand system authentication options, user rights within systems, user authentication/authorization, least privilege, Group Policy, Automation tooling (Puppet, chef, ansible) and local security agents/tools (Anti-Virus, Whitelisting, forensics, firewall, etc.)
* Encryption/Cryptography - Acts as the TSYS subject matter expert in the use of digital certificates, root certificate trust, and how to encrypt/decrypt network traffic. Sets standards for the interpretation of data that must be encrypted at rest, and how to assure encryption key
Global Payments Inc. is an equal opportunity employer. Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. If you wish to request reasonable accommodations related to applying for employment or provide feedback about the accessibility of this website, please contact ******************.
Sr. Information Security Manager
Security Architect Job 76 miles from Hopewell
Sr. Information Security Manager - Murrysville, PA The Integrated Supply Chain (ISC) Information Security Manager will be responsible for developing, implementing and monitoring a strategic and comprehensive IT security plans across multiple geographies and driving security in manufacturing sites, Distribution Centers, and warehouses across the US.
Your role:
* Develop, maintain and improve upon security controls and policies to protect Philips business from security breaches/ incidents, while ensuring operational performance to deliver security controls at optimum cost..
* Provide direction for Enterprise IT Security and Cybersecurity protection, and oversee Technology governance and policies.
* Evaluates potential security breaches, coordinates response, and recommend corrective actions.
* Provides Security Project Management and leadership to staff and external resources in support of established goals and objectives, improved efficiencies, and problem resolution.
* Is responsible for the security schedules of major global contracts and the supplier integration and delivery of secure services as contracted. This includes managing all service delivery components and coordination of supplier teams delivering services.
You're the right fit if:
* You have +7 years experience on developing and implementing cybersecurity strategies on manufacturing/ supply chain/ logistics environment.
* Bachelor's or Master's degree in Computer Science, Information Technology and/or an equivalent academic field.
* You have a Cybers Security Certification such as CISSP, CISM, CISA, CIPP etc. preferred. Knowledge on MITRE Framework, IEC 62443/NIST 800:23 is preferred.
* Your skills a thorough understanding of Security Management and Governance principles, along being able to deliver cross-cultural etiquette, customer-centric and collaborative mindset.
* You must be able to successfully perform the following minimum Physical, Cognitive and Environmental job requirements with or without accommodation for this position.
How we work together
We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company's facilities. Field roles are most effectively done outside of the company's main facilities, generally at the customers' or suppliers' locations.
This is an in office role.
About Philips
We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help improve the lives of others.
* Learn more about our business.
* Discover our rich and exciting history.
* Learn more about our purpose.
* Learn more about our commitment to diversity and inclusion.
Philips Transparency Details
The pay range for this position in Murrysville, PA is from $ 107,000. 00 to $154,000.00
The actual base pay offered may vary within the posted ranges depending on multiple factors including job-related knowledge/skills, experience, business needs, geographical location, and internal equity.
In addition, other compensation, such as an annual incentive bonus, sales commission or long-term incentives may be offered. Employees are eligible to participate in our comprehensive Philips Total Rewards benefits program, which includes a generous PTO, 401k (up to 7% match), HSA (with company contribution), stock purchase plan, education reimbursement and much more. Details about our benefits can be found here.
At Philips, it is not typical for an individual to be hired at or near the top end of the range for their role and compensation decisions are dependent upon the facts and circumstances of each case.
Additional Information
US work authorization is a precondition of employment. The company will not consider candidates who require sponsorship for a work-authorized visa, now or in the future.
Company relocation benefits will not be provided for this position. For this position, you must reside in or within commuting distance to Murrysville, PA.
#LI-PH1
#LI-OFFICE
This requisition is expected to stay active for 45 days but may close earlier if a successful candidate is selected or business necessity dictates. Interested candidates are encouraged to apply as soon as possible to ensure consideration.
Philips is an Equal Employment and Opportunity Employer/Disabled/Veteran and maintains a drug-free workplace.
Sr. Information Security Manager
Security Architect Job 76 miles from Hopewell
Job TitleSr. Information Security ManagerJob Description
Sr. Information Security Manager - Murrysville, PA
The Integrated Supply Chain (ISC) Information Security Manager will be responsible for developing, implementing and monitoring a strategic and comprehensive IT security plans across multiple geographies and driving security in manufacturing sites, Distribution Centers, and warehouses across the US.
Your role:
Develop, maintain and improve upon security controls and policies to protect Philips business from security breaches/ incidents, while ensuring operational performance to deliver security controls at optimum cost..
Provide direction for Enterprise IT Security and Cybersecurity protection, and oversee Technology governance and policies.
Evaluates potential security breaches, coordinates response, and recommend corrective actions.
Provides Security Project Management and leadership to staff and external resources in support of established goals and objectives, improved efficiencies, and problem resolution.
Is responsible for the security schedules of major global contracts and the supplier integration and delivery of secure services as contracted. This includes managing all service delivery components and coordination of supplier teams delivering services.
You're the right fit if:
You have +7 years experience on developing and implementing cybersecurity strategies on manufacturing/ supply chain/ logistics environment.
Bachelor's or Master's degree in Computer Science, Information Technology and/or an equivalent academic field.
You have a Cybers Security Certification such as CISSP, CISM, CISA, CIPP etc. preferred. Knowledge on MITRE Framework, IEC 62443/NIST 800:23 is preferred.
Your skills a thorough understanding of Security Management and Governance principles, along being able to deliver cross-cultural etiquette, customer-centric and collaborative mindset.
You must be able to successfully perform the following minimum Physical, Cognitive and Environmental job requirements with or without accommodation for this position.
How we work together
We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company's facilities. Field roles are most effectively done outside of the company's main facilities, generally at the customers' or suppliers' locations.
This is an in office role.
About Philips
We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help improve the lives of others.
Learn more about our business.
Discover our rich and exciting history.
Learn more about our purpose.
Learn more about our commitment to diversity and inclusion.
Philips Transparency Details
The pay range for this position in Murrysville, PA is from $ 107,000. 00 to $154,000.00
The actual base pay offered may vary within the posted ranges depending on multiple factors including job-related knowledge/skills, experience, business needs, geographical location, and internal equity.
In addition, other compensation, such as an annual incentive bonus, sales commission or long-term incentives may be offered. Employees are eligible to participate in our comprehensive Philips Total Rewards benefits program, which includes a generous PTO, 401k (up to 7% match), HSA (with company contribution), stock purchase plan, education reimbursement and much more. Details about our benefits can be found here.
At Philips, it is not typical for an individual to be hired at or near the top end of the range for their role and compensation decisions are dependent upon the facts and circumstances of each case.
Additional Information
US work authorization is a precondition of employment. The company will not consider candidates who require sponsorship for a work-authorized visa, now or in the future.
Company relocation benefits
will not
be provided for this position. For this position, you must reside in
or
within commuting distance to Murrysville, PA.
#LI-PH1
#LI-OFFICE
This requisition is expected to stay active for 45 days but may close earlier if a successful candidate is selected or business necessity dictates. Interested candidates are encouraged to apply as soon as possible to ensure consideration.
Philips is an Equal Employment and Opportunity Employer/Disabled/Veteran and maintains a drug-free workplace.
Principal Information Security Officer - Pittsburgh Supercomputing Center (PSC)
Security Architect Job 91 miles from Hopewell
The Pittsburgh Supercomputing Center (PSC) a joint research center of Carnegie Mellon University and the University of Pittsburgh, was established in 1986, and for over 30 years has provided university, government, and industrial researchers with access to several of the most powerful systems for sophisticated computational research, communications, and data storage available to scientists, engineers and scholars nationwide for unclassified research. PSC advances science across a wide spectrum of fields, including artificial intelligence/machine learning, medical imaging, weather modeling, cell biology, and genomics.
Carnegie Mellon University's department of PSC is searching for a Principal Information Security Officer (PISO) to join their team. This is an exciting opportunity for someone who thrives in an interesting and challenging work environment. Your contribution to the department will be to assign, direct, review and supervise a team of IT professionals that provide information security engineering and operations support for specific research applications based on both theoretical and practical knowledge to help scientists accomplish discovery on modern high-performance computing platforms. Must ensure leadership is aware and accountable for IT security policy and compliance within the PSC and ensures that research projects and services provided externally comply with PSC's cybersecurity program. You will also assure that appropriate engineering protocols are executed to discover, examine, test and mitigate new and potential threats. As well as manage the monitoring and response to security incidents and oversee strategic direction for overall group activities and goals.
Responsibilities are determined by active project needs. Some examples are as follows:
Pittsburgh Supercomputing Center (PSC) provides a high performance computing and communications service in support of the nation's computational science work. PSC is a member of ACCESS, a national computer collaboration of 15 partners from across the U.S. that provides high performance computing, networking, data, scientific visualization and instrument services to the nation's scientists. The overall responsibility of the Principal Information Security Officer (PISO) is to lead teams of PSC staff members, particularly from the Networking and Systems & Operations groups, in order to develop and implement plans for integrated network-, host- and human-based information security practices and procedures for PSC. The PISO keeps PSC management informed regarding current, continuing and emerging security risks to PSC and the broader academic community. The PISO will also serve as a key member of Trusted CI, the NSF Cybersecurity Center of Excellence. The mission of Trusted CI is to lead in the development of an NSF Cybersecurity Ecosystem with the workforce, knowledge, processes, and cyberinfrastructure that enables trustworthy science and NSF's vision of a nation that is a global leader in research and innovation. Within PSC, the PISO will work with other staff members to assess PSC's computer security risks and to choose appropriate security measures, prepares plans for implementing the measures and leads implementation, monitors performance of the measures and adjusts them accordingly, and leads response to security incidents. Within Trusted CI, the PISO performs potentially similar duties as prescribed by Trusted CI's leadership, with particular attention to cybersecurity interoperability.
Skills and experience:
Leads teams of cybersecurity experts from PSC.
Actively participates in Trusted CI engagements and initiatives, assists with center operations and leads projects with other Trusted CI staff.
Oversees information security of leading edge computing and communications equipment. that is in round-the-clock use by the national research community. PSC's Equipment is valued at roughly $60 million.
Coordinate security in PSC: Conduct periodic assessments of PSC's cybersecurity program. With input from members of a team and/or leadership, enhance PSC's cybersecurity program.
Stay current with new security threats, technological advances and regulatory requirements.
Explore applicable cybersecurity improvement strategies and tactics.
Lead team that carries out the implementation plans. Coordinate periodic audits of
compliance of PSC practices and procedures to requirements, regulations and standards.
Lead PSC incident response, including protection and custody of evidence. Interact with law enforcement or organizations as necessary.
Oversee development, maintenance and dissemination of PSC's documentation on center information security policies and procedures.
Participate in local and national computer security incident response groups.
Develop and promote cybersecurity awareness among staff and users.
Oversee security training for staff and users.
Regularly report to PSC management on information security posture.
Perform associated high-performance computing and communications information security administration duties as needed.
Acts as team leader. Determines own and team's priorities based on overall goals, and may deviate from established procedures and practices as long as end results meet performance objectives and established goals.
Gives advice and counsel to PSC, Trusted CI and ACCESS higher management which significantly influence decisions.
Performs under minimal supervision. All normal duties and responsibilities are handled independently. Only the most difficult or unique situations are referred to higher management levels.
Assesses the severity of an information security or system problem independently and makes a problem determination quickly.
Regular status reports and attendance at various meetings is required.
Flexibility, excellence, and passion are vital qualities within PSC. Inclusion, collaboration and cultural sensitivity are valued competencies at CMU. Therefore, we are in search of a team member who is able to effectively interact with a varied population of internal and external partners at a high level of integrity. We are looking for someone who shares our values and who will support the mission of the university through their work.
Qualifications
Minimum Bachelor's Degree in Computer Science or a related field. A graduate degree in cybersecurity or related field, or certification such as CISSP, CISM, CISA, or CRISC is preferred.
Minimum requirements include knowledge and skills developed through 7+ years of work experience in a related job discipline.
Broad understanding of current computer, data and networking information security practices in a high performance computing and communications environment; demonstrated ability to apply that knowledge to develop and implement a practical, effective security program
Excellent analytical, technical, reasoning and innovative problem-solving skills.
Ability to lead teams and to function competently in a team environment.
Ability to interact and communicate effectively and courteously with members of PSC, the broader university community, partner sites in ACCESS, and Trusted CI and the NSF Cyberinfrastructure community.
Requirements:
Successful background check
Additional Information:
Sponsorship: Applicants for this position must be currently legally authorized to work for CMU in the United States. CMU will not sponsor or take over sponsorship of an employment visa for this opportunity.
Work Posture: This position is operating on a hybrid schedule, with an on-campus/in office presence 3 days a week.
This is a full-time (37.5 hours/week), exempt position
Funding: This is a grant-funded position.
Joining the CMU team opens the door to an array of exceptional benefits available to eligible employees.
Those employees who are benefits eligible have the opportunity to experience the full spectrum of advantages from comprehensive medical, prescription, dental, and vision insurance to an enticing retirement savings program offering a generous employer contribution. You can also unlock your potential with tuition benefits and take well-deserved breaks with ample paid time off and observed holidays. Finally, rest easy knowing you are covered by life and accidental death and disability insurance.
Other perks include a free Pittsburgh Regional Transit bus pass, our Family Concierge Team to help navigate childcare needs, fitness center access, and so much more!
For a comprehensive overview of the benefits that may be awaiting you, explore our Benefits page.
At Carnegie Mellon, we value the whole package when extending offers of employment. Beyond just credentials, we consider the role and responsibilities, your invaluable work experience, and the knowledge gained through education and training. We acknowledge and appreciate your unique skills and the diverse perspective you bring. Your journey with us is about more than just a job; it's about finding the perfect fit for your professional growth and personal aspirations.
Are you interested in an exciting opportunity with an exceptional organization?! Apply today!
Location
Pittsburgh, PA
Job Function
Security
Position Type
Staff - Regular
Full Time/Part time
Full time
Pay Basis
Salary
More Information:
Please visit “Why Carnegie Mellon” to learn more about becoming part of an institution inspiring innovations that change the world.
Click here to view a listing of employee benefits
Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran.
Statement of Assurance
Sr. Information Security Manager
Security Architect Job 76 miles from Hopewell
Sr. Information Security Manager page is loaded **Sr. Information Security Manager** **Sr. Information Security Manager** locations Murrysville time type Full time posted on Posted Today job requisition id538024 **Job Title** Sr. Information Security Manager**Job Description**
**Sr. Information Security Manager** **- Murrysville, PA**
The Integrated Supply Chain (ISC) Information Security Manager will be responsible for developing, implementing and monitoring a strategic and comprehensive IT security plans across multiple geographies and driving security in manufacturing sites, Distribution Centers, and warehouses across the US.
**Your role:**
* Develop, maintain and improve upon security controls and policies to protect Philips business from security breaches/ incidents, while ensuring operational performance to deliver security controls at optimum cost..
* Provide direction for Enterprise IT Security and Cybersecurity protection, and oversee Technology governance and policies.
* Evaluates potential security breaches, coordinates response, and recommend corrective actions.
* Provides Security Project Management and leadership to staff and external resources in support of established goals and objectives, improved efficiencies, and problem resolution.
* Is responsible for the security schedules of major global contracts and the supplier integration and delivery of secure services as contracted. This includes managing all service delivery components and coordination of supplier teams delivering services.
**You're** **the right fit if:**
* You have +7 years experience on developing and implementing cybersecurity strategies on manufacturing/ supply chain/ logistics environment.
* Bachelor's or Master's degree in Computer Science, Information Technology and/or an equivalent academic field.
* You have a Cybers Security Certification such as CISSP, CISM, CISA, CIPP etc. preferred. Knowledge on MITRE Framework, IEC 62443/NIST 800:23 is preferred.
* Your skills a thorough understanding of Security Management and Governance principles, along being able to deliver c ross-cultural etiquette, customer-centric and collaborative mindset.
* You must be able to successfully perform the following minimum Physical, Cognitive and Environmental job requirements with or without accommodation for this .
**How we work together**
We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company's facilities. Field roles are most effectively done outside of the company's main facilities, generally at the customers' or suppliers' locations.
**This is an in office role.**
**About Philips**
We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help improve the lives of others.
* Learn more about .
* Discover
* Learn more about
* Learn more about our commitment to .
**Philips Transparency Details**
The pay range for this position in Murrysville, PA is from $ 107,000. 00 to $154,000.00
The actual base pay offered may vary within the posted ranges depending on multiple factors including job-related knowledge/skills, experience, business needs, geographical location, and internal equity.
In addition, other compensation, such as an annual incentive bonus, sales commission or long-term incentives may be offered. Employees are eligible to participate in our comprehensive Philips Total Rewards benefits program, which includes a generous PTO, 401k (up to 7% match), HSA (with company contribution), stock purchase plan, education reimbursement and much more. Details about our benefits can be found .
At Philips, it is not typical for an individual to be hired at or near the top end of the range for their role and compensation decisions are dependent upon the facts and circumstances of each case.
**Additional Information**
**US work authorization is a precondition of employment**. The company **will not** consider candidates who require sponsorship for a work-authorized visa, now or in the future.
Company relocation benefits ***will not*** be provided for this position. For this position, you must reside in ***or*** within commuting distance to **Murrysville, PA.**
**#LI-PH1**
**#LI-OFFICE**
This requisition is expected to stay active for 45 days but may close earlier if a successful candidate is selected or business necessity dictates. Interested candidates are encouraged to apply as soon as possible to ensure consideration.
*Philips is an Equal Employment and Opportunity Employer/Disabled/Veteran and maintains a drug-free workplace.*
At Philips, we believe that every human matters. As a global health-tech leader, we focus on improving people's health and wellbeing through meaningful innovation. The people who work here share our passion and are motivated to bring this purpose to life.
For more than 130 years, we have been creating technologies and innovations that improve people's lives and support healthcare practitioners. Headquartered in the Netherlands and operating in more than 100 countries globally, we focus our advanced technology and deep clinical and consumer insights on Precision Diagnosis, Image Guided Therapy, Enterprise Informatics, Monitoring/ Connected Care, Sleep & Respiratory Care and Personal Health.
We're committed to building a diverse and inclusive workplace culture where people feel heard, valued and connected. Because we know the possibilities are unlimited when people feel empowered to grow and succeed together.
*It is the policy of Philips to provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to race, color, ethnicity, religion, gender, pregnancy/childbirth, age, national origin, sexual orientation, gender identity or expression, disability or perceived disability, genetic information, citizenship, veteran or military status or a person's relationship or association with a protected veteran, including spouses and other family members , marital or domestic partner status, or any other category protected by federal, state and/or local laws.*
*As an equal opportunity employer, Philips is committed to a diverse workforce. In order to ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Veterans' Readjustment Act of 1974, and Title I of the Americans with Disabilities Act of 1990, applicants that require accommodation in the job application process may contact ************, option 5, for assistance.*
*Equal Employment and Opportunity Employer/Disabled/Veteran*
|
Mainframe Security Engineer - ACF2 Administrator
Security Architect Job 91 miles from Hopewell
For immediate consideration, please connect with me on LinkedIn at ************************************** and then email your resume, work authorization status, current location, availability, and compensation expectations directly to ***************************** - make sure to include the exact job title and job location in your email message.
*** The job is on-site with a HYBRID work schedule. Candidates must be local or willing to relocate within commuting distance of Pittsburgh PA, Cleveland OH, Birmingham AL, Dallas TX, Phoenix AZ
Mainframe Security Engineer (ACF2 Administrator) :
- Senior-level ACF2 administrator will work on redesigning of ACF2 security from UID to ROLE-based.
- This position requires extensive experience in ACF2 administration and the ability to analyze and restructure application rulekey structures.
- Analyze ACF2 access reports for applications to integrate access into identity management tool, Oracle Identity Manager (OIM)
- Collaborate with stakeholders to discuss existing access and identify user/access commonalities for OIM entitlements
- Redesign application rulekey structures, including creating and collapsing multiple NEXTKEYS for each application
- Convert access from UID-based to ROLE-based systems
- Create and manage Cross-Reference Groups (XREF, X-ROL)
- Implement and test new rulekeys for successful authorization
Required Technical Skills and Experience :
- This role focuses on ACF2 administration, not software engineering, development, or Multiple Virtual Storage (MVS) support
- Senior-level experience in ACF2 Mainframe rule administration
- Expertise in ACF2 security administration for dataset and resource rules
- Strong understanding of ACF2 access validation workflow for dataset and resource rules
- Experience in analyzing rules, splitting rulekeys, and building new rulekeys
- Proficiency in creating and collapsing NEXTKEYS
- Thorough understanding of masking characters for rules and user IDs
- Training will be provided on OIM, corporate mainframe naming conventions, and standards for rules and user IDs
- The ideal candidate should be able to effectively communicate with stakeholders about ACF2 access to their applications
For immediate consideration, please connect with me on LinkedIn at ************************************** and then email your resume, work authorization status, current location, availability, and compensation expectations directly to ***************************** - make sure to include the exact job title and job location in your email message.
#M1
.
System One, and its subsidiaries including Joulé, ALTA IT Services, CM Access, TPGS, and MOUNTAIN, LTD., are leaders in delivering workforce solutions and integrated services across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible full-time employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.
System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.
Cloud Security Engineer Company Hidden Pittsburgh, PA Contract-to-Hire DevOps 2 Openings Posted today $2,000 reward per hire
Security Architect Job 91 miles from Hopewell
**Cloud Security Engineer** Company Hidden Other Pittsburgh, PA Base pay $12,345 - $678,910 or to view salary and company information DevOps Contract 2 Openings $2,000 reward per hire **About this Role** Agility Partners is seeking a qualified Cloud Security Engineer to fill an open position with one of our banking clients. This is an exciting opportunity to join a security engineering team dedicated to mitigating risks, fraud, and security operations within the technology industry.
Key Responsibilities:
* Deploy Amazon Cloud tools and integrate them into Splunk Cloud
* Deploy Splunk Cloud
* Design and develop components of application and technical architecture
* Execute tests for application or technical architecture components
* Assist in selecting appropriate platforms and integrating and configuring solutions
* Develop software components and hardware for new and emerging technology projects
* Provide consultation on common issues and best practices for junior staff
* Ensure quality of project deliverables and maintain compliance with relevant standards and processes
**Benefits and Perks**
This is a great opportunity to work for a coast-to-coast financial services firm, with tremendous opportunity to grow, develop and move internally to pursue your passions. An organization that develops tools and technologies that incorporate some of the most modern and cutting-edge approaches, working collaboratively and continuously developing as experts in their respective fields.
* Amazing opportunity for growth, healthy work/life balance and a community focused environment
* Working for an organization that focuses on company culture, inclusion and diversity
* 50% medical coverage for you and your entire family, short/long term disability and life insurance options
* 401(k)
* Life Insurance
* Disability coverage
**The Ideal Candidate**
Qualifications:
* Technical Skills: AWS (Kinesis Firehose) Onboarding Mechanism, Cloud Architecture, Splunk Cloud
* Flex Skills: AWS Security, Security Hub, Security Lake, Cloud Trail, Ansible
* Soft Skills: Good documentation skills (Confluence), work tracking (JIRA), good communication
* Education: Bachelor's degree in computer science, software engineering, or relevant field preferred; AWS Certifications preferred
* Experience: 5-7 years of experience in a similar role; experience with security tools onboarding into AWS, integration with Kinesis Firehose, and engineering with Splunk Cloud
Share this job. Make $2,000.
When a friend applies to this position and gets hired, you'll get credited with a referral reward!*
*Reward paid upon hire of your candidate according to our Recruiting Agreement Policy (see right).
Security Engineer - Structured Database Protection Governance
Security Architect Job 91 miles from Hopewell
Position OverviewAt PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all of our employees feel respected, valued and have an opportunity to contribute to the company's success.
As a Security Engineer, within PNC's Security Data Protection organization, you can be based either in Pittsburgh, PA, Strongsville, OH, Dallas, TX, Birmingham, AL or Phoenix AZ.
The position is primarily based in a PNC location. Responsibilities require time in the office or in the field on a regular basis. Some responsibilities may be performed remotely, at the manager's discretion.
PNC will not provide sponsorship for employment visas or participate in STEM OPT for this position.
The Security Engineer will have a strong technical acumen understanding of Structured data and database principles. This position will support the Data Protection Structured Data Team working to ensure Data Movement, Data Scanning, and Data Desensitization process completion. The Security Engineer should understand Data Desensitization methods including Masking , Synthetic Data and Tokenization. Ability to create and follow Playbooks required. Strong communication skills are required as this role will be a direct contact for the PNC lines of business. Security Engineer is needed to have the ability to drive process improvement & automation recommendations. Strong Organizational, Communication and Critical Thinking Skills are imperative for this role.
Required Skills:
• Strong understanding of Structured Data and database principles.
• Knowledge of Data Protection, Data Classifications, and Data Desensitization Methods required.
• Data Analysis with Excel, Tableau and Service Now
• • Ability to work with Business on requirements documentation and process improvement.
• Strong Communication skills - Written, Verbal and Organizational
• Collaboration with cross functional teams to translate technical and business processes.
• Conduct & Lead meetings across various lines of business.
Technical Skills:
• Collaboration/Project Administration with Confluence, Jira, SharePoint, and SharePoint Online
• Excel advance experience incl formulas in Excel
• Working with files in SharePoint/OneDrive
Soft Skills:
• Analytical Skills
• Strong Communication skills - Written, Verbal and Organizational
• Initiative-taking Problem Solver
• Strong Organizational and Analytical SkillsJob Description
Provides subject matter expertise when applying security concepts. Leverages technical knowledge and industry experience to design, build, and maintain technology solutions. Responsible for deliverables related to project timelines.
Responsible for working with architecture to take high level architectural designs and determine the specifics around implementation details (ex: sizing) integration details, onboarding and operationalization.
Evaluates patches, updates, and ongoing maintenance. Determines impacts to existing solutions when new standards are implemented. Utilizes change control and other governance processes to ensure alignment of solutions .
Develops detailed implementation, configuration, design, and engineering documentation. Build and implement solutions.
Works with operational partners to enable transition and day-to-day supportability.
Provides engineering support to existing technology in a production environment and collaborating with other groups as required. Seeks opportunities to grow a broad knowledge base to complement specific subject matter expertise.
PNC Employees take pride in our reputation and to continue building upon that we expect our employees to be:
Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.
Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support PNC's Enterprise Risk Management Framework.
Qualifications
Successful candidates must demonstrate appropriate knowledge, skills, and abilities for a role. Listed below are skills, competencies, work experience, education, and required certifications/licensures needed to be successful in this position.
Preferred SkillsAccess Control (AC), Building Architecture, Customer Solutions, Disaster Recovery Planning, Information Security, Network Security, Physical Security, Risk Assessments, Security TechnologiesCompetenciesAnalytical Thinking, Effective Communications, Information Security Management, Information Security Technologies, IT Environment, IT Standards, Procedures & Policies, IT Systems Management, Network and Internet Security, Problem Solving, Technical TroubleshootingWork ExperienceRoles at this level typically require a university / college degree, with 5+ years of industry-relevant experience. Specific certifications are often required. In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.EducationBachelorsCertificationsNo Required Certification(s) LicensesNo Required License(s) BenefitsPNC offers a comprehensive range of benefits to help meet your needs now and in the future. Depending on your eligibility, options for full-time employees include: medical/prescription drug coverage (with a Health Savings Account feature), dental and vision options; employee and spouse/child life insurance; short and long-term disability protection; 401(k) with PNC match, pension and stock purchase plans; dependent care reimbursement account; back-up child/elder care; adoption, surrogacy, and doula reimbursement; educational assistance, including select programs fully paid; a robust wellness program with financial incentives.In addition, PNC generally provides the following paid time off, depending on your eligibility*: maternity and/or parental leave; up to 11 paid holidays each year; 8 occasional absence days each year, unless otherwise required by law; between 15 to 25 vacation days each year, depending on career level; and years of service.
To learn more about these and other programs, including benefits for full time and part-time employees, visit pncbenefits.com > New to PNC.
*For more information, please click on the following links:
Time Away from Work
PNC Full-Time Benefits Summary
PNC Part-Time Benefits Summary
Disability Accommodations Statement
If an accommodation is required to participate in the application process, please contact us via email at AccommodationRequest@pnc.com. Please include “accommodation request” in the subject line title and be sure to include your name, the job ID, and your preferred method of contact in the body of the email. Emails not related to accommodation requests will not receive responses. Applicants may also call ************ and say "Workday" for accommodation assistance. All information provided will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.
At PNC we foster an inclusive and accessible workplace. We provide reasonable accommodations to employment applicants and qualified individuals with a disability who need an accommodation to perform the essential functions of their positions.
Equal Employment Opportunity (EEO)
PNC provides equal employment opportunity to qualified persons regardless of race, color, sex, religion, national origin, age, sexual orientation, gender identity, disability, veteran status, or other categories protected by law.
California Residents
Refer to the California Consumer Privacy Act Privacy Notice to gain understanding of how PNC may use or disclose your personal information in our hiring practices.
Director Information Security & Compliance
Security Architect Job 100 miles from Hopewell
At Towne Park, it's more than a job, you can make an impact.
A career with us is rewarding in more ways than one.
As a hospitality services company, our commitment is to create smiles by delivering exceptional experiences. When you work with us, you have an opportunity to impact the millions of patients, visitors and guests we proudly serve. Whether providing compassionate service that eases the anxiety of a patient and their family, creating a memorable experience for a guest in a new city, or helping a colleague, every day is a new opportunity to brighten someone else's day and make an impact. When we see a customer, a client or one of our own team members smile, we know we made an impact. It's why we do what we do.
Towne Park is a place where you can make a difference and create smiles every day.
For more information about our privacy policy, please click here.
The Director, Information Security and Compliance (Compliance Director) is responsible for working with all Towne Park departments, Parking Equipment and other Payment Card Industry (PCI) related vendors, and Towne Park security personnel to collect and maintain data and compliance processes required to ensure the security of Towne Park data and our compliance with security standards including PCI and the California Consumer Privacy Act (CCPA). The Compliance Director will manage a security and compliance team to develop or enhance secure data processes and environments to achieve and maintain compliance with frameworks such as PCI, CIS, and SOC 2 and meet requirements of applicable data privacy laws.ESSENTIAL FUNCTIONS
Reasonable accommodations may be made to enable individuals with disabilities to perform all functions.
Leads enterprise compliance programs focused on regulatory commitments and Cybersecurity and IT standards, initially focusing on PCI DSS v4.0 requirement remediation and maintenance.
Develop and Implement Security Strategies: Design and execute comprehensive security compliance strategies and policies to help protect the organization's assets, including products, platforms, digital, and human resources and ensure compliance with applicable frameworks and privacy laws.
Lead, mentor, and manage a team of IT and security engineers.
Take lead on design, implement, monitor and administer security systems including identity management, service management, data loss prevention (DLP), Endpoint Detection and Response (EDR), SaaS environments such as AWS and Azure, and patch management applications and systems to ensure compliance.
Update information security policies and align business processes with information security procedures.
Conduct information security risk assessments on IT applications, systems, partners, vendors, contractors, and integrations.
Assist with design and maintenance of SaaS and Cloud security architecture and configurations.
Collaborate with other departments and stakeholders to ensure compliance requirements are met and a unified and agile response to non-compliance and security threats, fostering cross-functional collaboration and alignment.
Identifies gaps in the corporate cybersecurity and IT program, developing and recommending compensating measures to strengthen and fortify existing defenses.
Tracks, researches, understands and communicates technological trends, advances, and opportunities, focusing upon potential impact to the enterprise security and compliance posture
Works independently in a continuously changing environment and adjusts priorities as needed.
Performs other job-related duties as required
QUALIFICATIONS
Education:
Preferred - Bachelor's degree in technical field (Computer Science, Information Systems, Information Systems Security, Cybersecurity) or program management with applicable technical focus
Preferred Licensure, Certification, etc.:
CompTIA Security+
PCI Internal Security Assessor or Qualified Security Assessor
Project Management Professional
ISC2 Certified Authorization Professional, Certified Information Systems Security Professional, or other certification
Work Experience:
Minimum 8-10 years of experience in information security and compliance.
Previous experience in system or security administration is strongly preferred.
Previous experience in administration of parking and revenue control systems (PARCS) is a plus.
Knowledge & Skills:
Experience with implementing and managing PCI security requirements; must have recent experience with requirements of PCI DSS v4.0.
Experience in applying and compiling with requirements of state privacy laws.
Experience with a variety of security frameworks and regulatory compliance standards such as NIST Cybersecurity Framework, ISO 27000, CCPA, GDPR, SOC 1, SOC 2 and HIPAA/HITRUST is a plus.
Ability to effectively plan, set priorities, and manage several complex projects simultaneously while working under pressure to meet deadlines.
Ability to research information and track multiple priorities.
Excellent leadership, communication, and interpersonal skills. You are a hands-on leader who leads by example.
Strong understanding of business operations and ability to communicate effectively with stakeholders; including executives.
Superior written and verbal communication skills to effectively communicate with users and others.
Ability to exercise considerable judgment and discretion in dealing with matters of significance for the company.
SCOPE
Authority to Act:
Performs duties independently with minimal supervision, operating from specific and definite directions and instructions. Decisions are of a routine nature made within prescribed operating guidelines, policies and procedures. Mistakes/errors may result in work stoppage, loss of business, poor customer relations and/or damage to product, all of which can have negative financial implications for the organization.
Budget Responsibility:
The employee has control over resources available only.
WORKING CONDITIONS & PHYSICAL DEMANDS
The working conditions and physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Physical Requirements
While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to sit or stand for extended periods of time and may be required to run; walk; handle or feel objects, tools or controls; reach with hands and arms; climb stairs; balance; stoop, kneel, crouch or crawl. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.
Lifting Requirements
Exerting up to 50 pounds of force occasionally, and/or up to 25 pounds of force frequently, and/or greater than 10 pounds of force constantly to move objects.
Working Environment
The majority of work will be performed in climate-controlled environment, but may be exposed to inclement weather and varying
degrees of temperatures on occasion.
Travel
Travel of up to 10% may be required.
Staff Product Security Engineer
Security Architect Job 91 miles from Hopewell
Who We Are
Aurora (Nasdaq: AUR) is delivering the benefits of self-driving technology safely, quickly, and broadly to make transportation safer, increasingly accessible, and more reliable and efficient than ever before. The Aurora Driver is a self-driving system designed to operate multiple vehicle types, from freight-hauling trucks to ride-hailing passenger vehicles. It underpins Aurora's driver-as-a-service products for trucking and ride-hailing. Aurora is working with industry leaders across the transportation ecosystem, including Continental, FedEx, Hirschbach, PACCAR, Ryder, Schneider, Toyota, Uber, Uber Freight, Volvo Trucks, Volvo Autonomous Solutions, and Werner. For Aurora's latest news, visit aurora.tech and @aurora_inno on Twitter.
Aurora hires talented people with diverse backgrounds who are ready to help build a transportation ecosystem that will make our roads safer, get crucial goods where they need to go, and make mobility more efficient and accessible for all. Aurora's Product Security team's mission is to discover, mitigate, and prevent security risks in the software, hardware, and services developed by Aurora.
Our team is responsible for ensuring the secure design and implementation of the technology built for the Aurora Driver as well as continually improving the assurance levels of security across all of Aurora's Products. This team is also responsible for performing technical security assessments, threat modeling, security code reviews and vulnerability testing to highlight risk and help various engineering teams and partners to improve security. We work closely with engineers across Aurora as well as 3rd party partners to design and proactively integrate initiatives to enhance security across a wide variety of software or hardware domains and technology stacks. We are searching for an experienced Security Engineer with strong application security experience that is excited to lead and improve the overall application security posture for the autonomous vehicle platform to join us on this mission.
In this role, you will
Perform secure design reviews and threat modeling. Identify and prioritize risks, attack surfaces, and vulnerabilities.
Perform security code reviews of source code changes and advise developers on remediating vulnerabilities and following secure coding practices.
Perform technical security assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changes.
Manage the vulnerability management process and program through triage, prioritization, tracking, remediation, and validation of vulnerabilities from audits, scans and external reports.
Employ techniques including reverse engineering, fuzzing, and static and/or dynamic analysis.
Conduct research to identify new and novel attack vectors against Aurora's products and services.
Review, develop and document secure operational best practices, and provide security guidance for engineers and various internal and external partners.
Develop and manage a secure software development lifecycle.
Develop and manage a bug bounty program.
Research, recommend, and develop security tools and technologies to strengthen defenses against emerging threats and vulnerabilities.
Work with Engineering teams and OEMs to ensure successful security assurance of the Aurora Driver platform and services.
Advocate, guide and mentor both security and non-security engineers to instill security best practices. through secure architecture, design, and development.
Required Qualifications
Ability to read and review production-quality code in C++, Golang, and Python.
Ability to write proficiently in C++, Golang and Python.
Foundational knowledge of operating system security for Linux.
Foundational knowledge of the CWE Top 25.
Ability to assess software and/or hardware components with and without full knowledge.
Ability to work well with other assessment members and engineering partners.
Ability to communicate effectively with technical and non-technical audiences.
Experience in one or more of the following: risk assessment, threat modeling, incident and emergency response, OS hardening, vulnerability management, pentesting, offensive security or cryptographic protocols and concepts.
Experience in vulnerability discovery and analysis, design review, and code-level security reviews.
Experience in, and technical knowledge of security engineering, computer and network security, authentication and security protocols, and applied cryptography.
Experience with assessment, development, implementation, and documentation of a comprehensive and broad set of security technologies and processes.
Familiarity with automotive protocols and security standards.
Experience in Security Assurance / Secure-SDLC processes in an agile / waterfall environment.
Experience building and evaluating threat models / risk assessments.
Experience and ability to implement best practices related to cryptographic protocols, infrastructure and network security.
Minimum 8 years of experience in a security-specific or security-adjacent industry.
Minimum 2 years of experience in the robotics or automotive industry or equivalent.
Desirable Qualifications
Relevant work experience in offensive security, penetration testing or red teaming.
Experience implementing various Defense in Depth Strategies to address dynamic threats across various software and hardware stacks.
Ability and desire to write production-quality code in C++, Golang, and/or Python.
Experience evaluating the security of software, hardware and services.
Foundational knowledge of embedded firmware security and hardware security, preferably in the robotics or automotive space.
Familiarity with cloud security (AWS) and infrastructure-as-code.
Familiarity with Trusted Platform Modules, HSMs, and trusted boot.
A history of giving back to the security industry via open source contributions, published papers, or conference presentations.
The base salary range for this position is $198k-$317K per year. Aurora's pay ranges are determined by role, level, and location. Within the range, the successful candidate's starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.
#LI-SP1
#Mid-Senior
Working at Aurora
At Aurora, we bring together extraordinarily talented and experienced people united by the strength of our values. We operate with integrity, set outrageous goals, and build a culture where we win together - all without any jerks.
We have offices in several locations across the United States, where we encourage team and cross-functional collaboration. Aurora offers competitive medical, dental, and vision benefits, and additional healthcare support including medical transportation reimbursement, fertility, adoption, and surrogacy benefits. We empower our employees and their families with options to further their unique physical, mental, and financial well-being.
Our Learning and Development offerings include Aurora Academy, where our people learn, develop, and practice the essential skills that drive Aurora's mission, continually up-leveling our team along the way. Our Careers page provides insight into career opportunities at Aurora, and you can find all the latest news on our Blog.
Safety is central to everything we do. Every employee at Aurora has a role in contributing to safety, every step of the way. We seek candidates who take active responsibility, can contribute to building an atmosphere of trust, and invest in the organization's long-term success by working safely - no matter what.
We believe that self-driving technology has broad benefits - including increased access to transportation. To realize those benefits, we need a workforce with diverse experiences, insights, and perspectives - a workforce that reflects the communities our technology will serve.
Aurora is committed to providing access to anyone who seeks information from our website. We invite anyone using assistive technologies, such as a screen reader or Braille reader, to email us at careersiteaccommodations@aurora.tech if they experience difficulty using our website. Please describe the accessibility problem and include a URL (if available).
Aurora considers candidates without regard to their race, color, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, pregnancy status, parent or caregiver status, ancestry, political affiliation, veteran and/or military status, physical or mental disability, or any other status protected by federal or state law. Aurora considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. We are also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at careersiteaccommodations@aurora.tech.
For California applicants, information collected and processed as part of your application and any job applications you choose to submit is subject to
Aurora's California Employment Privacy Policy
.
Diversity, Equity and Inclusion
At Aurora, every employee is empowered to take an active role in building an inclusive, collaborative, and unified culture that leverages our diverse strengths, perspectives, and backgrounds.
Transforming how the world moves people and goods involves seeking to understand backgrounds, insights, and lived experiences that differ from our own. One way we accomplish that is with our 15 employee-led Aurora Unified Groups, which support diverse voices and drive inclusive collaboration. We believe that teamwork, belonging, and trust motivate and support our employees to do their best work. As our team grows, we strive to attract and retain exceptional talent that adds new perspectives and experiences and continues to drive innovation. Learn more on our Culture Page.
We are committed to helping qualified military community members leverage their talents in service of our mission. To understand how your military experience aligns with career opportunities at Aurora, review your military job classification at MyNextMove.org and consider applying for open positions corresponding to your identified skills and experiences!
Sr. Engineer, Information Security Assurance & Response
Security Architect Job 91 miles from Hopewell
Job DescriptionMerrick Bank employees share in our mission to delight our customers and empower underserved consumers to achieve their credit goals. In return, we delight our associates; ensuring they are noticed, heard, appreciated and understand the importance of their role(s). For over 20 years, our Guiding Principles of; doing the right thing, putting the customer first, and Earn, Learn, Have Fun (aka E.L.F.), have defined who we are as an Employer of Choice. Give Yourself Credit, Work at Merrick!
Position Summary:
Seeking a Senior Security Engineer to be a guide and mentor amongst the Security Management and Response (SMR) team. The primary responsibilities include improving, maintaining and building; visibility, detection and response amongst SMR operations, incident response, forensics, threat detection, threat intel integration, and detection engineering. The Senior Security Engineer will also work diligently with our MSSP to improve, integrate, build and maintain visibility, detection and response processes.
The ideal candidate will be proficient in using a variety of security tools to support these responsibilities. This role requires strong leadership, analytical skills, and the ability to work collaboratively with cross-functional teams.
Essential Functions:
Guide and mentor the Security Management and Response (SMR) team: Provide guidance and mentorship in investigations and daily operations, ensuring effective monitoring, detection and response to security events and complex attacks.
Engineer: Champion and innovate engineering efforts to enhance visibility, detection, and response processes within the team, the financial institution, and with the MSSP.
Incident Response: Develop and implement incident response plans, offer guidance during security events, and coordinate with relevant teams to acknowledge, contain, mitigate, and resolve security incidents.
Tool Management: Utilize and manage Security Event and Information Management (SEIM) and various assigned security tools.
Provide Guidance: Support and assist other teams in configuring tools to support operations related to security processes and systems, ensuring the protection of data, customers, and computer systems.
Collaborate: Work closely with security and other teams to collaborate, maintain, streamline and build processes.
Task Management: Prioritize and complete assigned tasks, ensuring timely and efficient completion of security-related activities.
Reporting: Utilize issue and project management software to report progress and provide management status based on designed sprints and assigned tasks.
Learn: Continuously learn and convey methods to identify and detect new attacks, and use that knowledge to upskill others and identify gaps in existing controls.
Compliance with Laws & Regulations:
Responsible for complying with policies and procedures.
Responsible for understanding and complying with all laws and regulations.
Responsible for communicating problems in operations, noncompliance with the code of conduct, noncompliance with laws and regulations, policy violations, or illegal acts.
Education and Experience:
Six (6) years of work experience insecurity monitoring and incident response, cybersecurity engineering, and network/systems administration required.
Bachelor’s degree in computer or cybersecurity-related studies, or equivalent broad experience required, six (6) years of related and equivalent experience accepted in lieu of education requirement.
GIAC, OffSec, ISC2, or other recognized certifications are also desirable.
Summary of Qualifications:
Experience as a security engineer or IT (Information Technology) systems engineer is preferred.
Familiarity with highly regulated industries, and specifically the financial industry (including FDIC regulations) is preferred.
Security project or team experience, preferably with experience in security engineering functions.
Demonstrated history and ongoing effective performance with security architecture, engineering, investigation & remediation capabilities.
Demonstrated ability in engineering, detection engineering, tuning, and operating security tools.
Demonstrated skills with security concepts, defense-in-depth strategies, security tools, and protocols.
Demonstrated ability to effectively communicate security events, risks and incidents to people with technical and non-technical backgrounds
Outstanding troubleshooting and problem-solving skills
Demonstrated ability to investigate complex security, hardware, and network systems
“White hat” mentality, with a healthy sense of paranoia (security awareness and risk)
Positive, inquisitive, can-do attitude.
Self-starter, requires minimal oversight to perform as expected, work well independently and as part of a team.
Comfortably perform well under pressure, deliver to commitments on tight deadlines
Meticulous attention to detail.
Passion for cybersecurity and technology trends, news, and hacking techniques.
Work Environment/Physical Demands:
May require some travel to company, partner, or vendor locations for various job duties.
May require some lifting of up to 50 pounds to rack/maintain IT or security equipment.
Security Responsibilities - General:
This classification requires heightened security awareness to safeguard financial data, including customer non-public personal information.â?¯ This security level means that the job includes exposure to all categories of financial data, including customer non-public personal information.
We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location. Our benefits offerings include medical, dental, vision, life insurance, 401(k) plan with company match, paid vacation time, sick time, as well as other benefits and programs to meet the needs of our employees. Further details will be shared during the interview or offer process, as appropriate and applicable.
We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable law which includes (but may not be limited to) a review of factors including drug testing and employment/personal references.
Apply Now
Linux Cryptography and Security Engineer
Security Architect Job 91 miles from Hopewell
Job Description
This is a unique opportunity to use your software engineering and cryptography skills to build and maintain the security foundation that enables Ubuntu and its users to operate securely and remain compliant to international information security standards such as FIPS 140-3 and Common Criteria. You will use your applied cryptography, Linux Security, and coding skills to enhance the Ubuntu distribution and work with organizations such as DISA and CIS to draft and implement security hardening benchmarks for Ubuntu.
As a member of the Security Hardening team you will work with and develop automation tooling to audit deployed systems for DISA-STIG and CIS benchmark compliance. You will interact with internal and external stakeholders to identify gaps in our frameworks, and develop new solutions to address these challenges. In this role you will have the opportunity to influence team and security culture, facilitate technical delivery, and help drive team direction and execution. You'll collaborate closely with Canonical's kernel team as well as the wider engineering organization to drive features impacting all Ubuntu users.
Day-to-day responsibilities
Collaborate with other engineers in the Security Hardening team to achieve and retain various Security certifications
Extend and enhance Linux cryptographic components (OpenSSL, Libgcrypt, GnuTLS, and others) with the features and functionality required for FIPS and CC certification
Collaborate with external security consultants to test and validate kernel and crypto module components
Work with external partners to develop security hardening benchmarks and audit + remediation automation for Ubuntu
Contribute to Ubuntu mainline and upstream projects to land solutions and benefit the community
Communication and collaboration within and outside Canonical to identify opportunities to improve our security posture, rapidly resolve issues, and deliver high-quality solutions on schedule
What we are looking for in you
Hands-on experience with low-level Linux cryptography APIs and debugging
Excellent software engineering fundamentals, including prior experience with C development, and the ability to demonstrate such
Hands-on experience with Linux system administration and shell scripting
Demonstrated knowledge of security and cryptography fundamentals + direct experience writing secure code and implementing best practices
Significant development experience working with open source libraries
Excellent verbal and written communications to enable efficient collaboration with internal and external partners in a remote-first environment
Additional skills that you might also bring
Prior experience working on FIPS/Common Criteria certified products and in-depth knowledge of the underlying standards
Prior experience working directly with DISA-STIG or CIS benchmarks, including related audit + remediation tooling (e.g. Compliance as Code)
Experience working directly with Linux Kernel
Prior experience with Python, OVAL (Open Vulnerability Assessment Language), and Ansible
History of contributions to open source projects
What we offer you
We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.
Distributed work environment with twice-yearly team sprints in person - we've been working remotely since 2004!
Personal learning and development budget of USD 2,000 per year
Annual compensation review
Recognition rewards
Annual holiday leave
Maternity and paternity leave
Employee Assistance Programme
Opportunity to travel to new locations to meet colleagues from your team and others
Priority Pass for travel and travel upgrades for long haul company events
About Canonical
Canonical is a pioneering tech firm that is at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do.
Canonical has been a remote-first company since its inception in 2004. Work at Canonical is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game. Canonical provides a unique window into the world of 21st-century digital business.
Canonical is an equal opportunity employer
We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.
#LI-Remote