Security Architect Jobs in Little Ferry, NJ

We are seeking a seasoned Information Security Officer - Deputy CISO to join our dynamic team. This role is pivotal in ensuring that our bank adheres to global policies, procedures, and regulatory requirements, particularly within the U.S. The successful candidate will work closely with the Chief Information Security Officer (CISO) to maintain the integrity, confidentiality, and availability of our information assets. You will play a key role in identifying and assessing risks, threats, and vulnerabilities, while overseeing the implementation of effective controls to mitigate these risks. Key Responsibilities: Second Line of Defense Management: Assist in managing the Second Line of Defense Cybersecurity and Information Security frameworks, ensuring robust oversight and challenge of IT processes and controls. Risk Assessment: Conduct thorough assessments of the adequacy and completeness of risks and controls related to Information and Cybersecurity within the Americas Platform, including overseeing penetration tests and maturity assessments. Enhancement Recommendations: Proactively recommend enhancements to business processes and controls to bolster the overall effectiveness of the Second Line of Defense Cybersecurity Program. Compliance Oversight: Ensure compliance with all legal and regulatory requirements related to cybersecurity, with a specific focus on adherence to DFS NYCRR 23 Part 500, including the preparation of the annual CISO report to the Board. Monitoring and Threat Assessment: Operationalize the Monitoring and Threat Assessment Framework, utilizing vulnerability indicators, heat maps, and key risk indicators to gauge risk effectiveness. First Line of Defense Oversight: Perform oversight controls of the first line of defense to ensure continuous effectiveness of IT risk management controls, in alignment with Natixis Information Security Policies and Standards. Reporting and Updates: Provide monthly reporting and program updates to senior management and the Americas Technology Risk Management Committee. Security Monitoring: Monitor applications, systems, and networks to ensure compliance with security policies and procedures. Training and Awareness: Lead information security awareness training initiatives, including conducting phishing simulations and senior management training sessions. Data Risk and Privacy Support: Collaborate with Data Risk and Privacy programs to implement industry best practices and align information security controls with local, state, federal, and international privacy regulations. Vendor Risk Management: Assist in managing the information security residual risk exposure related to third-party vendors and affiliates. Incident Response: Participate in Cyber incident response and recovery efforts, providing subject matter expertise as needed. Qualifications: Bachelor's or Master's degree in Computer Science, Information Security, or a related technical field. A minimum of 10 years of experience in information security and/or IT security within the banking sector. Strong understanding of information security risk, IT processes, and control frameworks. Experience in conducting IT risk assessments is highly preferred. Proven track record in developing and maintaining security policies and procedures. Excellent communication and interpersonal skills to effectively collaborate with teams across diverse geographical and cultural environments. Familiarity with IT risk frameworks such as ISO 27001, NIST Cybersecurity Framework (CSF), COBIT, and COSO. Hands-on experience with Governance, Risk, and Compliance (GRC) tools (e.g., Archer) is a plus. Relevant certifications such as CISM, CISSP, or CRISC are preferred. Natixis is an equal opportunity employer, committed to a workplace free of discrimination. Natixis will not tolerate any form of discrimination based on age, color, mental or physical handicap or disability, pregnancy, marital status, sexual orientation, national origin, alienage, ancestry or citizenship status, race, religion, sex (including sex stereotyping, gender identity, gender expression or transgender status), veteran status, creed, genetic information or carrier status, or any other protected characteristic as established by law. Respect for all means that we deal with each person as an individual and not as a member of any group. All qualified applicants will receive consideration for employment. Management is expected to provide leadership in supporting the firms EEO program by taking steps to promote EEO in all facets of employment including recruitment, hiring, retention, promotion, performance assessment, and career-development opportunities. The salary range for this position will be between $175,000 - $225,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.

Job Title: Application Security Engineer Job Type: Permanent Salary: $150,000 - $180,000 About the Role My client is seeking an Application Security Engineer to strengthen our security posture by identifying vulnerabilities, integrating best practices into CI/CD pipelines, and ensuring compliance with PCI DSS, SOC 2, GDPR, and CCPA. You'll work closely with development teams to embed security into the Software Development Lifecycle (SDLC) from the ground up. If you're passionate about securing applications and solving complex security challenges, we want to hear from you! Key Responsibilities Conduct security reviews and threat modeling during the application design phase. Perform static and dynamic application security testing (SAST/DAST) on internal and third-party applications. Define and maintain security standards for software development. Integrate security tools and processes into CI/CD pipelines. Conduct code reviews to identify vulnerabilities and ensure compliance with security best practices. Collaborate with engineers to design and implement secure coding practices. Investigate and remediate security incidents related to applications. Provide training and guidance to developers on secure coding principles. Represent the security posture of applications to key stakeholders, including customers. What You Bring 5+ years of experience in application security or a related field. Strong understanding of OWASP Top 10 and common application vulnerabilities. Proficiency in at least one programming language (C# (.NET preferred), JavaScript frameworks, SQL Server, or mobile development languages). Hands-on experience with security testing tools (e.g., Veracode, Snyk, OWASP ZAP, Burp Suite). Strong knowledge of secure coding practices and secure SDLC methodologies. Experience in cloud security (Azure preferred) and securing cloud-native applications. Familiarity with CI/CD security integration. Understanding of compliance and regulatory frameworks (SOC 2, GDPR, PCI DSS). Preferred Skills Experience with container security and Kubernetes. Knowledge of infrastructure security and security monitoring. Familiarity with Jira for issue tracking and Notion for documentation. Experience working in cross-functional teams in a fast-paced environment. Security certifications such as CSSLP, CISSP, OSCP, CEH, or GWEB are a plus. How to Apply Submit your CV or contact Ash Ali directly for immediate consideration. Desired Skills and Experience Job Title: Application Security Engineer Job Type: Permanent Location: Remote New York Salary: $150,000 - $180,000

IT Security Engineer Westbury, NY Hybrid Full Time About The Role The IT Security Engineer's focus is on designing, implementing, and maintaining security systems to protect our digital infrastructure from cyber threats. Plays a crucial role in ensuring the confidentiality, integrity, and availability of our data and systems. This includes conducting regular data risk assessments, recommending controls, and countermeasures to mitigate identified risks, and monitoring the effectiveness of the implemented security measures. This role also acts as an expert and mentor for other team members in the organization and will be involved in developing and managing the overall data security and protection program. Primary Responsibilities Implement and support cyber security solutions for BHPS systems and products that comply with all applicable security policies and standards. Work with IT and internal/external business partners to ensure that security is factored in the evaluation, selection, installation and configuration process of hardware and software. Analyze and make recommendations to improve network, system, and application architectures. Examine network, server, and application logs to determine trends and identify security incidents. Assist in the review and update of cyber security policies, architectures, and standards. Assist in responding to audits, penetration tests and vulnerability assessments. Support and oversee on-premises and cloud-based security solutions. Responsible for security response, conducting forensics or coordinating with outside resources during a security breach. Responsible for assisting in training requirements to the business as well as follow-up end-user testing related to all forms of cyber security. Essential Qualifications Security Operations: Provide expertise in various security tools, including firewalls, Web Application firewalls, IDS/IDP, anti-malware software, windows and UNIX. Incident Response: Handle security incidents and breaches. Implement effective strategies to eliminate cyberattacks Hands-on experience on Microsoft Security Solutions, especially on the following products Purview: Understand and govern data across the organization. Safeguard data across platforms, apps, and clouds with comprehensive solutions for information protection, data governance, risk management, and compliance. Entra: Secure access for a connected world. Protect identity and secure access to any resource with a family of multi-cloud identity and network access solutions. Azure: Strengthen the security of cloud workloads with built-in services in Azure. Protect data, apps, and infrastructure quickly with built-in security services. 5+ years of experience in security operations. Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff. Excellent organizational, verbal, and written communication skills Ability to succeed through collaboration and working through internal and external organizations and individuals. CISSP, GIAC, CEH or Azure Security certified preferred but not required. Associated Knowledge, Skills & Abilities Technical expertise in network security knowledge, to include VPN, firewall, network monitoring, intrusion detection, web server security and wireless security Practical experience with windows solutions security, vulnerability assessment and incident response Proficiency with at least one scripting language (e.g., Perl, Python and PowerShell) Understand business needs and has a commitment to delivering high-quality, prompt, and efficient service to the business Analyze and recommend security controls and procedures in business processes related to the use of information systems/assets, while maintaining compliance Monitor information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends Administer authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets Analyze trends, news and changes in threat and compliance environment with respect to organizational risk. Advise management and develop/execute plans for compliance and mitigation of risk. Perform risk and compliance self-assessments and engage/coordinate third-party risk and compliance assessments Flexibility to work evenings and weekends as needed About At Brighton Health Plan Solutions, LLC, our people are committed to the improvement of how healthcare is accessed and delivered. When you join our team, you'll become part of a diverse and welcoming culture focused on encouragement, respect and increasing diversity, inclusion and a sense of belonging at every level. Here, you'll be encouraged to bring your authentic self to work with all of your unique abilities. Brighton Health Plan Solutions partners with self-insured employers, Taft-Hartley Trusts, health systems, providers as well as other TPAs, and enables them to solve the problems facing today's healthcare with our flexible and cutting-edge third-party administration services. Our unique perspective stems from decades of health plan management expertise, our proprietary provider networks, and innovative technology platform. As a healthcare enablement company, we unlock opportunities that provide clients with the customizable tools they need to enhance the member experience, improve health outcomes and achieve their healthcare goals and objectives. Together with our trusted partners, we are transforming the health plan experience with the promise of turning today's challenges into tomorrow's solutions. Come be a part of the Brightest Ideas in Healthcare™. Company Mission Transform the health plan experience - how health care is accessed and delivered - by bringing outstanding products and services to our partners. Company Vision Redefine health care quality and value by aligning the incentives of our partners in powerful and unique ways. DEI Purpose Statement At BHPS, we encourage all team members to bring your authentic selves to work with all of your unique abilities. We respect how you experience the world and welcome you to bring the fullness of your lived experience into the workplace. We are building, nurturing and embracing a culture focused on increasing diversity, inclusion and a sense of belonging at every level. Annual Salary Range: $120,000-$150,000 The salary range and/or hourly rate listed is a good faith determination that may be offered to a successful applicant for this position at the time of the posting of an advertisement and may be modified in the future. When determining a team member's base salary and/or rate, several factors may be considered as applicable by law including but not limited to location, years of relevant experience, education, credentials, skills, budget and internal equity. *We are an Equal Opportunity Employer JOB ALERT FRAUD: We have become aware of scams from individuals, organizations, and internet sites claiming to represent Brighton Health Plan Solutions in recruitment activities in return for disclosing financial information. Our hiring process does not include text-based conversations or interviews and never requires payment or fees from job applicants. All of our career opportunities are regularly published and updated brighonthps.com Careers section. If you have already provided your personal information, please report it to your local authorities. Any fraudulent activity should be reported to: **************************

The Information Security Engineer is responsible for maintaining and supporting the firm's cybersecurity tools, systems, and operations. This hands-on technical role ensures alignment with established policies, procedures, and security objectives by assisting in the implementation, configuration, and monitoring of security technologies. The Information Security Engineer will work closely with IT and security teams to identify and respond to threats, remediate vulnerabilities, and uphold the security of firm assets and data. This position plays a critical role in the day to day operations of the firm's information security program. The ideal candidate will possess strong technical expertise, attention to detail, and the ability to clearly communicate security concepts. The Information Security Engineer must be capable of acting swiftly and decisively during incidents and will contribute to the firm's proactive defense strategies and compliance initiatives. Responsibilities Monitor and support daily security operations, including analysis and maintenance of cybersecurity tools and infrastructure. Investigate, respond to, and document security incidents, assist with root cause analysis and corrective actions. Manage and contribute to cybersecurity projects by planning, coordinating, and executing initiatives such as security tool deployments, configuration enhancements, and remediation efforts. Assist in the execution of the firm's vulnerability management program and risk mitigation efforts across IT systems. Maintain and optimize security tools such as SIEM, EDR, vulnerability management platforms, and secure email gateways. Collaborate with IT teams to incorporate security best practices into system implementations and configurations. Recommend and apply technical controls to enforce security policies and support compliance with regulatory and client requirements. Contribute to the delivery of security awareness training and education in partnership with the Information Governance team. Provide status updates and reports to the Director of Information Security on operational performance, risks, and project progress. Assist in the completion of client security assessments and the implementation of related remediation tasks. Support the management of relationships with security vendors and third-party service providers, ensuring deliverables meet expectations. Participate in security assessments and testing of systems, networks, and applications. Contribute to the development and refinement of security policies and procedures based on evolving threats and best practices. Work cross functionally with IT and other departments to ensure alignment with the firm's cybersecurity goals. Support compliance and audit efforts by gathering evidence, tracking remediation, and reporting as needed. Stay current on emerging security threats, technologies, and industry trends. Assist in the continuous improvement of security operations, tools, and incident response processes. Experience and Requirements Bachelor's degree in information systems, cybersecurity, or related field, or equivalent experience. CISSP or similar certification is required, additional certifications (e.g., CISM, CEH, GIAC) are a plus. Minimum of 4 years of experience in information security or a related IT security focused role. Hands-on experience with security technologies, including SIEM, EDR, vulnerability management tools, firewalls, and email security platforms. Demonstrated ability to investigate and respond to security incidents and alerts. Familiarity with information security frameworks such as NIST CSF or ISO 27001. Knowledge of relevant regulatory and compliance standards (e.g., HIPAA, GDPR, SOX). Ability to draft and contribute to security documentation, policies, and procedures. Strong analytical, troubleshooting, and problem-solving skills. Effective written and verbal communication skills, with the ability to explain complex topics to various audiences. Experience contributing to or supporting security awareness initiatives is preferred. Highly organized and capable of managing multiple tasks in a fast paced environment.

*****NO C2C OR THIRD PARTY INQUIRIES***** Senior Security Engineer Top skills/tools, etc. that are MUST haves: Core security with experience deploying / upgrading and migrating Palo Alto firewalls Consultative and team player High level of experience with Panorama and log collectors Palo Alto Next Generation Firewalls Detailed technical experience in the installation, configuration, and operation of high-end firewall appliances, ideally Palo Alto Networks products Job Description You will provide guidance and technical support to clients deploying our security integrations. You'll act as the technical partner, providing strategic guidance around complex systems to secure a digital environment. Interacting directly with the client, you'll partner closely with client personnel to guide and suggest integrations to better serve their success. Work full-time at the customer site in a Hybrid rotation Communicate with the customer(s), sales teams, peers, engineering and support teams as appropriate Understand the customer environment, requirements, and security roadmap to implement the appropriate security solution Configure, implement, and maintain Security Operating Platform Optimize and migrate policies and objects from the existing environment to our Next-Gen Firewall Test and validate the migration environment Coordinate and execute cutover to production Provide guidance on code upgrades Facilitate the development of new application and threat signatures Interact with our Technical Assistance Center (TAC) to understand and diagnose support cases Some travel may be required, dependent on customer request You work with the customer's security & network teams to build confidence across the business units impacted by the change to Palo Alto Networks Nice to haves: BS in Computer Science, MIS, business, or equivalent education/training/experience Minimum of 5 years' experience with network/security solutions and technologies (BGP, SD-WAN concepts, VXLAN and general routing and switching) Minimum of 3 years' experience leading security solutions in large environments) You're experienced in internetworking, LAN, and WAN technologies You have a good understanding of Internet protocols and applications You effectively handle multiple projects and work calmly in high pressure You're an excellent writer, with strong verbal communication skills, with demonstrable ability to communicate to senior leaders and technical peers

Direct Client: Metropolitan Transportation Authority Job Title: Security Engineer Durant: 12+ Months Contract Interview Type: In-person or Webcam Ceipal ID: MTA_CISC416_RP Description: The Metropolitan Transportation Authority (MTA) is seeking vendor proposals to carry out the Agency Cyber Resources Project. The goal of this project is to provide our MTA agencies with a team of thirty (30) onsite consultants at various NY-area locations who can assist the MTA Operational Technology (OT) groups in supporting new and ongoing MTA cybersecurity projects. Required Skills: Required experience in BGP, OSPF and Switching (Cisco). Required experience in Network Segmentation and Isolation. Required experience in Virtualization and Infrastructure (Vmware, Virtual Switches). Required experience in Authentication, Authorization, and Accounting (AAA). Required ex[perience in Containment/Protection Tools for OT Environments (Forescout). Required experience in DWDM and SONET. Virtualization and Infrastructure Endpoint Credential Management Active Director and Windows Server Administration and Hardening Privilege and Access management Enterprise Level deployments. Vulnerability and Patch Management Active Director and Windows Server Administration and Hardening Experience in desktop support -------------------------------------------------------------------------------------------------------------------------------------------------- V Group Inc. is an IT Services company that supplies IT staffing, project management, and delivery services in software, network, help desk, and all IT areas. Our primary focus is the public sector including state and federal contracts. We have multiple awards/ contracts with the following states: AR, CA, DE, FL, GA, IL, KY, MD, ME, MI, NC, NJ, NY, OH, OR, PA, SC, TX, VA, and WA. If you are considering applying for a position with V Group or partnering with us on a position, please feel free to contact me for any questions regarding our services and the advantages we can offer you as a consultant. Please share my contact information with others working in Information Technology. Website: ***************** LinkedIn: ********************************* Facebook: ************************* Twitter: *************************

Lawrence Harvey is partnering with a FinTech firm in New York City, once again, to expand their Product Security team. This Engineer will help ensure the security and resilience of their tech platforms and other services. This role focuses on four key areas: Application Security, Cloud Security, DevSecOps, and Threat & Vulnerability Management. You'll work closely with engineers, DevOps, and infrastructure teams to build secure applications, protect cloud environments, integrate security into development workflows, and proactively manage vulnerabilities. What You'll Do: Application Security Conduct secure code reviews to identify and fix vulnerabilities before they reach production. Perform security testing (e.g., SAST, DAST, SCA) to evaluate application security posture. Conduct threat modeling and design reviews to proactively identify security risks in new and existing applications. Cloud Security Secure cloud environments (AWS preferred) by implementing strong IAM policies, encryption, and security best practices. Monitor and improve logging, monitoring, and detection capabilities for cloud environments. DevSecOps Integrate security into CI/CD pipelines, ensuring security checks (SAST, SCA, DAST) happen automatically. Automate security controls to reduce manual effort and improve efficiency. Work with DevOps teams to ensure containerized applications (Kubernetes, Docker) are securely built and deployed. Threat & Vulnerability Management Perform continuous vulnerability assessments across infrastructure and applications. Analyze and prioritize security findings based on risk impact and likelihood. What You Bring: 5+ years of experience in cybersecurity, software security, or a related technical role. Strong coding/scripting experience (Java, Kotlin, Golang, Python, JavaScript). Knowledge of secure coding practices, threat modeling, and security testing. Experience securing cloud environments (AWS preferred), including IAM and cloud security best practices. Hands-on experience with Kubernetes, containers, and security tools (SAST, SCA, DAST). Familiarity with vulnerability management and security automation. Strong collaboration and communication skills-you enjoy working with teams to solve security challenges. Bonus Points If You Have: Experience as a developer on a high-performing engineering team. Background in DevSecOps, including automating security in CI/CD pipelines. Worked in a regulated industry like finance or cryptocurrency. Knowledge of Infrastructure as Code (IaC) security (Terraform, CloudFormation). Experience with secrets management and distributed identity systems. A history of discovering and disclosing vulnerabilities (CVEs). No C2C Note: This client cannot transfer or sponsor visas at this time

Intro Almanax is looking for an engineer to join us in working on the forefront of blockchain security research and development. You will be coming on as an early employee, working alongside the CEO and CTO to develop the Almanax product, leveraging learning models to enable secure Web3 code. Our ideal candidate You have experience conducting smart contract audits and ensuring the security of blockchain applications as well as an understanding of Solidity security and the Ethereum Virtual Machine (EVM), including familiarity with Ethereum Yellow Paper You're familiar with security vulnerabilities like reentrancy attacks, front-running, and integer overflows, and know how to prevent them. You have strong communication skills with the ability to work closely with blockchain developers, cryptographers, and product teams. You're skilled at explaining technical concepts to non-technical stakeholders. This role is based out of NYC (remote friendly) and we are looking for a teammate who shares and practices our values: transparency, open communication, ownership, and a high level of craftsmanship. This is a high growth role, and you can expect to have ownership over crucial parts of Almanax's product and direct involvement over decisions that impact the product roadmap. What you'll achieve Work directly with leading teams in the Web3 space to build more secure products Architect research driven solutions, engage in proof-of-concept work for emerging crypto technologies and launch flagship products Curate examples of safe and vulnerable smart contract code Evaluate security findings for correctness and accuracy Work on a day-to-day basis with Almanax founders Influence product roadmap and company strategy Help expand our team What you'll bring 5+ years (flexible) of software development experience, with 2+ years of smart contract / web3 development. Proficient understanding of decentralized technologies (dApps, DeFi), core blockchain principles, and consensus mechanisms like Proof of Stake (PoS, dPoS) Experience coding in Solidity, Rust and Solana program library (SPL) Interest and passion for making contributions to the crypto ecosystem Excellent communication skills in a remote setting Ability to conduct code reviews and provide constructive feedback to ensure codebase quality and maintainability Familiarity with blockchain security best practices and ability to identify and address potential smart contract vulnerabilities History or interest in hacking, cybersecurity, crypto/web3, or ML/AI Nice to haves Contribution to open source projects Experience working in other smart contract languages: Move, Solidity, etc Certifications or additional coursework in blockchain development or smart contract security Perks Time off, Bonus opportunities like education, referrals, and bug bounties Insurance, company events, professional development Stock options Research-oriented team Lunch provided in the office

The Cloud Security Engineer will: Perform organization wide cybersecurity cloud security risk analysis and articulate identified risks within the agency. Create, socialize and obtain approval for cybersecurity strategy and plans to address generic and specific cybersecurity risks to the agency Create and follow a process to track progress against engagements with the agency Create reporting matrix for identified assessment risk to collect communication flow information, and build high level and low-level documents Work on CASB and Cloud DLP, interact with vendor support teams, and drive the deployment to resolution Translate compliance requirements into specific security controls and present compensating security controls Report to upper management on current cybersecurity posture and progress on mitigating identified risks Create metrics to measure cybersecurity controls efficacy Monitor and respond to risk identified to aid the agency on resolution Review and optimize existing cybersecurity controls Ensure the organization compliance with cybersecurity best practices, policies and standards Enforce Cloud security standards Analyze vulnerabilities and work with the various teams to ensure timely remediation and validation Instruct and guide other teams to craft "secure by default" infrastructure; they may also investigate, build, and recommend innovative technologies or other methods that will improve the security of cloud-based and on-premises environments MANDATORY SKILLS/EXPERIENCE Bachelor's degree in computer science, Information Systems or equivalent work experience At least 12 years of experience in information security At least 8 years in IT infrastructure management, application architecture, risk management, data architecture, middleware technology, and IT operations and project management At least 8 years of experience with networking, load-balancing, DNS, TLS/SSL digital certificates, SAML and Single Sign-on technologies, Kerberos, MFA technologies, and Identity management At least 4 years of experience working in cloud environment (Azure, AWS, GCP) At least 4 years of experience working in securing Internet-facing applications, utilizing MS Entra AD, MS Defender for Office, Skyhigh CASB and Cloud, SSE solutions At least 4 years of experience working with tools and techniques for collecting and processing Telemetry and Security Event Data. At least 4 years of experience architecting, deploying, and managing cloud security and/or EDR technology Experience using scripting languages (Python, Bash, Powershell, etc.) At least 4 years of experience with Windows, Linux, or MacOS administration Experience working with vulnerability management and scanning tools Experience working with application scanning tools Strong documentation skills and attention to detail DESIRABLE SKILLS/EXPERIENCE: Experience deploying PAM solutions in a large, distributed environment or a service provider environment Experience in implementing and operating Data Loss Prevention Systems Experience of information security principles and practices, especially the implementation of practical technical controls to support organization policy Strong understanding of networking protocols, firewalls, and cybersecurity protection concepts, including software development lifecycle, and compensating controls Strong understanding of CIS controls Experience with Syslog-NG, LogScale (Humio) or similar SIEM/log aggregation systems Experience with SSO and IAM products and services such as Entra ID Experience with NetSkope, Zscaler, Palo Alto Networks Prisma Access or similar cloud proxies Familiarity with ZTNA/SSE products Familiarity with CASB/SASE products Experience with Cloud-based EDR/XDR tools Experience working with vulnerability management and scanning tools Experience working with application scanning tools Knowledge of endpoint security management, configuration policies, and procedures Experience with asset management and on-prem/cloud-based vulnerability management tools Highly flexible/willing to learn new technologies Highly organized with excellent analytical, problem solving and decision-making skills Excellent communication and collaboration skills

We are a specialized technology staffing agency supporting professional and financial services companies. Why do we stand out in technology staffing? We listen and act as advisors for our candidates on how they can best add value, find interesting projects, and pave a path for career advancement. We advocate for best pay, diversity in tech, and best job-fit for every candidate we place. Our client, an investment firm, is seeking an experienced Infrastructure Security Engineer to join their team in New York, NY! Responsibilities: Effectively communicate and interact with colleagues across the Cyber Security team, as well as the broader Global Technology and Infrastructure teams. Review CSPM/CNAPP and other tools to identify risks, work to prioritize findings and drive remediation efforts. Review firewall requests and provide approvals as appropriate. Increase compliance of server backups and adoption of cyber tools on system assets. Identify gap areas, platforms, technologies or processes that have opportunity for improvement. Work in concert with application, development, infrastructure and product teams to design secure solutions for business-critical platforms and applications. Conduct reviews of existing and incoming applications & platforms being onboarded into the environment for design best practices, controls and adherence to standards. Collaborate with internal teams to assess security posture and controls, participate in triage for Major Incidents and cyber investigations as directed. Stay current with the latest security trends and threats, applying this knowledge to improve our overall security posture. Document runbooks, best practices, standards, controls and team initiatives using operationally repeatable patterns. Qualifications: At least 3-5 years of hands-on professional experience in infrastructure security or 5 to 7 years of IT infrastructure systems administration with a security focus. Well versed in managing a Microsoft technology stack including Windows Server OS, Active Directory, Group Policy, Exchange/O365, SQL and PowerShell. Experience managing Linux is a strong plus. Experience with Azure and VMware vCenter. Bachelor's Degree in Computer Science, Information Technology/Security related field or comparable level of certifications (combination of MCSE, CISSP, CCNA, ITIL, VCP, CompTIA Sec+ etc.). Familiarity with systems management, CMDB, ticketing, inventory or SaaS security tools. Excellent collaboration, critical thinking skills and the ability to work in a dynamic environment. Familiarity with industry security standards and frameworks such as NIST, ISO 27001 or MITRE Telecommunication&CK. Familiarity with the regulatory environment of the financial services industry or a similarly regulated industry and its impact on infrastructure security is a plus. Commitment to staying informed on security trends and threats, using this knowledge to enhance security measures. U.S. Citizen, operate in the Eastern Time Zone and able to report to the NYC metro area office(s) as needed.

We are seeking a highly skilled Senior Security Engineer with a strong background in endpoint security, data loss prevention (DLP), and secure private access technologies. In this role, you will be responsible for ensuring the integrity and security of our enterprise systems by designing, implementing, and managing advanced security solutions. The ideal candidate will have over 5 years of experience working with CrowdStrike, Zscaler Internet Access (ZIA), Palo Alto (PA) Prisma, endpoint encryption (MS BitLocker), McAfee support, and associated firewall technologies. This role also requires excellent communication, troubleshooting, and collaboration skills to work effectively with both internal teams and offshore teams. Skills Required: Minimum of 5 years of experience in enterprise security engineering with hands-on experience in endpoint security, DLP, secure private access, firewall management, and endpoint encryption. Proficiency with CrowdStrike endpoint protection software. Strong experience with MS BitLocker encryption and endpoint data protection strategies. Hands-on experience with McAfee endpoint protection software and security suite. In-depth experience with Zscaler Internet Access (ZIA) and secure private access protocols. Hands-on experience managing and configuring Palo Alto Prisma and firewalls. Strong knowledge of network security best practices and principles. Familiarity with SIEM platforms, IDS/IPS, and threat detection tools is a plus.

TITLE: Cyber Security Analyst (KB) POSITION TYPE: Full Time (W2) ABOUT WorldLink: WorldLink is a rapidly growing information technology company at the forefront of the tech transformation. From custom software development to cloud hosting, from big data to cognitive computing, we help companies harness and leverage today's most cutting-edge digital technologies to create value and grow. Collaborative. Respectful. Work hard Play hard. A place to dream and do. These are just a few words that describe what life is like at WorldLink. We embrace a culture of experimentation and constantly strive for improvement and learning. We take pride in our employees and their future with continued growth and career advancement. We put TEAM first. We are a competitive group that like to win. We're grounded by humility and driven by ambition. We're passionate, and we love tough problems and new challenges. You don't hear a lot of "I don't know how" or "I can't" at WorldLink. If you are passionate about what you do and having fun while doing it; tired of rigid and strict work environments and would like to work in a non-bureaucratic startup cultural environment, WorldLink may be the place for you. For more information about our craft, visit ************************ . WHO we're looking for: We are looking for a Cyber Security Analyst (KB) to join our team. Role and Responsibilities: Establish Information Technology (IT) policies regarding operational procedures and ensure compliance. Work with outside vendors, upper management, and leadership of other departments to ensure smooth processes. Establish strategies for risk mitigation and contingency planning. Plan and schedule project guidelines and goals while ensuring timelines are met. Monitor their organization's networks for security breaches and investigate and remediate, including retraining, if violations occur. Install and use software, such as firewalls and data encryption programs, to protect sensitive information. Prepare reports that document security breaches and the extent of the damage caused by the breaches. Coordinate/conduct penetration testing to identify and mitigate network vulnerabilities within systems before exploited. Research the latest IT security trends. Analyze IT requirements and advise on IT security requirements. Develop security standards and best practices for the organization. Recommend security enhancements to management or senior IT staff. Liaise with Legal, Privacy & Compliance, and other departments. Required Experience and Education: 1 year of experience in information security. Bachelor's degree in Computer Science or Cyber Security CISSP certification is a plus. Proficient with MAC and OS; Windows environment is primary. Experienced with penetration testing and techniques. Understand patch management. Knowledge of firewalls, antivirus and IDPS concepts Experienced in installing security software and documenting security issues. Mix of technical skills and strategical knowledge (50% on engineering tactics, 50% on hands-on strategy). Relevant experience in developing/documenting strategies & proposals for security standards and practices. Training experience is a plus. Understanding & technical knowledge of IDPS, VOP solutions, Phishing campaign, Vulnerability scans, etc. Must have complete understanding of IT environment and knowledge of Security systems such as FireEye.

Job Title: Resident Engineer - Cloudflare Duration: 9 Months (Hybrid - 3 Days Onsite) We are seeking a Senior Security Engineer with deep expertise in Cloudflare to join our team at our customer. This role focuses on securing, optimizing, and maintaining CDN and web security solutions to enhance the organization's resiliency and threat mitigation strategies. The ideal candidate will possess strong network security, web application protection, and performance-tuning skills across enterprise-grade CDN platforms. Key Responsibilities: Design, implement, and manage security policies across Cloudflare to protect web applications and APIs. Optimize and enhance CDN performance, security configurations, and traffic management to ensure resilience against cyber threats. Monitor and respond to security incidents, mitigate DDoS attacks, and fine-tune WAF (Web Application Firewall) rules to safeguard digital assets. Collaborate with IT, DevOps, and Security teams to enforce best practices in web security, zero-trust networking, and identity protection. Analyze traffic patterns and system logs to detect anomalies, prevent service disruptions, and improve threat intelligence. Develop and automate security configurations, leveraging infrastructure-as-code tools and scripting for scalability and efficiency. Ensure compliance with regulatory and security standards by implementing robust access controls, encryption, and incident response mechanisms. Provide technical guidance and mentorship to junior engineers and cross-functional teams on CDN security best practices. Document security configurations, incident responses, and operational workflows, ensuring clear and up-to-date reference materials. Qualifications: Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience). 7+ years of experience in security engineering, CDN security, or network security within enterprise environments. Expertise in Cloudflare, including WAF configuration, DDoS mitigation, and security policy enforcement. Strong networking knowledge (TCP/IP, DNS, HTTP/HTTPS, TLS, BGP, etc.) with a focus on CDN performance and security. Experience with scripting and automation (Python, Bash, Terraform, or Ansible) for CDN security configuration management. Hands-on experience with security monitoring tools (SIEM, IDS/IPS, Splunk, etc.) and threat intelligence platforms. Proven ability to mitigate web application attacks, secure APIs, and implement zero-trust security principles. Strong analytical and troubleshooting skills, with the ability to identify, diagnose, and resolve CDN and security-related issues. Excellent communication skills, capable of working in cross-functional teams and presenting security insights to stakeholders. Preferred Qualifications: Security certifications (e.g., CISSP, CEH, GIAC, CCSP). Experience with Infrastructure as Code (IaC) and cloud security tools (AWS, Azure, GCP). Knowledge of load balancing, edge computing, and content caching strategies. Familiarity with DevSecOps practices and CI/CD security integration.

Our Client a well know Investment bank is seeking a Senior Cyber Security Analyst in their New York, New York Location! Typical Day in Role •Execution of the cyber security and IT risk management 2nd line Review, Challenge, Methodology & Testing of Issues. •Partner with domain experts in the1st line understand the design and implementation of the remediation actions that address the MRA/Issue concerns. •Works closely with Issue owners to provide challenge for remediation; including feedback on control remediation opportunities (such as control automation) •Liaises with 1st and 3rd line to get alignment on remediation actions •Participates in the Review and Challenge tollgate panels •Engages with key stakeholders to provide ongoing support and feedback of team efforts •Partner with the 1st in the design and implementation of the remediation actions that address the MRA concerns Candidate Requirements/Must Have Skills: 1) 8+ years as a IT Security Analyst 2) Experience with GRC tooling or Service Now 3) Prior experience working in an Issues Management capacity Nice-To-Have Skills: 1) CISSP Certified (Cyber Security) 2) Service Now Certified 3) CCSP Certified (Cloud Security) Soft Skills Required: • Strong written communication skills and exposure to creating reports Degrees or certifications: • Bachelor's degree in a related field.

Dear Cyber Security Engineer or Architect , Vertex Elite LLC is looking for Cyber Security Engineer or Architect . Please share your profile, if you are looking for a job. Work Authorization :H1B Only Exp : 15+ Years Requirements: Nutanix experience to configured and deployed new installations. Experience with (IAM) access control designs/architectural designs in OT a.Implementation PAM/MFA within the OT environment. A candidate should have experience in setting up enterprise level security tools from the ground up. Nozomi or other OT Network Intrusion Detection System experience a.Specially how to fine tune these systems and should be able to investigate alerts. Nice to have: Pen Testing / Red Team experience. Gigamon or other Network Tap/Aggregation tools VPM experience would be a plus Someone who has a lot of experiences in building network documentation. Any type of Networking certification would be a plus With Best Regards, Sarvesh | Vertex Elite LLC | Email: ************************ | ********************

Our client is a leading life insurance provider, looking for an innovative, strategic, and highly skilled Head of Cyber Defense & Response to join their cybersecurity leadership team. This position will focus on driving the enterprise-wide cybersecurity defense strategy, ensuring effective protection against cyber threats, and leading a diverse, high-performing team of cyber defense professionals. You will be responsible for safeguarding critical infrastructure, overseeing incident response, and ensuring a proactive, risk-based approach to managing the threat landscape. Your leadership will be crucial in shaping the company's cybersecurity capabilities, developing cutting-edge security solutions, and fostering a collaborative and high-impact environment. Responsibilities Develop and implement an enterprise-wide cybersecurity defense strategy, focused on proactive threat mitigation across cloud, identity, network, web, endpoint, database, and data security. Stay ahead of emerging threats and adapt strategies to mitigate cyber threats across diverse platforms. Lead the identification, analysis, and management of threat vectors, ensuring defenses are continuously enhanced. Lead incident response and ensure efficient handling of security events and incidents. Oversee post-incident reviews and continuous improvement processes to enhance the overall security posture. Work closely with various stakeholders, including IT, legal, compliance, and executive leadership, to ensure that cybersecurity strategies align with business objectives and regulatory requirements. Oversee the design and implementation of advanced security solutions across identity, data, cloud, and infrastructure security platforms. Ensure that all security systems and platforms are operating effectively to detect and protect against threats. Lead and mentor a diverse, high-performing team of cyber defense engineering professionals. Focus on recruiting top cybersecurity talent, setting clear goals, managing performance, providing career development opportunities, and fostering a culture of innovation and collaboration. Ensure that regular security audits and due diligence processes are in place. Lead efforts to maintain compliance with industry standards, cyber defense best practices, and regulatory requirements. Define and enforce cyber defense standards, policies, and procedures that ensure effective detection, protection, and mitigation of cyber threats across the enterprise. Qualifications BS/MS in Cybersecurity, Information Technology, or a related field. At least 10 years of experience in cybersecurity, with at least 5 years in a leadership role within enterprise cybersecurity, ideally in the financial services or insurance sectors. CISSP, CISM, or equivalent certifications required. Additional certifications like GIAC, AWS/Azure Security certifications, or SANS are highly desirable. Deep knowledge of threat vectors and mitigation strategies across infrastructure, cloud, web, and endpoint security. Proven ability to manage and inspire diverse, high-performing teams in a fast-paced, dynamic environment. Strong background in security process improvement, change management, and developing security architecture. Strong verbal and written communication skills, with the ability to explain complex security concepts to non-technical stakeholders. Experience working with senior executives and external partners to ensure alignment with security commitments and business objectives.

Hew York City Hybrid up to 3 days a week onsite We're looking for a dynamic Senior Cybersecurity Specialist to partner with our client's Technology leadership team in driving the protection of our enterprise systems and data. In this pivotal role, you'll be at the forefront of defending our organization against evolving cyber threats, ensuring the resilience of our technology infrastructure, and shaping their risk management strategy. As a senior member of the information security team, you'll lead the identification, analysis, and mitigation of cybersecurity risks across the enterprise. This is a hands-on role that requires deep technical proficiency in deploying and managing modern security tools and infrastructure, combined with a strong understanding of risk management frameworks and regulatory compliance. You'll collaborate closely with teams across IT and the business to implement effective security controls, evaluate emerging threats, and influence decision-making with clear, risk-informed insights. We're seeking someone who can bridge the gap between technical complexity and strategic impact - a trusted advisor who can translate cybersecurity risks into actionable business decisions. What You'll Do: Design, deploy, and manage enterprise security solutions Proactively identify vulnerabilities and respond to emerging threats Advise leadership on cybersecurity risks and mitigation strategies Ensure compliance with regulatory and industry standards Drive cross-functional security initiatives across the organization What We're Looking For: Proven hands-on experience in cybersecurity operations, tools, and infrastructure Deep understanding of risk management principles and security frameworks (e.g., NIST, ISO 27001) Strong communication skills with the ability to convey technical risks in business terms A collaborative mindset and a proactive approach to problem-solving If you're passionate about cybersecurity and want to make a measurable impact at an enterprise level, we'd love to hear from you.

The technical Incident Response & Forensics Specialist is a part of the IT Threat Intelligence group within the Cyber Security Operations Center and will be expected to provide direct support to the 24/7 Cyber Security Monitoring group as needed. The responsibilities include, but are not limited to, the following: Serving as a primary point of contact for Client CSOC & MSSP Cybersecurity Incident escalations Interfaces directly with vendors & third parties for notified/observed compromises Forensics on memory, disks, and logs Malware analysis (dynamic & static) Involvement in full incident response lifecycle Processes evidence in accordance with Chain of Custody Creates Incident reports to brief to executive management Provide recommendations to prevent similar incidents Assist the Threat Intelligence group in other functions including o Threat Intelligence / Threat Hunting o Threat Readiness o Cyber Content Engineering & Automation Skills: Strong experience with digital forensic tools Strong understanding and analysis of code such as Powershell, PERL, Python Cybersecurity certifications (preferred) Experience with OT & PCI technologies (preferred) Minimum requirements: Bachelor's degree in computer science, Information Services, or IT Security related field -Or- A satisfactory equivalent with at least 3 years of IT-Security experience. Minimum of 3 years of experience Tiers 1 & 2 support for cyber security operation center. Minimum of 3 years' experience with performing incident response functions & investigations Information Security - 6+ years of experience

Seeking multiple Cyber Security/Threat Modeling Engineers to my client on their dynamic, cross-functional team dedicated to delivering cutting-edge digital business transformation solutions for our clients. This is an individual contributor position with a strong focus on Security Architecture and Threat Modeling. Salary: Senior Level: 140-160K Manager Level: 160-180K Location: Hybrid role in Rutherford, NJ Your Impact: Lead and execute in-depth threat modeling exercises by leveraging established methodologies, frameworks, and industry best practices to identify vulnerabilities. Uphold a high standard of excellence and precision in recognizing potential threats and articulating effective, tailored mitigation strategies. Take ownership of the threat lifecycle management, ensuring threats and associated mitigation controls are continuously monitored, updated, and refined based on evolving risks and business needs. Deliver high-quality, comprehensive threat models and associated deliverables within established timelines, ensuring that the overall security posture is continuously strengthened. Provide actionable feedback, insights, and suggestions to refine and enhance the threat modeling process and overall security strategy, contributing to the team's continuous improvement. Regularly present findings, progress, and strategic recommendations to senior leadership, technical teams, and stakeholders, ensuring alignment with business objectives and security goals. Qualifications: We are seeking a highly skilled and experienced professional with over 8 years of expertise in various technologies and processes, including: Proficiency in Google Cloud Platform (GCP) - a critical skill for this role. Extensive knowledge of security architecture principles, industry frameworks, and best practices for designing resilient and secure systems. Hands-on experience with advanced threat modeling methodologies, including MITRE ATT&CK, STRIDE, PASTA, and others, ensuring a holistic approach to threat identification and mitigation. 5+ years in Cybersecurity with an emphasis on building robust security architectures and threat management processes. Solid understanding of security practices, including authentication, authorization, encryption, logging/monitoring, network segmentation, and infrastructure security. Expertise in REST API security and their integration within secure architectures. Familiarity with scripting languages and Infrastructure as Code tools such as Terraform and CloudFormation, ensuring efficient and secure infrastructure management. Proficiency in Jira or other ticketing systems - a must-have for managing workflows and tracking security tasks. Strong technical architecture design and review skills, ensuring the alignment of security initiatives with system and application designs. Ability to identify vulnerabilities using established security databases and frameworks such as CWE or OWASP, and develop strategies to remediate them. Deep knowledge of operating systems, including advanced hardening techniques to bolster overall security resilience. Understanding of modern software development concepts such as CICD, Pipelines, and SDLC, ensuring security is seamlessly integrated into development processes. Practical experience with penetration testing, identifying security gaps and vulnerabilities in systems and applications. Familiarity with Cloud Development Kit (CDK) and GitOps methodologies, enabling efficient cloud-native development and deployment practices. Experience working within DevOps and agile teams, ensuring that security is integrated throughout the lifecycle of development and operations. Proficiency with Docker, Kubernetes, serverless architecture, and Helm, ensuring secure containerization and orchestration practices in cloud environments. Exposure to platforms like Snowflake, MongoDB, GitHub, Databricks, and others, adding depth to cloud-based security strategies. Excellent analytical and problem-solving skills, demonstrating a keen eye for detail in identifying and addressing complex security issues. Set Yourself Apart With: Professional Security Certifications such as CISSP, CCSP, CISA, CISM, or ITIL to demonstrate your expertise in the field. GCP Certifications such as GCP Professional Cloud Architect or GCP Professional Cloud Security Engineer are highly desirable, showcasing advanced cloud security knowledge. A solid understanding of industry security standards, including ISO, NIST, and Cloud Security Alliance (CSA) frameworks, to ensure compliance and best practices. Hands-on experience with cloud security designs and implementations specifically within the GCP ecosystem.