Security architect jobs in Manchester, NH - 134 jobs

Company DescriptionJobs for Humanity is partnering with Capital One to build an inclusive and just employment ecosystem. Therefore, we prioritize individuals coming from the following communities: Refugee, Neurodivergent, Single Parent, Blind or Low Vision, Deaf or Hard of Hearing, Black, Hispanic, Asian, Military Veterans, the Elderly, the LGBTQ, and Justice Impacted individuals. This position is open to candidates who reside in and have the legal right to work in the country where the job is located. Company Name: Capital One Job Description201 Third Street (61049), United States of America, San Francisco, CaliforniaSenior Manager, Information Security Office Consultant At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other teams within Capital One to push the envelope. You are comfortable with Cloud Service technologies like Storage Services, Security & Access Control Management, Container Services, and API Implementation and Management. You are familiar with various Cloud computing models to include IaaS, PaaS, and SaaS along with their architectural differences. Security is essential to what we do here, from protecting our customers to our associates. What You'll Do: Act as a central Information Security point of contact for the Enterprise Platform team Coordinate and execute proactive Information Security consulting to the business and technology teams covering Infrastructure Security, Resiliency, Data Security, Network Architecture and Design, and User Access Management Serve as an expert in Capital One's Information Security capabilities, solutions, policies, procedures and standards Influence customers to leverage security capabilities and solutions to shift and integrate security to the left in the development processes Escalate and manage cyber security risk Provide ad hoc support on special Information Security hot topics for the business Provide regular updates to executive leadership with your line of business on the overall Information Security health and risk environment Work with line of business leadership to anticipate their objectives and needs to better serve the line of business Product security consulting in Authentication/Access Management /Identity application and experienced in Authentication and industry-standard protocol for authorization/authorization Basic Qualifications: High School Diploma, GED or equivalent certification At least 8 years of experience working in cybersecurity or information technology At least 7 years of experience providing guidance and oversight of Security concepts At least 7 years of experience performing security risk assessments and security architecture reviews At least 7 years of experience with architecture, software design, networking, and cloud infrastructure At least 5 years of experience with cloud security engineering Preferred Qualifications: Bachelor's Degree 3+ years of experience in securing a public cloud environment (e.g. AWS, GCP, Azure) 4+ years of experience in IAM or related areas Experience building software utilizing public cloud (e.g. AWS, GCP, Azure) Familiarity with Cloud patch management practices such as system rehydration and image management Experience utilizing Agile methodologies Experience with Software Security Architecture Experience with Application Security Experience with Threat Modeling Experience with Penetration Testing or Vulnerability Management Experience with integrating SaaS products into an Enterprise Environment Experience with securing Container services Splunk-Fu / Enterprise Monitoring experience Financial services industry experience Professional certifications such as AWS Certified Solutions Architect and Certified Information Systems Security Professional (CISSP) Experience in Offensive and Defensive Security techniques Experience in a regulated environment Strong conceptual thinking, influence and communication skills At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. New York City (Hybrid On-Site): $230,100 - $262,700 for Sr Manager, Cyber TechnicalSan Francisco, California (Hybrid On-Site): $243,800 - $278,200 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex (including pregnancy, childbirth or related medical conditions), race, color, age, national origin, religion, disability, genetic information, marital status, sexual orientation, gender identity, gender reassignment, citizenship, immigration status, protected veteran status, or any other basis prohibited under applicable federal, state or local law. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at ************** or via email at [email protected]. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to [email protected] Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).

Come join a company that is putting the "CARE" back in healthcare. Why do IT Professionals want to work here? The reason people love working for KabaFusion is because of the impact we have on our patients. Here, it doesn't matter what your role is, you will be part of a team that works collaboratively to change lives. You will go home knowing you've made a difference and improved someone's life. About us: What started as a single pharmacy in 2010 has grown into KabaFusion becoming the largest privately held home infusion company in the country. We have a national network of pharmacies and nursing offices strategically placed to service 40+ states. Couple that with over 30 years of combined experience and it's no wonder why KabaFusion is the industry leader in home infusion. About the role: As an Information Security Officer, you will collaboratively with other members of our IT team to ensure that KabaFusion is as protected as possible when it comes to security threats. This will include auditing our current systems and analyzing areas of vulnerability then recommend remediations. This may also lead to gap analysis projects where you'll recommend and assist in the implementation of remedies to ensure we are mitigating risk. Essential Duties & Responsibilities: Design, implement, and maintain robust IT controls across our network, systems, and applications. Conduct advisory projects for key system implementations and business process changes to provide proactive risk and control guidance. Analyzing business and IT process controls, understanding the relationship with the data supporting them, identifying risks and design, and developing innovative data analytic test approaches applicable to audit objectives Owns audits and project engagements. Responsible for overseeing the IT audit staff on engagements and interacting with audit customers during planning, fieldwork and testing, reporting, and follow-up. As an Information Security Officer , you bring: Bachelor's degree or equivalent experience 8+ years of IT audit, cybersecurity, system administration, or network administration experience CISSP, CEH, CCSP, GSEC, CISM certification 2+ years of experience in SaaS application, AWS, or Azure Cloud Previous experience in cybersecurity incident response, auditing, or information security compliance, including expertise in access management, change management, IT operations, and vulnerability management, is desired. Our Benefits: Benefits start on your 1st day of employment. 401k w 4% match - no waiting or vesting period PTO / Floating Holidays / Paid Holidays Company paid life insurance and short-term disability Employee Assistance programs to help with mental health / wellness Learning & Development Programs Perks… includes discounts on travel, cell phone, clothing and more… Generous employee referral program KabaFusion is a mission driven company with a focus on innovation and patient care so, as a IT professional, if that sounds like something you want to be a part of, then look no furthe r.

Type of Requisition: Regular Clearance Level Must Currently Possess: Top Secret/SCI Clearance Level Must Be Able to Obtain: Top Secret SCI + Polygraph Public Trust/Other Required: None Job Family: Cyber and IT Risk Management Job Qualifications: Skills: Information Security, Information Security Management, Information System Security Certifications: None Experience: 5 + years of related experience US Citizenship Required: Yes Job Description: The Information Systems Security Officer (ISSO) III is responsible for ensuring the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the ISSM and ISO. The position shall have the detailed knowledge and expertise required to manage the security aspects of an information system and, in many organizations, is assigned responsibility for the day-to-day security operations of a system. This will include physical and environmental protection, personnel security, incident handling, and security training and awareness. It will be required to work in close coordination with the ISSM and ISO in monitoring the information system(s) and its environment of operation to include developing and updating the authorization documentation, implementing configuration management across authorization boundaries. This will include assessing the security impact of those changes and making recommendation to the ISSM. The primary function is working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, Office of the Secretary of Defense (OSD) and Military Compartments efforts. The position will provide “day-to-day” support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities. Performance shall include: Assist the ISSM in meeting their duties and responsibilities. Prepare, review, and update authorization packages. Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media. Notify ISSM when changes occur that might affect the authorization determination of the information system(s). Conduct periodic reviews of information systems to ensure compliance with the security authorization package. Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change. Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly. Ensure all IS security-related documentation is current and accessible to properly authorized individuals. Ensure audit records are collected, reviewed, and documented (to include any anomalies) Attend required technical and security training (e.g., operating system, networking, security management) relative to assigned duties. Execute the cyber security portion of the self-inspection, to include security coordination and review of all system assessment plans. Identify cyber security vulnerabilities and assist with the implementation of the countermeasures for them. Prepare reports on the status of security safeguards applied to computer systems. Perform ISSO duties in support of in-house and external customers. Conduct continuous monitoring activities for authorization boundaries under your preview. Assist Department of Defense, National Agency and Contractor organizations with the development of assessment and authorization (A&A) efforts. Experience: 5+ years related experience, especially in developing RMF packages or bodies of evidence. 2+ years SAP experience required. Prior performance in roles such as System, Network Administrator or ISSO. Education: Bachelor's degree in a related area or equivalent experience (4 years) Certifications: IAT Level II ( Security+ CE, CCNA Security, etc) or IAM Level II (in lieu of IAT Level II) Clearance Required to Start: TS/SCI required. Must be able to Attain - TS/SCI with CI Polygraph #AirforceSAPOpportunities #ISSO #TS/SCI The likely salary range for this position is $102,000 - $138,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Scheduled Weekly Hours: 40 Travel Required: 10-25% Telecommuting Options: Onsite Work Location: USA MA Bedford Additional Work Locations: USA MA Avon, USA MA Boston, USA MA Braintree, USA MA Burlington, USA MA Cambridge, USA MA Fort Devens, USA MA Norwood, USA MA Peabody, USA MA Quincy, USA MA Taunton, USA MA Waltham, USA MA Westwood Total Rewards at GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.Join our Talent Community to stay up to date on our career opportunities and events at gdit.com/tc. Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

The driving force behind our success has always been the people of AspenTech. What drives us, is our aspiration, our desire and ambition to keep pushing the envelope, overcoming any hurdle, challenging the status quo to continually find a better way. You will experience these qualities of passion, pride and aspiration in many ways - from a rich set of career development programs to support of community service projects to social events that foster fun and relationship building across our global community. The RoleAspenTech is an AI-powered software company helping the world's leading energy, chemical and engineering companies succeed in their digital transformation, making their operations more efficient and reducing impact on the environment. At AspenTech, you will be part of a global market-leading company with double digit growth and a blue-chip customer base. We offer the opportunity to make an impact, to drive innovation and to be an agent of positive change. Our culture and vision have taken dramatic leaps forward over the past two years and we still have work to do. We need extraordinary individuals to pave the way ahead. The reviews on here paint many stories of successes, failures, excitement and disappointment. Every person has their own story. We strive to make your story at AspenTech a great one. Under the direction of the VP of Product Security this role is a key member for day-to-day operations of Product Security at Aspen Technology. This role will help protect our clients, enable teams to deliver secure development, and position us for future security needs. This thought leader will help drive mitigation of risk thru activities such as developing Threat Models, driving Risk Assessments, reviewing alignment of standard controls to mitigate risks in products, oversee vulnerability tracking, ensure security documentation and compliance with security lifecycle activities for product security releases. This could include supporting compliance documents, secure patch release, security incidents, security communications, the security champion program, and product security verification/validation activities. This role will work closely with development teams, senior leaders, and teams across the organization. This role will work with teams across the organization to mitigate risks, protect our customers, protect our assets, and enable secure activities. The Principal Security Engineer will support the development and execution of product security strategic efforts to meet business and technology objectives. This role will also support the continuously improving product security policies, procedures, tools, guidelines, and security awareness. This role will also maintain a vigilant awareness of industry threats, standards, regulations, and best practices to enhance our security profile.Your Impact Responsible for supporting the design, implementation, and oversight of Product Secure Development Lifecycle. Including aspects such as security requirements, secure architecture/design, risk assessment, threat models, security scanning, triage and vulnerability management, and product security validation/verification. Administers product security practices to product teams, technology, and security champions across the organization. Drive Product Security efforts to resolve challenges, enable automation, and impact organization security culture Monitors information security best practices, standards, regulations, industry threats and risks for improvements to product security practices. Maintains a deep understanding of current issues in the realm of information security. Subscribes to major industry newsgroups and mailing lists and assesses the impact of all emerging issues on systems and practices at Aspen Technology. Monitors security bulletins and alerts from all Aspen Technology's information system vendors. Evaluates vulnerability impact and formulates and executes risk mitigation plans for product security. Member of the AspenTech Security Emergency Response Team (ASERT) providing expert analysis of security customer reported security incidents. Works with information resource owners during and after security incidents; work with product teams for analysis; recommends best practices and solutions. Where appropriate, work with product teams, technology teams, client support and customer contacts. Occasionally after hours and weekend work to perform tasks that cannot be done during business hours. What You'll Need Bachelor's degree (B.A./B.S.) or equivalent in computer science or technical equivalent discipline from an accredited college or university required 8+ years of experience in IT required 5+ years of experience in an information security role or experience with security and development teams. Knowledge of information security regulatory requirements for privacy, secure by design, and defense in depth Maintains broad understanding of information security including ISO27002, NIST and other information security frameworks and regulations. Experience with Application/Product Security, Risk Assessment, Threat Models, Secure Architecture/Design, Security Scanning. (SAST, DAST, SCA, cloud security configuration scanning) Experience with cloud solutions such as Azure and AWS - Experience with security policy, procedures, tools, services, and cloud security models. Demonstrated ability to plan, design, develop, deploy, and maintain application security best practices Ability to assume high levels of responsibility and to work with a minimum of day-to-day supervision Ability to cooperatively and effectively work with people from all organizational levels and build consensus through negotiation and diplomacy Preferable exposure to the following: IEC 62443-4-1, IEC 62443-4-2, NIST 800-53, ISO 27001, ISO 27002, Cloud Security Alliance (CSA), Cybersecurity and Infrastructure Security Agency (CISA), SANS, OWASP, CWE 25, ethical hacking, and AI Security best practices. Desired domain knowledge and/or certification: CISSP, CISA, CCSP, CSSLP, CEH, SANS GIAC, security certification from AWS or Azure Desired knowledge of the following Technologies: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA) Experience with Application Security Best Practices such as web security, cloud security, pen testing, fuzz testing, security coding guidelines, security architecture/design principles, CVSS, STRIDE, DREAD Experience with Application development technologies, processes, and best practices. For example: Agile, RUP, CICD, DevSecOps #LI-WJ1 The salary range for this role is $120,900.00 - $151,100.00. This range represents what we in good faith believe is the range possible for base compensation for this role at the time of this posting. We may ultimately pay more or less than the posted range based on several factors. This range may be modified in the future. This role is also eligible for bonus or variable incentive pay. Additionally, we offer a comprehensive benefits package including paid time off, charitable giveback day, medical/dental/vision insurance, and retirement benefits to eligible employees.

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. We are seeking a highly skilled and experienced Identity and Access Management (IAM) Engineer to join our team. In this pivotal role, you will be instrumental in designing, implementing, and managing IAM solutions that secure our enterprise applications and facilitate the secure, efficient, and seamless integration of identity and access systems in context of our rapid growth through Mergers and Acquisitions. You will ensure robust access controls, streamline user experiences, and maintain operational continuity across our diverse IT landscape. The ideal candidate will have deep technical expertise in modern IAM principles, protocols and products along with strong management and communication skills. **Responsibilities:** + **Application Integration Leadership:** Lead the integration of various enterprise applications (SaaS, on-premise, custom-built) with our core IAM infrastructure, ensuring secure authentication, authorization, and user provisioning/de-provisioning. + **M&A Integration Strategy & Execution:** Lead the planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Solution Design & Implementation:** Design, implement, and maintain IAM solutions including Single Sign-On (SSO), Multi-Factor Authentication (MFA), Privileged Access Management (PAM), and Role-Based Access Control (RBAC) frameworks. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications:** + **Education:** Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent practical experience. + **Experience:** 5+ years of progressive experience as an IAM Engineer, designing and implementing enterprise scale solutions with significant experience in supporting M&A integration projects preferred. + **Technical Expertise:** + Proficiency in directory services (e.g., Active Directory, Azure AD, LDAP). + Extensive knowledge and experience with authentication standards and technologies such as SSO (SAML, OAuth, OpenID Connect), MFA, and privileged access management (PAM). + Hands-on experience with leading IAM platforms (e.g., Okta, Microsoft Azure AD, CyberArk, ForgeRock, Ping Identity, SailPoint). + Experience with scripting languages (e.g., PowerShell, Python) for automation and integration. + Strong understanding of security principles, risk management, and access control models (e.g., RBAC). + Understanding of DevOps practices. + Familiarity with Zero Trust architecture principles. + Familiarity with AI/ML concepts and their practical application in security and risk management, especially in IAM context. + **M&A Specific Skills:** Proven track record of managing complex integration projects, including assessing existing IAM capabilities, workflow, systems, and processes of acquired entities. Ability to navigate the complexities of integrating diverse identity infrastructures. + Strong communication and interpersonal skills to collaborate effectively with various teams and stakeholders. + Detail-oriented mindset to ensure precise access control configurations and compliance. + Excellent problem-solving and analytical abilities to troubleshoot access issues and design solutions for unique business requirements + Must be a self-starter who takes full ownership of projects from inception to completion , holding oneself accountable for the security and operation integrity of IAM platform. + Ability to manage multiple priorities and meet tight deadlines in a fast-paced M&A environment. + Adaptability to stay ahead of evolving IAM technologies and security threats. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at ******************* Job Function: Technology Enterprise Strategy & Security Job Sub Function: Security & Controls Job Category: Scientific/Technology All Job Posting Locations: Danvers, Massachusetts, United States of America, Raritan, New Jersey, United States of America Job Description: Johnson & Johnson's MedTech cybersecurity team is recruiting for an experienced Sr Product Security Engineer to be based in Danvers, MA or Raritan, NJ. This role can also be remote or hybrid work. This role will require up to 10% travel. As the world's most comprehensive MedTech business, J&J MedTech Companies are building on a century of experience, merging science and technology, to shape the future of health and benefit even more people around the world. With our unparalleled breadth, depth and reach across heart recovery, surgery, orthopedics and interventional solutions, we're working to profoundly change the way care is delivered. We are in this for life. For more information, visit ******************************** At Johnson & Johnson, we all belong. Are you passionate about security and interested in joining a community of collaborative colleagues working in a Patient First! culture? If that's you, we have an immediate opportunity for a Sr Product Security Engineer to join the Product Cybersecurity team to help ensure security is implemented by design for this top-performing medical device company. This is an exciting opportunity to impact development initiatives that will shape future product development and industry standards. You will own the Product Security process for the products that you will support throughout the product development lifecycle which includes both pre-market and post-market processes engineering teams. If you are eager to leverage your security risk and compliance skills to make a difference and directly impact patient lives, this could be perfect for you. Purpose: The Senior Product Security Engineer will be responsible for implementation of J&J's enterprise Product Security strategy and framework throughout the Heart Recovery portfolio of medical devices and supporting platforms. This role will join Abiomed, part of Johnson & Johnson MedTech, to provide technical expertise and strategic leadership in securing Impella heart pump technologies, next-generation cardiac support systems, and connected medical devices. This role is responsible for delivering security architecture, cryptographic controls, embedded system protections/controls, and threat mitigation techniques to ensure robust, regulatory-compliant security across the product lifecycle. Specific responsibilities include supporting heart recovery throughout a new product's development phases, review product security requirements and recommend security design solutions, complete Quality documentation, threat modelling, coordinate third-party penetration testing, software architecture review and design recommendations, code analysis and other security testing work as needed. Additionally, this position will have post market responsibilities for Heart Recovery marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans, as well as responding to customer security questionnaires and reviewing security language within contractual agreements as needed. Drive alignment to J&J Product Security's overarching framework. Support the Product Security strategy and objectives within Heart Recovery Define and implement secure boot, firmware integrity validation, and anti-tamper mechanisms to protect Heart Recovery Device firmware against unauthorized modification. Enforce cryptographic protocols for data-at-rest and data-in-transit, ensuring compliance with FDA cybersecurity requirements, NIST 800-175, FIPS 140-3, and IEC 62443. Define and implement key management infrastructure (PKI, HSMs, TPMs, and secure enclave integration) for device identity, authentication, and software signing. Develop real-time vulnerability assessment techniques for detecting security flaws in wireless communications (Bluetooth LE, NFC, Wi-Fi, 5G, proprietary RF) used in Heart Recovery's medical devices. Implement Zero Trust security for device-to-cloud connectivity, integrating mTLS and continuous authentication models into clinical applications. Oversee secure OTA (over-the-air) update mechanisms, ensuring firmware rollbacks, code signing, and supply chain integrity validation. Embedded Security & Secure Development Lifecycle: Lead Secure Development Lifecycle practices, integrating threat modeling, static/dynamic analysis, fuzz testing, and formal verification into the development process. Work with R&D Engineering to define hardware security architecture, including trust zones, hardware root of trust (HRoT), and secure microcontroller protections Implement memory safety strategies to mitigate buffer overflows, side-channel attacks, and execution vulnerabilities in real-time operating systems (RTOS) and bare-metal firmware. Respond to customer cybersecurity questionnaires and contractual language for post-market medical devices under your responsibility as necessary. Qualifications Required: •5+ years industry experience in Information Security •3+ years experience with embedded system, IOT, or medical device cybersecurity •Bachelor's degree or equivalent •Experience generating Threat models without the use of threat modeling tools •Experience performing risk assessments utilizing CVSS 3.1 or higher, with STRIDE per element •Ability to write technical security requirements for embedded systems and web platforms based on the latest regulations •Understanding and execution of third-party penetration testing, vulnerability scanning, CVSS and/or other general security testing principles •Experience supporting regulatory security submissions, ensuring compliance with FDA Cybersecurity Guidance (2025), EU MDR, NIST 800-53, IMDRF, and AAMI TIR57. •Knowledge of real-time operating systems hardening techniques •Knowledge of cloud security principles •Ability to generate SBOMs from Software source code and Binaries, Firmware, and Operating Systems •Ability to generate pre-market risk assessments against the threat model leveraging STRIDE and post-market risk assessments via SCA SBOM scans. •Ability to generate the security architecture views for medical devices that could include: Global System View, Multi-Patient Harm View, Updateability/Patchability view and, detailing system boundaries, data flows, and external interactions to show risk mitigation, ensuring transparency, and supporting post-market management •Ability to translate technical security requirements into solutions •Ability to provide secure coding recommendations and execute reviews •Data privacy experience, including HIPAA and GDPR •Understanding of industry standards and certifications such as HITRUST & ISO 27001 •Ability to work autonomously and proactively seek out product security opportunities within heart recovery •Ability to lead large projects and proven ability to track to project plan timelines from a security perspective •Ability to create and deliver cybersecurity awareness campaigns and other communications •Creative problem-solving skills •Customer focus (internal & external) •Excellent communication and collaboration skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally •Strong leadership skills Preferred Skills: •Experience leading or participating in formal security audits •Experience with Operating Systems such as QNX QOS, Yocto •Familiarity with FDA and/or other global regulatory cybersecurity guidance requirements and submission process •Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques •Experience in cybersecurity pre-sales •Software development experience •CISSP, CISM, or other security certification •MS and/or advanced degree Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants' needs. If you are an individual with a disability and would like to request an accommodation, please contact us via *******************/contact-us/careers or contact AskGS to be directed to your accommodation resource. Required Skills: Preferred Skills: Compliance Management, Crisis Management, Cross-Functional Collaboration, Fraud Management, Legal Services, Mentorship, Process Improvements, Risk Assessments, Security Architecture Design, Security Framework, Security Incident Response, Security Planning, Security Policies, Standard Operating Procedure (SOP), Tactical Planning, Technical Credibility The anticipated base pay range for this position is : $102,000.00 - $177,100.00 Additional Description for Pay Transparency: Subject to the terms of their respective plans, employees are eligible to participate in the Company's consolidated retirement plan (pension) and savings plan (401(k)). Subject to the terms of their respective policies and date of hire, Employees are eligible for the following time off benefits: Vacation -120 hours per calendar year Sick time - 40 hours per calendar year; for employees who reside in the State of Washington -56 hours per calendar year Holiday pay, including Floating Holidays -13 days per calendar year Work, Personal and Family Time - up to 40 hours per calendar year Parental Leave - 480 hours within one year of the birth/adoption/foster care of a child Condolence Leave - 30 days for an immediate family member: 5 days for an extended family member Caregiver Leave - 10 days Volunteer Leave - 4 days Military Spouse Time-Off - 80 hours Additional information can be found through the link below. *********************************************

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at ******************* Job Function: Technology Enterprise Strategy & Security Job Sub Function: Security & Controls Job Category: Scientific/Technology All Job Posting Locations: Danvers, Massachusetts, United States of America, Raritan, New Jersey, United States of America Job Description: Johnson & Johnson's MedTech cybersecurity team is recruiting for an experienced Sr Product Security Engineer to be based in Danvers, MA or Raritan, NJ. This role can also be remote or hybrid work. This role will require up to 10% travel. As the world's most comprehensive MedTech business, J&J MedTech Companies are building on a century of experience, merging science and technology, to shape the future of health and benefit even more people around the world. With our unparalleled breadth, depth and reach across heart recovery, surgery, orthopedics and interventional solutions, we're working to profoundly change the way care is delivered. We are in this for life. For more information, visit ******************************** At Johnson & Johnson, we all belong. Are you passionate about security and interested in joining a community of collaborative colleagues working in a Patient First! culture? If that's you, we have an immediate opportunity for a Sr Product Security Engineer to join the Product Cybersecurity team to help ensure security is implemented by design for this top-performing medical device company. This is an exciting opportunity to impact development initiatives that will shape future product development and industry standards. You will own the Product Security process for the products that you will support throughout the product development lifecycle which includes both pre-market and post-market processes engineering teams. If you are eager to leverage your security risk and compliance skills to make a difference and directly impact patient lives, this could be perfect for you. Purpose: The Senior Product Security Engineer will be responsible for implementation of J&J's enterprise Product Security strategy and framework throughout the Heart Recovery portfolio of medical devices and supporting platforms. This role will join Abiomed, part of Johnson & Johnson MedTech, to provide technical expertise and strategic leadership in securing Impella heart pump technologies, next-generation cardiac support systems, and connected medical devices. This role is responsible for delivering security architecture, cryptographic controls, embedded system protections/controls, and threat mitigation techniques to ensure robust, regulatory-compliant security across the product lifecycle. Specific responsibilities include supporting heart recovery throughout a new product's development phases, review product security requirements and recommend security design solutions, complete Quality documentation, threat modelling, coordinate third-party penetration testing, software architecture review and design recommendations, code analysis and other security testing work as needed. Additionally, this position will have post market responsibilities for Heart Recovery marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans, as well as responding to customer security questionnaires and reviewing security language within contractual agreements as needed. Drive alignment to J&J Product Security's overarching framework. Support the Product Security strategy and objectives within Heart Recovery Define and implement secure boot, firmware integrity validation, and anti-tamper mechanisms to protect Heart Recovery Device firmware against unauthorized modification. Enforce cryptographic protocols for data-at-rest and data-in-transit, ensuring compliance with FDA cybersecurity requirements, NIST 800-175, FIPS 140-3, and IEC 62443. Define and implement key management infrastructure (PKI, HSMs, TPMs, and secure enclave integration) for device identity, authentication, and software signing. Develop real-time vulnerability assessment techniques for detecting security flaws in wireless communications (Bluetooth LE, NFC, Wi-Fi, 5G, proprietary RF) used in Heart Recovery's medical devices. Implement Zero Trust security for device-to-cloud connectivity, integrating mTLS and continuous authentication models into clinical applications. Oversee secure OTA (over-the-air) update mechanisms, ensuring firmware rollbacks, code signing, and supply chain integrity validation. Embedded Security & Secure Development Lifecycle: Lead Secure Development Lifecycle practices, integrating threat modeling, static/dynamic analysis, fuzz testing, and formal verification into the development process. Work with R&D Engineering to define hardware security architecture, including trust zones, hardware root of trust (HRoT), and secure microcontroller protections Implement memory safety strategies to mitigate buffer overflows, side-channel attacks, and execution vulnerabilities in real-time operating systems (RTOS) and bare-metal firmware. Respond to customer cybersecurity questionnaires and contractual language for post-market medical devices under your responsibility as necessary. Qualifications Required: •5+ years industry experience in Information Security •3+ years experience with embedded system, IOT, or medical device cybersecurity •Bachelor's degree or equivalent •Experience generating Threat models without the use of threat modeling tools •Experience performing risk assessments utilizing CVSS 3.1 or higher, with STRIDE per element •Ability to write technical security requirements for embedded systems and web platforms based on the latest regulations •Understanding and execution of third-party penetration testing, vulnerability scanning, CVSS and/or other general security testing principles •Experience supporting regulatory security submissions, ensuring compliance with FDA Cybersecurity Guidance (2025), EU MDR, NIST 800-53, IMDRF, and AAMI TIR57. •Knowledge of real-time operating systems hardening techniques •Knowledge of cloud security principles •Ability to generate SBOMs from Software source code and Binaries, Firmware, and Operating Systems •Ability to generate pre-market risk assessments against the threat model leveraging STRIDE and post-market risk assessments via SCA SBOM scans. •Ability to generate the security architecture views for medical devices that could include: Global System View, Multi-Patient Harm View, Updateability/Patchability view and, detailing system boundaries, data flows, and external interactions to show risk mitigation, ensuring transparency, and supporting post-market management •Ability to translate technical security requirements into solutions •Ability to provide secure coding recommendations and execute reviews •Data privacy experience, including HIPAA and GDPR •Understanding of industry standards and certifications such as HITRUST & ISO 27001 •Ability to work autonomously and proactively seek out product security opportunities within heart recovery •Ability to lead large projects and proven ability to track to project plan timelines from a security perspective •Ability to create and deliver cybersecurity awareness campaigns and other communications •Creative problem-solving skills •Customer focus (internal & external) •Excellent communication and collaboration skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally •Strong leadership skills Preferred Skills: •Experience leading or participating in formal security audits •Experience with Operating Systems such as QNX QOS, Yocto •Familiarity with FDA and/or other global regulatory cybersecurity guidance requirements and submission process •Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques •Experience in cybersecurity pre-sales •Software development experience •CISSP, CISM, or other security certification •MS and/or advanced degree Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants' needs. If you are an individual with a disability and would like to request an accommodation, please contact us via *******************/contact-us/careers or contact AskGS to be directed to your accommodation resource. Required Skills: Preferred Skills: Compliance Management, Crisis Management, Cross-Functional Collaboration, Fraud Management, Legal Services, Mentorship, Process Improvements, Risk Assessments, Security Architecture Design, Security Framework, Security Incident Response, Security Planning, Security Policies, Standard Operating Procedure (SOP), Tactical Planning, Technical Credibility The anticipated base pay range for this position is : $102,000.00 - $177,100.00 Additional Description for Pay Transparency: Subject to the terms of their respective plans, employees are eligible to participate in the Company's consolidated retirement plan (pension) and savings plan (401(k)). Subject to the terms of their respective policies and date of hire, Employees are eligible for the following time off benefits: Vacation -120 hours per calendar year Sick time - 40 hours per calendar year; for employees who reside in the State of Washington -56 hours per calendar year Holiday pay, including Floating Holidays -13 days per calendar year Work, Personal and Family Time - up to 40 hours per calendar year Parental Leave - 480 hours within one year of the birth/adoption/foster care of a child Condolence Leave - 30 days for an immediate family member: 5 days for an extended family member Caregiver Leave - 10 days Volunteer Leave - 4 days Military Spouse Time-Off - 80 hours Additional information can be found through the link below. *********************************************

Site: Mass General Brigham Incorporated Mass General Brigham relies on a wide range of professionals, including doctors, nurses, business people, tech experts, researchers, and systems analysts to advance our mission. As a not-for-profit, we support patient care, research, teaching, and community service, striving to provide exceptional care. We believe that high-performing teams drive groundbreaking medical discoveries and invite all applicants to join us and experience what it means to be part of Mass General Brigham. Job Summary Summary The Mass General Brigham (MGB) Information Security Engineer III - Application and Cloud Security Lead provides leadership and expertise within the cybersecurity team, specifically overseeing security practices related to application development and cloud infrastructure. This role is responsible for ensuring robust and secure software development lifecycles, implementing advanced security strategies in cloud environments, and driving continuous improvement in both application security and cloud security posture. The Engineer will lead complex security projects, coordinate cross-team collaboration, and mentor junior and mid-level engineers to foster their professional growth. The ideal candidate is a deeply technical minded security professional focused on secure coding practices or development engineering with experience designing and executing strategic / programmatic roadmaps. The Information Security Engineer III may represent the organization in industry forums or regulatory discussions. Additionally, this role actively engages with external partners, vendors, and stakeholders to establish collaborative security strategies and ensure alignment with industry trends and best-in-class security practices. They should have prior experience building application and/or cloud security programs, and experience in multiple of the following areas: * DevSecOps * Strategic program build and design * Secure Code Development * Application Security Testing Tools * CI/CD Pipeline Hardening * Application and Code Vulnerability Analysis * Cloud security expertise Duties include * Collaboratively design the application and cloud security program to meet the needs of Mass General Brigham. Lead engineers in the execution of the strategic roadmap. * Leads the design, development, testing, and implementation of advanced security controls for application development and cloud environments based on published information security policies and business requirements * Establishes and maintains a secure software development lifecycle (SSDLC), incorporating security checkpoints, threat modeling, secure coding standards, and rigorous testing practices. * Drives the implementation and ongoing management of Cloud Security Posture Management (CSPM) tools and strategies, ensuring continuous monitoring and proactive remediation of cloud security issues. * Implement and maintain code analysis tools (e.g., SAST, DAST, IAST, SCA, etc.) to identify security vulnerabilities in code before deployment. Collaborate with development teams to integrate these tools into workflows and provide actionable insights to remediate identified issues, fostering a proactive approach to secure coding practices. * Serves as a technical leader within the cybersecurity team, providing guidance, mentorship, and professional development opportunities for junior and mid-level security engineers. * Collaborates closely with development, operations, and DevOps teams to embed security seamlessly into software development and deployment processes, fostering a DevSecOps culture. * Conducts and oversees application and cloud security assessments, including penetration testing, code reviews, configuration audits, and vulnerability management efforts. * Innovates by researching, evaluating, and proposing new security technologies and methods specifically designed to improve the organization's application and cloud security maturity. * Ensures high-quality, maintainable, and scalable security solutions through comprehensive architecture reviews, security assessments, and alignment with best practices. * Responds promptly and effectively to complex security incidents involving applications and cloud resources, providing expert guidance and leading remediation efforts. * Engages proactively with vendors, industry partners, and stakeholders to leverage external expertise, technologies, and best practices. * Aligns all actions and decisions with organizational values, including Patients First, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and demonstrates commitment to Diversity & Inclusion, Integrity & Respect, Learning & Continuous Improvement, Personal Growth, and Teamwork & Collaboration. * Performs other duties and responsibilities as assigned. Qualifications * Bachelor's degree in Information Security, Computer Science, or related field; advanced degrees or equivalent professional experience preferred. * Minimum of 5+ years of progressive experience in application security, cloud security, or related cybersecurity roles. * Relevant industry certifications preferred (CISSP, CCSP, CSSLP, AWS/Azure Security Specialty, GIAC certifications). Skills for Success * Expert-level knowledge and practical experience in secure software development methodologies, OWASP Top 10, and application security testing tools (SAST, DAST, IAST). * A comprehensive understanding of secure coding principles, with the ability to guide development teams in adhering to these best practices. Hands-on experience with static and dynamic application security testing tools is preferred. * Proven expertise in securing major cloud platforms (AWS, Azure, GCP), including experience with Cloud Security Posture Management tools, cloud-native security services, and infrastructure-as-code security. * Deep understanding of modern software architectures, microservices, APIs, and container security best practices (e.g., Docker, Kubernetes). * Ability to think strategically, creatively, and innovatively to design and implement robust security controls. * Demonstrated leadership skills with strong project management capabilities, able to effectively communicate complex technical security issues clearly to technical and non-technical stakeholders. * Proven track record of delivering and managing successful security projects and continuous improvement initiatives. * Strong ability to apply documented processes, playbooks, and frameworks (e.g., OWASP, NIST CSF, etc.) to effectively address and resolve a wide variety of application security challenges. * Knowledge of established security frameworks, including NIST Cybersecurity Framework (CSF), NIST 800-53 with a focus on their application in securing software and application environments. * Preferred certifications include: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), GIAC Penetration Tester Certification (GPEN), GIAC Experienced Penetration Tester (GX-PT), GIAC Certified Red Team Professional (GRTP), GIAC Security Operations Certified (GSOC), GIAC Security Expert (GSE), etc. * Must know how to use common M365 Office Suite of products. Additional Job Details (if applicable) * M-F Eastern Business Hours required * Hybrid onsite Flexible working model required weekly includes onsite in office (number of days weekly can vary, must be flexible for business needs) * 1-2 onsite days per week * Remote working days require stable, secure, quiet, compliant working station The salary range for this position is $92,102.14 to $155,032,25 annually. At Mass General Brigham, we believe in recognizing and rewarding the unique value each team member brings to our organization. Our approach to determining base pay is comprehensive, and any offer extended will take into account your skills, relevant experience, if applicable, education, certifications, and other essential factors. The base pay information provided offers an estimate based on the minimum job qualifications; however, it does not encompass all elements contributing to your total compensation package. In addition to competitive base pay, we offer comprehensive benefits, career advancement opportunities, differentials, premiums, and bonuses as applicable, and recognition programs designed to celebrate your contributions and support your professional growth. We invite you to apply, and our Talent Acquisition team will provide an overview of your potential compensation and benefits package. Remote Type Hybrid Work Location 399 Revolution Drive Scheduled Weekly Hours 40 Employee Type Regular Work Shift Day (United States of America) Pay Range $92,102.40 - $134,056.00/Annual Grade 7 At Mass General Brigham, we believe in recognizing and rewarding the unique value each team member brings to our organization. Our approach to determining base pay is comprehensive, and any offer extended will take into account your skills, relevant experience if applicable, education, certifications and other essential factors. The base pay information provided offers an estimate based on the minimum job qualifications; however, it does not encompass all elements contributing to your total compensation package. In addition to competitive base pay, we offer comprehensive benefits, career advancement opportunities, differentials, premiums and bonuses as applicable and recognition programs designed to celebrate your contributions and support your professional growth. We invite you to apply, and our Talent Acquisition team will provide an overview of your potential compensation and benefits package. EEO Statement: Mass General Brigham Incorporated is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law. We will ensure that all individuals with a disability are provided a reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. To ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Veteran's Readjustment Act of 1974, and Title I of the Americans with Disabilities Act of 1990, applicants who require accommodation in the job application process may contact Human Resources at **************. Mass General Brigham Competency Framework At Mass General Brigham, our competency framework defines what effective leadership "looks like" by specifying which behaviors are most critical for successful performance at each job level. The framework is comprised of ten competencies (half People-Focused, half Performance-Focused) and are defined by observable and measurable skills and behaviors that contribute to workplace effectiveness and career success. These competencies are used to evaluate performance, make hiring decisions, identify development needs, mobilize employees across our system, and establish a strong talent pipeline.

Type of Requisition: Regular Clearance Level Must Currently Possess: Top Secret/SCI Clearance Level Must Be Able to Obtain: Top Secret SCI + Polygraph Public Trust/Other Required: None Job Family: Cyber and IT Risk Management Job Qualifications: Skills: Information Security, Information Security Management, Information System Security Certifications: None Experience: 5 + years of related experience US Citizenship Required: Yes Job Description: The Information Systems Security Officer (ISSO) III is responsible for ensuring the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the ISSM and ISO. The position shall have the detailed knowledge and expertise required to manage the security aspects of an information system and, in many organizations, is assigned responsibility for the day-to-day security operations of a system. This will include physical and environmental protection, personnel security, incident handling, and security training and awareness. It will be required to work in close coordination with the ISSM and ISO in monitoring the information system(s) and its environment of operation to include developing and updating the authorization documentation, implementing configuration management across authorization boundaries. This will include assessing the security impact of those changes and making recommendation to the ISSM. The primary function is working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, Office of the Secretary of Defense (OSD) and Military Compartments efforts. The position will provide “day-to-day” support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities. Performance shall include: Assist the ISSM in meeting their duties and responsibilities. Prepare, review, and update authorization packages. Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media. Notify ISSM when changes occur that might affect the authorization determination of the information system(s). Conduct periodic reviews of information systems to ensure compliance with the security authorization package. Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change. Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly. Ensure all IS security-related documentation is current and accessible to properly authorized individuals. Ensure audit records are collected, reviewed, and documented (to include any anomalies) Attend required technical and security training (e.g., operating system, networking, security management) relative to assigned duties. Execute the cyber security portion of the self-inspection, to include security coordination and review of all system assessment plans. Identify cyber security vulnerabilities and assist with the implementation of the countermeasures for them. Prepare reports on the status of security safeguards applied to computer systems. Perform ISSO duties in support of in-house and external customers. Conduct continuous monitoring activities for authorization boundaries under your preview. Assist Department of Defense, National Agency and Contractor organizations with the development of assessment and authorization (A&A) efforts. Experience: 5+ years related experience, especially in developing RMF packages or bodies of evidence. 2+ years SAP experience required. Prior performance in roles such as System, Network Administrator or ISSO. Education: Bachelor's degree OR Associate's degree in a related area + 2 years' experience OR equivalent experience (4 years) Certifications: IAT Level II ( Security+ CE, CCNA Security, etc) or IAM Level II . Clearance Required to Start: TS/SCI required. . Must be able to Attain - TS/SCI with CI Polygraph. #AirforceSAPOpportunities #ISSO III The likely salary range for this position is $102,000 - $138,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Scheduled Weekly Hours: 40 Travel Required: 10-25% Telecommuting Options: Onsite Work Location: USA MA Bedford Additional Work Locations: USA MA Avon, USA MA Boston, USA MA Braintree, USA MA Burlington, USA MA Cambridge, USA MA Fort Devens, USA MA Hanscom AFB, USA MA Norwood, USA MA Peabody, USA MA Quincy, USA MA Taunton, USA MA Waltham, USA MA Westwood Total Rewards at GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.Join our Talent Community to stay up to date on our career opportunities and events at gdit.com/tc. Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

SummaryGE Aviation Systems - Edison Works in Lynn, MA is seeking an Information System Security Manager (ISSM) in support of US Government (USG), Department of Defense (DoD) activities. In this role, the successful candidate will be supporting and managing information systems security for multiple USG classified systems and networks and for various programs and sponsors. The successful candidate is expected to have a working knowledge of National Institute of Standards and Technology (NIST) information system protection policies and Risk Management Framework (RMF) procedures and tools as prescribed within the Defense Counterintelligence and Security Agency (DCSA), DCSA Assessment and Authorization Manual (DAAPM) and as they apply to various defense industry implementations.Job Description Job Title: Information Systems Security Manager (ISSM) Company Intro/About Us: GE Aerospace is a world-leading provider of jet engines, components, and integrated systems for commercial and military aircraft. At GE Aerospace, we are committed to pushing the boundaries of technology to deliver innovative solutions that power the future of flight. Working here means being part of a team that values safety, quality, delivery, and cost (SQDC), with safety always being the top priority. Our culture fosters collaboration, respect, and continuous improvement, ensuring every employee has the opportunity to thrive. Site, Business, OR Functional Area Overview: At InsertSite/FunctionalArea, you'll be part of a dynamic team dedicated to ensuring the security and compliance of classified systems and networks. We pride ourselves on fostering a culture of respect, innovation, and teamwork, where employees are empowered to make meaningful contributions. With competitive benefits and a focus on professional growth, this is a place where your career can truly take off. Role Overview: As an Information Systems Security Manager (ISSM), you will play a critical role in managing and ensuring the cybersecurity compliance of classified systems and networks. This position is on−site/hybrid/remote and involves working independently and collaboratively to address all aspects of cybersecurity program elements. Your work will directly contribute to GE Aerospace's mission of delivering secure and compliant solutions to our customers. Key Responsibilities: Certify IT assets prior to submission to DCSA for accreditation and ensure compliance with applicable policy documents. Design, develop, and implement effective solutions that conform to information system security control requirements after system or network categorization. Utilize tools such as STIG, SCAP, SPLUNK, MS Log Parser, and others to configure, monitor, and review systems and networks. Configure audit tools and review logs to identify anomalies, vulnerabilities, and system errors. Ensure system and network configurations meet USG regulatory compliance requirements. Perform system certification and accreditation planning and testing to support formal USG Assessment and Authorization (A&A). Develop and review system accreditation documentation, including system security plans, risk assessments, hardware/software lists, and plan of actions and milestones. Develop and oversee the execution of a continuous monitoring plan, documenting results to validate information protection effectiveness. Provide support and backup coverage to special access programs as needed. Collaborate with IT personnel to ensure secure systems operations, maintenance, and licensing compliance. Assist users with account validation, vulnerability assessments, and IT security briefings. The Ideal Candidate: The ideal candidate is a detail-oriented cybersecurity professional with strong documentation skills and a passion for ensuring secure systems operations. They thrive in a collaborative environment and are committed to delivering high-quality results while adhering to federal security requirements. Required Qualifications: Current/Active DoD Secret clearance (adjudicated within the last six years) with the ability to obtain and maintain up to TS. Bachelor's degree in computer science, information systems security, or a minimum of 6 years of experience in a cybersecurity-related field. Strong knowledge of Microsoft Office and documentation creation/maintenance. Experience with recent Windows operating systems. Familiarity with federal security requirements and mandates (e.g., RMF, NISPOM/DAAPM). Experience implementing DISA Security Technical Implementation Guides (STIG). CompTIA Security+ certification or other DoD 8570/8140 qualifications. Strong organizational, time management, and scheduling skills. Ability to work independently and collaboratively in a diversified environment. Working knowledge of Communications Security (COMSEC) equipment and administration. Preferred Qualifications: IAM II or IAT II or higher certifications IAW DoD 8570/8140 qualifications. Certifications or experience in local area networks, network appliances, and cryptography. Cisco, Linux, and VMware experience. Working experience with e-Mass. Knowledge of DoD RMF requirements and implementations per DAAPM and/or JSIG. Familiarity with physical security principles and apparatus. Experience using SCAP tools to verify STIG implementation. Knowledge of data backup strategies. Additional Information: The base pay range for this position is $127,300.00-169,700.00. The specific pay offered may be influenced by a variety of factors, including the candidate's experience, education, and skill set. This position is also eligible for an annual discretionary bonus based on a percentage of your base salary/ commission based on the plan. This posting is expected to close on June 27th, 2025 GE Aerospace offers comprehensive benefits and programs to support your health and, along with programs like HealthAhead, your physical, emotional, financial and social wellbeing. Healthcare benefits include medical, dental, vision, and prescription drug coverage, access to a Health Coach from GE Aerospace; and the Employee Assistance Program, which provides 24/7 confidential assessment, counseling and referral services. Retirement benefits include the GE Aerospace Retirement Savings Plan, a 401(k) savings plan with company matching contributions and company retirement contributions, as well as access to Fidelity resources and planning consultants. Other benefits include tuition assistance, adoption assistance, paid parental leave, disability insurance, life insurance, and paid time -off for vacation or illness. GE Aerospace (General Electric Company or the Company) and its affiliates each sponsor certain employee benefit plans or prog rams (i.e., is a “Sponsor”). Each Sponsor reserves the right to terminate, amend, suspend, replace or modify its benefit plans and programs at any time and for any reason, in its sole discretion. No individual has a vested right to any benefit under a Sponsor's welfare benefit plan or program. This document does not create a contract of employment with any individual. © 2023 GE Aerospace and/or its affiliates. All rights reserved. Attorney-Client Privileged Closing: At GE Aerospace, we are committed to fostering a diverse and inclusive workplace. Join us and be part of a team that is shaping the future of flight. Export Control Language: GE Aerospace will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a background investigation and drug screen. This role requires access to U.S. export-controlled information. Therefore, for applicants who are not U.S. lawful permanent residents, U.S. Citizens, or have been granted asylee or refugee status (i.e., not a protected individual under the Immigration and Naturalization Act, 8 U.S.C. 1324b(a)(3), otherwise known as a U.S. Person), employment will be contingent on the ability to obtain authorization for access to U.S. export-controlled information from the U.S. Government. Additional Information GE Aerospace offers a great work environment, professional development, challenging careers, and competitive compensation. GE Aerospace is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. GE Aerospace will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable). Relocation Assistance Provided: Yes

**Country:** United States of America ** Onsite **U.S. Citizen, U.S. Person, or Immigration Status Requirements:** Active and transferable U.S. government issued security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance **Security Clearance:** Secret - Current At Raytheon, the foundation of everything we do is rooted in our values and a higher calling - to help our nation and allies defend freedoms and deter aggression. We bring the strength of more than 100 years of experience and renowned engineering expertise to meet the needs of today's mission and stay ahead of tomorrow's threat. Our team solves tough, meaningful problems that create a safer, more secure world. Our cybersecurity team is seeking a **Senior Information Systems Security Officer (ISSO)** to support our team **100% onsite** at our facility in **Woburn, Massachusetts.** The successful candidate will interface with the Information Systems Security Manager (ISSM) to ensure adherence with NIST Special Publications, customer directives, and company policies as applicable all NISPOM Chapter 8, DAAPM, JSIG policies. **What You Will Do** + Assessing and monitoring system compliance, auditing, security plan development and delivering information systems security education and awareness. + Investigating information system security violations and help prepare reports specifying corrective and preventative actions. + Reviewing and approving (within authority) configuration management requests. + Conducting technical and administrative assessments. + Integrating new cybersecurity processes, procedures, and tools. + Support the creation, review and update of cybersecurity documentation and other technical writing. **Qualifications You Must Have** + Typically requires a University Degree or equivalent experience and minimum 5 years prior relevant experience, or an Advanced Degree in a related field and minimum 3 years' experience. + Current IAM Level I certification (Security+ or other). + Relevant Experience Considered in any combination: + Cybersecurity, systems security or hardening + Information Technology + Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM), Joint SAP Implementation Guide (JSIG), National Industrial Security Program Operating Manual (NISPOM), and/or non-defense regulations such as FAA, Payment Card Industry (PCI), ISO 9001 Quality Management standards, or HIPPA + Experience working with and/or supporting computer technologies (such as: databases, operating systems, computer network hardware, software programs, hardware troubleshooting or electronics) + Physical security/security, policework/criminal justice, investigations, or Border Patrol + Project or program management, office management, senior administration, or account management **Qualifications We Prefer** + Experience working in DoD classified operating and/or laboratory environments. + Experience with various information system security tools that address vulnerability analysis and mitigation. These may include Splunk, Forcepoint, Ivanti, Tenable, ACAS, HBSS, etc. + Familiarity with implementation of Government directives and policies derived from NIST, CNSSI, DoD, or other Government Regulatory compliance standards within a professional industry. + Experience in the execution of the Assessment & Authorization processes, as defined within the Risk Managed Framework (RMF). + Experience providing technical security consultation for complex, cross-domain, heterogeneous classified networked environments in collaboration with internal/external Customers, Information Technology (IT). + Familiarity with large multi-facility networks including various complex components, including Windows and Linux environments. + Experience interpreting, implementing, and assessing DISA STIGs. + Familiarity with the execution and management of cyber incident response; preservation, containment, and eradication. **What We Offer** Our values drive our actions, behaviors, and performance with a vision for a safer, more connected world. At RTX we value: Trust, Respect, Accountability, Collaboration, and Innovation. Relocation Non-Eligible - Relocation assistance not available **Please consider the following role type definition as you apply for this role:** + Onsite: Employees who are working in Onsite roles will work primarily onsite. This includes all production and maintenance employees, as they are essential to the development of our products. We are RTX (**************************************** \#LI-Onsite **_As part of our commitment to maintaining a secure hiring process, candidates may be asked to attend select steps of the interview process in-person at one of our office locations, regardless of whether the role is designated as on-site, hybrid or remote._** The salary range for this role is 86,800 USD - 165,200 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate's work experience, location, education/training, and key skills. Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement. Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company's performance. This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply. RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window. _RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans' Readjustment Assistance Act._ **Privacy Policy and Terms:** Click on this link (******************************************************** to read the Policy and Terms Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Country: United States of America Onsite U.S. Citizen, U.S. Person, or Immigration Status Requirements: Active and transferable U.S. government issued security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance Security Clearance: Secret - Current At Raytheon, the foundation of everything we do is rooted in our values and a higher calling - to help our nation and allies defend freedoms and deter aggression. We bring the strength of more than 100 years of experience and renowned engineering expertise to meet the needs of today's mission and stay ahead of tomorrow's threat. Our team solves tough, meaningful problems that create a safer, more secure world. Our cybersecurity team is seeking a Senior Information Systems Security Officer (ISSO) to support our team 100% onsite at our facility in Woburn, Massachusetts. The successful candidate will interface with the Information Systems Security Manager (ISSM) to ensure adherence with NIST Special Publications, customer directives, and company policies as applicable all NISPOM Chapter 8, DAAPM, JSIG policies. What You Will Do Assessing and monitoring system compliance, auditing, security plan development and delivering information systems security education and awareness. Investigating information system security violations and help prepare reports specifying corrective and preventative actions. Reviewing and approving (within authority) configuration management requests. Conducting technical and administrative assessments. Integrating new cybersecurity processes, procedures, and tools. Support the creation, review and update of cybersecurity documentation and other technical writing. Qualifications You Must Have Typically requires a University Degree or equivalent experience and minimum 5 years prior relevant experience, or an Advanced Degree in a related field and minimum 3 years' experience. Current IAM Level I certification (Security+ or other). Relevant Experience Considered in any combination: Cybersecurity, systems security or hardening Information Technology Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM), Joint SAP Implementation Guide (JSIG), National Industrial Security Program Operating Manual (NISPOM), and/or non-defense regulations such as FAA, Payment Card Industry (PCI), ISO 9001 Quality Management standards, or HIPPA Experience working with and/or supporting computer technologies (such as: databases, operating systems, computer network hardware, software programs, hardware troubleshooting or electronics) Physical security/security, policework/criminal justice, investigations, or Border Patrol Project or program management, office management, senior administration, or account management Qualifications We Prefer Experience working in DoD classified operating and/or laboratory environments. Experience with various information system security tools that address vulnerability analysis and mitigation. These may include Splunk, Forcepoint, Ivanti, Tenable, ACAS, HBSS, etc. Familiarity with implementation of Government directives and policies derived from NIST, CNSSI, DoD, or other Government Regulatory compliance standards within a professional industry. Experience in the execution of the Assessment & Authorization processes, as defined within the Risk Managed Framework (RMF). Experience providing technical security consultation for complex, cross-domain, heterogeneous classified networked environments in collaboration with internal/external Customers, Information Technology (IT). Familiarity with large multi-facility networks including various complex components, including Windows and Linux environments. Experience interpreting, implementing, and assessing DISA STIGs. Familiarity with the execution and management of cyber incident response; preservation, containment, and eradication. What We Offer Our values drive our actions, behaviors, and performance with a vision for a safer, more connected world. At RTX we value: Trust, Respect, Accountability, Collaboration, and Innovation. Relocation Non-Eligible - Relocation assistance not available Please consider the following role type definition as you apply for this role: Onsite: Employees who are working in Onsite roles will work primarily onsite. This includes all production and maintenance employees, as they are essential to the development of our products. We are RTX #LI-Onsite As part of our commitment to maintaining a secure hiring process, candidates may be asked to attend select steps of the interview process in-person at one of our office locations, regardless of whether the role is designated as on-site, hybrid or remote. The salary range for this role is 86,800 USD - 165,200 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate's work experience, location, education/training, and key skills.Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement.Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company's performance.This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply.RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window. RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans' Readjustment Assistance Act. Privacy Policy and Terms: Click on this link to read the Policy and Terms

Site Name: USA - Massachusetts - Cambridge Are you looking for an opportunity to enhance your project management expertise within a cutting-edge global environment? If so, this Facilities Engineering Manager role could be an ideal opportunity to explore. As OT Security Engineer you will provide technical expertise and implementation resources for all automation and control systems activities on new and existing equipment and facilities in the New England Region. This role will provide YOU the opportunity to lead key activities to progress YOUR career, these responsibilities include some of the following: * Liaising with the Site Team with assets residing on the OT with aiding in reviews, audits and any questions / queries with relation to OT security * Maintaining the OT security standard requirements on the identified workstreams OT * Ensuring vendors are managed appropriately at site in terms of OT security compliance * Responsible for OT security related works in the identified workstream, including Capital Projects, to ensure they comply with the GSK OT Security standards, guidance, processes and procedures * Support delivery of cyber security training to the site * Responsible for engaging with GSK OT teams to deliver projects or provide service * Responsible for input into improvement strategies to deliver business benefits. * Responsible for providing technical input during solution design, development, testing and implementation * To act as an OT Network Technical authority on related matters where required * To act as an advocate for OT Cybersecurity, enabling supply divisions to maximize the exploitation of technology Why you? Basic Qualifications: We are looking for professionals with these required skills to achieve our goals: * Bachelor's degree in Cybersecurity, Computer Science, Engineering, or a related field. * 5+ years of experience in cybersecurity, with at least 2 years focused on OT environments. * Knowledge of ICS, SCADA, and OT security principles. * Familiarity with OT protocols (e.g., Modbus, OPC, DNP3) and security tools (e.g., Splunk, Palo Alto Networks, Siemens TIA Portal). * Experience with regulatory frameworks such as NIST, IEC 62443, and ISO 27001. Preferred Qualifications: If you have the following characteristics, it would be a plus: * Exposure to IT infrastructure and Cyber Security risk reduction * Effective communication skills with the ability to interface with operational, capital projects and senior management within the organization * Certifications such as CISSP, GICSP, or ISA/IEC 62443 Cybersecurity Expert. * Strong problem-solving and analytical skills. * Ability to communicate complex technical risks to non-technical stakeholders. * Experience in the pharmaceutical or manufacturing industry is a plus. Why GSK? At GSK, we value the contributions of every team member and are committed to offering a supportive and dynamic work environment. Here's what you'll enjoy as part of our team: * Purpose-Driven Work: Play a key role in protecting the systems that help us deliver life-saving medicines. * Career Growth: Access to training, certifications, and development opportunities to advance your career. * Inclusive Culture: Work in a collaborative and diverse environment where innovation thrives. * Competitive Benefits: Comprehensive health coverage, retirement plans, and family-friendly perks. #LI-GSK We encourage you to apply if you are passionate about making a difference and have the skills to thrive in this role. Join us in creating a healthier world! Please visit GSK US Benefits Summary to learn more about the comprehensive benefits program GSK offers US employees. Why GSK? Uniting science, technology and talent to get ahead of disease together. GSK is a global biopharma company with a purpose to unite science, technology and talent to get ahead of disease together. We aim to positively impact the health of 2.5 billion people by the end of the decade, as a successful, growing company where people can thrive. We get ahead of disease by preventing and treating it with innovation in specialty medicines and vaccines. We focus on four therapeutic areas: respiratory, immunology and inflammation; oncology; HIV; and infectious diseases - to impact health at scale. People and patients around the world count on the medicines and vaccines we make, so we're committed to creating an environment where our people can thrive and focus on what matters most. Our culture of being ambitious for patients, accountable for impact and doing the right thing is the foundation for how, together, we deliver for patients, shareholders and our people. If you require an accommodation or other assistance to apply for a job at GSK, please contact the GSK Service Centre at ************** (US Toll Free) or *************** (outside US). GSK is an Equal Opportunity Employer. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, genetic information (including family medical history), military service or any basis prohibited under federal, state or local law. Important notice to Employment businesses/ Agencies GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site. Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK's compliance to all federal and state US Transparency requirements. For more information, please visit the Centers for Medicare and Medicaid Services (CMS) website at *********************************

Join Allied Universal Technology Services, a global leader in transforming the security industry. We integrate advanced technology - video surveillance, electronic access control, alarm monitoring and augmented solutions with physical security to help people feel safe. Whether you're an installation technician, service technician, engineer, or project manager, you'll discover rewarding opportunities to grow your career as part of a valued team. Apply today and be phenomenal-build a meaningful career while protecting what matters most through innovative security technology. Job Description Allied Universal is looking to hire a Solution Engineer. The Solution Engineer creates all post-sale security systems design, engineering, value engineering, and documentation. The position is part of the Solutions Engineering department, which is responsible for translating, expanding, finalizing, and documenting pre-sales proposals and technical designs produced by Sales and Solutions Architecture in pre-sale systems architecting and quoting. This position works closely with Sales, Solutions Architecture, Operations, and external customers as required. The primary work products for the Solution Engineer are security system and construction technical drawings, including custom installation drawings and instructions, network design diagrams, riser diagrams, typical installation diagrams, point-to-point system schedules, door hardware schedules, document redlining, functional narratives describing systems operations, and as-built documentation. RESPONSIBILITIES: Creates and updates comprehensive post-sale engineering packages illustrating device locations, IDF/MDF room layouts, SOC/GSOC layouts, console designs, installation diagrams, riser diagrams, network designs, etc. Creates and updates performance-based and product-based specifications Creates and updates pre-fabrication submittal packages as specified by architects and engineers for their approval prior to installation Develops and maintains as-built record documentation over the life cycle of various projects and follow-on MAC work Utilizes and contributes to a comprehensive library of standard post-sale engineering documents, templates, and standards, as well as project-specific and customer-specific submittals Ensures effective value engineering by assuring technical compliance while at the same time reducing Allied Universal Technology Services costs whenever possible Reviews AUTS proposals both pre-sale and post-sale to scrutinize selected products for applicability and specification compliance Collaborates with AUTS's product suppliers to ensure the desired functionality of selected products. Consistently applies AUTS's standards for installation Contributes to AUTS internal guidelines for Solutions Engineering engagement and post-sale systems engineering QUALIFICATIONS (MUST HAVES): A minimum of five (5) years of experience in electronic security systems design / engineering In-depth knowledge of security system design best practices and product applicability, including products like: Video surveillance and related technologies (Analog, IP, Codecs, VMS) Access control and related technologies (card access, biometrics, PIV, FIPS-201, HSPD-12, various processor panels, electric locking hardware, etc.) Physical intrusion detection (Bosch, DMP, etc.) Software House, Lenel, Amag, Brivo, Genetec, and Avigilon systems architectures Computer software skills to include: AutoCAD and associated rendering applications, MS Office, Acrobat Writer, and Visio Ability to read and understand complex architectural and engineering drawings Working knowledge of AC and DC circuitry, voltage drop calculations, and wire sizing Ability to collaborate with diverse teams of technical designers and engineers Ability to simultaneously work on multiple large, complex projects Good written and verbal communication skills Strong analytical decision-making capabilities Self-motivated with the ability to influence others PREFERRED QUALIFICATION (NICE TO HAVES): Manufacture certifications PMP/PSP certifications A bachelor's or associate's degree in electrical engineering or equivalent is considered a plus Ability to plan, size, and design enterprise-class IT network and storage solutions, including products like: Virtualization technologies such as VMware vSphere and View Data-center networking technologies such as Cisco Nexus Storage Area Network technologies such as NetApp or EMC Load balancing / firewalling technologies such as Cisco ACE or Cisco ASA Data-center protocols such as Fibre Channel, NFS, IP, iSCSI, DCE Physical Security Information Management (PSIM) BENEFITS: Salary: $80,000 - 115,000 / annually Medical, dental, vision, retirement plan, basic life, AD&D, and disability insurance Eight paid holidays annually, five sick days, and four personal days Vacation time offered at an accrual rate of 3.08 hours biweekly. Unused vacation is only paid out where required by law #LI-26 Closing Allied Universal is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race/ethnicity, age, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, protected veteran status or relationship/association with a protected veteran, or any other basis or characteristic protected by law. For more information: *********** If you have difficulty using the online system and require an alternate method to apply or require an accommodation, please contact our local Human Resources department. To find an office near you, please visit: ***********/offices. Requisition ID 2026-1512505

Overview Join Allied Universal Technology Services, a global leader in transforming the security industry. We integrate advanced technology - video surveillance, electronic access control, alarm monitoring and augmented solutions with physical security to help people feel safe. Whether you're an installation technician, service technician, engineer, or project manager, you'll discover rewarding opportunities to grow your career as part of a valued team. Apply today and be phenomenal-build a meaningful career while protecting what matters most through innovative security technology. Job Description Allied Universal is looking to hire a Solution Engineer. The Solution Engineer creates all post-sale security systems design, engineering, value engineering, and documentation. The position is part of the Solutions Engineering department, which is responsible for translating, expanding, finalizing, and documenting pre-sales proposals and technical designs produced by Sales and Solutions Architecture in pre-sale systems architecting and quoting. This position works closely with Sales, Solutions Architecture, Operations, and external customers as required. The primary work products for the Solution Engineer are security system and construction technical drawings, including custom installation drawings and instructions, network design diagrams, riser diagrams, typical installation diagrams, point-to-point system schedules, door hardware schedules, document redlining, functional narratives describing systems operations, and as-built documentation. RESPONSIBILITIES: Creates and updates comprehensive post-sale engineering packages illustrating device locations, IDF/MDF room layouts, SOC/GSOC layouts, console designs, installation diagrams, riser diagrams, network designs, etc. Creates and updates performance-based and product-based specifications Creates and updates pre-fabrication submittal packages as specified by architects and engineers for their approval prior to installation Develops and maintains as-built record documentation over the life cycle of various projects and follow-on MAC work Utilizes and contributes to a comprehensive library of standard post-sale engineering documents, templates, and standards, as well as project-specific and customer-specific submittals Ensures effective value engineering by assuring technical compliance while at the same time reducing Allied Universal Technology Services costs whenever possible Reviews AUTS proposals both pre-sale and post-sale to scrutinize selected products for applicability and specification compliance Collaborates with AUTS's product suppliers to ensure the desired functionality of selected products. Consistently applies AUTS's standards for installation Contributes to AUTS internal guidelines for Solutions Engineering engagement and post-sale systems engineering QUALIFICATIONS (MUST HAVES): A minimum of five (5) years of experience in electronic security systems design / engineering In-depth knowledge of security system design best practices and product applicability, including products like: Video surveillance and related technologies (Analog, IP, Codecs, VMS) Access control and related technologies (card access, biometrics, PIV, FIPS-201, HSPD-12, various processor panels, electric locking hardware, etc.) Physical intrusion detection (Bosch, DMP, etc.) Software House, Lenel, Amag, Brivo, Genetec, and Avigilon systems architectures Computer software skills to include: AutoCAD and associated rendering applications, MS Office, Acrobat Writer, and Visio Ability to read and understand complex architectural and engineering drawings Working knowledge of AC and DC circuitry, voltage drop calculations, and wire sizing Ability to collaborate with diverse teams of technical designers and engineers Ability to simultaneously work on multiple large, complex projects Good written and verbal communication skills Strong analytical decision-making capabilities Self-motivated with the ability to influence others PREFERRED QUALIFICATION (NICE TO HAVES): Manufacture certifications PMP/PSP certifications A bachelor's or associate's degree in electrical engineering or equivalent is considered a plus Ability to plan, size, and design enterprise-class IT network and storage solutions, including products like: Virtualization technologies such as VMware vSphere and View Data-center networking technologies such as Cisco Nexus Storage Area Network technologies such as NetApp or EMC Load balancing / firewalling technologies such as Cisco ACE or Cisco ASA Data-center protocols such as Fibre Channel, NFS, IP, iSCSI, DCE Physical Security Information Management (PSIM) BENEFITS: Salary: $80,000 - 115,000 / annually Medical, dental, vision, retirement plan, basic life, AD&D, and disability insurance Eight paid holidays annually, five sick days, and four personal days Vacation time offered at an accrual rate of 3.08 hours biweekly. Unused vacation is only paid out where required by law #LI-EB1 Closing Allied Universal is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race/ethnicity, age, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, protected veteran status or relationship/association with a protected veteran, or any other basis or characteristic protected by law. For more information: *********** If you have difficulty using the online system and require an alternate method to apply or require an accommodation, please contact our local Human Resources department. To find an office near you, please visit: ***********/offices. Requisition ID 2026-1512505

The Research Architect for Dynamic Application Security Testing (DAST) is responsible for overseeing the security capabilities of Veracode's dynamic scanner offerings. Responsibilities · Conduct research and development for automating web application attacks. · Conduct research for improving techniques for detection of vulnerabilities. · Develop attack signatures for specific classes of vulnerabilities. · Define developer focused specifications for new attacks. · Work with management to set priorities and goals for Veracode's DAST offerings. · Keep up to date with the latest features in web browsers, web application development techniques, and web application vulnerabilities. · Develop test cases to demonstrate vulnerabilities and ensure products' ability to identify them in an automated fashion. · Actively engage with the security research community through speaking at industry conferences, publishing independent research, posting on the Veracode blog, and other means. The Research Architect for Dynamic Application Security Testing (DAST) is responsible for overseeing the security capabilities of Veracode's dynamic scanner offerings. Responsibilities · Conduct research and development for automating web application attacks. · Conduct research for improving techniques for detection of vulnerabilities. · Develop attack signatures for specific classes of vulnerabilities. · Define developer focused specifications for new attacks. · Work with management to set priorities and goals for Veracode's DAST offerings. · Keep up to date with the latest features in web browsers, web application development techniques, and web application vulnerabilities. · Develop test cases to demonstrate vulnerabilities and ensure products' ability to identify them in an automated fashion. · Actively engage with the security research community through speaking at industry conferences, publishing independent research, posting on the Veracode blog, and other means. This is a deeply technical role that requires significant knowledge around modern web development technologies and practices. You not only understand common web vulnerabilities, but understand how to find them in an automated fashion. You will need to follow upcoming trends and how they may have implications for security. It's also crucial that you're an effective communicator, as you'll collaborate frequently with engineers to guide them in implementing the specifications you create. You'll also need: · 5+ years of practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits. · 3+ years of software development experience. · Deep understanding of web browsers (i.e. security features, DOM, JavaScript, etc.). · Deep understanding of common client side and server side web application vulnerabilities and how to exploit them (e.g. SQL injection, cross-site scripting, etc.). · Ability to learn new programming languages and/or technologies quickly and independently · Ability to balance novelty of attacks with the restrictions automation demands. · Experience with automated application security testing products (SAST, DAST, etc.) a plus. · Genuine enthusiasm, not just aptitude, for application security. Up to 20% of your time will be allocated for independent research, and this means you'll need interesting, relevant project ideas. · Prototyping ability - the skill to hack something together quick and dirty to solve a problem and demonstrate feasibility. · Excellent attention to detail, quality, and customer satisfaction. Consulting experience a plus. · Strong analytical, organizational, and technical writing skills. · B.S. in Computer Science or equivalent industry experience. Skills & Requirements This is a deeply technical role that requires significant knowledge around modern web development technologies and practices. You not only understand common web vulnerabilities, but understand how to find them in an automated fashion. You will need to follow upcoming trends and how they may have implications for security. It's also crucial that you're an effective communicator, as you'll collaborate frequently with engineers to guide them in implementing the specifications you create. You'll also need: · 5+ years of practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits. · 3+ years of software development experience. · Deep understanding of web browsers (i.e. security features, DOM, JavaScript, etc.). · Deep understanding of common client side and server side web application vulnerabilities and how to exploit them (e.g. SQL injection, cross-site scripting, etc.). · Ability to learn new programming languages and/or technologies quickly and independently · Ability to balance novelty of attacks with the restrictions automation demands. · Experience with automated application security testing products (SAST, DAST, etc.) a plus. · Genuine enthusiasm, not just aptitude, for application security. Up to 20% of your time will be allocated for independent research, and this means you'll need interesting, relevant project ideas. · Prototyping ability - the skill to hack something together quick and dirty to solve a problem and demonstrate feasibility. · Excellent attention to detail, quality, and customer satisfaction. Consulting experience a plus. · Strong analytical, organizational, and technical writing skills. · B.S. in Computer Science or equivalent industry experience.

GE Aviation Systems - Edison Works in Lynn, MA is seeking an Information System Security Manager (ISSM) in support of US Government (USG), Department of Defense (DoD) activities. In this role, the successful candidate will be supporting and managing information systems security for multiple USG classified systems and networks and for various programs and sponsors. The successful candidate is expected to have a working knowledge of National Institute of Standards and Technology (NIST) information system protection policies and Risk Management Framework (RMF) procedures and tools as prescribed within the Defense Counterintelligence and Security Agency (DCSA), DCSA Assessment and Authorization Manual (DAAPM) and as they apply to various defense industry implementations. **Job Description** **Job Title:** Information Systems Security Manager (ISSM) **Company Intro/About Us:** GE Aerospace is a world-leading provider of jet engines, components, and integrated systems for commercial and military aircraft. At GE Aerospace, we are committed to pushing the boundaries of technology to deliver innovative solutions that power the future of flight. Working here means being part of a team that values safety, quality, delivery, and cost (SQDC), with safety always being the top priority. Our culture fosters collaboration, respect, and continuous improvement, ensuring every employee has the opportunity to thrive. **Site, Business, OR Functional Area Overview:** At InsertSite/FunctionalArea, you'll be part of a dynamic team dedicated to ensuring the security and compliance of classified systems and networks. We pride ourselves on fostering a culture of respect, innovation, and teamwork, where employees are empowered to make meaningful contributions. With competitive benefits and a focus on professional growth, this is a place where your career can truly take off. **Role Overview:** As an Information Systems Security Manager (ISSM), you will play a critical role in managing and ensuring the cybersecurity compliance of classified systems and networks. This position is on−site/hybrid/remote and involves working independently and collaboratively to address all aspects of cybersecurity program elements. Your work will directly contribute to GE Aerospace's mission of delivering secure and compliant solutions to our customers. **Key Responsibilities:** + Certify IT assets prior to submission to DCSA for accreditation and ensure compliance with applicable policy documents. + Design, develop, and implement effective solutions that conform to information system security control requirements after system or network categorization. + Utilize tools such as STIG, SCAP, SPLUNK, MS Log Parser, and others to configure, monitor, and review systems and networks. + Configure audit tools and review logs to identify anomalies, vulnerabilities, and system errors. + Ensure system and network configurations meet USG regulatory compliance requirements. + Perform system certification and accreditation planning and testing to support formal USG Assessment and Authorization (A&A). + Develop and review system accreditation documentation, including system security plans, risk assessments, hardware/software lists, and plan of actions and milestones. + Develop and oversee the execution of a continuous monitoring plan, documenting results to validate information protection effectiveness. + Provide support and backup coverage to special access programs as needed. + Collaborate with IT personnel to ensure secure systems operations, maintenance, and licensing compliance. + Assist users with account validation, vulnerability assessments, and IT security briefings. **The Ideal Candidate:** The ideal candidate is a detail-oriented cybersecurity professional with strong documentation skills and a passion for ensuring secure systems operations. They thrive in a collaborative environment and are committed to delivering high-quality results while adhering to federal security requirements. **Required Qualifications:** + Current/Active DoD Secret clearance (adjudicated within the last six years) with the ability to obtain and maintain up to TS. + Bachelor's degree in computer science, information systems security, or a minimum of 6 years of experience in a cybersecurity-related field. + Strong knowledge of Microsoft Office and documentation creation/maintenance. + Experience with recent Windows operating systems. + Familiarity with federal security requirements and mandates (e.g., RMF, NISPOM/DAAPM). + Experience implementing DISA Security Technical Implementation Guides (STIG). + CompTIA Security+ certification or other DoD 8570/8140 qualifications. + Strong organizational, time management, and scheduling skills. + Ability to work independently and collaboratively in a diversified environment. + Working knowledge of Communications Security (COMSEC) equipment and administration. **Preferred Qualifications:** + IAM II or IAT II or higher certifications IAW DoD 8570/8140 qualifications. + Certifications or experience in local area networks, network appliances, and cryptography. + Cisco, Linux, and VMware experience. + Working experience with e-Mass. + Knowledge of DoD RMF requirements and implementations per DAAPM and/or JSIG. + Familiarity with physical security principles and apparatus. + Experience using SCAP tools to verify STIG implementation. + Knowledge of data backup strategies. **Additional Information:** The base pay range for this position is $127,300.00-169,700.00. The specific pay offered may be influenced by a variety of factors, including the candidate's experience, education, and skill set. This position is also eligible for an annual discretionary bonus based on a percentage of your base salary/ commission based on the plan. This posting is expected to close on June 27th, 2025 GE Aerospace offers comprehensive benefits and programs to support your health and, along with programs like HealthAhead, your physical, emotional, financial and social wellbeing. Healthcare benefits include medical, dental, vision, and prescription drug coverage, access to a Health Coach from GE Aerospace; and the Employee Assistance Program, which provides 24/7 confidential assessment, counseling and referral services. Retirement benefits include the GE Aerospace Retirement Savings Plan, a 401(k) savings plan with company matching contributions and company retirement contributions, as well as access to Fidelity resources and planning consultants. Other benefits include tuition assistance, adoption assistance, paid parental leave, disability insurance, life insurance, and paid time -off for vacation or illness. GE Aerospace (General Electric Company or the Company) and its affiliates each sponsor certain employee benefit plans or prog rams (i.e., is a "Sponsor"). Each Sponsor reserves the right to terminate, amend, suspend, replace or modify its benefit plans and programs at any time and for any reason, in its sole discretion. No individual has a vested right to any benefit under a Sponsor's welfare benefit plan or program. This document does not create a contract of employment with any individual. © 2023 GE Aerospace and/or its affiliates. All rights reserved. Attorney-Client Privileged **Closing:** At GE Aerospace, we are committed to fostering a diverse and inclusive workplace. Join us and be part of a team that is shaping the future of flight. **Export Control Language:** GE Aerospace will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a background investigation and drug screen. _This role requires access to U.S. export-controlled information. Therefore, for applicants who are not U.S. lawful permanent residents, U.S. Citizens, or have been granted asylee or refugee status (i.e., not a protected individual under the Immigration and Naturalization Act, 8 U.S.C. 1324b(a)(3), otherwise known as a U.S. Person), employment will be contingent on the ability to obtain authorization for access to U.S. export-controlled information from the U.S. Government._ **Additional Information** GE Aerospace offers a great work environment, professional development, challenging careers, and competitive compensation. GE Aerospace is an Equal Opportunity Employer (****************************************************************************************** . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. GE Aerospace will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable). **Relocation Assistance Provided:** Yes GE Aerospace is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

Country: United States of America Onsite U.S. Citizen, U.S. Person, or Immigration Status Requirements: Active and transferable U.S. government issued security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance Security Clearance: Secret - Current At Raytheon, the foundation of everything we do is rooted in our values and a higher calling - to help our nation and allies defend freedoms and deter aggression. We bring the strength of more than 100 years of experience and renowned engineering expertise to meet the needs of today's mission and stay ahead of tomorrow's threat. Our team solves tough, meaningful problems that create a safer, more secure world. Our cybersecurity team is seeking a Senior Information Systems Security Officer (ISSO) to support our team 100% onsite at our facility in Andover, Massachusetts. The successful candidate will interface with the Information Systems Security Manager (ISSM) to ensure adherence with NIST Special Publications, customer directives, and company policies as applicable all NISPOM Chapter 8, DAAPM, JSIG policies. What You Will Do Assessing and monitoring system compliance, auditing, security plan development and delivering information systems security education and awareness. Investigating information system security violations and help prepare reports specifying corrective and preventative actions. Reviewing and approving (within authority) configuration management requests. Conducting technical and administrative assessments. Integrating new cybersecurity processes, procedures, and tools. Support the creation, review and update of cybersecurity documentation and other technical writing. Qualifications You Must Have Typically requires a University Degree or equivalent experience and minimum 5 years prior relevant experience, or an Advanced Degree in a related field and minimum 3 years' experience. Current IAM Level I certification (Security+ or other). Relevant Experience Considered in any combination: Cybersecurity, systems security or hardening Information Technology Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM), Joint SAP Implementation Guide (JSIG), National Industrial Security Program Operating Manual (NISPOM), and/or non-defense regulations such as FAA, Payment Card Industry (PCI), ISO 9001 Quality Management standards, or HIPPA Experience working with and/or supporting computer technologies (such as: databases, operating systems, computer network hardware, software programs, hardware troubleshooting or electronics) Physical security/security, policework/criminal justice, investigations, or Border Patrol Project or program management, office management, senior administration, or account management Qualifications We Prefer Experience working in DoD classified operating and/or laboratory environments. Experience with various information system security tools that address vulnerability analysis and mitigation. These may include Splunk, Forcepoint, Ivanti, Tenable, ACAS, HBSS, etc. Familiarity with implementation of Government directives and policies derived from NIST, CNSSI, DoD, or other Government Regulatory compliance standards within a professional industry. Experience in the execution of the Assessment & Authorization processes, as defined within the Risk Managed Framework (RMF). Experience providing technical security consultation for complex, cross-domain, heterogeneous classified networked environments in collaboration with internal/external Customers, Information Technology (IT). Familiarity with large multi-facility networks including various complex components, including Windows and Linux environments. Experience interpreting, implementing, and assessing DISA STIGs. Familiarity with the execution and management of cyber incident response; preservation, containment, and eradication. What We Offer Our values drive our actions, behaviors, and performance with a vision for a safer, more connected world. At RTX we value: Trust, Respect, Accountability, Collaboration, and Innovation. Relocation Non-Eligible - Relocation assistance not available Learn More & Apply Now! Please consider the following role type definition as you apply for this role: Onsite: Employees who are working in Onsite roles will work primarily onsite. This includes all production and maintenance employees, as they are essential to the development of our products We are RTX #LI-Onsite As part of our commitment to maintaining a secure hiring process, candidates may be asked to attend select steps of the interview process in-person at one of our office locations, regardless of whether the role is designated as on-site, hybrid or remote. The salary range for this role is 86,800 USD - 165,200 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate's work experience, location, education/training, and key skills.Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement.Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company's performance.This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply.RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window. RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans' Readjustment Assistance Act. Privacy Policy and Terms: Click on this link to read the Policy and Terms

**Country:** United States of America ** Onsite **U.S. Citizen, U.S. Person, or Immigration Status Requirements:** Active and transferable U.S. government issued security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance **Security Clearance:** Secret - Current At Raytheon, the foundation of everything we do is rooted in our values and a higher calling - to help our nation and allies defend freedoms and deter aggression. We bring the strength of more than 100 years of experience and renowned engineering expertise to meet the needs of today's mission and stay ahead of tomorrow's threat. Our team solves tough, meaningful problems that create a safer, more secure world. Our cybersecurity team is seeking a **Senior Information Systems Security Officer (ISSO)** to support our team **100% onsite** at our facility in **Andover, Massachusetts.** The successful candidate will interface with the Information Systems Security Manager (ISSM) to ensure adherence with NIST Special Publications, customer directives, and company policies as applicable all NISPOM Chapter 8, DAAPM, JSIG policies. **What You Will Do** + Assessing and monitoring system compliance, auditing, security plan development and delivering information systems security education and awareness. + Investigating information system security violations and help prepare reports specifying corrective and preventative actions. + Reviewing and approving (within authority) configuration management requests. + Conducting technical and administrative assessments. + Integrating new cybersecurity processes, procedures, and tools. + Support the creation, review and update of cybersecurity documentation and other technical writing. **Qualifications You Must Have** + Typically requires a University Degree or equivalent experience and minimum 5 years prior relevant experience, or an Advanced Degree in a related field and minimum 3 years' experience. + Current IAM Level I certification (Security+ or other). + Relevant Experience Considered in any combination: + Cybersecurity, systems security or hardening + Information Technology + Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM), Joint SAP Implementation Guide (JSIG), National Industrial Security Program Operating Manual (NISPOM), and/or non-defense regulations such as FAA, Payment Card Industry (PCI), ISO 9001 Quality Management standards, or HIPPA + Experience working with and/or supporting computer technologies (such as: databases, operating systems, computer network hardware, software programs, hardware troubleshooting or electronics) + Physical security/security, policework/criminal justice, investigations, or Border Patrol + Project or program management, office management, senior administration, or account management **Qualifications We Prefer** + Experience working in DoD classified operating and/or laboratory environments. + Experience with various information system security tools that address vulnerability analysis and mitigation. These may include Splunk, Forcepoint, Ivanti, Tenable, ACAS, HBSS, etc. + Familiarity with implementation of Government directives and policies derived from NIST, CNSSI, DoD, or other Government Regulatory compliance standards within a professional industry. + Experience in the execution of the Assessment & Authorization processes, as defined within the Risk Managed Framework (RMF). + Experience providing technical security consultation for complex, cross-domain, heterogeneous classified networked environments in collaboration with internal/external Customers, Information Technology (IT). + Familiarity with large multi-facility networks including various complex components, including Windows and Linux environments. + Experience interpreting, implementing, and assessing DISA STIGs. + Familiarity with the execution and management of cyber incident response; preservation, containment, and eradication. **What We Offer** Our values drive our actions, behaviors, and performance with a vision for a safer, more connected world. At RTX we value: Trust, Respect, Accountability, Collaboration, and Innovation. Relocation Non-Eligible - Relocation assistance not available **Learn More & Apply Now!** Please consider the following role type definition as you apply for this role: + Onsite: Employees who are working in Onsite roles will work primarily onsite. This includes all production and maintenance employees, as they are essential to the development of our products We are RTX (**************************************** \#LI-Onsite **_As part of our commitment to maintaining a secure hiring process, candidates may be asked to attend select steps of the interview process in-person at one of our office locations, regardless of whether the role is designated as on-site, hybrid or remote._** The salary range for this role is 86,800 USD - 165,200 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate's work experience, location, education/training, and key skills. Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement. Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company's performance. This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply. RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window. _RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans' Readjustment Assistance Act._ **Privacy Policy and Terms:** Click on this link (******************************************************** to read the Policy and Terms Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.