Security architect jobs in Monroeville, PA

Are you ready to take on a pivotal role that will shape the future of security architecture in a leading financial institution? We are seeking three seasoned and visionary Distinguished Enterprise Architects to join our dynamic security organization, each aligned to one of our key business areas: Commercial Banking, Consumer Banking, and Private Banking. In this highly strategic role, you will have the opportunity to drive architecture across these domains, partnering closely with technical and business leaders to make a lasting impact. While the role resides within the security function, this is far from a narrow security engineering position. You will leverage core enterprise architecture principles to ensure secure, scalable, and resilient design across all technology layers including cloud, infrastructure, applications, and data, grounded in frameworks such as TOGAF, Zachman, and NIST. Your expertise will be instrumental in transforming our security landscape and empowering our business units to achieve their strategic goals with confidence. Key Responsibilities + Champion customer protection on the front lines of delivering strategic initiatives for the company. + Define and evolve enterprise-wide architecture strategies aligning with both business goals and cybersecurity objectives. + Partner with line-of-business architects, ensuring cohesive integration of business, application, data, and technology architecture domains. + Lead the development of architecture standards, creating reference models and reusable patterns that promote consistency across cloud platforms, DevOps, and software development efforts. + Champion secure-by-design principles, applying these principles across the full SDLC without being prescriptive to specific languages, stacks, or front-end design. + Serve as a senior advisor, translating regulatory requirements and risk posture into actionable architectural guidance across technology and security teams. + Collaborate with Infrastructure, DevOps, SRE, and Engineering leaders to embed architectural controls into CI/CD pipelines, runtime environments, and operational workflows. + Evaluate and guide the adoption of emerging technologies focusing on cloud-native platforms, identity frameworks, API security, secure data exchange, and container orchestration with an emphasis on innovation and risk reduction Qualifications + 15+ years of experience in senior technical roles with demonstrated leadership at the enterprise or divisional level. + Ability to drive security-focused initiatives, unifying technical security, enterprise architecture, application architecture, and business outcomes. + Ability to align security priorities with the broader business context, tailoring security policies and measures to meet the organization's evolving needs. + Strong communication and presentation skills with the ability to distill complex architecture topics for both technical and executive audiences. + Experience embedding security into key business initiatives such as digital transformation, customer experience enhancement, and operational efficiency. + Strong grounding in enterprise architecture concepts with practical application across multiple architecture domains. + Demonstrated success achieving results within tight budgetary constraints. + A passion for coaching junior team members. + Deep experience in cloud (AWS, Azure, or GCP), DevOps and infrastructure automation, and modern application architectures (microservices, APIs, containers). + Hands-on experience with Enterprise application development, including expertise in multiple programming languages and database technologies. + Solid understanding of cybersecurity architecture, including identity, access, encryption, secure network design, and threat modeling. + Proactive security design experience, ensuring security concerns are proactively designed (shift-left) to enable the organization to pursue its strategic goals with confidence. + Experience fostering a security-driven culture, promoting security as a business enabler, driving secure scalability, protecting sensitive data, and maintaining regulatory compliance, all while accelerating business value and supporting long-term growth. + Ability to work across a matrixed environment, influencing without direct authority. + This is not a management position, but experience is a plus. + Experience working with regulatory agencies is a plus. Education and Certifications + Required: Bachelor's degree in Software Engineering, Computer Science, Computer Engineering, related discipline, or equivalent experience. + Preferred: Master's degree in Software Engineering, Computer Science, Engineering, Mathematics, or related discipline. Pay Transparency The salary range for this position is $170,000 - $230,000 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience. We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens' paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit *************************************** #LI-Citizens1 Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance. Equal Employment Opportunity Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability. Why Work for Us At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth Background Check Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information. 12/31/2025

Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities? If so, Deloitte & Touche LLP could be the place for you. Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join Deloitte's Cloud Cyber Services team and become a member of the largest group of cybersecurity professionals worldwide. Recruiting for this role ends on 03/01/2026 Work You'll Do As a Cloud Security Architect (Manager), you will play an integral role in defining and assessing the client organization's cloud security strategy, architecture and practices. This individual's primary function is to provide cloud security planning, deployment and review expertise to project teams and client organizations in the Cyber space. Responsibilities include: * Lead the overall delivery of Cloud Cyber Risk projects in a project manager and or architect role, overseeing the activities of onsite and offshore engineers and architects across 8 key cyber domains: Governance, Identity, Application Security, PaaS security, Infrastructure security, Security Monitoring, Resilience and Data protection * Assist in business development activities such as defining scope of services, building resource estimates and related pricing, packaging proposals and supporting the delivery of the proposal to the client for AWS, GCP, Azure and/or Oracle Cloud services * Function as the primary client day to day interface building rapport and trust with the client * Function as an expert in CNAPP, CWPP and CSPM technologies and security risk frameworks relevant to cloud as well as the industry leading benchmarks * Review and oversee the generation of all project deliverables such as assessment reports, system designs/ architectures and risk/security recommendations * Assist clients with security frameworks, cloud configuration standards and resolving cloud vulnerabilities * Lead the execution of cloud security engagements during different phases of the lifecycle - assess, design, and implementation. * Lead engagements to perform technical health checks for cloud platforms/environments prior to broader deployments. * Oversee technical support for AWS, GCP, Azure and/or Oracle cyber services and resolve service-related issues through research and troubleshooting and working with vendors. * Conduct cloud security analysis, recommendations and configurations of prospective clients' platforms and environments based on Deloitte's Cloud Cyber Risk Framework. * Perform technical health checks for these cloud platforms/environments prior to broader deployments including DevSecOps and CI/CD pipelines * Assist clients with transitions to using cloud services such as tenant setup and service configuration, focused on cloud cyber risk mitigation. Additional technologies include: MFA, SSO, Conditional Access, PIM, Security Operations tooling and scanning solutions * Assist clients with the deployment of third-party technologies to assist in securing the cloud platform such as firewall, WAF, PAM and cloud workload protection. * Assist clients with configuration and delivery of cloud security and compliance reports. * Provide technical support for AWS, Azure, GCP, Oracle, Wiz, Snyk and third-party security services and resolve service-related issues through research and troubleshooting and working with third-party vendors. * Implementation of industry leading practices around Azure, AWS, GCP, Wiz, Snyk and cloud security services for clients. * Designing and developing cloud-specific security policies, standards and procedures e.g., tenant, management group and subscription management and configuration, identify management and access control, firewall management, auditing and monitoring, security incident and event management, data protection (DLP, encryption), user and administrator account management, SSO, conditional access controls and password/key management. * Troubleshooting system level problems in a multi-vendor, multi-protocol network environment. * Documenting platform technical issues, analysis, client communication, and resolution as part of cyber risk mitigation steps. * Executing on cloud security engagements during different phases of the lifecycle - assess, design, and implementation & post-implementation reviews. * Implementing industry leading practices around cyber risks and cloud security for clients. * Provide internal cloud and DevSecOps security technical training to Advisory personnel as needed. * Acting as a subject matter specialist on cloud cyber risk for the cloud platforms. * Manage to Point-of-Views (PoVs) on providing leading practices to our clients on the cyber challenges they face. * Contribute to eminence activities, such as whitepapers pertaining to cloud security capabilities. * Support talent process in the manager role such as for recruiting and coaching. The team Deloitte's Cloud Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Qualifications: * 6+ years of experience in technical consulting, client problem solving, architecting and designing solutions in a consulting role with project leadership and/or architect experience in AWS, GCP, Azure, Oracle, Wiz and/or Snyk; with a security focus strongly preferred * 2+ years of hands-on technical experience designing and implementing security solutions for leading Cloud service providers across SPI models and environments (Public, Private, Hybrid) * 2+ years working experience designing cloud security architectures and strategies for enterprises * 2+ years working with Cloud security industry standards such as Cloud Security Alliance (CSA), ISO/IEC 27017 and NIST CSF * 2+ years working experience with Cloud security technologies/vendors (e.g., IAM, SIEM, IDS) and/or providers (e.g., Okta, CipherCloud, AlertLogic), a big plus * 2+ years working with Cloud orchestration and automation (Continuous Integration and Continuous Delivery (CI/CD)) in single and multi-tenant environments * 3+ years working with CNAPP, CSPM or CWPP technologies or planning for large-scale deployments of these technologies * BA/BS Degree preferably in a Technical field (ex. Computer Science, Cyber Security, Information Security, Engineering, Information Technology) * Maintain strong domain knowledge of multi-hyperscaler cloud solutions and security concepts and technologies * Experience with and leading use of leading cyber tooling for cloud such as Wiz and Snyk * Limited sponsorship may be available Required: * Locations include: Houston, Dallas, Cleveland, Detroit, St. Louis, Pittsburgh, Boston, Charlotte, Atlanta, Miami, Memphis, Denver, Phoenix, Salt Lake City, Los Angeles, San Diego, San Franciso, Seattle. Must be within a reasonable commute and willing to work part-time in the Deloitte and/or client offices * Ability to travel up to 80%, on average, based on the work you do and the clients and industries/sectors you serve Preferred: * Previous Consulting or Big 4 experience preferred. * Industry or Vendor Security Certifications such as CCSP or other cloud architect domains * Experience with Virtualization including security for at least one or more of the following: Compute, Network, Storage, End-point, Application * Experience designing IAM technologies and services * Experience or strong working knowledge of managing enterprise security infrastructure and perimeter security appliances - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology * Experience with Azure data, analytics, or AI/ML services (Azure SQL, HDInsight, Databricks, Data Factory, Data Lake Storage, Azure Analysis Services, Synapse Analytics, Azure Machine Learning, etc.) * Understanding of industry security standards, guidelines and regulatory/compliance requirements related to information security and cloud computing such as ISO 27001, ISO 27018, NIST CSF, NIST 800-53, PCI DSS, SOC2, HIPAA, PCI, SOX, GLBA, etc. The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $144,200 to $265,600 You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance. 'Information for applicants with a need for accommodation: ************************************************************************************************************ Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte's purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Learn more. Professional development From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. As used in this posting, "Deloitte" means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see ************************* for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. Qualified applicants with criminal histories, including arrest or conviction records, will be considered for employment in accordance with the requirements of applicable state and local laws, including the Los Angeles County Fair Chance Ordinance for Employers, City of Los Angeles's Fair Chance Initiative for Hiring Ordinance, San Francisco Fair Chance Ordinance, and the California Fair Chance Act. See notices of various fair chance hiring and ban-the-box laws where available. Fair Chance Hiring and Ban-the-Box Notices | Deloitte US Careers Requisition code: 316853 Job ID 316853

Are you ready to take on a pivotal role that will shape the future of security architecture in a leading financial institution? We are seeking three seasoned and visionary Distinguished Enterprise Architects to join our dynamic security organization, each aligned to one of our key business areas: Commercial Banking, Consumer Banking, and Private Banking. In this highly strategic role, you will have the opportunity to drive architecture across these domains, partnering closely with technical and business leaders to make a lasting impact. While the role resides within the security function, this is far from a narrow security engineering position. You will leverage core enterprise architecture principles to ensure secure, scalable, and resilient design across all technology layers including cloud, infrastructure, applications, and data, grounded in frameworks such as TOGAF, Zachman, and NIST. Your expertise will be instrumental in transforming our security landscape and empowering our business units to achieve their strategic goals with confidence. Key Responsibilities * Champion customer protection on the front lines of delivering strategic initiatives for the company. * Define and evolve enterprise-wide architecture strategies aligning with both business goals and cybersecurity objectives. * Partner with line-of-business architects, ensuring cohesive integration of business, application, data, and technology architecture domains. * Lead the development of architecture standards, creating reference models and reusable patterns that promote consistency across cloud platforms, DevOps, and software development efforts. * Champion secure-by-design principles, applying these principles across the full SDLC without being prescriptive to specific languages, stacks, or front-end design. * Serve as a senior advisor, translating regulatory requirements and risk posture into actionable architectural guidance across technology and security teams. * Collaborate with Infrastructure, DevOps, SRE, and Engineering leaders to embed architectural controls into CI/CD pipelines, runtime environments, and operational workflows. * Evaluate and guide the adoption of emerging technologies focusing on cloud-native platforms, identity frameworks, API security, secure data exchange, and container orchestration with an emphasis on innovation and risk reduction Qualifications * 15+ years of experience in senior technical roles with demonstrated leadership at the enterprise or divisional level. * Ability to drive security-focused initiatives, unifying technical security, enterprise architecture, application architecture, and business outcomes. * Ability to align security priorities with the broader business context, tailoring security policies and measures to meet the organization's evolving needs. * Strong communication and presentation skills with the ability to distill complex architecture topics for both technical and executive audiences. * Experience embedding security into key business initiatives such as digital transformation, customer experience enhancement, and operational efficiency. * Strong grounding in enterprise architecture concepts with practical application across multiple architecture domains. * Demonstrated success achieving results within tight budgetary constraints. * A passion for coaching junior team members. * Deep experience in cloud (AWS, Azure, or GCP), DevOps and infrastructure automation, and modern application architectures (microservices, APIs, containers). * Hands-on experience with Enterprise application development, including expertise in multiple programming languages and database technologies. * Solid understanding of cybersecurity architecture, including identity, access, encryption, secure network design, and threat modeling. * Proactive security design experience, ensuring security concerns are proactively designed (shift-left) to enable the organization to pursue its strategic goals with confidence. * Experience fostering a security-driven culture, promoting security as a business enabler, driving secure scalability, protecting sensitive data, and maintaining regulatory compliance, all while accelerating business value and supporting long-term growth. * Ability to work across a matrixed environment, influencing without direct authority. * This is not a management position, but experience is a plus. * Experience working with regulatory agencies is a plus. Education and Certifications * Required: Bachelor's degree in Software Engineering, Computer Science, Computer Engineering, related discipline, or equivalent experience. * Preferred: Master's degree in Software Engineering, Computer Science, Engineering, Mathematics, or related discipline. Pay Transparency The salary range for this position is $170,000 - $230,000 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience. We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens' paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit *************************************** #LI-Citizens1 Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance. Equal Employment Opportunity Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability. Background Check Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information. Benefits We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. View Benefits Awards We've Received Age-Friendly Institute's Certified Age-Friendly Employer Dave Thomas Foundation's Best Adoption-Friendly Workplace Disability:IN Best Places to Work for Disability Inclusion Human Rights Campaign Corporate Equality Index 100 Award Fair360 Top Regional Company FORTUNE's World's Most Admired Companies Military Friendly Employer

* Bachelor degree or equivalent required; Bachelor degree in IT related field preferred * Seven to twelve years of experience in the development and implementation of information security systems required * Experience or detailed technical knowledge of securing applications, operating systems and networks required * Experience or detailed knowledge of security technology including: Next Generation Firewalls, Email Security, network monitoring, Identity Access Solutions and endpoint security devices required * Working knowledge of: risk assessment products; IS automated tools; various authentication schemes (including Active Directory); browser security functionality; policy development; data privacy; and common information security issues preferred MAJOR DUTIES: * Works across multiple technology teams to effectively identify our technology vision. * Ensures the overall environment continuously evolves to support the firm's objectives, across investment management, trading, IM operations, compliance, product development, marketing, sales, corporate management, etc. * Create an Information Security Strategy that works across the enterprise to enable the secure use of leading edge technology. * Assist in building a strategic roadmap that implements the strategy by properly sequencing people, process and technology solutions. * Execute the strategic roadmap by streamlining the overall suite of security tools, and making cost effective and optimized investment in emerging security technology. * Provide security expertise for security-relevant enterprise initiatives such as data governance, account administration, and governance processes. * Assists in establishing and maintaining standards and policies related to Information Security. HOURS/LOCATION: * 8:30 a.m. - 5:00 p.m. (over time as required) * Warrendale Location - Warrendale, PA 15086 (will be required to work at other Federated locations) EXPLANATORY COMMENTS * Strong oral and written communication skills * Effective people management and customer service skills * Demonstrates a cooperative attitude and effective interpersonal and communication skills with clients, coworkers and vendors. * Demonstrates flexibility and the ability to work as a member of a team * Possess the ability to facilitate technical discussions and negotiate resolutions when there are differing technical opinions

Enterprise Security Architect Duration: Full Time Interview mode: Inperson Brand new role Serve as a member of the enterprise architecture team, providing technical security insight that aligns with business objectives and security requirements. Establish and evangelize the security architecture (principles, policies, standards and patterns) to development groups, business groups and other stakeholders; Govern adherence to the architecture golden rules. Analyze gaps between current and target security architecture and develops plans to close the gaps. Responsibilities: Works with IT departments, information security architects, technical architects, data custodians, and governance groups to develop and update Client security policies, standards, procedures, and solutions for secure application architecture. Ensures that security practices are aligned with Client's overall business strategies. Advises and drives the security maturity of the development lifecycle including secure coding and system security for operations. Recommends and implements changes in security procedures and practices using best-in-class information to ensure that Client is maintaining best-in-class security practices. Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs. Conducts Penetration Test, Vulnerability, and Risk assessments to improve the security architecture and security product toolset. Prepares system security reports by collecting, analyzing, and summarizing data and trends. Executes validation by external vendors. Verifies security systems and network configurations by developing and implementing test scripts while monitoring adherence to standards in architecture, application design, development, and testing frameworks. Qualifications Qualifications: Bachelor degree with Master preferred. Security certification required. 7 to 10 years of experience operating in a cloud environment (e.g. Azure, AWS, Rackspace) along with at least 5 years working in a dedicated information security role with a focus on Security Architecture for at least 3 years. 7 to 10 years of experience with PaaS, IaaS, SaaS, and/or mobile architecture Solid experience with security hacking tools and techniques. Solid understanding in application architectures and technology including web applications, mobile technology, identity and access management, security event and incident management as well as web security controls (e.g. Web Application Firewall, Database Activity Monitor, Distributed Denial of Service controls, etc.) Extensive working knowledge of web application security best practices to include, but not limited to, Cloud Security Alliance controls matrix, OWASP Top 10. Experience with compliance standards such as HIPAA, CMS, SOX, GLBA; as well as security frameworks such as SANS 20 CSC, CoBIT, or NIST. Previous involvement with developing and/or maintaining an Enterprise Security Architecture. Familiarity with TOGAF is a plus Strong understanding and experience of software development methodologies and life cycles Excellent written and verbal communications skills required, with the ability to explain advanced concepts to audiences of varying levels Can be counted on to exceed goals successfully, very bottom-line orientated while steadfastly pushes self and others for results. Has working knowledge of web application security best practices to include, but not limited to, Cloud Security Alliance controls matrix, OWASP Top 10. Demonstrated ability to make sound decisions using a mixture of analysis, wisdom, experience, and judgement coupled with a strong ability to learn on the fly (quickly learns new tasks, open to change). Certifications, licenses or registrations: Security+, CISSP, CISA, CEH Proven ability to organize/manage multiple priorities coupled with the flexibility to quickly adapt to ever-changing business needs. Additional Information All your information will be kept confidential according to EEO guidelines.

Company :en Gen : This job provides Information Security and Risk Management services for the Organization. Works with peers within security, HM Health Solutions customers and application teams to ensure alignment with current and future security needs. Manages activities of various Information Security personnel. Makes decisions on personnel actions (promotions, hiring, terminations, etc.). Develops talent, addresses resource management, cultivates capabilities of staff, planning and coordination of work, and managing performance. Conducts the oversight of security technology products for network, systems, and data. Controls expenses within the operating unit and is responsible for meeting budget goals. Actively contributes to the Information Security ans Risk Management (ISRM) strategic planning process by working with the Directors to develop and implement department strategic plans and action steps that support the corporate strategic objectives. Actively involved in the coordination, implementation, problem solving, communication, and training of new technologies and processes, as they are developed and moved into the environment. Develops and presents Information Security awareness and training programs. ESSENTIAL RESPONSIBILITIES Perform management responsibilities including, but not limited to: involved in hiring and termination decisions; coaching and development; rewards and recognition; performance management and staff productivity. Plan, organize, staff, direct and control the day-to-day operations of the department; develop and implement policies and programs as necessary; may have budgetary responsibility and authority. Provide oversight of all aspects of project management to ensure continuous improvement of processes: negotiate and collaborate with leadership and staff to develop security solutions and options; develop and adhere to internal standards and strategies; ensure adherence to approved methodologies; coordinate resources, time, contingency plans and risk management. Provide leadership to the department: lead and champion organizational change; encourage participation in activities that support relationship development; champion information security innovation; encourage and enforce proper training in regards to security issues. Ensure compliance to Corporate and Information Security policies, standards and procedures. Communicate effectively with all levels of the organization: facilitate meetings; plan, design and provide presentations; represent HM Health Solutions with outside entities; prepare divisional procedures, policies, reports and correspondence; spread awareness of new and existing security threats; provide oversight regarding metrics, funding, budgets and resources. Other duties as assigned or requested. EDUCATION Required Bachelor's Degree in Information Security, Information Systems, Information Assurance, Computer Science or related field Substitutions 6 years of relevant experience substitution for a Bachelor's Degree Preferred Master's Degree in Computer Science, Information Security or related field EXPERIENCE Required 7 - 10 years in Information Security and/or Information Risk Management and/or Information Technology 7 - 10 years in developing, communicating and presenting Information Security and Risk Management concepts to varying audiences 1 - 3 years in mentoring others in a leadership role 1 - 3 years in Staff Management 1 - 3 years in developing and executing strategic plans to realize business objectives Preferred 10 - 15 years in Information Security and/or Information Risk Management and/or Information Technology Experience managing an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-83 cyber security framework Experience supporting SSAE 16 or SOC 2 Security Trust Principle audits Experience establishing budgets and meeting fiduciary goals Security industry organization participation/leadership (HITRUST, ISACA, InfraGard, ISC2, ISSA, etc.) LICENSES AND CERTIFICATIONS Required None Preferred Certified Information Systems Security Professional (CISSP) OR Certified Information Security Manager (CISM) OR Certified in Risk and Information Systems Controls (CRISC) OR Information Technology Infrastructure Library (ITIL) SKILLS Knowledge of regulatory requirements such as Health Insurance Portability and Accountability Act (HIPPA), Payment Card Industry Data Security Standards (PCI DSS), and FIPS-140 Strong teamwork and interpersonal skills Experience in leading process improvement initiatives Ability to motivate high performance, multi-discipline teams Demonstrated competency in project execution Demonstrated abilities in relationship management Languages (Other than English) None Travel Requirement 0% - 25% PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS Position Type Office-Based Teaches/Trains others regularly Frequently Travels regularly from the office to various work sites or from site-to-site Occasionally Works primarily out-of-the office selling products/services (Sales employees) Does Not Apply Physical Work Site Required Yes Lifting: up to 10 pounds Does Not Apply Lifting: 10 to 25 pounds Does Not Apply Lifting: 25 to 50 pounds Does Not Apply Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job. Compliance Requirement: This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies. As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company's Handbook of Privacy Policies and Practices and Information Security Policy. Furthermore, it is every employee's responsibility to comply with the company's Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements. Pay Range Minimum: $108,000.00 Pay Range Maximum: $201,800.00 Base pay is determined by a variety of factors including a candidate's qualifications, experience, and expected contributions, as well as internal peer equity, market, and business considerations. The displayed salary range does not reflect any geographic differential Highmark may apply for certain locations based upon comparative markets. Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law. We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below. For accommodation requests, please contact HR Services Online at ***************************** California Consumer Privacy Act Employees, Contractors, and Applicants Notice

About Us Recognized among Pittsburgh's 2024 Top Workplaces and Fastest-Growing Companies, Wolfe has been a leader in the Gift Card and FinTech sectors for over 25 years. We power gift card programs for national merchants like KFC. Our flagship consumer brand, PerfectGift.com, enables customers to create customized gift cards. We are a fast-paced environment, like kayaking down a white-water river, not canoeing on a lake. Learn more about our company culture, core values, and industry recognition on our career page (****************************** Role Summary Wolfe is seeking a Senior Cloud Security Engineer to lead the protection of our cloud-based systems, data, and applications. This is a pivotal role focused on embedding security into every layer of our cloud infrastructure, particularly within AWS environments. You'll work closely with Developers, DevOps, and Infrastructure teams to manage vulnerabilities, mature security controls, and drive secure practices across our technology organization. In this hands-on role, you'll architect and implement cloud-native security solutions, enhance cloud protections, and build tools and procedures that safeguard sensitive data and workloads. You'll help shape how Wolfe builds and maintains secure cloud systems while balancing risk, performance, and delivery. If you are an experienced DevOps engineer looking to grow into a security-focused role, we encourage you to apply! This is a five-day onsite role based in Pittsburgh, PA. Wolfe does not provide visa sponsorship. Responsibilities Analyze cloud security models, protocols, and systems. Monitor and analyze cloud security tools and technologies for potential risks. Develop best practices and processes for cloud security. Implement security measures to protect the cloud infrastructure from external threats. Collaborate with other teams to ensure the security of the cloud environment. Continuously enhance cloud security technologies and services in designated security domains. Analyze, design, and create applications, tests, and infrastructure automation tools. Impact Statement Example expectations for this role include but are not limited to: Lead the initiative to strengthen cloud account security by eliminating user keys and deploying updated policy controls within three months. Deploy enhanced firewall solutions and expand application protection platforms to production environments, achieving cost savings and increased security over the next four months. Manage and mature privileged access management (PAM) solutions for databases, phasing out legacy access methods where possible, and extend PAM deployment to new environments within six months. Perform comprehensive assessments of new accounts and prepare for resource cleanup across multiple cloud projects. Enhance cloud security maturity by improving KPI tracking and maturing security metrics reporting within three months. Assist with developing penetration test scopes and support the execution of penetration tests within six months, while ensuring visibility of cloud vulnerabilities for developers. Qualification 3+ years security engineering or 3+ years cloud infrastructure engineering experience Strong communication skills Proficient with AWS; familiar with Azure and/or GCP Passionate about cloud security and driving secure infrastructure Deep experience in cloud security technologies, processes, and best practices Familiarity of non-cloud native security tools like CrowdStrike, SentinelOne Singularity, Wiz, or Prisma History of developing and implementing security policies and procedures Solid understanding of network security protocols and security architecture Excellent problem-solving abilities Effective team player focused on team goals Experience in a fast-paced environment with the ability to think quickly and creatively to solve problems. Familiar with frameworks: NIST CSF, OWASP DSOMM, CSA STAR, CCM Recommended certifications: CCSP, AWS Certified - Security, GCSA, CISSP Compensation & Benefits Wolfe is committed to providing a comprehensive benefits package to support your well-being, along with competitive compensation targeting the top 25% (75th percentile) in the local market. Our benefits and perks include but not limited to: Restricted Stock Units (RSUs) Profit Share Medical, Prescription, Vision, and Dental insurance for employees and dependents (Wolfe pays 80% of premium) Short-Term Disability Insurance (Wolfe pays 100% of premium) Voluntary Long-Term Disability Insurance, Life Insurance, Critical Illness Insurance, Accident Insurance, and Hospital Indemnity coverage PTO (vacation) Corporate Holidays 401(k) Employee recognition program Charitable Donation to a charity of your choice yearly Employee Referral Bonus Tuition Reimbursement Internal Training and Information sessions Family Picnic, Holiday Party, and other outings Internal Culture Club --- Wolfe is an Equal Opportunity Employer. Wolfe does not sponsor employment visas.

Techstra Solutions is seeking an experienced and dedicated Senior Cloud Security Engineer to join our team. This role is crucial for ensuring the security and compliance of our cloud infrastructure in a highly regulated financial environment. The ideal candidate will have a strong background in cloud security, a deep understanding of regulatory requirements, and the ability to design, implement, and maintain secure cloud solutions. Primary Success Factors · Design, develop, and deploy scalable cloud-based security solutions to protect sensitive financial data and ensure compliance with industry regulations. · Perform comprehensive vulnerability testing, risk analyses, and security assessments to identify and mitigate potential threats. · Develop and coordinate robust cloud security procedures · Monitor for and respond to security incidents in the cloud environment, utilizing advanced security tools and techniques. · Collaborate with IT and development teams to ensure cloud solutions are securely integrated with existing software and infrastructure, following best practices and security standards. · Keep abreast of the latest security issues, regulatory changes, and industry trends to proactively address emerging threats. · Assist with the design of security training and awareness programs to educate staff about cloud security risks and responsibilities, fostering a culture of security within the organization. · Regularly report on the status of cloud security, including any breaches or vulnerabilities, to senior management and stakeholders. · Work with third-party vendors to ensure that security requirements are met and maintain strong relationships with external security partners. · Maintain compliance with all relevant security and privacy laws and regulations, including PCI-DSS, GDPR, SOX, and other industry-specific standards Required Experience · Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Specific experience will be considered in lieu of a degree. · Minimum of 7 years of experience · Relevant certifications in Cyber Security, with Cloud specific certifications a plus. · Proven experience in cloud security engineering, preferably in a financial institution, with a track record of successfully implementing secure cloud solutions. · Strong knowledge of cloud platforms and cloud security best practices, including identity and access management, encryption, and network security. · Experience with regulatory compliance frameworks such as PCI-DSS, GDPR, and SOX, and the ability to navigate complex regulatory environments. · Excellent problem-solving skills and the ability to work under pressure, with a proactive and detail-oriented approach to security. · Strong communication and collaboration skills, with the ability to effectively convey complex security concepts to both technical and non-technical audiences. · Experience with DevSecOps practices and tools, including continuous integration and continuous deployment (CI/CD) pipelines. · Knowledge of infrastructure as code (IaC) and automation tools, such as Terraform, Ansible, or CloudFormation. · Familiarity with security monitoring and incident response tools, such as SIEM, IDS/IPS, and EDR solutions. · Ability to deliver with minimal management oversight Location: This position is based in Pittsburgh, PA and required to be on site (Hybrid) This is a full-time W2 Salaried position. Applicants must be legally authorized to work in the United States now and in the future without the need for sponsorship. At Techstra Solutions, we help top companies and brands achieve the business value of Digital and Talent Transformation. We believe there are three components in successful business transformation: Business Strategy, Technology and Talent. It is the coming together of these three disciplines that enables companies to take full advantage of opportunities. It differentiates us. Our approach is holistic and all-encompassing. We consider the full picture as we guide our clients on this journey. We are experts in transformation, business strategy, technology, innovation, and human capital management. We deliver our expertise through client consulting, innovative staffing solutions and software development. From strategy through implementation, we are dedicated to bringing our clients world-class business and talent solutions that fit strategic requirements and most importantly, deliver results. Equal Employment Opportunity Statement Techstra Solutions is an equal opportunity employer. The Company makes its decisions on merit, and its policy of equal opportunity prohibits discrimination in all phases of the employment process, including, but not limited to, recruitment, hiring, promotion, selection, transfer, demotion, layoff, termination, compensation, benefits, and other terms and conditions of employment. The policy of equal opportunity applies without regard to race, color, creed, religion, gender,, sexual orientation, gender identification, pregnancy, marital status, national origin, ancestry, age, disability that can reasonably be accommodated without undue hardship, military status, veteran status, genetic predisposition or carrier status, alienage or citizenship, domestic partnership status, arrest or conviction record, status as a victim of domestic violence, or any other protected categories under federal, state, or local law. The Company also prohibits discrimination or harassment based upon the perception that a person has, or is associated with a person who has, any of these characteristics.

The Systems Engineer position is responsible for providing full cycle implementation and support of customer systems, while working across multiple company departments to ensure full client satisfaction. Under the direction of a manager or dispatcher, coordinates the design and maintenance of all access control, intrusion, and video surveillance systems. Incumbent receives and evaluates work orders and requests, investigates requests and troubleshoots problems where appropriate, establishes priorities and coordinates with contractors, when required. Requirements Essential functions and responsibilities: Assists with security systems integration, mapping and software updates and helps train personnel in the use of these systems. Assists on new projects in both existing areas and new construction helping with security assessments, vendor selection, technology upgrades, product selections, testing, field verification of systems and inspection of work in progress for compliance with standards Assess work sites, conditions, and logistics for each project; Develop Method of Procedure based on pre-project assessment. Design, develop and provide documentation of systems, configurations, and other pertinent information for the customer. Communicate with clients to resolve issues in a professional and confidential manner; Develop and execute client specific solutions. Manage the allocation of project resources, including software, hardware, tools, and related items specific to each customer and/or project. Direct the work responsibilities of union labor personnel based on specific project needs. Design and oversee training programs for new and existing customers; Determine which customers receive training. Collaborate with Customer Relationship Managers on demonstrations for new and potential clients. Perform installation, configuration, programming, and final commissioning of customer systems. Work collaboratively with installation, project management and engineering teams. Perform infrastructure services, including pulling cables, installing wall, and ceiling cabling, and installing surface mounted devices, as required. Perform system wiring and terminations services, as required. Deliver on-going remote and on-site technical support for existing customers and systems. Additional responsibilities may be required as necessary, including but not limited to: Provide internal support for basic trouble shooting. Organizes and manage parts stock and tools. Perform other duties as needed. Success factors/job competencies: Effectively communicate both in writing and verbally Work independently and prioritize multiple tasks and adapt to needed change Analysis Mechanical aptitude Comprehend technical language and read and interpret blueprints, wiring diagrams, and schematics Safety orientation Customer Focus Attention to Detail Teamwork/Collaboration Stay abreast of changes in security technology Physical demands and work environment: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Individual will be required to travel to customer sites as needed. While performing the duties of this job, the employee is occasionally exposed to moving mechanical parts. The employee is occasionally exposed to outside weather conditions and risk of electrical shock. Individual will regularly be required to lift, push, pull, and carry up to 50 pounds, and occasionally up to 75 pounds. Incumbent will be required to use a computer with keyboard, telephone, or handheld mobile device for extended periods of time, and office machinery as needed. Incumbent must be able to read, see, hear, and speak. Workdays and Shifts: Position works Monday-Friday, daylight hours, and additional time as needed to complete work. Education/Certification(s)/License(s) required: Bachelor's Degree in Electronics, Information Technology or related field, or equivalent experience. May be required to participate in safety trainings and/or certifications provided by the Company or customers. Valid driver's license, as employee will be required to travel to local and overnight client sites as needed. Manufacturer specific certifications, as required. Responsible to maintain active certifications and obtain new and updated certifications as required by the Company. Experience/Other required: Position requires two (2) to three (3) years of relevant experience in the electronic services. Strong knowledge of Microsoft Office. Strong computer skills with advanced software aptitude. Security systems to include, service and maintenance across a broad spectrum of access control, intrusion and video surveillance systems such as, Genetec, Milestone, Bosch, and DMP. Applicants must be currently authorized to work in the United States on a full-time basis. Visa sponsorship is not available for this position. This is a full-time, in-person position, and candidates must be able to work from our office located in Pittsburgh, Pennsylvania.

Aurora's Cloud Security team's mission is to design and build security capabilities for Aurora infrastructure and services. Aurora makes extensive use of public cloud infrastructure (AWS), Kubernetes and infrastructure-as-code technologies. This role requires a deep, hands-on understanding of cloud security principles and architecture, particularly within AWS and Kubernetes (EKS). As a Staff Engineer, you will help drive the vision, design, and implementation of security infrastructure, serving as a technical leader and mentor within the security team and across engineering. You can read more about our approach to security on our blog: Aurora's approach to cybersecurity for autonomous trucking. This role is expected to take ownership of and drive projects in one or more of these critical areas, depending on team needs and your specific expertise: * Lead the design and implementation of core security infrastructure services, including certificate management (PKI), secrets management, and centralized authentication/authorization services leveraging standards like OIDC and SAML. * Deep AWS Security Specialization: Architect and manage security boundaries and access controls for the entire AWS environment, including but not limited to: * IAM Governance: Define and enforce least-privilege IAM roles and policies, establish strong IAM Access Boundaries using Service Control Policies (SCPs), and govern inter-service communication. * Network Segmentation: Design and implement robust network security controls within VPCs, including Security Groups, Network ACLs, and private connectivity (VPC Endpoints, Transit Gateway). * Design and implement security best practices and tooling within AWS and EKS, including controls such as admission controllers, image scanning/signing, pod security standards, and runtime security enforcement. * Develop and manage systems for continuous security control monitoring, reporting, and automated remediation (e.g., using AWS Config, GuardDuty, or custom tools). * Develop threat models independently, or jointly with system owners. Translate identified threats into tangible security requirements, ensuring controls are strategically deployed to strengthen the security posture of core platforms and services. * Serve as a principal security consultant to product and platform engineering teams, conducting in-depth security design reviews for new systems and features, and proposing actionable security control implementations In this role, you will: * Elevate Security Architecture: Design, implement, and maintain the next generation of security infrastructure, controls, and primitives natively within AWS and across our Kubernetes (EKS) platform. * Define Security as Code: Drive the adoption of Infrastructure as Code (IaC) principles (e.g., Terraform) to codify, deploy, and continuously monitor security controls and policies in an auditable and scalable manner. * Strategic Threat Modeling: Lead advanced threat modeling exercises for critical systems and architectures, translating risks into prioritized security requirements and verifiable controls. * Architectural Guidance: Act as a security consultant for product and platform engineering teams, conducting in-depth security design reviews and providing pragmatic, hands-on recommendations for securing complex microservice architectures. * Automate Remediation: Identify systemic security weaknesses and create robust, scalable automation (e.g., Python/Go-based tools, Lambda functions, EKS controllers) to eliminate classes of vulnerabilities at the source. Required Qualifications: * 7+ years of progressive experience in software, platform, or security engineering, with a minimum of 3+ years focusing exclusively on public cloud security (AWS required). * Experience in identifying and managing security risk, and the ability to navigate the organizational friction to manage these risks * Expert-level, hands-on experience securing and operating complex environments in AWS, including expertise with IAM, VPC Networking, Security Hub, Config, GuardDuty, and KMS. * Proven ability to design and implement security controls for Kubernetes (EKS), including strong knowledge of authorization models, admission controllers, and security best practices. * Expertise in one or more Identity and Access Management (IAM) standards and technologies: PKI, OAuth2/OIDC, SAML, and commercial solutions like Okta. * Strong proficiency in at least one modern programming/scripting language (e.g., Python or Go) for building security automation, tools, and remediation services. * Experience writing, reviewing, and scaling infrastructure with Terraform. Desirable Qualifications: * Deep fundamental understanding of enterprise-level network security, operating system security (Linux), and application security principles. * Experience implementing DevSecOps practices, including integration of security testing (SAST/DAST/SCA) into CI/CD pipelines (e.g., GitLab, Jenkins). * Familiarity with compliance frameworks (e.g., SOX, SOC 2, ISO 27001). The base salary range for this position is $198,000 - $280,000 per year. Aurora's pay ranges are determined by role, level, and location. Within the range, the successful candidate's starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.

By joining Sedgwick, you'll be part of something truly meaningful. It's what our 33,000 colleagues do every day for people around the world who are facing the unexpected. We invite you to grow your career with us, experience our caring culture, and enjoy work-life balance. Here, there's no limit to what you can achieve. Newsweek Recognizes Sedgwick as America's Greatest Workplaces National Top Companies Certified as a Great Place to Work Fortune Best Workplaces in Financial Services & Insurance Security Engineer - Secure Software Development Security Engineer - Secure Software Development **PRIMARY PURPOSE OF THE ROLE:** To manage the implementation of security measures to protect company data, networks, and computer systems. To focus on executing security fundamentals for threat detection, investigation, and response efforts. **ARE YOU AN IDEAL CANDIDATE?** We are looking for enthusiastic candidates who thrive in a collaborative environment, who are driven to deliver great work, are customer-oriented and are naturally empathetic. **ESSENTIAL RESPONSIBLITIES MAY INCLUDE** + Engineers, implements and monitors security measures for the protection of computer systems, networks and information. + Identifies and defines system security requirements. + Designs computer security architecture and develops detailed cyber security designs. + Prepares and documents standard operating procedures and protocols. + Configures and troubleshoots security infrastructure devices. + Develops technical solutions and new security tools to assist in mitigating security vulnerabilities and automating repeatable tasks. + Leads IT groups and business units as necessary in troubleshooting compatibility issues between security tools and business or productivity programs. + Performs analysis of suspected malicious code and other software or programs and provides written or verbal analysis to management. + Analyzes client and customer needs as required and provides clear and concise reports to leadership. + Works closely with management on assigned projects from inception through implementation ensuring adequate internal communication and user involvement is maintained. **QUALIFICATIONS** Eight (8) years of encryption technologies/algorithms, digital forensics, network topologies, and access controls experience or equivalent combination of educated and experience required. **Skills & Knowledge** + Knowledge of TCP/IP services + Knowledge of audit and compliance + Knowledge of vulnerability management + Knowledge of penetration testing + Knowledge of various operating systems + Knowledge of desktop productivity software + Knowledge of Carbon Black Protection + Knowledge of Symantec Endpoint Protection and host data loss prevention + Knowledge of information technology security frameworks + Excellent oral and written communication skills, including presentation skills + PC literate, including Microsoft Office products + Analytical and interpretive skills + Strong organizational skills + Excellent interpersonal skills + Ability to create and complete comprehensive, accurate and constructive written reports + Ability to work in a team environment + Ability to meet or exceed Performance Competencies **Proficient in Snyk for Application Security:** Demonstrated expertise in integrating Snyk into CI/CD pipelines to proactively identify and remediate vulnerabilities in open-source dependencies, container images, and infrastructure as code. Skilled in leveraging Snyk's developer-first tools to maintain secure codebases, enforce security policies, and ensure compliance with industry standards. Experienced in configuring automated scans, interpreting results, and collaborating with development teams to implement effective remediation strategies, contributing to a robust DevSecOps culture. **TAKING CARE OF YOU** + Career development and promotional growth opportunities + A diverse and comprehensive benefits offering including medical, dental vision, 401K, PTO and more \#LI-TS1 Work environment requirements for entry-level opportunities include - Physical: Computer keyboarding Auditory/visual: Hearing, vision and talking Mental: Clear and conceptual thinking ability; excellent judgement and discretion; ability to meet deadlines Travels as required The statements contained in this document are intended to describe the general nature and level of work being performed by a colleague assigned to this description. They are not intended to constitute a comprehensive list of functions, duties, or local variances. Management retains the discretion to add or to change the duties of the position at any time. Sedgwick is an Equal Opportunity Employer and a Drug-Free Workplace. **If you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, consider applying for it anyway! Sedgwick is building a diverse, equitable, and inclusive workplace and recognizes that each person possesses a unique combination of skills, knowledge, and experience. You may be just the right candidate for this or other roles.** **Sedgwick is the world's leading risk and claims administration partner, which helps clients thrive by navigating the unexpected. The company's expertise, combined with the most advanced AI-enabled technology available, sets the standard for solutions in claims administration, loss adjusting, benefits administration, and product recall. With over 33,000 colleagues and 10,000 clients across 80 countries, Sedgwick provides unmatched perspective, caring that counts, and solutions for the rapidly changing and complex risk landscape. For more, see** **sedgwick.com**

We are focused on imparting effective business staffing services through high level cost effective solutions. We have a strong foundation built on legacy and emerging technologies, including excellent track record of on-time delivery. We are leaders in providing additional custom IT Services with a proficient approach towards development of emerging mobile-based applications and web based application development. We are emerging as one of the largest private talent sourcing and management firms in the US. Our client- one of the leading ICT for development - ICT4D - organization, providing low cost solutions using ICT to tackle poverty and to overcome disadvantage, working closely with local communities seeks an accomplished IT Security Leader. Job Description Title: Information Risk Consultant Location: Pittsburgh PA Duration: 12+ months Responsible for providing support to technical professionals with regard to a variety of administrative, systems, and business operations problems, and participation in related system development projects of the most complex nature. Requires a seasoned expert on the integration of multiple systems or large-scale development projects. Responsibilities may include: determining and defining system specifications, process improvement, quality assurance, interaction with customers and technical staff, strong emphasis on problem resolution, and project-lead activities. Other Skills: Information Risk Governance/Information Security Additional Information I would love to talk to you if you think this position suits your interest. If you are looking for rewarding employment and a company that puts its employees first, we would like to work with you. We also offer group health insurance. NOTE: “Candidates that are offered a position are required to pass pre-employment drug and background screening”

Are you a cybersecurity and/or AI researcher who enjoys a challenge? Are you excited about pioneering new research areas that will impact academia, industry, and national security? If so, we want you for our team, where you'll collaborate to deliver high-quality results in the emerging area of AI security. The CERT Division of the Software Engineering Institute (SEI) is seeking applicants for the AI Security Researcher role. Originally created in response to one of the first computer viruses -- the Morris worm - in 1988, CERT has remained a leader in cybersecurity research, improving the robustness of software systems, and in responding to sophisticated cybersecurity threats. Ensuring the robustness and security of AI systems is the next big challenge on the horizon, and we are seeking life-long learners in the fields of cybersecurity, AI/ML, or related areas, who are willing to cross-train to address AI Security. As part of the Threat Analysis Directorate, you will join a group of security experts focused on advancing the state of the art in AI security at a national and global scale. Our tasks include vulnerability discovery and assessments for AI systems, evaluation of the effectiveness and robustness of defenses and mitigations for AI systems, reverse engineering AI systems and models, and identifying new areas where security research is needed. We participate in communities of network defenders, software developers and vendors, security researchers, AI practitioners, and policymakers. You'll get a chance to work with elite AI and cybersecurity professionals, university faculty, and government representatives to build new methodologies and technologies that will influence national AI security strategy for decades to come. You will co-author research proposals, execute studies, and present findings and recommendations to our DoD sponsors, decision makers within government and industry, and at academic conferences. The SEI is a non-profit, federally funded research and development center (FFRDC) at Carnegie Mellon University. What you'll do: Develop state of the art approaches for analyzing robustness of AI systems. Apply these approaches to understanding vulnerabilities in AI systems and how attackers adapt their tradecraft to exploit those vulnerabilities. Reverse engineer malicious code in support of high-impact customers, design and develop new analysis methods and tools, work to identify and address emerging and complex threats to AI systems and effectively participate in the broader security community. Study and influence the AI security and vulnerability disclosure ecosystems. Evaluate the effectiveness of tools, techniques and processes developed by industry and the AI security research community. Uncover and shape some of the fundamental assumptions underlying current best practice in AI security. Develop thought models, tools and data sets that can be used to characterize the threats to, and vulnerabilities in, AI systems, and publish those results. You will also use these results to aid in the testing, evaluation and transition of technologies developed by government-funded research programs. Identify opportunities to apply AI to improve existing cybersecurity research. Who you are: You have BS in machine learning, cybersecurity, statistics, or related discipline with ten (10) years of experience; OR MS in the same fields with eight (8) years of experience; OR PhD in the same fields with five (5) years of experience. You have a deep interest in AI/ML and cybersecurity with a penchant for intellectual curiosity and a desire to make an impact beyond your organization. You have practical experience with applying cybersecurity knowledge toward vulnerability research, analysis, disclosure, or mitigation. You have experience with advising on a range of security topics based on research and expert opinion. You have familiarity with implementing and applying AI/ML techniques to solving practical problems. You have familiarity with common AI/ML software packages and tools (e.g., Numpy, Pytorch, Tensorflow, ART). You have knowledge or familiarity with reverse engineering tools (e.g. NSA Ghidra, IDA Pro) You have experience with Python, C/C++, or low-level programming. You have experience developing frameworks, methodologies, or assessments to evaluate effectiveness and robustness of technologies. You have excellent communication skills (oral and written), particularly regarding technical communications with non-experts. You enjoy mentoring and cross-training others and sharing knowledge within the broader community. Candidates with strong technical proficiency in either AI/ML or cybersecurity are welcome to apply, provided a demonstrated intellectual agility and commitment required for accelerated learning within the role. You are able to: Travel to various locations to support the SEI's overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion (5%). You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance. Why work here? Join a world-class organization that continues to have a significant impact on software. Work with cutting-edge technologies and dedicated experts to solve tough problems for the government and the nation. Be surrounded by friendly and knowledgeable staff with broad expertise across AI/ML, cybersecurity, software engineering, risk management, and policy creation. Get 8% monthly contribution for your retirement, without having to contribute yourself. Get tuition benefits to CMU and other institutions for you and your dependent children. Enjoy a healthy work/life balance with flexible work arrangements and paid parental and military leave. Enjoy annual professional development opportunities; attend conferences and training or obtain a certification and get reimbursed for membership in professional societies. Qualify for relocation assistance and so much more. Joining the CMU team opens the door to an array of exceptional benefits. Benefits eligible employees enjoy a wide array of benefits including comprehensive medical, prescription, dental, and vision insurance as well as a generous retirement savings program with employer contributions. Unlock your potential with tuition benefits, take well-deserved breaks with ample paid time off and observed holidays, and rest easy with life and accidental death and disability insurance. Additional perks include a free Pittsburgh Regional Transit bus pass, access to our Family Concierge Team to help navigate childcare needs, fitness center access, and much more! For a comprehensive overview of the benefits available, explore our Benefits page. At Carnegie Mellon, we value the whole package when extending offers of employment. Beyond credentials, we evaluate the role and responsibilities, your valuable work experience, and the knowledge gained through education and training. We appreciate your unique skills and the perspective you bring. Your journey with us is about more than just a job; it's about finding the perfect fit for your professional growth and personal aspirations. Are you interested in an exciting opportunity with an exceptional organization?! Apply today! Location Pittsburgh, PA Job Function Software/Applications Development/Engineering Position Type Staff - Regular Full Time/Part time Full time Pay Basis Salary More Information: Please visit “Why Carnegie Mellon” to learn more about becoming part of an institution inspiring innovations that change the world. Click here to view a listing of employee benefits Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran. Statement of Assurance

Are you a cybersecurity and/or AI researcher who enjoys a challenge? Are you excited about pioneering new research areas that will impact academia, industry, and national security? If so, we want you for our team, where you'll collaborate to deliver high-quality results in the emerging area of AI security. The CERT Division of the Software Engineering Institute (SEI) is seeking applicants for the AI Security Researcher role. Originally created in response to one of the first computer viruses -- the Morris worm - in 1988, CERT has remained a leader in cybersecurity research, improving the robustness of software systems, and in responding to sophisticated cybersecurity threats. Ensuring the robustness and security of AI systems is the next big challenge on the horizon, and we are seeking life-long learners in the fields of cybersecurity, AI/ML, or related areas, who are willing to cross-train to address AI Security. As part of the Threat Analysis Directorate, you will join a group of security experts focused on advancing the state of the art in AI security at a national and global scale. Our tasks include vulnerability discovery and assessments for AI systems, evaluation of the effectiveness and robustness of defenses and mitigations for AI systems, reverse engineering AI systems and models, and identifying new areas where security research is needed. We participate in communities of network defenders, software developers and vendors, security researchers, AI practitioners, and policymakers. You'll get a chance to work with elite AI and cybersecurity professionals, university faculty, and government representatives to build new methodologies and technologies that will influence national AI security strategy for decades to come. You will co-author research proposals, execute studies, and present findings and recommendations to our DoD sponsors, decision makers within government and industry, and at academic conferences. The SEI is a non-profit, federally funded research and development center (FFRDC) at Carnegie Mellon University. What you'll do: * Develop state of the art approaches for analyzing robustness of AI systems. * Apply these approaches to understanding vulnerabilities in AI systems and how attackers adapt their tradecraft to exploit those vulnerabilities. * Reverse engineer malicious code in support of high-impact customers, design and develop new analysis methods and tools, work to identify and address emerging and complex threats to AI systems and effectively participate in the broader security community. * Study and influence the AI security and vulnerability disclosure ecosystems. * Evaluate the effectiveness of tools, techniques and processes developed by industry and the AI security research community. * Uncover and shape some of the fundamental assumptions underlying current best practice in AI security. * Develop thought models, tools and data sets that can be used to characterize the threats to, and vulnerabilities in, AI systems, and publish those results. You will also use these results to aid in the testing, evaluation and transition of technologies developed by government-funded research programs. * Identify opportunities to apply AI to improve existing cybersecurity research. Who you are: * You have BS in machine learning, cybersecurity, statistics, or related discipline with ten (10) years of experience; OR MS in the same fields with eight (8) years of experience; OR PhD in the same fields with five (5) years of experience. * You have a deep interest in AI/ML and cybersecurity with a penchant for intellectual curiosity and a desire to make an impact beyond your organization. * You have practical experience with applying cybersecurity knowledge toward vulnerability research, analysis, disclosure, or mitigation. * You have experience with advising on a range of security topics based on research and expert opinion. * You have familiarity with implementing and applying AI/ML techniques to solving practical problems. * You have familiarity with common AI/ML software packages and tools (e.g., Numpy, Pytorch, Tensorflow, ART). * You have knowledge or familiarity with reverse engineering tools (e.g. NSA Ghidra, IDA Pro) * You have experience with Python, C/C++, or low-level programming. * You have experience developing frameworks, methodologies, or assessments to evaluate effectiveness and robustness of technologies. * You have excellent communication skills (oral and written), particularly regarding technical communications with non-experts. * You enjoy mentoring and cross-training others and sharing knowledge within the broader community. * Candidates with strong technical proficiency in either AI/ML or cybersecurity are welcome to apply, provided a demonstrated intellectual agility and commitment required for accelerated learning within the role. You are able to: * Travel to various locations to support the SEI's overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion (5%). * You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance. Why work here? * Join a world-class organization that continues to have a significant impact on software. * Work with cutting-edge technologies and dedicated experts to solve tough problems for the government and the nation. * Be surrounded by friendly and knowledgeable staff with broad expertise across AI/ML, cybersecurity, software engineering, risk management, and policy creation. * Get 8% monthly contribution for your retirement, without having to contribute yourself. * Get tuition benefits to CMU and other institutions for you and your dependent children. * Enjoy a healthy work/life balance with flexible work arrangements and paid parental and military leave. * Enjoy annual professional development opportunities; attend conferences and training or obtain a certification and get reimbursed for membership in professional societies. * Qualify for relocation assistance and so much more. Location Pittsburgh, PA Job Function Software/Applications Development/Engineering Position Type Staff - Regular Full time/Part time Full time Pay Basis Salary More Information: * Please visit "Why Carnegie Mellon" to learn more about becoming part of an institution inspiring innovations that change the world. * Click here to view a listing of employee benefits * Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran. * Statement of Assurance

We are seeking an experienced AI Security Engineer to lead the development of next -generation cybersecurity solutions for advanced AI systems. This individual will be responsible for researching, designing, and implementing cutting -edge security controls to protect AI models, data pipelines, and infrastructure from adversarial attacks, privacy vulnerabilities, and regulatory risks. The ideal candidate has a strong background in AI and understanding of cybersecurity principles, has been published in leading academic conferences (NeurIPS, ICLR, Black Hat, DEFCON, etc.), and has experience working at a frontier AI lab. Requirements Experience: 5+ years in AI/ML with a strong focus on cybersecurity. Education: Bachelor's or Master's in Computer Science, Cybersecurity, AI/ML, or a related field. PhD preferred. Technical Expertise: Strong understanding of AI security challenges, including adversarial ML, LLM backdoor, (in)direct prompt injections, model poisoning, and data leakage. Proficiency in cybersecurity frameworks (NIST, MITRE ATLAS, OWASP AI Top 10) and security tools. Hands -on experience with AI frameworks (TensorFlow, PyTorch, OpenAI API, Hugging Face) and securing AI pipelines. Expertise in cryptography, secure data handling, and privacy -preserving AI techniques (federated learning, differential privacy). Proficiency in Python and security -related programming (e.g., secure coding, AI model evaluation). Familiarity with AI agents, autonomous agents, large language models (LLMs), and multi -modal AI systems. Preferred: Experience in compliance, regulatory, or risk frameworks for AI (e.g., OWASP, MITRE, GDPR, HIPAA, GLBA, NIST AI RMF). An interest in robotics would be preferred as well. Publication & Research: Proven track record of research contributions in top AI/ML and cybersecurity conferences. Industry Experience: Prior work at a leading AI research lab, security -focused AI startup, or a major tech company's AI division. Benefits Competitive salary and equity options. 100% paid medical insurance coverage. Research and publication opportunities. Opportunity to work on cutting -edge AI security challenges that expand beyond software systems. Flexible work environment with remote and in -office options. Access to industry -leading AI security research and resources. A dynamic, mission -driven team shaping the future of AI security.

Are you ready to elevate security practices to new heights? Our organization is on the lookout for a dynamic Application Security Engineer who will revolutionize our application security strategies. Located in the vibrant city of Pittsburgh, PA, this on\-site role is the perfect opportunity to collaborate with key stakeholders in Technology, Product, and Strategic Business Units to tackle the most pressing security challenges head\-on. As a Application Security Engineer, you will spearhead the secure software development lifecycle, embedding cutting\-edge security practices at every step of our DevOps pipelines and application security processes. Your expertise in maturity models like DSOMM (DevSecOps Maturity Model), CI\/CD pipelines, and vulnerability management tools will be crucial in transforming our security landscape. Join forces with our engineering, DevOps, Product, and Technology teams to implement automated security controls, threat modeling, and risk mitigation strategies that will shape the future of our software development lifecycle. This role requires minimal travel and the ability to work in a fast\-paced, dynamic environment. The position may involve working outside normal business hours to address urgent compliance or security incidents. Key Responsibilities DevSecOps & Maturity Measurement Implementation: Assess, report, and assist with improving application security and DevSecOps Maturity, utilizing a measurement framework such as DSOMM or BSIMM, across the organization. Define and implement security policies, standards, and best practices for DevOps, CI\/CD pipelines, and cloud security. Work with development and DevOps teams to integrate automated security testing (SAST, DAST, SCA, IaC security scanning, etc.) into pipelines. Establish security gates in CI\/CD workflows to prevent deployment of vulnerable code. Application Security & Code Vulnerabilities: Perform code reviews, static\/dynamic security testing (SAST\/DAST), and secure coding guidance to developers. Identify and remediate vulnerabilities in application code, libraries, containers, and infrastructure as code (IaC). Develop and enforce secure coding standards in alignment with OWASP, NIST, and other frameworks. Conduct threat modeling and security architecture reviews for applications and services. For example, assist application teams with developing accurate data flow diagrams and developing appropriate identity management solutions. Manage and mature Bot Management services for all applications. Assist with WAF management and maturity. Improve secrets management and API security. Vulnerability Management & Risk Reduction: Manage and mature enterprise\-wide Bug Bounty program (e.g. BugCrowd, HackerOne) Manage vulnerability scanning tools (e.g., Tenable, Qualys, Sonar, Snyk) and prioritize remediation efforts. Track, assess, and coordinate the remediation of vulnerabilities across the application, infrastructure, and cloud environments. Develop risk\-based vulnerability management workflows and collaborate with engineering teams to drive fixes. Monitor security dashboards and metrics, ensuring vulnerabilities are patched in alignment with SLAs. Security CI\/CD Automation & Tooling: Implement security automation using APIs, scripts, and cloud\-native security controls. Work with DevOps engineers to integrate security tooling (like SemGrep, Snyk, Cycode) or within Jenkins, GitHub, GitLab CI\/CD, or AWS DevOps. Automate security findings triage, reporting, and prioritization processes. Security Awareness & Collaboration: Train and mentor developers on secure coding, threat modeling, DevSecOps, and vulnerability management best practices. Collaborate with security operations, incident response, and compliance teams on security initiatives. Participate in security assessments, penetration testing, and security incident investigations. Requirements Qualifications & Experience Bachelor's Degree in Information Security, Cybersecurity, Computer Science, or a related field OR a minimum of 6 years' equivalent experience in lieu of a degree 4+ years of experience in application security, DevSecOps, and security engineering OR a combination of 2+ years experience as a developer and 2+ years in application security, DevSecOps, and security engineering Hands\-on experience with DevSecOps tools (SAST, DAST, SCA, container security, IaC security), integrating security solutions within CI\/CD pipelines, strong knowledge of secure coding principles (OWASP Top 10, SANS CWE Top 25), and familiarity with AI ML or LLM usage within security tooling. Experience with vulnerability management, web app penetration testing tooling, and security certifications like CISSP, OSCP, GCPN, GCSA, AWS Security Specialty, or CSSLP are preferred. Proficiency in Bot Management tooling, client\-side monitoring tooling, and implementing maturity measurement frameworks such as DSOMM or BSIMM in an enterprise setting. Ability to understand and communicate best\-practice system architectures, data flows, and security controls within modern web applications and cloud (SaaS\/PaaS, IaaS). Excellent verbal and written communication skills, with the ability to communicate complex security concepts to technical and non\-technical stakeholders. "}}],"is Mobile":false,"iframe":"true","job Type":"Full time","apply Name":"Apply Now","zsoid":"641871163","FontFamily":"PuviRegular","job OtherDetails":[{"field Label":"Industry","uitype":2,"value":"Engineering"},{"field Label":"Work Experience","uitype":2,"value":"5+ years"},{"field Label":"City","uitype":1,"value":"Pittsburgh"},{"field Label":"State\/Province","uitype":1,"value":"Pennsylvania"},{"field Label":"Zip\/Postal Code","uitype":1,"value":"15205"}],"header Name":"Application Security Engineer","widget Id":"**********00072311","is JobBoard":"false","user Id":"**********00133003","attach Arr":[],"custom Template":"5","is CandidateLoginEnabled":true,"job Id":"**********06714003","FontSize":"15","google IndexUrl":"https:\/\/hdjassociates.zohorecruit.com\/recruit\/ViewJob.na?digest=UnBknG4YeUTpH3g.ao7JoWAjgPO2l6C2tdKjPQTIaoc\-&embedsource=Google","location":"Pittsburgh","embedsource":"CareerSite","indeed CallBackUrl":"https:\/\/recruit.zoho.com\/recruit\/JBApplyAuth.do"}

This is a Hybrid Role located in our Philadelphia Tech Hub. Must be able to work in Philadelphia multiple times per week. Are you considering a new role in Cyber Security and want to work in a company that is helping to change the world? Consider joining an organization serving the global scientific research community, supporting the brightest minds on the planet. Are you a collaborative Incident Response Engineer looking to work for a mission driven global organization? About the role, Elsevier is expanding its Global InfoSec Security Incident Response team. As a Security Incident Response Engineer, you will play a crucial role in our internal security support team, assisting with incident response investigations. This team is entrusted with analyzing, triaging, scoping, containing, and providing guidance for remediation, as well as determining the root cause of security incidents. This team also is empowered by collecting and analyzing security incident-related data to identify indicators of attack and compromise. Responsibilities: Assisting in scoping security incidents and identifying indicators of attack and compromise. Analyzing incident data from threat analytics tools. Communicating recommendations and guidance based on security incident analysis. Coordinating responses to security incidents with other security and consulting teams. Developing, documenting, and implementing runbooks, capabilities, and techniques for Incident Response. Performing security triage and analysis on endpoint, server, and network infrastructure. Conducting activities necessary for immediate containment and short-term resolution of incidents. Maintaining current knowledge of the threat landscape, emerging security threats, and vulnerabilities. Investigating the root cause of complex security incidents. Maintaining a high level of confidentiality. Requirements Possess experience in cybersecurity incident response or related fields. Proven ability to analyze, triage, scope, contain, and remediate security incidents. Have current and extensive knowledge of security technologies, tools, and processes. Experience with major cloud providers, including cloud security, networking, and multi-cloud or hybrid deployments. Have current skills in automation using PowerShell, Python, Java, or similar languages. Experience in Linux and/or Mac administration. Experience in Network Security Administration or Systems Administration. Experience supporting large, complex, and geographically distributed enterprise environments. Preferred certifications: CISSP, CISM, SANS, GIAC, ethical hacking/penetration tester, or security risk assessment. Elsevier employs 10,000 people worldwide, including over 2,500 technologists. We have supported the work of our research and health partners for more than 140 years. Growing from our roots in publishing, we offer knowledge and valuable analytics that help our users make breakthroughs and drive societal progress. U.S. National Base Pay Range: $70,200 - $117,100. Geographic differentials may apply in some locations to better reflect local market rates. This job is eligible for an annual incentive bonus. We know that your wellbeing and happiness are key to a long and successful career. These are some of the benefits we are delighted to offer to our US full- and part-time employees working at least 20 hours or more per week: ● Health Benefits: Comprehensive, multi-carrier program for medical, dental and vision benefits ● Retirement Benefits: 401(k) with match and an Employee Share Purchase Plan ● Wellbeing: Wellness platform with incentives, Headspace app subscription, Employee Assistance and Time-off Programs ● Short-and-Long Term Disability, Life and Accidental Death Insurance, Critical Illness, and Hospital Indemnity ● Family Benefits, including bonding and family care leaves, adoption and surrogacy benefits ● Health Savings, Health Care, Dependent Care and Commuter Spending Accounts ● In addition to annual Paid Time Off, we offer up to two days of paid leave each to participate in Employee Resource Groups and to volunteer with your charity of choice We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact **************. Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here. Please read our Candidate Privacy Policy. We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law. USA Job Seekers: EEO Know Your Rights.

Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities? If so, Deloitte & Touche LLP could be the place for you. Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join Deloitte's Cloud Cyber Services team and become a member of the largest group of cybersecurity professionals worldwide. Recruiting for this role ends on 03/01/2026 Work You'll Do As a Cloud Security Architect (Manager), you will play an integral role in defining and assessing the client organization's cloud security strategy, architecture and practices. This individual's primary function is to provide cloud security planning, deployment and review expertise to project teams and client organizations in the Cyber space. Responsibilities include: + Lead the overall delivery of Cloud Cyber Risk projects in a project manager and or architect role, overseeing the activities of onsite and offshore engineers and architects across 8 key cyber domains: Governance, Identity, Application Security, PaaS security, Infrastructure security, Security Monitoring, Resilience and Data protection + Assist in business development activities such as defining scope of services, building resource estimates and related pricing, packaging proposals and supporting the delivery of the proposal to the client for AWS, GCP, Azure and/or Oracle Cloud services + Function as the primary client day to day interface building rapport and trust with the client + Function as an expert in CNAPP, CWPP and CSPM technologies and security risk frameworks relevant to cloud as well as the industry leading benchmarks + Review and oversee the generation of all project deliverables such as assessment reports, system designs/ architectures and risk/security recommendations + Assist clients with security frameworks, cloud configuration standards and resolving cloud vulnerabilities + Lead the execution of cloud security engagements during different phases of the lifecycle - assess, design, and implementation. + Lead engagements to perform technical health checks for cloud platforms/environments prior to broader deployments. + Oversee technical support for AWS, GCP, Azure and/or Oracle cyber services and resolve service-related issues through research and troubleshooting and working with vendors. + Conduct cloud security analysis, recommendations and configurations of prospective clients' platforms and environments based on Deloitte's Cloud Cyber Risk Framework. + Perform technical health checks for these cloud platforms/environments prior to broader deployments including DevSecOps and CI/CD pipelines + Assist clients with transitions to using cloud services such as tenant setup and service configuration, focused on cloud cyber risk mitigation. Additional technologies include: MFA, SSO, Conditional Access, PIM, Security Operations tooling and scanning solutions + Assist clients with the deployment of third-party technologies to assist in securing the cloud platform such as firewall, WAF, PAM and cloud workload protection. + Assist clients with configuration and delivery of cloud security and compliance reports. + Provide technical support for AWS, Azure, GCP, Oracle, Wiz, Snyk and third-party security services and resolve service-related issues through research and troubleshooting and working with third-party vendors. + Implementation of industry leading practices around Azure, AWS, GCP, Wiz, Snyk and cloud security services for clients. + Designing and developing cloud-specific security policies, standards and procedures e.g., tenant, management group and subscription management and configuration, identify management and access control, firewall management, auditing and monitoring, security incident and event management, data protection (DLP, encryption), user and administrator account management, SSO, conditional access controls and password/key management. + Troubleshooting system level problems in a multi-vendor, multi-protocol network environment. + Documenting platform technical issues, analysis, client communication, and resolution as part of cyber risk mitigation steps. + Executing on cloud security engagements during different phases of the lifecycle - assess, design, and implementation & post-implementation reviews. + Implementing industry leading practices around cyber risks and cloud security for clients. + Provide internal cloud and DevSecOps security technical training to Advisory personnel as needed. + Acting as a subject matter specialist on cloud cyber risk for the cloud platforms. + Manage to Point-of-Views (PoVs) on providing leading practices to our clients on the cyber challenges they face. + Contribute to eminence activities, such as whitepapers pertaining to cloud security capabilities. + Support talent process in the manager role such as for recruiting and coaching. The team Deloitte's Cloud Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Qualifications: + 6+ years of experience in technical consulting, client problem solving, architecting and designing solutions in a consulting role with project leadership and/or architect experience in AWS, GCP, Azure, Oracle, Wiz and/or Snyk ; with a security focus strongly preferred + 2+ years of hands-on technical experience designing and implementing security solutions for leading Cloud service providers across SPI models and environments (Public, Private, Hybrid) + 2+ years working experience designing cloud security architectures and strategies for enterprises + 2+ years working with Cloud security industry standards such as Cloud Security Alliance (CSA), ISO/IEC 27017 and NIST CSF + 2+ years working experience with Cloud security technologies/vendors (e.g., IAM, SIEM, IDS) and/or providers (e.g., Okta, CipherCloud, AlertLogic), a big plus + 2+ years working with Cloud orchestration and automation (Continuous Integration and Continuous Delivery (CI/CD)) in single and multi-tenant environments + 3+ years working with CNAPP, CSPM or CWPP technologies or planning for large-scale deployments of these technologies + BA/BS Degree preferably in a Technical field (ex. Computer Science, Cyber Security, Information Security, Engineering, Information Technology) + Maintain strong domain knowledge of multi-hyperscaler cloud solutions and security concepts and technologies + Experience with and leading use of leading cyber tooling for cloud such as Wiz and Snyk + Limited sponsorship may be available Required: + Locations include: Houston, Dallas, Cleveland, Detroit, St. Louis, Pittsburgh, Boston, Charlotte, Atlanta, Miami, Memphis, Denver, Phoenix, Salt Lake City, Los Angeles, San Diego, San Franciso, Seattle. Must be within a reasonable commute and willing to work part-time in the Deloitte and/or client offices + Ability to travel up to 80%, on average, based on the work you do and the clients and industries/sectors you serve Preferred: + Previous Consulting or Big 4 experience preferred. + Industry or Vendor Security Certifications such as CCSP or other cloud architect domains + Experience with Virtualization including security for at least one or more of the following: Compute, Network, Storage, End-point, Application + Experience designing IAM technologies and services + Experience or strong working knowledge of managing enterprise security infrastructure and perimeter security appliances - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology + Experience with Azure data, analytics, or AI/ML services (Azure SQL, HDInsight, Databricks, Data Factory, Data Lake Storage, Azure Analysis Services, Synapse Analytics, Azure Machine Learning, etc.) + Understanding of industry security standards, guidelines and regulatory/compliance requirements related to information security and cloud computing such as ISO 27001, ISO 27018, NIST CSF, NIST 800-53, PCI DSS, SOC2, HIPAA, PCI, SOX, GLBA, etc. The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $144,200 to $265,600 You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance. 'Information for applicants with a need for accommodation: ************************************************************************************************************ All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

* Familiarity with security architecture frameworks such as SABSA and TOGAF. * Familiarity with Threat modelling methodologies such as STRIDE. * Familiarity with security frameworks such as NIST800, CIS, ISO27001. * Familiarity with independent assurance frameworks such as SOC2. * Industry recognized technical certifications are desirable (CISSP, CCSP, CompTIA Security+, GIAC security essentials). * Familiarity with security and privacy regulations impacting financial services such as SOX and GDPR. * Prior experience with risk assessments and general understanding of risk management principles. * Excellent written and verbal communications skills. MAJOR DUTIES: * Conduct formal end to end Information Security Assessments (review of questionnaires, third party security audit reports and evidence, onsite assessments, etc.) * Perform security reviews for technical products, identify gaps in security and assist in providing guidance on mitigating controls. * Perform risk analysis on third party capabilities (i.e., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change). * Use third-party risk evaluation tools to monitor and reduce organizational cyber risk associated with third parties. * Assess remediation plans and non-compliance acceptances where Information Security standards compliance cannot be achieved. Review services and data in scope of the assessment and analyze security risk ratings. * Work on projects as directed by management. HOURS/LOCATION: * 8:30 a.m. - 5:00 p.m. (Overtime as required) * Hybrid schedule (in-office / remote) * Warrendale, PA - 15086 * Work at downtown location when required EXPLANATORY COMMENTS: * Good communication and interpersonal skills * Good decision making and problem-solving skills * Good analytical skills with attention to detail and accuracy * Ability to work on multiple projects simultaneously * Ability to work effectively both individually and as a member of a project team