Product Security Engineer Medical Device
Security Architect Job 18 miles from Pawtucket
Source One is a consulting services company and we're currently looking for the following individual to work as a consultant with our direct client, a medical device manufacturer in Raynham, MA. Fully Remote
No Agency, C2C or Sponsorship
Title: Product Security Engineer Medical Devices & Embedded Systems
Location: Remote
Duration: 12 months, with likely extension
Hourly Rate: $62.00 w2
(Mon-Fri/40 hours)
MUST HAVE: Understanding of medical device security requirements, including FDA regulations, 510k submissions, and Quality Design Control processes.
Summary:
The Product Security Engineer will be responsible for the implementation of ***'s enterprise Product Security strategy and framework throughout the orthopedics portfolio. This includes identifying key strategy and goals, collaborating with internal organizations to enhance existing processes and policies, creating and communicating metrics to senior management, and driving overall awareness of the capability. Specific responsibilities include supporting Client and R&D teams throughout new product development phases, reviewing product security requirements, and recommending security design solutions. The role also involves assisting with the completion of Quality documentation, performing threat modeling, penetration testing, software architecture review, and providing design recommendations. The engineer will conduct code analysis and other security testing as needed. Additionally, post-market responsibilities for Client marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans, and responding to customer security questionnaires and reviewing security language within contractual agreements.
Key Responsibilities:
• Support Global Product Security Framework: Contribute to and enhance the global security strategy, frameworks, and initiatives to ensure embedded medical devices are developed with the highest security standards.
• Collaboration & Process Improvement: Partner with internal organizations (engineering, product management, compliance) to improve existing security processes and policies related to medical device development and post-market support.
• Metrics & Reporting: Create, track, and present Product Security metrics to senior management, providing insights into security posture and progress towards goals.
• Governance & Compliance: Help carry out the Product Security governance model for both pre-market and post-market devices, ensuring compliance with regulatory standards (FDA, 510k, etc.) and industry best practices.
• Vulnerability Management & Remediation: Manage and prioritize vulnerabilities across the product portfolio, assisting engineering teams in developing and executing effective remediation plans.
• Due Diligence & Threat Modeling: Conduct due diligence activities, threat modeling, and risk assessments for new and existing products to identify potential security gaps.
• Secure Software Development: Provide recommendations on secure coding practices, review code, and advise engineering teams on securing embedded applications (e.g., C/C++, C#).
• Customer & Vendor Interactions: Respond to customer security questionnaires, contractual language requirements, and ensure compliance with relevant security standards.
• Security Awareness & Communication: Lead and deliver Product Security awareness campaigns, training, and communications across the organization.
• Post-Market Security Activities: Monitor and respond to new vulnerabilities in Client marketed devices, assist with patching and remediation efforts, and collaborate on customer security questionnaires and contractual obligations.
• Other Duties: Perform additional security-related tasks as assigned.
Qualifications:
• Education: Minimum of a Bachelor's degree in Computer Science, Engineering, or a related field is required; MS or advanced degree is preferred.
• Experience: A minimum of 6 years in security and/or embedded software engineering functions, with a focus on product security in regulated environments (medical devices is a plus).
• Technical Skills:
o In-depth knowledge of real-time operating systems (e.g., QNX, Linux, Windows Embedded) and hardening techniques.
o Strong understanding of embedded systems security, including secure software development, secure coding practices, and vulnerability management.
o Experience with vulnerability scanning, penetration testing, and risk assessment tools (CVSS, OWASP, etc.).
o Proficiency in at least one programming language (e.g., C, C++, C#) and experience with secure code reviews.
o Knowledge of Software Bill of Materials (SBOM) and how it relates to security and compliance.
• Security & Regulatory Expertise:
o Understanding of medical device security requirements, including FDA regulations, 510k submissions, and Quality Design Control processes.
o Familiarity with threat modeling, risk management frameworks, and vulnerability management for medical devices.
• Communication & Leadership Skills:
o Strong interpersonal and collaboration skills with the ability to communicate complex technical concepts to non-technical stakeholders.
o Proven ability to influence cross-functional teams to drive security improvements and achieve desired outcomes.
o Experience creating and presenting security metrics and reports to senior management.
• Certifications (preferred, not required):
o CISSP, CEH, MCSD, CSSLP, or similar security certifications.
Additional Skills:
o Familiarity with cloud-based IoT solutions is preferred.
o Creative problem-solving skills with a customer-focused mindset (both internal and external).
o A strategic thinker with strong attention to detail and the ability to align tactical initiatives with broader organizational goals.
Information Systems Security Manager (ISSM) II
Security Architect Job 43 miles from Pawtucket
Type of Requisition:
Regular
Clearance Level Must Currently Possess:
Top Secret/SCI
Clearance Level Must Be Able to Obtain:
Top Secret SCI + Polygraph
Public Trust/Other Required:
None
Job Family:
Information Security
Job Qualifications:
Skills:
Information Security, Information Security Management, Information System Security
Certifications:
None
Experience:
7 + years of related experience
US Citizenship Required:
Yes
Job Description:
The ISSM's primary function serves as a principal advisor on all matters, technical and otherwise, involving the security of information systems under their purview. Primary support will be working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, Office of the Secretary of Defense, and Military Compartment efforts. The position will provide “day-to-day” support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities.
Performance shall include:
Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructures.
Develop and oversee operational information systems security implementation policy and guidelines of network security, based upon the Risk Management Framework (RMF) with emphasize on Joint.
Special Access Program Implementation Guide (JSIG) authorization process.
Advise customer on Risk Management Framework (RMF) assessment and authorization issues.
Perform risk assessments and make recommendations to DoD agency customers.
Advise government program managers on security testing methodologies and processes.
Evaluate authorization documentation and provide written recommendations for authorization to government PMs.
Develop and maintain a formal Information Systems Security Program.
Ensure that all IAOs, network administrators, and other cyber security personnel receive the necessary technical and security training to carry out their duties.
Develop, review, endorse, and recommend action by the AO or DAO of system assessment documentation.
Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media.
Develop and execute security assessment plans that include verification that the features and assurances required for each protection level functioning.
Maintain applicable repository for all system authorization documentation and modifications.
Institute and implement a Configuration Control Board (CCB) charter.
Develop policies and procedures for responding to security incidents, to include investigating and reporting security violations and incidents.
Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system.
Ensure that data ownership and responsibilities are established for each authorization boundary, to include accountability, access rights, and special handling requirements.
Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local cyber security training.
Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed.
Assess changes in the system, its environment, and operational needs that could affect the authorization.
Ensure that authorization is accomplished a valid Authorization determination has been given for all authorization boundaries under your purview.
Review AIS assessment plans.
Coordinate with PSO or cognizant security official on approval of external information systems (e.g., guest systems, interconnected system with another organization)
Conduct periodic assessments of the security posture of the authorization boundaries.
Ensure configuration management (CM) for security-relevant changes to software, hardware, and firmware and that they are properly documented.
Ensure periodic testing is conducted to evaluate the security posture of IS by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs)
Ensure that system recovery and reconstitution processes developed and monitored to ensure that the authorization boundary can be recovered based on its availability level determination.
Ensure all authorization documentation is current and accessible to properly authorized individuals.
Ensure that system security requirements are addressed during all phases of the system life cycle.
Develop Assured File Transfers (AFT) on accordance with the JSIG.
Participate in self-inspections.
Conduct the duties of the Information System Security Officer (ISSO) if one is not present and/or available.
Experience:
7+ years related experience.
Prior performance in roles such as ISSO or ISSM.
SAP experience required.
Education:
Bachelor's degree or equivalent experience (4 years)
Certifications:
IAT Level II or IAM Level II (Security+ CE, CCNA Security, etc.)
Security Clearance:
TS/SCI
Must be able to obtain TS/SCI with CI polygraph
#AirforceSAPOpportunities #Hanscom #MA
The likely salary range for this position is $113,220 - $153,180. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Scheduled Weekly Hours:
40
Travel Required:
None
Telecommuting Options:
Onsite
Work Location:
USA MA Bedford - Customer Proprietary (MAC017)
Additional Work Locations:
USA MA Avon, USA MA Boston, USA MA Braintree, USA MA Burlington, USA MA Cambridge, USA MA Fort Devens, USA MA Hanscom - Customer Proprietary (MAC020), USA MA Norwood, USA MA Peabody, USA MA Quincy, USA MA Taunton, USA MA Waltham, USA MA Westwood
Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 30 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.We connect people with the most impactful client missions, creating an unparalleled work experience that allows them to see their impact every day. We create opportunities for our people to lead and learn simultaneously. From securing our nation's most sensitive systems, to enabling digital transformation and cloud adoption, our people are the ones who make change real.GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
Salesforce Architect
Security Architect Job 36 miles from Pawtucket
Strategic Leadership
Define and execute the product roadmap for Salesforce Financial, Service, and Marketing Cloud, leveraging technical expertise.
Oversee technical design, development, deployment, and handoff of Salesforce solutions.
Facilitate solution design sessions to gather requirements and create scalable, secure, and high-performing architectures.
Align technical solutions with business goals, presenting options and trade-offs to stakeholders.
Release Management
Manage product releases, ensuring smooth deployments by addressing risks, timelines, and dependencies.
Collaborate with Experience Design (XD) to align digital experiences with technical requirements.
Work with program leaders to ensure project alignment, delivery, and team performance.
Stakeholder Collaboration
Communicate technical concepts clearly to diverse stakeholders, influencing decisions and building consensus.
Define requirements, manage expectations, and address risks with proactive mitigation strategies.
Data-Driven Insights
Use analytics and user feedback to evaluate performance and drive optimizations.
Vendor Management
Maintain quality and alignment with third-party vendors and Salesforce consultants.
Preferred Experience
10+ years in technical product management with expertise in Salesforce or similar CRM platforms.
Proficiency in Salesforce configuration, customization, and integration, including Apex, Aura, and Lightning Web Components.
Strong understanding of data visibility, object-oriented design, and database architecture.
Proven leadership in agile environments and collaboration with analysts for requirement gathering and documentation.
Strategic thinker with strong planning, analytical, and communication skills for both technical and non-technical audiences.
Dexian is a leading provider of staffing, IT, and workforce solutions with over 12,000 employees and 70 locations worldwide. As one of the largest IT staffing companies and the 2nd largest minority-owned staffing company in the U.S., Dexian was formed in 2023 through the merger of DISYS and Signature Consultants. Combining the best elements of its core companies, Dexian's platform connects talent, technology, and organizations to produce game-changing results that help everyone achieve their ambitions and goals.
Dexian's brands include Dexian DISYS, Dexian Signature Consultants, Dexian Government Solutions, Dexian Talent Development and Dexian IT Solutions. Visit ******************* to learn more.
Dexian is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.
Amazon Connect Architect
Security Architect Job 4 miles from Pawtucket
Infosys is seeking Amazon Connect Technology Architect This position will interface with key stakeholders and apply your technical proficiency across different stages of the Software Development Life Cycle including Requirements Elicitation, Application Architecture definition and Design; play an important role in creating the high level design artifacts; deliver high quality code deliverables for a module, lead validation for all types of testing and support activities related to implementation, transition and warranty; be part of a learning culture, where teamwork and collaboration are encouraged, excellence is rewarded, and diversity is respected and valued.
Required Qualifications:
Candidate must be located within commuting distance of Providence, RI OR be willing to relocate to the area. This position may require travel to project locations.
Bachelor's degree foreign equivalent required from an accredited institution. Will also consider three years of progressive experience in the specialty in lieu of every year of education.
At least 7 years of Information Technology experience
7 years hands-on application development experience using AWS services do design telephony solutions - Amazon Connect, Lex, Lambda, Lambda Layers, Dynamo DB, S3, Kinesis, Glue, Athena, Quick Sight, Route53, CloudFront, API Gateway, VPC, KMS, IAM, CloudWatch, SNS, Cognito, KMS, WAF, Data Sync, CloudTrail etc.
7+ Hands on strong programming experience in Lambda development using Java, NodeJS, and Python.
5+ years of knowledge and experience in designing the CI/CD pipelines
Hands on experience with Maven and Terraform.
Preferred Qualifications:
At least 7 years of Information Technology experience
Min 7+ years of overall experience in front-end technologies and responsive web design
Communicate and implement front-end best practices.
Onsite/offshore coordination
The job may also entail sitting as well as working at a computer for extended periods of time. Candidates should be able to effectively communicate by telephone, email, and face to face
Azure Cloud Architect
Security Architect Job 37 miles from Pawtucket
Minimum of 8 years of experience in infrastructure delivery and support, with significant exposure to cloud architecture.
Proven experience with AWS and Azure, including hybrid cloud deployments.
Strong understanding of networking, cloud security, disaster recovery, and data management.
Proficiency in scripting and automation (Python, PowerShell, or equivalent).
Familiarity with ITS technologies, transportation management systems, and industry protocols (highly desirable).
Experience working in agile environments with cloud architecture design and documentation.
Expertise in GitHub and GitHub Actions for version control and deployment automation.
Security Hardware Architect
Security Architect Job 37 miles from Pawtucket
As the pioneers who introduced RISC-V to the world, SiFive is transforming the future of compute by bringing the limitless potential of RISC-V to the highest performance and most data-intensive applications in the world. SiFive's unrivaled compute platforms are continuing to enable leading technology companies around the world to innovate, optimize and deliver the most advanced solutions of tomorrow across every market segment of chip design, including artificial intelligence, machine learning, automotive, data center, mobile, and consumer. With SiFive, the future of RISC-V has no limits.
At SiFive, we are always excited to connect with talented individuals, who are just as passionate about driving innovation and changing the world as we are.
Our constant innovation and ongoing success is down to our amazing teams of incredibly talented people, who collaborate and support each other to come up with truly groundbreaking ideas and solutions. Solutions that will have a huge impact on people's lives; making the world a better place, one processor at a time.
Are you ready?
To learn more about SiFive's phenomenal success and to see why we have won the GSA's prestigious Most Respected Private Company Award (for the fourth time!), check out our website and Glassdoor pages.
:
Job Description:
The security architect role will be especially vital to SiFive's effort to create silicon at the speed of software across our entire IP portfolio, including Essential, Intelligence, Performance, and Automotive IPs. The security architect will help plan the roadmap for SiFive security features and will work with various teams Product, Core, SoC platform, and software architects to develop groundbreaking new security features. The security architect will engage with customers and partners to help determine the future of platform security on RISC-V and will engage with the RISC-V International Association to help drive the state of the art of computer security forward.
What you will do:
Define Security features
The security architect will be responsible for defining the platform security requirements and defining the architecture of the needed security features.
The security architect will be responsible for writing detailed specifications in accordance with the various functional leads (architects, SW, design and verification leads).
The security architect will be heavily involved in the micro-architecture to define and review the implementation of the required features.
The security architect will examine the core microarchitecture to assess the security and define countermeasures when vulnerabilities are identified.
The security architect will have the opportunity to work with a team of micro-architects, SoC architects, and performance architects in developing the microarchitecture of the security features.
Interface with customers
The security architect will have a chance to interact directly with customers to understand their needs, use cases and to help resolve their concerns/issues.
Interface with RVIA
The security architect will participate in various TG/HC related to security.
What You Should Know:
Familiar with advanced CPU architectures and pipelines
Has experience in SoC design flow, including spec definition, microarchitecture design, and performance modeling.
Familiar with the common security threat models
Familiar with the micro-architectural side-channel attacks and how they can be mitigated
Familiarity with secure enclave solutions for high-end CPUs
Familiarity with automotive security considerations and solutions
Familiarity with mobile device security considerations and solutions
Familiarity with ROP and JOP exploitation techniques
Familiarity with security certification processes and methodologies, such as Common Criteria, PSA, SESIP, FIPS 140-3
Familiarity with common cryptographic algorithms and systems
Basic understanding of public key cryptography
Additional Information:
This position requires a successful background and reference checks and satisfactory proof of your right to work in:
United States of America
Any offer of employment for this position is also contingent on the Company verifying that you are a authorized for access to export-controlled technology under applicable export control laws or, if you are not already authorized, our ability to successfully obtain any necessary export license(s) or other approvals.
SiFive is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Lead Security Architect
Security Architect Job 37 miles from Pawtucket
The Opportunity The Lead Security Architect is responsible for supporting projects that apply new and existing technologies and solutions to solve business needs in the cyber security space, for the US business segment. This Architect works with other architects, engineers, technical SMEs, segment security office, operational support staff both within IT, and other business units to provide and maintain solutions that meet business and technical requirements.
This role is an individual contributor role at the Director level.
The Architect will assist in the development of technology roadmaps and documentation related to the IT security domain; act as the subject matter expert in a variety of cyber security domains such as Identity and Access Management (IAM), SIEM integration, IR automation, etc. The Architect will maintain a solid understanding of the entire Information Security landscape for the segment.
Ther role presents an unique opportunity to join a team and company whose work will have direct impact on company direction, our customers, and our industry.
Office location: Boston - USA or Toronto - Canada
Work arrangement: Hybrid - 3 days in office, 2 days from home
Remote working arrangement option is not available.
Position Responsibilities:
* Assist in the development of security strategies and implementation roadmaps centered around a Zero-Trust philosophy.
* Design security architecture for Security Operations and integration with SIEM (both in-cloud/on-prem).
* Develop and support key security solutions in the GRC, SOC, SIEM and IAM space.
* Partner with segment security office to define and lead related standards, patterns and drive implementation through processes and automation.
* Understand complex modern and legacy integrations and business information models to ensure integrity and a strong security profile.
* Developing large enterprise solutions with respect to developing security controls, methods to mitigate security risks.
* Participate and lead conceptual, solution, and component-level architectures and associated artifacts.
* Support the evaluations of third-party suppliers, products and solutions with a focus on the security aspects of the solutions.
* Review, advise, and provide feedback on architectures produced within and outside the team.
* Provide consultation and guidance to aligning to global security standards, guidelines, and patterns.
* Develop reference architecture and reference implementation patterns related to security solutions.
* Participate in internal investigations and incident response events.
* Ability to influence security vendors to resolve issues and update roadmaps.
* Partner with other architects in IT, enterprise security and services teams in designing and maintaining modern and secure solutions.
* Research and evaluate impact of new vulnerabilities, security alerts and threat intelligence.
* Stay informed of new security technologies and solutions to assist in the on-going development of the overall security strategy.
* Build and maintain relationships with key customer's technical staff members and with internal stakeholders from IT, customer service and field operations.
* Promote a corporate culture that is committed to information security best practices.
* Function with a high degree of integrity with an ability to keep information confidential.
* Be able to provide hands-on configuration and support for the projects and services you are involved in.
* Participate in after-hours support as needed to respond to security incidents.
Required Qualifications:
* Bachelor's Degree preferred, Master's Degree a plus.
* CISSP or other security certifications are a plus.
* Minimum of 10+ years of relevant work experience related to cyber security.
* MUST have experience as a Security Architect
* Experience and knowledge of security functions (AuthN, AuthZ, Transport Security, Secure Configuration, Data validation/sanitizations, security exceptions logging)
* Knowledge of Vault capabilities and Security Incident and Event management systems
* Experience with Threat modeling and secure testing methodologies.
* Experience with Cloud Native (12-Factor) Architecture and Infrastructure Patterns.
* Solution architecture support for all segment initiatives from end-to-end security perspective.
* Security architecture roadmap and maturity for the segment - current state to target state.
* Contribution to security best practices, patterns, principles for the segment and represent the same in global communities.
* Proficient across multiple operating systems such as Microsoft, Apple and Linux.
* Fundamental understanding of network protocols and network security concepts.
* Familiarity with Cloud (SaaS, IaaS, PaaS) environments and best practices for securing these environments with experience in Azure, AWS or GCP.
* Familiarity with incident response tools and digital forensics concepts preferred.
* Knowledge of industry frameworks such as NIST.
* Strong knowledge and experience with dev SecOps principles, patterns.
* Detail-oriented with strong conceptual, analytical, problem solving, decision making and planning skills.
* Must have the ability to utilize application, scripting and operating system commands to configure, debug, and monitor large scale production systems.
* Knowledge of modern software development lifecycles, including Agile and iterative development.
* Excellent written and oral communication skills; and demonstrated ability to interact with technical, non-technical, and business members of the organization.
* Ability to accurately interpret business direction and clarify technology's alignment with stakeholder needs.
When you join our team:
* We'll empower you to learn and grow the career you want.
* We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
* As part of our global team, we'll support you in shaping the future you want to see.
#LI-JH
About Manulife and John Hancock
Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit *************************************************
Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact ************************.
Primary Location
Boston, Massachusetts
Working Arrangement
Hybrid
Salary range is expected to be between
$124,250.00 USD - $230,750.00 USD
If you are applying for this role outside of the primary location, please contact ************************ for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance.
Manulife/John Hancock offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension/401(k) savings plans and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in the U.S. includes up to 11 paid holidays, 3 personal days, 150 hours of vacation, and 40 hours of sick time (or more where required by law) each year, and we offer the full range of statutory leaves of absence.
Know Your Rights I Family & Medical Leave I Employee Polygraph Protection I Right to Work I E-Verify I Pay Transparency
Company: John Hancock Life Insurance Company (U.S.A.)
Global Risk Security Architect Expert Director
Security Architect Job 37 miles from Pawtucket
Who We Are Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.
To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures-and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.
What You'll Do
The Global Risk Security Architect Expert Director is a strategic leader responsible for defining and implementing BCG's enterprise security architecture. This role ensures the protection of data, intellectual property, and client assets by designing secure, scalable, and resilient systems that align with the firm's business goals and security standards.
The architect leads efforts to integrate security into every stage of IT systems development, ensuring alignment with agile practices, emerging technologies, and zero-trust principles. By leveraging robust governance and cross-functional collaboration, the architect ensures secure innovation, operational resilience, and effective risk management.
Key responsibilities include:
Security Architecture Leadership:
* Define and enforce secure engineering practices and frameworks, including reusable reference architectures and secure-by-design standards
* Develop and maintain security blueprints aligned with Agile/DevSecOps methodologies
* Ensure security is embedded in all IT projects, including secure code reviews, vulnerability testing, and automated CI/CD pipeline integration
Emerging Technology Integration:
* Drive the adoption of advanced technologies, including zero-trust architectures, secure APIs, and cryptographic solutions
* Leverage AI/ML, containerization, and cloud-native security practices to enhance enterprise defenses
Continuous Improvement:
* Use insights from incident analysis, threat intelligence, and testing outcomes to refine and enhance security architectures
* Collaborate with operational teams to integrate feedback loops that ensure continuous alignment with evolving threats
Governance and Collaboration:
* Partner with Security Operations, Incident Response, and Risk Management teams to ensure comprehensive security integration
* Facilitate enterprise-wide adherence to regulatory, industry, and internal standards, including ISO 27001 and NIST
YOU'RE GOOD AT
Strategic Vision: Translating complex business strategies into secure, scalable, and actionable architectures.
Technical Expertise: Leveraging modern frameworks and technologies, including zero-trust, DevSecOps, and cryptography, to protect enterprise systems.
Collaboration: Partnering effectively across geographies and functions to achieve security goals.
Problem Solving: Driving innovative solutions for emerging threats and architectural challenges.
Mentorship: Leading and inspiring teams while fostering an enterprise-wide culture of architectural excellence.
What You'll Bring
Education: Bachelor's degree (or equivalent).
Experience:
* Minimum of 10 years of progressive experience in information security, with strong expertise in enterprise security architecture
* Proven experience in cloud security, zero-trust architecture, API security, and DevSecOps pipelines
* Experience creating reusable security reference architectures, integrating security into Agile/DevSecOps methodologies, and driving consistency in security frameworks
Technical Proficiency:
* Hands-on experience designing secure architectures for hybrid cloud environments
* Deep understanding of zero-trust frameworks, secure-by-design standards, and agile methodologies
* Familiarity with automation tools and secure software development lifecycle (SDLC) practices
Who You'll Work With
You will collaborate within a fast-paced, intellectually challenging, and service-oriented environment. Working alongside internal IT, business leaders, and consultants, you will be an integral part of BCG's Information Security Risk Management team. By partnering with technical and operational teams globally, you will drive the firm's security strategies, enabling secure innovation and digital transformation.
Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.
BCG is an E - Verify Employer. Click here for more information on E-Verify.
Embedded Systems Security Architect
Security Architect Job 37 miles from Pawtucket
We're a high-tech home security company that's passionate about protecting the life you've built and our mission of keeping Every Home Secure. And we've created a culture here that cares just as deeply about the career you're building. Ours is a no ego culture of collaboration and innovation where those seeking their next challenge can find big opportunities and make a huge impact on the lives of all those who we protect. We don't just want you to work here. We want you to grow and thrive here.
We're embracing a hybrid work model that enables our teams to split their time between office and home. Hybrid for us means we expect our teams to come together in our state-of-the-art office on two core days, typically Tuesday and Wednesday, to work together in person, and teams can choose where they work for the remainder of the week. We all benefit from flexibility and get to use the best of both worlds to get our work done.
Why are we hiring?
Well, we're growing and thriving. So, we need smart, talented, and humble people who share our values to join us as we disrupt the home security space and relentlessly pursue our mission of keeping Every Home Secure.
What You'll Do
The Information Security Team is seeking a highly skilled Embedded Systems Security Architect to join our team. In this critical role, you will be responsible for designing and implementing robust security solutions in the design and manufacturing of our physical IoT products, including supporting our home security services and connected cameras. You'll partner closely with the Engineering Department to incorporate security throughout the product lifecycle, from hardware selection, to feature development, secure boot, secrets management, cryptographic services, secure firmware and software development, and other considerations. You'll conduct threat modeling and work through trade-offs between business requirements and security considerations. The ideal candidate will have an extensive background in IoT design and manufacturing. The position will report directly to the Chief Information Security Officer.
Primary Responsibilities Include:
Security Architecture: Develop and maintain a comprehensive security architecture for our IoT devices, encompassing hardware, firmware, and cloud-based components.
Threat Modeling: Conduct thorough threat modeling and risk assessments to identify potential vulnerabilities and devise mitigation strategies.
Cryptography: Design and partner with Engineering to implement secure cryptographic services that support device functionality, such as encryption, authentication, and key management.
Firmware Security: Design and implement secure firmware development processes, including secure boot, code signing, and secure updates.
Hardware Security: Collaborate with hardware engineers to ensure secure hardware design, including secure bootloaders, trusted execution environments, and tamper detection mechanisms.
Secure Communication: Design and implement secure communication protocols, such as TLS/SSL, to protect data transmission between devices and cloud infrastructure.
Vulnerability Assessment and Penetration Testing: Conduct regular vulnerability assessments and penetration testing to identify and address security weaknesses.
Qualifications:
Strong understanding of embedded systems and microcontroller architectures.
Extensive experience in hardware, firmware, and software development.
Deep knowledge of cryptography algorithms and protocols.
Proficiency in secure coding practices and secure development lifecycles.
Experience with security testing tools and techniques.
Excellent problem-solving and analytical skills.
Strong communication and collaboration skills.
Bachelor's degree in Computer Science, Electrical Engineering, or a related field.
Why Join Us:
Be part of a cutting-edge team developing innovative IoT products.
Work on challenging and impactful security projects.
Collaborate with industry experts and thought leaders.
Enjoy a competitive salary and comprehensive benefits package.
If you are passionate about security and have the skills to make a difference, we encourage you to apply.
What Values You'll Share
Customer Obsessed - Building deep empathy for our customers, putting them at the core of our work, and developing strong, long-term relationships with them.
Aim High - Always challenging ourselves and others to raise the bar.
No Ego - Maintaining a “no job too small” attitude, and an open, inclusive and humble style.
One Team - Taking a highly collaborative approach to achieving success.
Lift As We Climb - Investing in developing others and helping others around us succeed.
Lean & Nimble - Working with agility and efficiency to experiment in an often ambiguous environment.
We wholeheartedly embrace and actively seek applications from all individuals, no matter how they identify. We are committed to cultivating a diverse and inclusive workplace, and we believe our work is enriched when we incorporate a multitude of perspectives, backgrounds, and experiences. We want everyone who works here to thrive and contribute to not only our mission of keeping every home secure, but also to making our workplace safe and supportive for others. If a reasonable accommodation may be needed to fully participate in the job application or interview process, to perform the essential functions of a position, or to receive other benefits and privileges of employment, please contact
**********************
.
Lead Security Architect
Security Architect Job 37 miles from Pawtucket
The Opportunity
The Lead Security Architect is responsible for supporting projects that apply new and existing technologies and solutions to solve business needs in the cyber security space, for the US business segment. This Architect works with other architects, engineers, technical SMEs, segment security office, operational support staff both within IT, and other business units to provide and maintain solutions that meet business and technical requirements.
This role is an individual contributor role at the Director level.
The Architect will assist in the development of technology roadmaps and documentation related to the IT security domain; act as the subject matter expert in a variety of cyber security domains such as Identity and Access Management (IAM), SIEM integration, IR automation, etc. The Architect will maintain a solid understanding of the entire Information Security landscape for the segment.
Ther role presents an unique opportunity to join a team and company whose work will have direct impact on company direction, our customers, and our industry.
Office location: Boston - USA or Toronto - Canada
Work arrangement: Hybrid - 3 days in office, 2 days from home
Remote working arrangement option is not available.
Position Responsibilities:
Assist in the development of security strategies and implementation roadmaps centered around a Zero-Trust philosophy.
Design security architecture for Security Operations and integration with SIEM (both in-cloud/on-prem).
Develop and support key security solutions in the GRC, SOC, SIEM and IAM space.
Partner with segment security office to define and lead related standards, patterns and drive implementation through processes and automation.
Understand complex modern and legacy integrations and business information models to ensure integrity and a strong security profile.
Developing large enterprise solutions with respect to developing security controls, methods to mitigate security risks.
Participate and lead conceptual, solution, and component-level architectures and associated artifacts.
Support the evaluations of third-party suppliers, products and solutions with a focus on the security aspects of the solutions.
Review, advise, and provide feedback on architectures produced within and outside the team.
Provide consultation and guidance to aligning to global security standards, guidelines, and patterns.
Develop reference architecture and reference implementation patterns related to security solutions.
Participate in internal investigations and incident response events.
Ability to influence security vendors to resolve issues and update roadmaps.
Partner with other architects in IT, enterprise security and services teams in designing and maintaining modern and secure solutions.
Research and evaluate impact of new vulnerabilities, security alerts and threat intelligence.
Stay informed of new security technologies and solutions to assist in the on-going development of the overall security strategy.
Build and maintain relationships with key customer's technical staff members and with internal stakeholders from IT, customer service and field operations.
Promote a corporate culture that is committed to information security best practices.
Function with a high degree of integrity with an ability to keep information confidential.
Be able to provide hands-on configuration and support for the projects and services you are involved in.
Participate in after-hours support as needed to respond to security incidents.
Required Qualifications:
Bachelor's Degree preferred, Master's Degree a plus.
CISSP or other security certifications are a plus.
Minimum of 10+ years of relevant work experience related to cyber security.
MUST have experience as a Security Architect
Experience and knowledge of security functions (AuthN, AuthZ, Transport Security, Secure Configuration, Data validation/sanitizations, security exceptions logging)
Knowledge of Vault capabilities and Security Incident and Event management systems
Experience with Threat modeling and secure testing methodologies.
Experience with Cloud Native (12-Factor) Architecture and Infrastructure Patterns.
Solution architecture support for all segment initiatives from end-to-end security perspective.
Security architecture roadmap and maturity for the segment - current state to target state.
Contribution to security best practices, patterns, principles for the segment and represent the same in global communities.
Proficient across multiple operating systems such as Microsoft, Apple and Linux.
Fundamental understanding of network protocols and network security concepts.
Familiarity with Cloud (SaaS, IaaS, PaaS) environments and best practices for securing these environments with experience in Azure, AWS or GCP.
Familiarity with incident response tools and digital forensics concepts preferred.
Knowledge of industry frameworks such as NIST.
Strong knowledge and experience with dev SecOps principles, patterns.
Detail-oriented with strong conceptual, analytical, problem solving, decision making and planning skills.
Must have the ability to utilize application, scripting and operating system commands to configure, debug, and monitor large scale production systems.
Knowledge of modern software development lifecycles, including Agile and iterative development.
Excellent written and oral communication skills; and demonstrated ability to interact with technical, non-technical, and business members of the organization.
Ability to accurately interpret business direction and clarify technology's alignment with stakeholder needs.
When you join our team:
We'll empower you to learn and grow the career you want.
We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
As part of our global team, we'll support you in shaping the future you want to see.
#LI-JH
About Manulife and John Hancock
Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit *************************************************
Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact ************************.
Primary Location
Boston, Massachusetts
Working Arrangement
Hybrid
Salary range is expected to be between
$124,250.00 USD - $230,750.00 USD
If you are applying for this role outside of the primary location, please contact ************************ for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance.
Manulife/John Hancock offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension/401(k) savings plans and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in the U.S. includes up to 11 paid holidays, 3 personal days, 150 hours of vacation, and 40 hours of sick time (or more where required by law) each year, and we offer the full range of statutory leaves of absence.
Know Your Rights I Family & Medical Leave I Employee Polygraph Protection I Right to Work I E-Verify I Pay Transparency
Company: John Hancock Life Insurance Company (U.S.A.)
Multiple permanent positions_Certified Security Architect_w2
Security Architect Job 7 miles from Pawtucket
We are from US IT Solutions, an ISO Certified, E-Verify, WMBE Certified organization established in 2005 in CA. Our company is serving various State, Local and County Departments for over 10 years. USITSOL has been helping clients innovate across all phases of the application lifecycle for over a decade. Some of our prestigious clients are State of CA, State of OR, State of FL, State of NC, State of GA, State of CO, State of VA, State of AR, State of MI, State of OH, State of IL, State of MO, State of MS, California State University, Sacramento Area Sanitation Department, SMUD, Sound Transit, LA Superior Courts, District of Columbia, UMAS, University of Central Florida and Hennepin County and many more.
Job Description
We are looking to fill multiple full time positions as Information Security Architects in Cumberland RI.
Qualifications
A minimum of 5+ years of relevant security domain experience.
• 3+ years of hands on technical experience in network and perimeter security
• A minimum of 3 years in an architecture role and be able to lead/step up as needed
• Demonstrated expertise in integrating/developing security solutions in a 7x24 production environment
• Prior experience in defining the technology strategy for a large, global organization, and the ability to influence and persuade peers and colleagues in other reporting structures
• Strong Plus Skills:
o Industry recognized certifications such as CISA, CISM, CISSP, or SANS GIAC are a plus
o Virtualization Security experience is a strong plus (VMware ESX 6.x, Hytrust, Hypervisor, in-hypervisor malware control. Virtual NIC, NSX or equivalent.)
o Knowledge of risk assessment methodologies, IT policies and standards
o Knowledge of vulnerability identification tools, Qualys, Veracode, Qualys WAS.
Additional Information
In person interview is acceptable.
Lead Security Architect
Security Architect Job 37 miles from Pawtucket
Circle is a financial technology company at the epicenter of the emerging internet of money, where value can finally travel like other digital data - globally, nearly instantly and less expensively than legacy settlement systems. This ground-breaking new internet layer opens up previously unimaginable possibilities for payments, commerce and markets that can help raise global economic prosperity and enhance inclusion. Our infrastructure - including USDC, a blockchain-based dollar - helps businesses, institutions and developers harness these breakthroughs and capitalize on this major turning point in the evolution of money and technology.
What you'll be part of:
Circle is committed to visibility and stability in everything we do. As we grow as an organization, we're expanding into some of the world's strongest jurisdictions. Speed and efficiency are motivators for our success and our employees live by our company values: Multistakeholder, Mindfulness, Driven by Excellence and High Integrity. Circlers are consistently evolving in a remote world where strength in numbers fuels team success. We have built a flexible and diverse work environment where new ideas are encouraged and everyone is a stakeholder.
What you'll be responsible for:
Circle is seeking a passionate Lead Security Architect to design, implement, and maintain robust security solutions that ensure the integrity of our systems. This critical role requires a deep understanding of modern cloud-first architecture, with a preference for candidates who have experience applying these practices within Blockchain technologies and to the user endpoint level. As part of the Security Engineering team, you will collaborate closely with our Engineering teams to not only support the security of USDC but also challenge the current architecture, ensuring that it meets our present and, more importantly, future needs. By leading initiatives to enhance our security posture, you will play a vital role in shaping the long-term security strategy of Circle. If you are looking for an opportunity that combines technical challenge with the potential for professional growth in a forward-thinking organization, we would love to hear from you.
This is a work from home position however all candidates must live in the Greater Boston, MA area and be available to come onsite upon short notice.
What you'll work on:
Develop and refine the security architecture for the organization, ensuring alignment with cloud-first principles while adapting to emerging technologies and threats.
Propose technical architecture options for security risk, provides specialized technical advice to support the design and development of secure architectures and identify security controls to mitigate those risks.
Integrate cloud-architecture principles to the user endpoint level to enhance the security posture and validate the integrity of systems.
Assist in evaluations of security architecture that may include design assessment, risk assessment, threat modeling and code review.
Provide on-site security support (e.g. network and endpoint) for executive leadership during key events.
Collaborate with Engineering to embed security and enhance protocols for future needs.
Engage in on-site assessments of cybersecurity and network integrity for key stakeholders.
You will aspire to our four core values:
Multistakeholder - you have dedication and commitment to our customers, shareholders, employees and families and local communities.
Mindful - you seek to be respectful, an active listener and to pay attention to detail.
Driven by Excellence - you are driven by our mission and our passion for customer success which means you relentlessly pursue excellence, that you do not tolerate mediocrity and you work intensely to achieve your goals.
High Integrity - you seek open and honest communication, and you hold yourself to very high moral and ethical standards. You reject manipulation, dishonesty and intolerance.
What you'll bring to Circle:
Proven experience as a Security Architect or similar role, with a strong track record in designing and implementing robust security frameworks in cloud environments.
Adept at conducting risk assessments, with the ability to translate complex technical concepts to non-technical stakeholders.
Strong collaborative skills, demonstrated by effectively partnering with cross-functional teams to cultivate a proactive culture of security awareness and drive continuous improvement.
Proven ability to communicate effectively and influence diverse stakeholders to swiftly resolve issues and align on organizational objectives.
Excellent problem-solving abilities and a strategic mindset, capable of anticipating future security challenges and evolving architectural requirements.
Enthusiasm for scalable, reproducible security practices.
Self-motivated and creative problem-solver able to work independently with minimal guidance.
Ability to manage multiple competing priorities and use good judgment to establish order or priorities on the fly.
The ability to design and operate controls that are easy to test and audit.
Experience working in financial services or financial technology desired.
In-depth knowledge of security best practices, compliance standards, and regulatory requirements, particularly within the Financial and/or Blockchain industry.
7+ years of experience as a security engineer with a minimum of two years (can be overlapping) focusing on cybersecurity architecture.
Experience/familiarity with Slack, Apple MacOS, and GSuite.
Circle is on a mission to create an inclusive financial future, with transparency at our core. We consider a wide variety of elements when crafting our compensation ranges and total compensation packages.
Starting pay is determined by various factors, including but not limited to: relevant experience, skill set, qualifications, and other business and organizational needs. Please note that compensation ranges may differ for candidates in other locations.
Base Pay Range: $172,500 - $227,500
We are an equal opportunity employer and value diversity at Circle. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Additionally, Circle participates in the E-Verify Program in certain locations, as required by law.
Should you require accommodations or assistance in our interview process because of a disability, please reach out to
accommodations@circle.com
for support. We respect your privacy and will connect with you separately from our interview process to accommodate your needs.
#LI-Remote
Risk Management - Security Architect Co-op
Security Architect Job 37 miles from Pawtucket
Who We Are Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.
To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures-and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.
What You'll Do
This is a Co-op position within BCG´s Information Security Risk Management team. The role of Information Security includes protecting intellectual property that is critical to BCG and our clients, protecting BCG´s brand reputation by securing our environment and data from disclosure as well as protecting people, processes and technology of all systems owned and operated by BCG. The Information Security Co-Op works with security, Risk, IT, and business services teams inside BCG to secure enterprise information by evaluating security requirements; planning, implementing, and testing security systems; participate in Risk and IT projects representing information security; assisting in the preparation of security standards, policies, procedures, and risk assessments; and providing information security guidance.
Some Co-op responsibilities include, but are not limited to:
* Perform first level analysis of existing and proposed applications and systems to identify threats and risks
* Suggest alternative security mitigations or compensating controls to allow for business to continue while protecting BCG's assets
* Develop and enhance security checklists and procedures
* Assist in the creation, maintenance, and delivery of the information security technology strategy and roadmap
* Participate in the configuration, implementation, monitoring, and support of security software and systems that will help ensure compliance with regulatory, industry, and corporate guidelines, policies, and procedures
YOU'RE GOOD AT
* Logical thinking and analysis to review business and information security requirements, consider potential vulnerabilities and exploits, and help determine risk.
* Researching, analyzing, and understanding new technologies in the field of information technology and information management.
* Documenting and communicating the results of your analysis.
* Methodical troubleshooting
* Working with a team
What You'll Bring
* Broad understanding of information technology including concepts of operating systems, databases, and networks, with detailed knowledge of some specific operating systems, databases, and networks.
* Previous experience in writing software and with scripting languages.
* Previous experience in information security and use of information security tools is desirable but not required.
Who You'll Work With
You will work under the guidance of an experienced information security architect, working directly with a variety of teams consisting of information security and risk professionals, information technology professionals, and business service delivery professionals.
Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.
BCG is an E - Verify Employer. Click here for more information on E-Verify.
Security Architect
Security Architect Job 37 miles from Pawtucket
At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. The Security Architect will be key in developing and implementing a robust security posture that aligns with business objectives. Reporting to the CISO, this role will provide cybersecurity expertise to internal and external stakeholders while moving a high-value threat informed security strategy across the organization.
The successful candidate will promote a 'secure-by-design' approach, working with teams to deliver on best practices and maintain evolving security protections. The ideal candidate will have the right mix of skills, which include effective communication of complex security concepts to various stakeholders, a strategic mindset, deep technical expertise, and the ability to balance risk management with hands-on implementation and operational excellence.
RESPONSIBILITIES:
* Build and evolve a strong security architecture that is fitting with industry best practices (i.e. NIST, ISO 27001, CIS Controls) and business goals.
* Conduct regular security assessments, vulnerability analyses, and threat modeling to identify and mitigate risks across the organization
* Design and enforce security configurations for on-premises and cloud environments (i.e. AWS, Azure, GCP), ensuring compliance with regulatory requirements.
* Provide strategic guidance and oversight during critical security incidents, serving as a key decision-maker and escalation point for complex and potentially high-impact events.
* Evaluate, implement, and optimize security tools and endpoint protection to enhance threat detection and response capabilities.
* Collaborate with business units and cross functional teams to gather security requirements and ensure the effective implementation of controls and enhance secure architectures for established enterprise platforms and business-critical systems.
* Recommend and help implement changes to the enterprise security ecosystem, including policies, practices, and tools, to mitigate security challenges and improve the overall security posture.
* Partner with cross-functional teams to integrate security into operational workflows.
* Partner with application development teams to integrate security into all stages of the Software Development Lifecycle (SDLC) by utilizing appropriate tools and methodologies, while training and coaching development teams on secure coding practices to foster a culture of security within engineering.
* Collaborate with the CISO to develop security roadmaps aligned with business objectives and security principles.
* Serve as a key technical advisor and advocate for enhanced security across the organization, collaborating with business units and stakeholders to ensure the effective implementation of security best practices, drive continuous improvement, and enhance the overall security posture.
* Create, maintain, and communicate appropriate architecture diagrams and technical documentation (e.g., configuration guides, operational procedures) to support the security architecture and transition operational responsibilities of new security tools and processes to appropriate teams.
* Support the GRC team in Third Party Security Assessments to evaluate feasibility, integrations, and ensure secure implementation of solutions.
* Stay updated on emerging security trends, technologies, and regulations.
QUALIFICATIONS:
* 10+ years of experience in information security, with at least 3 years in a security architecture role.
* Proficiency in securing multi-cloud environments, identity and access management (IAM), zero-trust architectures, and security automation.
* Expertise in developing and maintaining cybersecurity standards, mapping and tailoring controls, and overseeing security metrics to ensure alignment with security objectives and compliance requirements
* Proficient knowledge of security frameworks (i.e. ISO27001, NIST Cybersecurity Framework (CSF), PCI DSS, COBIT, MITRE ATT&CK, STRIDE, NIST SP 800-53, CIS Benchmarks), compliance standards (i.e. GDPR, CPRA), and best practices.
* Experience with security technologies, such as firewalls, WAFs, SIEM, CASB, CSPM, IPS, SWG, CNAPP, SCA, SAST, DAST, and endpoint protection tools.
* Hands-on experience with cloud platform security (AWS, Azure, or GCP) and PaaS platforms..
* Strong analytical and problem-solving skills, with the ability to work effectively under pressure.
* Exceptional verbal and written communication skills to articulate complex security concepts to technical and non-technical stakeholders.
* Preferably one or more security industry certifications, such as CISSP, CISM, GSEC, CCSK, CCSP, CEH or other relevant industry certifications.
* Familiarity with emerging security technologies such as AI/ML-based threat detection.
* Ability to respond to security incidents after hours
* Ability to work on premise from our Boston Headquarters 4 days per week.
This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.
Interested in the role, but don't meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Security Architect (Lowell, MA)
Security Architect Job 38 miles from Pawtucket
Introduction A career in IBM Software means you'll be part of a team that transforms our customer's challenges into solutions. Seeking new possibilities and always staying curious, we are a team dedicated to creating the world's leading AI-powered, cloud-native software solutions for our customers. Our renowned legacy creates endless global opportunities for our IBMers, so the door is always open for those who want to grow their career.
IBM's product and technology landscape includes Research, Software, and Infrastructure. Entering this domain positions you at the heart of IBM, where growth and innovation thrive.
Your Role and Responsibilities
We're looking for a Security Architect to join the IBM web Methods security team. Responsibilities will include:
+ Develop a complete understanding of webmethod products and technology
+ Align organizational security strategy with overall business strategy
+ Identify and comminate current and emerging security threats
+ Design security architecture elements to mitigate security threats
+ Perform or supervise vulnerability testing, risk analyses and security assessments
+ Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
+ Provide guidance to security team
+ Effectively collaborate with corporate security teams and application development teams
+ Responds to, and investigates, security incidents and provides thorough post-event analyses
+ Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
+ Evaluate and recommend security tools and best practices
+ Updates job knowledge by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, and participating in professional organizations
Glsab24
Required Technical and Professional Expertise
+ Thorough knowledge of relevant industry security standards including ISO27001, NIST and SOC
+ Advanced understanding of security protocols, cryptography, and security
+ Prior experience and thorough understanding of AWS and Azure architecture
+ Prior experience with feature development within a cloud environment
+ Prior experience handling design reviews
Preferred Technical and Professional Expertise
+ Obtained cyber security certification like CISSP, CISA and CISM
+ Obtained AWS/Azure Security certification
+ Risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies
About Business UnitIBM Software infuses core business operations with intelligence-from machine learning to generative AI-to help make organizations more responsive, productive, and resilient. IBM Software helps clients put AI into action now to create real value with trust, speed, and confidence across digital labor, IT automation, application modernization, security, and sustainability. Critical to this is the ability to make use of all data, because AI is only as good as the data that fuels it. In most organizations data is spread across multiple clouds, on premises, in private datacenters, and at the edge. IBM's AI and data platform scales and accelerates the impact of AI with trusted data, and provides leading capabilities to train, tune and deploy AI across business. IBM's hybrid cloud platform is one of the most comprehensive and consistent approach to development, security, and operations across hybrid environments-a flexible foundation for leveraging data, wherever it resides, to extend AI deep into a business.
Your Life @ IBMIn a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better.
Being an IBMer means you'll be able to learn and develop yourself and your career, you'll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background.
Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do.
Are you ready to be an IBMer?
About IBMIBM's greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world.
Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we're also one of the biggest technology and consulting employers, with many of the Fortune 50 companies relying on the IBM Cloud to run their business.
At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it's time for you to join us on our journey to being a responsible technology innovator and a force for good in the world.
Location StatementIBM offers a competitive and comprehensive benefits program. Eligible employees may have access to:
- Healthcare benefits including medical & prescription drug coverage, dental, vision, and mental health & well being.
- Financial programs such as 401(k), cash balance pension plan, the IBM Employee Stock Purchase Plan, financial counseling, life insurance, short & long- term disability coverage, and opportunities for performance based salary incentive programs.
- Generous paid time off including 12 holidays, minimum 56 hours sick time, 120 hours vacation, 12 weeks parental bonding leave in accordance with IBM Policy, and other Paid Care Leave programs. IBM also offers paid family leave benefits to eligible employees where required by applicable law.
- Training and educational resources on our personalized, AI-driven learning platform where IBMers can grow skills and obtain industry-recognized certifications to achieve their career goals.
- Diverse and inclusive employee resource groups, giving & volunteer opportunities, and discounts on retail products, services & experiences
The compensation range and benefits for this position are based on a full-time schedule for a full calendar year. The salary will vary depending on your job-related skills, experience and location. Pay increment and frequency of pay will be in accordance with employment classification and applicable laws. For part time roles, your compensation and benefits will be adjusted to reflect your hours. Benefits may be pro-rated for those who start working during the calendar year.
This position was posted on the date cited in the key job details section and is anticipated to remain posted for 21 days from this date or less if not needed to fill the role.
We consider qualified applicants with criminal histories, consistent with applicable law.
IBM will not be providing visa sponsorship for this position now or in the future. Therefore, in order to be considered for this position, you must have the ability to work without a need for current or future visa sponsorship.
Being You @ IBMIBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Sr Cyber Security Architect II
Security Architect Job 30 miles from Pawtucket
Sr Cyber Security Architect
Work Model: Hybrid, Framingham MA
Staples is business to business. You're what binds us together.
Our digital solutions team is more than a traditional IT organization. We are a team of passionate, collaborative, agile, inventive, customer-centric, results-oriented problem solvers. We are intellectually curious, love advancements in technology and seek to adapt technologies to drive Staples forward. We anticipate the needs of our customers and business partners and deliver reliable, customer-centric technology services.
What you'll be doing:
Designs and oversees implementation of enterprise information security architectures and solutions.
Recommends modifications to application development, database design, networking, or infrastructure architecture with the goal of complying with internal information security policies and standards.
Develops or assists in the development of security policies, standards, and strategies.
Performs or participates in security audits, identifies security gaps, and develops and implements risk mitigation solutions.
Handles the most complex issues.
Be a technology leader collaborating with teams of senior systems engineers, senior network engineers, senior cloud engineers, cybersecurity architects, and software developers.
Partner with technology and business teams to fully understand business priorities and promote cybersecurity by design.
Monitors emerging products, technologies, or best practices that will improve security for the organization and its stakeholders.
Maintain broad knowledge of emerging threats and technologies, and techniques to detect and mitigate them.
Develop and maintain cybersecurity reference architectures for consumption by technical and project teams.
Development and maintenance of Security Architecture documents and artifacts.
What you bring to the table:
Strong oral, written, and visual communication skills.
Strong problem-solving ability and analytical skills.
Strong understanding and knowledge of architecture standards and patterns, and a passion for advocating their correct usage.
Strong understanding and knowledge of best practices for securing networks and computer systems.
Effective negotiation skills.
Strong leadership and team-building abilities.
Ability to work as part of a team. Customer/client orientation. Problem/situation analysis.
Detail oriented.
Project management skills
What's needed- Basic Qualifications
Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related area, or related field or equivalent work experience
A minimum of 10 years of experience in a cybersecurity role with progressive responsibility experience in Cybersecurity, IT, Systems Administration, Network Architecture, Systems Development, or related fields.
Experience designing, architecting, or implementing complex systems.
Experience creating technical documentation and diagrams.
Proficient in cybersecurity frameworks and standards.
What's needed- Preferred Qualifications
Experience leading IT and cybersecurity projects.
In-depth knowledge of networking systems, Microsoft OS, Linux OS and virtualization technologies.
In-depth knowledge with cloud architectures and security approaches, particularly in Microsoft Azure.
Experienced with cloud security, identity management, threat modeling, and incident response.
We Offer:
Inclusive culture with associate-led Business Resource Groups
22 days of PTO and Holiday Schedule (7 observed paid holidays + 1 floating holiday)
Online and Retail Discounts, Company Match 401(k), Physical and Mental Health Wellness programs, and more!
Enterprise Application Security Architect
Security Architect Job 37 miles from Pawtucket
Ready to help us transform healthcare? Bring your true colors to blue. What We Need Enterprise Security Architecture is about defining, in a measurable way, what the business is trying to achieve (Goals, Objectives, Drivers, OKRs, business outcomes) and driving the change planning needed to achieve those goals. The Enterprise Security Architect must have extensive experience in designing and implementing enterprise-level solutions. Prior experience focusing on the healthcare payer space is a plus. They will be responsible for ensuring that our technology strategy aligns with the overall business strategy, and for driving innovation through technology solutions.
The intent of the Enterprise Application Security Architect is to focus on how we incorporate preventative and proactive approaches to our SDLC to protect our constituents and our enterprise. The architect will work with other architects to ensure that security is an integral part of the design process. Working with the Enterprise Architecture team the Enterprise Architect - Application Security will focus on ensuring that we have a controlled approach to managing development risk.
You Day to Day
+ Develop and maintain an overall technology architecture and roadmap that supports the organization's strategic goals.
+ Partner with business and IT leaders to identify and prioritize technology initiatives that will drive business value.
+ Lead the strategic roadmap efforts around our primary enterprise assets including core payer system for claims
processing, member enrollment, provider management, and benefits administration.
+ Lead strategic innovation and roadmap efforts for supporting platforms and systems including things in the back
office (CRM, Content Management, Messaging, Chat, AI/ML....).
+ Define and maintain architecture standards and guidelines, ensuring that all technology solutions adhere to these
standards.
+ Partner with solution architects, development teams, and other stakeholders to ensure that technology solutions
are scalable, reliable, and secure.
+ Identify emerging technologies and trends that could impact the business and evaluate these technologies for
potential adoption.
+ Collaborate with other architects and IT leaders to ensure that technology solutions are integrated and aligned
across the organization.
+ Elaboration of related Security Development standards, patterns, and prototypes.
+ Elaboration of capability models, target state architectures, and roadmaps for application security.
+ Development of policies and practices to drive compliance with related standards and roadmaps.
+ Development of measures to evaluate maturity in related areas.
+ Will work with developers to determine security concerns / needs for specific applications.
+ Evaluate existing applications for vulnerabilities and provide recommendations for remediation.
+ Define controls to address known audit concerns.
+ Develop / define approaches for a secure SDLC approach.
+ Educate developers and architects on security concerns and mitigation approaches.
+ Help respond to security audits and incidents for architecture.
What You Bring
+ Deep experience (5+ years) in enterprise level architecture security domain
+ At least 10 years of experience in related focus area (applications security).
+ Experience with industry-standard architecture frameworks such as TOGAF, Zachman, or FEA.
+ Proven ability to develop and maintain technology roadmaps that align with business strategy.
+ Excellent communication skills, with the ability to translate technical concepts into business terms.
+ Strong leadership skills, with the ability to lead and influence others.
+ Experience with cloud-based architecture and microservices is a plus.
+ Knowledge of healthcare industry regulations and standards, such as HIPAA and HITECH, is a plus. Ability to
utilize and demonstrate proficiency with Information Technology systems.
+ Experience with standard IT and IT Security frameworks a plus (COBIT, ITIL, NIST, ASVS)
+ Healthcare payer system's experience is a plus.
+ Bachelor's degree or comparable relevant experience in Computer Science, Information Systems, or a related field.
+ A pplications and Cybersecurity Related Certifications a plus
It is our mission at Blue Cross Blue Shield of Massachusetts to foster a culture that enables associates to do their best work while living happy and healthy lives. That's why we offer you a variety of ways to support your best physical, emotional, financial, and social well-being. For more information on our benefit offerings, visit **********************************************
#LI-Hybrid
Minimum Education Requirements:
High school degree or equivalent required unless otherwise noted above
LocationBoston, HinghamTime TypeFull time
Salary Range: $161,280.00 - $197,120.00
The job posting range is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee's pay position within the salary range will be based on several factors including, but limited to, relevant education, qualifications, certifications, experience, skills, performance, shift, travel requirements, sales or revenue-based metrics, and business or organizational needs and affordability.
This job is also eligible for variable pay.
We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance, 401(k), and a suite of well-being benefits to eligible employees.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law.
WHY Blue Cross Blue Shield of MA?
We understand that the confidence gap (******************************************************************************** and imposter syndrome (********************************************************************* can prevent amazing candidates coming our way, so please don't hesitate to apply. We'd love to hear from you. You might be just what we need for this role or possibly another one at Blue Cross Blue Shield of MA. The more voices we have represented and amplified in our business, the more we will all thrive, contribute, and be brilliant. We encourage you to bring us your true colors, , your perspectives, and your experiences. It's in our differences that we will remain relentless in our pursuit to transform healthcare for ALL.
As an employer, we are committed to investing in your development and providing the necessary resources to enable your success. Learn how we are dedicated to creating an inclusive and rewarding workplace that promotes excellence and provides opportunities for employees to forge their unique career path by visiting our Company Culture (************************************************** page. If this sounds like something you'd like to be a part of, we'd love to hear from you. You can also join our Talent Community (*************************************************************** Type=JTC) to stay "in the know" on all things Blue.
At Blue Cross Blue Shield of Massachusetts, we believe in wellness and that work/life balance is a key part of associate wellbeing. For more information on how we work and support that work/life balance visit our "How We Work (************************************************** " Page.
Voted as the highest in member satisfaction among Massachusetts commercial health plans by JD Power , Blue Cross Blue Shield of Massachusetts is a community-focused, tax-paying, not-for-profit health plan headquartered in Boston. We have been a market leader for over 75 years, and are consistently ranked among the nation's best health plans. Our daily efforts are dedicated to effectively serving our 2.8 million members, and consistently offering security, stability, and peace of mind to both our members and associates.
Our Commitment to You
We are committed to investing in your development and providing the necessary resources to enable your success. We are dedicated to creating a refreshing and rewarding workplace that promotes excellence and provides opportunities for employees to forge their unique career path. We take pride in our diverse, community-centric, wellness-focused culture and believe every member of our team deserves to enjoy a positive work-life balance.
Blue Cross Blue Shield of Massachusetts is an Equal Employment / Affirmative Action Employer. Applicants are considered for all positions without regard to race, color, religion, sex, national origin, age, veteran status, disability, sexual orientation, gender identity or expression, or any other characteristics protected by law.
Blue Cross Blue Shield of Massachusetts will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with Blue Cross Blue Shield of Massachusetts's legal duty to furnish information.
Cloud Security Architect
Security Architect Job 37 miles from Pawtucket
A cloud security architect must be conversant with a breadth of technologies used to protect data, workloads, and systems within cloud platforms.
Responsibilities of a cloud security architect include:
Designing and implementing cloud security strategies and policies that meet an organization's specific needs.
Ensuring the security of cloud-based data and applications against unauthorized access, theft, and other threats.
Conducting regular security assessments and audits to identify vulnerabilities and develop plans to address them.
Collaborating with other IT professionals, including network engineers, developers, security team, and operational team to integrate cloud security measures into existing systems and processes.
Staying up to date on the latest cloud security technologies, trends, and best practices.
Reviewing and understanding remediation options from application vulnerability monitoring and assessment tooling.
Skills sought in a cloud security architect:
Strong analytical and problem-solving skills, with an ability to think strategically and tactically about complex cloud security issues.
Excellent communication skills, including communicating complex technical concepts to non-technical stakeholders.
The ability to work independently but collaborate closely and effectively with developers and other IT professionals at project start and critical project junctures.
The ability to manage multiple projects and priorities and meet deadlines in a fast-paced environment.
Attention to detail and a commitment to quality work.
Typical requirements for a cloud security architect are:
A bachelor's or master's degree in computer science, information technology, or a related field.
At least five years of cloud security experience, focusing on designing and implementing secure cloud computing solutions.
A strong understanding of cloud computing technologies, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
Knowledge of security frameworks such as ISO 27001, NIST Cybersecurity Framework, and CIS Controls.
Familiarity with cloud security platforms like Microsoft Azure, Amazon Web Services, and Google Cloud Platform.
Certifications such as Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), or Certified Cloud Architect (CCA) are preferred.
Desirable experience for a cloud security architect include:
Identity Access Management and Identity Provider technologies and features
Authentication and authorization strategies; SSO
DevSecOps practices and testing as part of CICD pipeline workflows
Key and secrets management services
Networking and security best practices using VPC/VNet/Subnet deployment
Kubernetes technology including network policy management
Experience with private link / endpoint strategies
We are an equal-opportunity employer and do not discriminate because of race, color, religion, sex, national origin, ancestry, marital status, veteran status, age, disability, sexual orientation or gender identity or expression or any other legally protected category. InterSystems is an E-Verify Employer in the United States.
About InterSystems
Established in 1978, InterSystems provides innovative data solutions for organizations with critical information needs in the healthcare, finance, and logistics sectors and beyond. Our cloud-first data platforms solve interoperability, speed, and scalability problems for organizations around the globe. InterSystems also develops and supports data management in hospitals through the world's most proven electronic medical record, as well as unified care records for health systems and governments through a powerful suite of healthcare data integration solutions. The company is committed to excellence through its award-winning, 24×7 support for customers and partners in more than 80 countries. Privately held and headquartered in Cambridge, Massachusetts, InterSystems has 25 offices worldwide. For more information, please visit InterSystems.com.
Information Systems Security Officer (ISSO) II
Security Architect Job 43 miles from Pawtucket
Type of Requisition:
Regular
Clearance Level Must Currently Possess:
Top Secret/SCI
Clearance Level Must Be Able to Obtain:
Top Secret SCI + Polygraph
Public Trust/Other Required:
None
Job Family:
Information Security
Job Qualifications:
Skills:
Information Security, Information Security Management, Information System Security
Certifications:
None
Experience:
2 + years of related experience
US Citizenship Required:
Yes
Job Description:
The ISSO is responsible for ensuring the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the ISSM and ISO. The position shall have the detailed knowledge and expertise required to manage the security aspects of an information system and, in many organizations, is assigned responsibility for the day-to-day security operations of a system. This also will include physical and environmental protection, personnel security, incident handling, and security training and awareness.
It will be required to work in close coordination with the ISSM and ISO in monitoring the information system(s) and its environment of operation to include developing and updating the authorization documentation, implementing configuration management across authorization boundaries. This will include assessing the security impact of those changes and making recommendation to the ISSM.
The primary function is working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, Office of the Secretary of Defense (OSD) and Military Compartments efforts. The position will provide “day-to-day” support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities.
Performance shall include:
Assist the ISSM in meeting their duties and responsibilities.
Prepare, review, and update authorization packages.
Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media.
Notify ISSM when changes occur that might affect the authorization determination of the information system(s).
Conduct periodic reviews of information systems to ensure compliance with the security authorization package.
Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change.
Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly.
Ensure all IS security-related documentation is current and accessible to properly authorized individuals.
Ensure audit records are collected, reviewed, and documented (to include any anomalies)
Attend required technical and security training (e.g., operating system, networking, security management) relative to assigned duties.
Execute the cyber security portion of the self-inspection, to include providing security coordination and review of all system assessment plans.
Identify cyber security vulnerabilities and assist with the implementation of the countermeasures for them.
Prepare reports on the status of security safeguards applied to computer systems.
Perform ISSO duties in support of in-house and external customers.
Conduct security impact analysis activities and provide to the ISSM on all configuration management changes to the authorization boundaries.
Experience:
2+ years related experience.
SAP experience required.
Prior performance in roles such as System, Network Administrator, or ISSO.
Education:
Bachelor's degree in a related area or equivalent experience (4 years)
Certifications:
IAT Level II or IAM Level II (Security+ CE, CCNA Security, etc.)
Security Clearance:
TS/SCI required.
Must be able to Attain - TS/SCI with CI Polygraph.
#AirforceSAPOpportunities #MA #TS/SCI #ISSO
The likely salary range for this position is $91,811 - $121,670. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Scheduled Weekly Hours:
40
Travel Required:
10-25%
Telecommuting Options:
Onsite
Work Location:
USA MA Bedford
Additional Work Locations:
Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 30 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.We connect people with the most impactful client missions, creating an unparalleled work experience that allows them to see their impact every day. We create opportunities for our people to lead and learn simultaneously. From securing our nation's most sensitive systems, to enabling digital transformation and cloud adoption, our people are the ones who make change real.GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
Cloud Security Architect
Security Architect Job 38 miles from Pawtucket
A cloud security architect must be conversant with a breadth of technologies used to protect data, workloads, and systems within cloud platforms.
Responsibilities of a cloud security architect include:
Designing and implementing cloud security strategies and policies that meet an organization's specific needs.
Ensuring the security of cloud-based data and applications against unauthorized access, theft, and other threats.
Conducting regular security assessments and audits to identify vulnerabilities and develop plans to address them.
Collaborating with other IT professionals, including network engineers, developers, security team, and operational team to integrate cloud security measures into existing systems and processes.
Staying up to date on the latest cloud security technologies, trends, and best practices.
Reviewing and understanding remediation options from application vulnerability monitoring and assessment tooling.
Skills sought in a cloud security architect:
Strong analytical and problem-solving skills, with an ability to think strategically and tactically about complex cloud security issues.
Excellent communication skills, including communicating complex technical concepts to non-technical stakeholders.
The ability to work independently but collaborate closely and effectively with developers and other IT professionals at project start and critical project junctures.
The ability to manage multiple projects and priorities and meet deadlines in a fast-paced environment.
Attention to detail and a commitment to quality work.
Typical requirements for a cloud security architect are:
A bachelor's or master's degree in computer science, information technology, or a related field.
At least five years of cloud security experience, focusing on designing and implementing secure cloud computing solutions.
A strong understanding of cloud computing technologies, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
Knowledge of security frameworks such as ISO 27001, NIST Cybersecurity Framework, and CIS Controls.
Familiarity with cloud security platforms like Microsoft Azure, Amazon Web Services, and Google Cloud Platform.
Certifications such as Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), or Certified Cloud Architect (CCA) are preferred.
Desirable experience for a cloud security architect include:
Identity Access Management and Identity Provider technologies and features
Authentication and authorization strategies; SSO
DevSecOps practices and testing as part of CICD pipeline workflows
Key and secrets management services
Networking and security best practices using VPC/VNet/Subnet deployment
Kubernetes technology including network policy management
Experience with private link / endpoint strategies
We are an equal-opportunity employer and do not discriminate because of race, color, religion, sex, national origin, ancestry, marital status, veteran status, age, disability, sexual orientation or gender identity or expression or any other legally protected category. InterSystems is an E-Verify Employer in the United States.
About InterSystems
Established in 1978, InterSystems provides innovative data solutions for organizations with critical information needs in the healthcare, finance, and logistics sectors and beyond. Our cloud-first data platforms solve interoperability, speed, and scalability problems for organizations around the globe. InterSystems also develops and supports data management in hospitals through the world's most proven electronic medical record, as well as unified care records for health systems and governments through a powerful suite of healthcare data integration solutions. The company is committed to excellence through its award-winning, 24×7 support for customers and partners in more than 80 countries. Privately held and headquartered in Cambridge, Massachusetts, InterSystems has 25 offices worldwide. For more information, please visit InterSystems.com.