Security architect jobs in Richmond, VA

**About the role** You will design and govern security reference architectures, standards, and controls for cloud primitives (compute, network, storage), identity and access, data protection, container/Kubernetes platforms, AI/ML systems, and developer platforms. You will lead high-impact design reviews, threat modeling, and cryptographic strategy; guide zero-trust adoption; and drive detection, response, and resilience patterns at scale. You will collaborate with senior leaders and product teams, mentor engineers, and influence roadmaps through clear writing, principled prioritization, and metrics. Ideal candidates bring deep experience "building clouds," large-scale distributed systems, and security-by-design, with a track record of shipping secure platforms. You are practical, inclusive, and customer-obsessed, balancing rigor with velocity. If you thrive at the intersection of architecture, hands-on engineering, and incident leadership-and want to make a broad impact across Oracle's cloud-this role is for you. **About the business** Oracle's Secure Technology, Architecture and Safety (STAS) group sets the strategic technical direction for security across Oracle, shaping the future of secure cloud computing while partnering deeply with engineering and operations. We are seeking a Security Architect (Architect/Distinguished Engineer caliber) to define end-to-end security architecture for hyperscale cloud platforms and services, raise the security bar across the software lifecycle, and lead response to complex security incidents. **What you'll do** + Set strategy: Define multi-year security architecture strategy and roadmaps for cloud foundations, identity, data protection, platform security, AI/ML safety, and secure supply chain. + Authoritative design: Publish security reference architectures, control baselines, patterns, and design blueprints; lead cross-org design reviews and bar-raising architecture councils. + Build the cloud securely: Advise and co-design core cloud services (compute, networking, storage, virtualization, container/ orchestration, service mesh) with secure-by-default configurations. + Identity and zero trust: Advance strong identity, least privilege, policy-as-code, workload identity, and continuous verification aligned to zero-trust principles. + Cryptography and data protection: Drive KMS/HSM strategy, key lifecycle, envelope encryption, tokenization, privacy-enhancing technologies, and data governance at scale. + Secure SDLC: Embed threat modeling, secure coding, SAST/DAST/IAST, fuzzing, software provenance/SBOMs, signing, and deployment gates into developer platforms and CI/CD. + Detection and response: Partner with SOC and service teams on high-signal detection, telemetry standards, adversary emulation, incident response playbooks, and chaos/resilience testing. + Risk, compliance, and safety: Translate regulatory and customer requirements into engineering-ready controls and evidence; integrate safety-by-design for emerging technologies. + Incident leadership: Lead or advise on significant incidents; perform post-incident reviews, drive systemic fixes, and establish preventative guardrails and metrics. + Influence at scale: Produce clear design docs and RFCs; mentor senior engineers; run architecture reviews; build communities of practice; create learning pathways and reusable assets. **Responsibilities** **What you'll bring** + 12+ years in security architecture/engineering for large-scale distributed systems; significant experience "building clouds" (IaaS/PaaS) or platform engineering. + Expertise in at least three: identity and access management; network and micro segmentation; container/Kubernetes security; virtualization/compute; data protection/crypto; detection/response; supply chain security. + Hands-on depth with one or more: OCI, AWS, Azure, GCP; Kubernetes; service mesh; Terraform/Policy-as-Code; CI/CD; Linux hardening; observability stacks. + Demonstrated ability to lead cross-org initiatives, influence without authority, and deliver secure-by-default solutions at scale. + Strong written and verbal communication; ability to produce clear design docs, threat models, and executive narratives. + Commitment to inclusive collaboration and mentoring. **Preferred Qualifications:** + Experience designing KMS/HSM services, workload identity, confidential computing/TEE, or privacy-enhancing technologies. + Proven leadership in major incident response and post-incident systemic improvements. + Track record of published standards, OSS contributions, or patents in cloud security. + Advanced degree in Computer Science, Engineering, or related field (or equivalent experience). **Leadership competencies** + Performance, drive, and execution You'll deliver value and shape a performance-driven culture while ensuring accountability and communicating expectations. + Collaboration You understand and promote the value of collaboration and inclusivity and can align strategic aims with organizational goals. + Communicating for impact You inspire confidence by championing a clear understanding and support of organizational strategy and objectives. + Inspirational leadership You build a reputation for strategy by inspiring and empowering others while showing leadership internally and externally. + Competitive edge You anticipate changes in customer needs and seize opportunities to build value, encourage innovation, and meet objectives. Disclaimer: **Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.** **Range and benefit information provided in this posting are specific to the stated locations only** US: Hiring Range in USD from: $136,600 to $338,500 per annum. May be eligible for bonus, equity, and compensation deferral. Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle's differing products, industries and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. Oracle US offers a comprehensive benefits package which includes the following: 1. Medical, dental, and vision insurance, including expert medical opinion 2. Short term disability and long term disability 3. Life insurance and AD&D 4. Supplemental life insurance (Employee/Spouse/Child) 5. Health care and dependent care Flexible Spending Accounts 6. Pre-tax commuter and parking benefits 7. 401(k) Savings and Investment Plan with company match 8. Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation. 9. 11 paid holidays 10. Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours. 11. Paid parental leave 12. Adoption assistance 13. Employee Stock Purchase Plan 14. Financial planning and group legal 15. Voluntary benefits including auto, homeowner and pet insurance The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted. Career Level - IC6 **About Us** As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's challenges. We've partnered with industry-leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity. We know that true innovation starts when everyone is empowered to contribute. That's why we're committed to growing an inclusive workforce that promotes opportunities for all. Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs. We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_************* or by calling *************** in the United States. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Seramount, Fair360 and others. If you're as passionate about your future as we are, join our team. KPMG is currently seeking a Director, Tech Engineering to join our Tax Ignition Group. Responsibilities: * Lead the function of responding to clients' security inquires * Meet with clients to answer their security questions and negotiate compensating controls when there are gaps between client requirements and our product offerings * Drive innovation and improvement in the client security inquiry process such incorporating Artificial Intelligence into the process, creating additional collateral such as whitepapers, managing metrics, and improving the tooling and interactions with requestors * Partner with various groups within Tax's technology function and business teams to incorporate trends into product roadmaps; collaborate with other compliance teams, and raise awareness around client security requirements * Review and respond to client security questionnaires and assessments * Build and maintain a knowledge base of common client questions Qualifications: * Minimum ten years of recent experience in Information Technology (IT) security compliance, risk management or related IT security within a large IT organization, preferably within a professional services firm, software product, or other highly regulated environment * Bachelor's degree from an accredited college or university is preferred * Deep understanding of cloud architecture, modern software development, and technical security controls is required; Azure experience is preferred * Strong executive presence, negotiation, presentation, and communication skills are required; excellent analytical and problem-solving skills to assess complex security issues and develop effective solutions; capability to work effectively in a global environment, understanding diverse cultural perspectives and international client needs * Proven experience in client-facing roles, particularly in handling security inquiries, negotiations, and managing client relationships; demonstrated ability to drive innovation and continuous process improvement, particularly in integrating new technologies and methodologies into existing processes * Demonstrated knowledge of industry authoritative sources such as COBIT, NIST, ISO standards; CISM, CISA, ISO 27001 Auditor, LSS Green Belt, CRISC, CIPP, CGEIT or ITIL preferred * Must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa KPMG LLP and its affiliates and subsidiaries ("KPMG") complies with all local/state regulations regarding displaying salary ranges. If required, the ranges displayed below or via the URL below are specifically for those potential hires who will work in the location(s) listed. Any offered salary is determined based on relevant factors such as applicant's skills, job responsibilities, prior relevant experience, certain degrees and certifications and market considerations. In addition, KPMG is proud to offer a comprehensive, competitive benefits package, with options designed to help you make the best decisions for yourself, your family, and your lifestyle. Available benefits are based on eligibility. Our Total Rewards package includes a variety of medical and dental plans, vision coverage, disability and life insurance, 401(k) plans, and a robust suite of personal well-being benefits to support your mental health. Depending on job classification, standard work hours, and years of service, KPMG provides Personal Time Off per fiscal year. Additionally, each year KPMG publishes a calendar of holidays to be observed during the year and provides eligible employees two breaks each year where employees will not be required to use Personal Time Off; one is at year end and the other is around the July 4th holiday. Additional details about our benefits can be found towards the bottom of our KPMG US Careers site at Benefits & How We Work. Follow this link to obtain salary ranges by city outside of CA: ********************************************************************** KPMG offers a comprehensive compensation and benefits package. KPMG is an equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding KPMG's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please. KPMG recruits on a rolling basis. Candidates are considered as they apply, until the opportunity is filled. Candidates are encouraged to apply expeditiously to any role(s) for which they are qualified that is also of interest to them. Los Angeles County applicants: Material job duties for this position are listed above. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness, and safeguard business operations and company reputation. Pursuant to the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers, Fair Chance Initiative for Hiring Ordinance, and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Meta's Product Security team is seeking a experienced hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses. Your skills will be the foundation of security initiatives that protect the security and privacy of over two billion people. You will be relied upon to provide engineering and product teams with the web, mobile, or native code security expertise necessary to make informed product decisions. Come help us make life hard for the bad guys. **Required Skills:** Product Security Engineer, AI Responsibilities: 1. Security Reviews: perform manual design and implementation reviews of products and services that make up the Meta ecosystem, like Instagram, WhatsApp, Oculus, Portal, and more 2. Developer Guidance: provide guidance and education to developers that help prevent the authoring of vulnerabilities 3. Automated Analysis and Secure Frameworks: build automation (static and dynamic analysis) and frameworks with software engineers that enable Meta to scale consistently across all of our products **Minimum Qualifications:** Minimum Qualifications: 4. BS or MS in Computer Science or a related field, or equivalent experience 5. 8+ years of experience finding vulnerabilities in interpreted languages. Knowledge of best practice secure code development 6. Experience with exploiting common security vulnerabilities 7. Knowledge of common exploit mitigations and how they work 8. Coding and scripting experience in one or more general purpose languages **Preferred Qualifications:** Preferred Qualifications: 9. Experience creating software that enables security processes, especially those leveraging AI/ML for automation or augmentation 10. Experience integrating or building AI-powered tools to assist with vulnerability detection, code review, or threat modeling 11. Experience creating software that enables security processes 12. 8+ years of experience finding vulnerabilities in C/C++ code 13. Contributions to the security community (public research, blogging, presentations, bug bounty) 14. Demonstrated ability to collaborate with AI researchers or engineers to apply AI in security workflows **Public Compensation:** $177,000/year to $251,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Ready to be pushed beyond what you think you're capable of? At Coinbase, our mission is to increase economic freedom in the world. It's a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform - and with it, the future global financial system. To achieve our mission, we're seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company's hardest problems. Our ******************************** is intense and isn't for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there's no better place to be. While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported. Coinbase stores more digital currency than any company in the world, making us a top tier target on the internet. Security is core to our mission and has been a key competitive differentiator for us as we scale worldwide. Essential to scaling is building and running a security compliance program that reflects how we protect the data and assets in our care, to open the doors with customers, regulators, auditors, and other external stakeholders. If you love working with fast moving companies to grow and scale security compliance engines and create positive change across the business, we'd like to speak with you about joining our team. Coinbase is looking for a Security Compliance Senior Analyst to drive the second line of defense IT SOX initiatives and help mature the IT SOX program. *What you'll be doing (ie. job duties):* * Lead Security and IT initiatives to support the SOX roadmap and advance program maturity * Assist with SOX planning activities, including scoping of IT systems and creating training material to owners in preparation for SOX audit * Lead security control gap assessments over SOX control environment, recommend remediation plans and track through completion * Assess SOX implications of new products, update relevant controls, and communicate requirements to product organization and other stakeholders * Provide ongoing reporting to stakeholders and leadership on above responsibilities and communicate progress and escalations management * Perform SOX audit and control impact analysis as a result of security and technology incidents and partner with owning teams on control uplift activities * Build close relationships with stakeholder teams including Security, IT, Infrastructure, Engineering, Data, and Finance to advise on SOX requirements and ensure excellence in control ownership * Create and improve SOX procedural documentation, including process documentation, data flow diagrams, and uplifting templates * Work closely with internal and external auditors to educate them about a complex technology control environment * Oversee quality of audit initiatives, identify and analyze process gaps, provide guidance and expertise to team members * Develop creative solutions to prove risk mitigation and solve for complex audit problems faced by the crypto industry * Identify opportunities to address systemic program challenges, recommend solutions and drive efficiency through AI and automation *What we look for in you (ie. job requirements):* * Minimum of 5+ years of security/IT compliance or equivalent experience * Strong knowledge and hands-on experience in Internal Controls over Financial Reporting, SOX 404 frameworks, and testing to support compliance * Prior experience at a big 4 accounting firm * Experience leading compliance initiatives from start to finish * Proven understanding and audit experience of cloud technologies, AWS preferred * Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision * Strong oral and written communication skills * Ability to multitask, direct cross functional work, and hold others accountable to committed deadlines in a fast paced environment * Ability to communicate with technical / non-technical stakeholders to align on shared outcomes * Experience in Financial services, Big Tech, or FinTech *Nice to haves:* * BA or BS in a technical field or equivalent experience * Security certifications e.g. CISA, CISSP, CISM or other relevant certifications * Experience auditing in Crypto space Position ID: P73675 \#LI-Remote *Pay Transparency Notice:* Depending on your work location, the target annual salary for this position can range as detailed below. Full time offers from Coinbase also include bonus eligibility + equity eligibility**+ benefits (including medical, dental, vision and 401(k)). Pay Range: $167,280-$196,800 USD Please be advised that each candidate may submit a maximum of four applications within any 30-day period. We encourage you to carefully evaluate how your skills and interests align with Coinbase's roles before applying. Commitment to Equal Opportunity Coinbase is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the *********************************************** in certain locations, as required by law. Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations*********************************** *Global Data Privacy Notice for Job Candidates and Applicants* Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available ********************************************************** By submitting your application, you are agreeing to our use and processing of your data as required. *AI Disclosure* For select roles, Coinbase is piloting an AI tool based on machine learning technologies to conduct initial screening interviews to qualified applicants. The tool simulates realistic interview scenarios and engages in dynamic conversation. A human recruiter will review your interview responses, provided in the form of a voice recording and/or transcript, to assess them against the qualifications and characteristics outlined in the job description. For select roles, Coinbase is also piloting an AI interview intelligence platform to transcribe and summarize interview notes, allowing our interviewers to fully focus on you as the candidate. *The above pilots are for testing purposes and Coinbase will not use AI to make decisions impacting employment*. To request a reasonable accommodation due to disability, please contact accommodations[at]coinbase.com

We specialize in Staffing, Consulting, Software Development, and Training along with IT services to small to medium size companies. AG's primary objective is to help companies maximize their IT resources and meet the ever-changing IT needs and challenges. In addition, AG offers enterprise resource planning and enterprise application integration, supply-chain management, e-commerce solutions, and B2B public exchanges and B2B process integration solutions. Our company provides application analysis, design, development and programming, software engineering, systems development, testing, integration, and implementation, and management consulting services to various clients - including governmental agencies and private companies - throughout the United States and India. We provide these services in multiple computing environments and use technologies such as client/server architecture, object-oriented programming languages and tools, distributed database management systems, state-of-the-art networking, and communications infrastructures. Our honest and realistic approach to recruiting dictates that AG does not entice or lure engineers from their employers. We represent only high caliber technical professionals who have committed to making a change required by career. Job Description Working knowledge of information technology, IT sourcing, contracting, procurement, legislation and regulations. Excellent oral and written communication skills and excellent analytical skills are needed as well as critical attention to detail. Must exhibit knowledge of contracts and defining measureable business outcomes and service levels is required. Applicant for this position must possess the ability to independently prepare, study, evaluate, and modify contracts for the Agency Experience in risk assessment and mitigation is also needed. Describe the primary functions to be performed by this resource: 1. C&G Document Coordinator for Legislative, EO20, SRS, and other ongoing updates (research for affected documents, edit drafting, approval process, finalization, upload to appropriate access, publication and storage locations, version control storage) CI template updates SharePoint template updates Policy updates ITRM updates 2. C&G CMS SME Backup Document Authoring tasks for new and updated templates in Staging through testing and then into Production 3. C&G EO20/SRS SME Backup Attend weekly team meetings Host weekly C&G status meetings Primary presenter for related communications to SCM Managers Coordinate completion of C&G assigned tasks 4. C&G Special Project Owner/Backup as assigned by C&G Manager Develop and present SOPs for various process improvements Research for special subjects and management needs Mass contract modifications Website analysis and improvement Other administrative supportive tasks 5. Current Lead on project to prepare, draft, and coordinate approval process, prepares finals, store, update, upload (126) Supply Chain Management sourcing and governance documents, Procurement Manual, and webpages. For EO20 (current project) For Legislative updates Replace APR with PGR (ongoing) Replacing Supplier Subcontracting and Reporting Plan Name Pls mention number of years of experience in the below mentioned skills: Documentation IT Contracts Legislation Mitigation Procurement Regulation Risk Assesment Additional Information GOOD COMMUNICATION SKILLS DURATION: 6+ Months Contract INTERVIEW: Telephonic and Skype / Face 2 face

CoStar Group (NASDAQ: CSGP) is a leading global provider of commercial and residential real estate information, analytics, and online marketplaces. Included in the S&P 500 Index and the NASDAQ 100, CoStar Group is on a mission to digitize the world's real estate, empowering all people to discover properties, insights and connections that improve their businesses and lives. We have been living and breathing the world of real estate information and online marketplaces for over 35 years, giving us the perspective to create truly unique and valuable offerings to our customers. We've continually refined, transformed and perfected our approach to our business, creating a language that has become standard in our industry, for our customers, and even our competitors. We continue that effort today and are always working to improve and drive innovation. This is how we deliver for our customers, our employees, and investors. By equipping the brightest minds with the best resources available, we provide an invaluable edge in real estate. We are expanding our enterprise Data Loss Prevention (DLP) program to accelerate impact. The program is live and producing results with Microsoft Purview, but we need more dedicated engineers. We are hiring a Lead DLP Engineer to design, scale, and operationalize Microsoft Purview-based protections across endpoints and Microsoft 365 workloads-partnering with Security Operations, Governance, Risk & Compliance (GRC), Legal/Privacy, and the business. As the Lead DLP Engineer, you will own the technical strategy, architecture, deployment, and ongoing operations of Microsoft Purview. You will build sustainable detection and prevention capabilities for data exfiltration and misuse, integrate DLP with enterprise workflows (incident response, exception management, change control), and provide clear metrics and executive reporting. This position can be located in Arlington, VA or Richmond, VA and is in office Monday through Thursday and work from home on Friday. Responsibilities * Own the enterprise DLP architecture and roadmap using Microsoft Purview across Exchange Online, SharePoint Online, OneDrive, Teams, Power BI, and Endpoint DLP on managed devices. * Design and implement data classification and labeling at scale (sensitivity labels, automatic/manual labeling, protection actions) aligned to the organization's data taxonomy. * Build, test, and tune DLP policies for high‑risk exfiltration vectors (email, cloud storage, chat, web uploads, endpoints: removable media, print, clipboard, Bluetooth, RDP, browser downloads). * Stand up and mature advanced classifiers and detections (Sensitive Information Types, Exact Data Match schemas, trainable classifiers) with continuous improvement cycles. * Integrate DLP with incident management and SOC workflows (alert triage, case management, evidence capture, automation) and with SIEM (e.g., Microsoft Sentinel) using KQL analytics. * Partner with Identity, Endpoint, and Collaboration teams to enforce device/user trust prerequisites, and with Compliance/Legal on retention, eDiscovery, and privacy-by-design. * Create enablement content: policy tips, just‑in‑time guidance, and training for end users and privileged administrators to reduce friction and false positives. * Establish exception and change management processes, including time‑bound exceptions with compensating controls and periodic recertification. * Publish dashboards and KPIs to leadership (coverage, alert volumes, true‑positive rates, MTTR, prevented exfiltration, policy drift). * Mentor junior engineers and act as the primary subject‑matter expert for Microsoft Purview DLP. Basic Qualifications * Bachelor's Degree required from an accredited, not for profit university or college. * A track record of commitment to prior employers * 8+ years in information security with 3-5+ years focused on enterprise DLP. * Hands‑on expertise deploying and operating Microsoft Purview Information Protection & DLP at 5k+ user scale, including Endpoint DLP and M365 workloads. * Practical experience with sensitivity labels, automatic and manual labeling, Sensitive Information Types, Exact Data Match (EDM), and trainable classifiers. * Proficiency with Kusto Query Language (KQL), PowerShell, and API/automation for policy management and reporting. * Experience integrating DLP with SIEM/SOAR, SOC runbooks, and incident/alert handling processes. * Strong stakeholder skills: partnering with Legal/Privacy, HR, Compliance, and business units; clear documentation and change management. * Working knowledge of data governance and regulatory drivers (e.g., SOX ITGC, PCI, HIPAA, GDPR/CCPA) as they relate to DLP and monitoring. Preferred Qualifications and Skills * Track record accelerating a Microsoft Purview rollout from pilot to enterprise adoption, with measurable risk reduction. * Experience with Defender for Cloud Apps integration, Defender XDR signal correlation, and Endpoint platform integrations (Intune, Windows, Mac). * Knowledge of Microsoft Information Protection (MIP) SDK, Power Automate, or Graph APIs to extend labeling and DLP workflows. * Certifications: SC‑400 (Microsoft Information Protection Administrator), SC‑200 (Security Operations Analyst), SC‑100 (Cybersecurity Architect), or IAPP (CIPM/CIPP). What's in it for You When you join CoStar Group, you'll experience a collaborative and innovative culture working alongside the best and brightest to empower our people and customers to succeed. We offer you generous compensation and performance-based incentives. CoStar Group also invests in your professional and academic growth with internal training, and tuition reimbursement. Our benefits package includes (but is not limited to): * Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug * Life, legal, and supplementary insurance * Virtual and in person mental health counseling services for individuals and family * Commuter and parking benefits * 401(K) retirement plan with matching contributions * Employee stock purchase plan * Paid time off * Tuition reimbursement * On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes * Access to CoStar Group's Diversity, Equity, & Inclusion Employee Resource Groups * Complimentary gourmet coffee, tea, hot chocolate, fresh fruit, and other healthy snacks We welcome all qualified candidates who are currently eligible to work full-time in the United States to apply. However, please note that CoStar Group is not able to provide visa sponsorship for this position. #LI-DB3 CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing

WHO WE ARE Apex Systems is a leading global technology services business that incorporates industry insights and experience to deliver solutions that fulfill our clients' digital visions. We provide a continuum of services, including strategy and enablement, innovation and productivity, and technology foundations to drive better results and bring more value to our clients. Apex transforms our customers with modern enterprise solutions tailored to the industries we serve. Apex has a presence in over 70 markets across North America, Europe, and India. Apex is a part of the Commercial Segment of ASGN Incorporated (NYSE: ASGN). To learn more, visit ******************** At Apex Systems, we prioritize professional development, work-life balance, and fostering a collaborative culture. We value our teams well-being and recognize the importance of building strong relationships. Thats why we organize regular team-building events and philanthropic days to give back to the community - fostering a sense of purpose and fulfillment among our team. Join us for career advancement, innovative solutions, and a supportive environment focused on your success. JOB DESCRIPTION The Security Engineer at Apex Systems is responsible for designing, implementing, and maintaining advanced cybersecurity solutions to protect the organization's information systems and infrastructure. This role ensures that security is embedded throughout the lifecycle of hardware and software from evaluation and selection to installation and configuration by collaborating closely with IT teams and internal/external stakeholders. * Researches, designs, and implements information security solutions for Apex Systems' information systems and products in compliance with the organization's applicable security policies and standards. * Works with IT and internal/external customers to ensure that security is factored in the evaluation, selection, installation and configuration process of hardware and software. * Analyzes and makes recommendations to improve network, system, and applications. * Assists in the review and update of cyber security policies, architectures, and standards. * Assists in responding to audits, penetration tests and vulnerability assessments. * Designs and implements secure infrastructure solutions, including network security, configuration management, storage security, and identity and access management (IAM) based on security policies to prevent unauthorized access. * Conducts regular security assessments to identify vulnerabilities and potential risks. * Keeps abreast of the latest security threats, vulnerabilities, and attack methods. * Evaluates and implements new security technologies to address emerging threats. JOB REQUIREMENTS * Bachelor's Degree in Computer Science, Information Security, Cybersecurity, or related field OR equivalent combination of education and experience * 5+ years of experience in cybersecurity, previous experience in a security engineering role highly desired * Certified information systems security professional (CISSP) * Technical expertise in one or more of the following: VPN, firewall, network monitoring, intrusion detection, web server security and wireless security, and cloud technologies. * Practical experience with implementing security controls such as database security, web content filtering, anomaly detection and response, and vulnerability scanning * Understands business needs and has a commitment to delivering high-quality, prompt, and efficient service to the business * Understands organizational mission, values, and goals and consistently applies this knowledge * Experience with cybersecurity tools and techniques to automate security tasks, streamline incident response, and enhance overall security posture * Experience with relevant security standards and regulations that apply, such as the ISO family of standards and HIPAA. They should be able to assess compliance requirements and implement necessary controls to ensure adherence to these standards. * Strong knowledge of security engineering discipline in more than one of the following domains: network security, cloud-native security, endpoint security, or application security. * Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one * Strong problem-solving and troubleshooting skills * Experience with cybersecurity tools such as vulnerability scanners, network firewalls, cloud-native security, and penetration testing frameworks OUR COMPREHENSIVE BENEFITS * Competitive Salary * Health, Dental and Vision Insurance * Health Savings Accounts (HSA) with Employer Contribution * Flexible Spending Accounts * Long and Short-Term Disability * Life Insurance * Voluntary Benefits * Employee Assistance Program * Paid Parental Leave * Wellness Incentives * Vacation and Holiday Pay * 401(k) Retirement Plan with Employer Match * Employee Stock Purchase * Training and Advancement opportunities * Tuition Reimbursement * Birthdays Off * Philanthropic Opportunities * Referral Program * Partial Gym Membership Paid * Team Building Events * Discount Programs Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact [email protected]. EEO Employer Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact [email protected].

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. **Responsibilities:** + **M&A Integration Execution:** Collaborate and engage with IAM Lead and other business partners on planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Design and Implement Sailpoint IIQ Solutions:** Configure and customize Sailpoint IIQ components (Lifecycel Manager, Compliance Manager etc). Also develop workflows, rules, and connectors for identity governance. + **Application integration with Sailpoint IIQ:** Integrate Sailpoint IIQ with enterprise applications, directories and cloud platforms in addition to developing and maintaining connectros for provisioning and de-provisioning. + **Sailpoint IIQ Development and Scripting:** Write and maintain BeanShell scripts, Java code and XML configurations, develop customer Sailpoint tasks and workflows. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications** + Experience with SailPoint IdentityIQ (IIQ) is a must + Experience with SailPoint IIQ Integrations (Workday, Active Directory/LDAP, Webservices, SCIM, JDBC, SAP) + Experience implementing Life Cycle Manager (LCM) Configuration workflow tasks that model business functions, including Lifecycle Requests (Role or Entitlement), Lifecycle Events (Joiner, Mover, or Leaver), and LCM Workflow Details (Workflows and Subprocesses) + Solid understanding of the SailPoint object model, rules, and policies + Experience with both lifecycle manager (LCM) and compliance manager (CM) modules + Knowledge of Active Directory, LDAP, Workday, and cloud platforms (GCP, MS Entra ID) is required + Proven track record of successful IAM implementations including large scale enterprise deployments. + Experience working within regulatory standards and requirements such as, SOX, HIPAA, GDPR etc. is desired. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

Your Future. Secured. ISC2 is a force for good. As the world's leading nonprofit member organization for cybersecurity professionals, our core values - Integrity, Advocacy, Commitment, Inclusion, and Excellence - drive everything we do in support of our vision of a safe and secure cyber world. Our globally recognized, award-winning portfolio of certifications provide an independent and globally recognized endorsement of cybersecurity knowledge, skills and experience for all career levels. Our charitable arm, the Center for Cyber Safety and Education, enables ISC2 and our members to serve the public by educating the most vulnerable about cyber risks and empowering access to enter and thrive in the cyber profession. Learn more at ISC2 online and connect with us on Twitter, Facebook and LinkedIn. When you join ISC2, you'll demonstrate your commitment to an inclusive and equitable environment. Your support of the unique perspectives and experiences shared by our global cybersecurity workforce and profession will be recognized. We invite you to take an active role in helping us create a true sense of belonging across our organization - an environment of authenticity, trust, empowerment and connectedness that empowers all of our successes. Learn more. **Position Summary** The Application Security Engineer will be an integral part of the security team and will work cross-functionally with several lines of business to ensure the secure delivery of products and applications. The Application Security Engineer will be expected to attend stand-ups and strategy sessions to identify areas of risk and offer consulting on best practices. The Application Security Engineer will act as a champion and will formalize the integration of application security into our current processes and tools. **Responsibilities** The Application Security Engineer will be expected to facilitate technical design reviews, perform code analysis, offer remediation recommendations, perform manual and dynamic security testing, and document and present all findings. The Application Security Engineer will work closely with the Development, Release, and QA teams to identify and coordinate security testing, validate, test, and vet both internally and externally developed applications. As an Application Security Engineer, you will act as a DevSecOps Engineer that will be responsible for secure application delivery as well as the underlying infrastructure. The Application Security Engineer must be comfortable with securing cloud-based products in environments such as AWS, Azure and Salesforce. Additionally, this position will provide security risk assessments, create threat models and assist the team with vulnerability testing. Additionally, this position manages the ISC2 responsible reporting program that supports the organization's secure application delivery objectives. In addition to the daily duties described, the individual will assist the security engineering team in the management of security technologies administered by the group (e.g., WAF, Firewall, IDS, and SEIM). This would be an "as needed" function, which is primarily to provide coverage for those duties when individuals on the security engineering team are out of the office for training or vacation. Additionally, the Application Security Engineer will be expected to participate in the Incident Response team and act as a Subject Matter Expert when dealing with the continuity of our operations and when responding with cyber incidents. + Conduct security assessments: Perform comprehensive security assessments of applications, including static code analysis, dynamic application testing, and penetration testing. Identify vulnerabilities, weaknesses, and potential attack vectors. + Secure code review: Review application source code to identify security flaws, such as insecure authentication mechanisms, input validation vulnerabilities, and potential injection attacks. Provide recommendations for remediation and best practices for secure coding. + Threat modeling: Collaborate with development teams to identify and assess potential threats and risks associated with the application. Use threat modeling techniques to prioritize security controls and countermeasures. + Develop and implement security controls: Design, develop, and implement security controls and countermeasures to protect applications against common security threats, such as cross-site scripting (XSS), cross-site request forgery (CSRF), and SQL injection. Implement secure coding practices and security guidelines. + Vulnerability management: Establish and maintain a vulnerability management program for applications. Track and prioritize vulnerabilities based on their severity and impact. Coordinate with development teams to ensure timely remediation of identified vulnerabilities. + Security testing automation: Develop and maintain automated security testing tools and scripts to streamline the application security testing process. Integrate security testing into the continuous integration and deployment (CI/CD) pipeline. + Security training and awareness: Conduct security training and awareness programs and determine skills training needs for development teams, promoting secure coding practices andawareness of common security vulnerabilities. Stay updated with the latest security trends, attack techniques, and best practices. + Incident response: Provide support during security incidents or breaches related to applications. Participate in incident response activities, including containment, investigation, and remediation. + Compliance and regulatory requirements: Ensure that applications adhere to relevant security compliance standards, industry regulations, and data privacy requirements (e.g., GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability)). Collaborate with compliance teams to address any compliance-related concerns. + Security documentation and reporting: Prepare and maintain security documentation, including security policies, procedures, and guidelines. Generate periodic reports on the security posture of applications and present findings to relevant stakeholders. Other responsibilities include: + Maintain and manage all pipelines from a security perspective. + Onboard new pipelines for security tooling. + Keep pipeline diagrams up to date with current security details. + Serve as the primary SME for the DAST scanner.This includes configuration, testing, vulnerability management, and remediation oversight. + Recommend continuous improvements for the SAST scanner. + Security code release approvals + Maintain and manage the WAF, including signatures, configuration, and threat intel feeds. + Serve as the SME and provide recommendations for ongoing improvements. + Establish baseline WAF signatures for XD Prod following the Silverline migration. + Baseline WAF signatures after code releases. + Serve as the primary point of contact for vetting bug reports and managing the informed disclosure process. + Assist with attestation data gathering. + Support and assist with threat modeling. + Act as the formal backup for the threat modeling and attestation processes. + Review and approve Security Assessment Review reports as needed. + Perform other duties as required. **Behavioral Competencies** + Ability to demonstrate and support the ISC2 Core Values: Integrity, Excellence, Inclusion, Advocacy and Commitment + Function as an architect, who can conduct architecture reviews of new systems and solutions. + Serve as a builder who can build and integrate application security in our SDLC. + Act as a collaborator, who likes to engage with the team and the industry. + Serve as a team player, who will jump in and assist in other security functions as needed. + Function as a leader, who will use your knowledge and to train and guide developers and engineers. + Demonstrate a passion for application security, creative and critical thinking, strong analysis skills, the ability to work in a fast-paced environment, and have familiarity with agile, continuous integration, and continuous deployment. + Experience in securing SaaS-delivered offerings in multiple cloud environments deployed with automation & orchestration. **Qualifications** + Ability to write some code, as needed, to conduct security-focused testing. + Application Experience with common testing tools such as Veracode, Fortify, Zap, Burp, and fiddler, among others. + Application Understanding of common vulnerabilities & remediation. + Application Knowledge and understanding of automation and scripting languages. + Design & code review skills. + A solid understanding of Microsoft platforms such as .NET, Windows, C#, Azure. + General Knowledge of cloud security, API (Application Programming Interface) security, and associated best practices. **Education and Work Experience** + Bachelor's degree in computer science, information systems, related engineering field. Will consider a high school diploma and 10+ years of relevant work experience, as well as current additional credentials (CCSP, GDSP, etc..) in lieu of a degree. + A CISSP and CSSLP are required for this position. + 8+ years of experience in Information Security. + 8+ years of experience with static and dynamic analysis for coding and vulnerability identification and remediation. + 5+ years of Secure Development experience. + Application Experience with implementing Secure Development Lifecycle in an agile environment. + First-hand experience with architectural reviews, application reviews, and penetration testing. + Application Experience with Continuous Integration processes, particularly with building security practices into the pipeline. **Physical and Mental Demands** + Ability to travel up to 10% of time. May also include overnight travel. + Work extended hours, when necessary. + Work in an office environment using dual monitor computer screens. + Sitting for extended periods. **Equal Employment Opportunity Statement** All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic as protected by applicable law. Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process. **Job Locations** _US-Remote_ **Posted Date** _2 weeks ago_ _(11/19/2025 1:29 PM)_ **_Job ID_** _2025-2253_ **_\# of Openings_** _1_ **_Category_** _Information Security_

VDOT is seeking an experienced Senior Security Operations Engineer with in-depth knowledge and hands on experience in the areas of security policy, intrusion detection/prevention systems, perimeter security Technology, and Information security. Job Overview: VDOT is seeking an experienced Senior Security Operations Engineer with in-depth knowledge and hands on experience in the areas of Information Systems security, security policy, intrusion detection/prevention systems, firewalls, anti-virus software, anti-malware, anti-phishing, authentication systems, log analysis and management, web content filtering; network protocols and security/authentication protocols at all layers of the OSI model with emphasis on TCP/IP, web security gateways, network access control, endpoint security, and perimeter security technologies. The Senior Security Operations Engineer contributes to the overall technology roadmap. Key Responsibilities:• Participates in the design, implementation and support of security infrastructure for the Department. • Identifies network and information security risks across the enterprise, design, engineer, implement security solutions to address the risks at an enterprise level.• Works closely with the IT Division and outside vendors to effectively design, plan, deploy, secure and update network projects in the environment.• Effective collaboration with the Office of Information Security OIS and other ITD groups is maintained.• Strategic Plan items pertinent to the Network Security Operations group are completed.• System policies and procedures are created, documented, and maintained.• Perform network scans and penetration testing. Monitors log analysis and management tools for threats. • Evaluate vulnerability scan results and notify business, application, and infrastructure teams of vulnerabilities in need of remediation. • Evaluate and participate in agency Azure cloud solution review of network, security, and general project involvement.• Ensure all daily functions that are required to maintain security applicable systems and applications are documented.• Work with the agency's ISO team and the IT Auditors to review security audit findings and vulnerability scans results. Identify recommended correction activities and course of action, once determined communicate with the various stakeholders.• Device configurations are based on best practices.• Relevant documentation is kept up to date.• Coordinating the handling and resolution of incidents related to security. Requirements Considerable knowledge and hands on experience in the areas of information systems security of security policy--Required 7 Years Considerable knowledge hands on experience with web security gateways, network access control, endpoint security, and perimeter security technologies--Required 7 Years Considerable knowledge and hands on experience with firewalls, anti-virus software, anti-malware, anti-phishing, authentication systems--Required 7 Years Considerable knowledge and hands on experience with intrusion detection/prevention systems, log analysis and management, web content filtering--Required 7 Years Considerable knowledge and experience with network protocols and security/authentication protocols at all layers of OSI model with emphasis on TCP/IP--Required 7 Years Demonstrated ability to identify security risks across the enterprise and perform the day-to-day operation--Required 7 Years Demonstrated ability to administer and protect the integrity, confidentiality, and availability of information assets and technology infrastructure--Required 7 Years Considerable knowledge and hands on experience detecting, responding, remediating security incidents--Required 7 Years Considerable knowledge and hands on experience remediating System Security Plans (SSP) and Risk Assessment (RA) in cybersecurity--Required 7 Years Solid experience with performing threat; vulnerability, risk assessment and coordinating the resolution of incidents related to security breaches--Required 7 Years Considerable knowledge and hands on experience with web related technologies and penetration testing tools--Required 7 Years CISSP--Highly desired

What part will you play? If you're looking for a place where you can make a meaningful difference, you've found it. The work we do at Markel gives people the confidence to move forward and seize opportunities, and you'll find your fit amongst our global community of optimists and problem-solvers. We're always pushing each other to go further because we believe that when we realize our potential, we can help others reach theirs. Join us and play your part in something special! Looking for a role that will have a meaningful impact on Security Engineering? We are looking for an individual to reduce enterprise risk through the secure design, implementation and administration of cybersecurity tools and helping to enhance department strategies to protect our customers, data, and associates. What part will you play? If you're looking for a place where you can make a meaningful difference, you've found it. The work we do at Markel gives people the confidence to move forward and seize opportunities, and you'll find your fit amongst our global community of optimists and problem-solvers. We're always pushing each other to go further because we believe that when we realize our potential, we can help others reach theirs. Join us and play your part in something special! The opportunity: We are seeking a Security Engineer to join our dynamic team, where you'll play a pivotal role in fortifying our company's internal network against unauthorized access and cyber threats. As a Security Engineer, you'll be at the forefront of our cybersecurity efforts, designing and implementing cutting-edge security strategies. You will have the chance to collaborate with a team of skilled security specialists to devise and execute robust architecture solutions that protect our digital assets. Your expertise will not only help mitigate potential damages during current attacks but also proactively identify and resolve hardware or software vulnerabilities before they become threats. In this role, you'll leverage your deep understanding of various hardware and software technologies, along with the Enterprise Security Framework, to drive innovative design solutions and provide strategic recommendations. Your insights and contributions will be crucial in shaping the security posture of our organization, ensuring that we stay ahead of evolving cyber risks. What you'll be doing: Architect & Implement: Design and deploy cloud security architectures meeting business, security, and compliance needs. Configuration Management: Secure cloud-based tools and mobile technology, ensuring safe access solutions. Security Environments: Create and maintain testing environments for security solutions. Risk Mitigation: Innovate security measures across on-premise and cloud environments. Network Security Oversight: Manage cloud network security, including firewall approvals. Automation & Scripting: Develop automation scripts for security needs. Incident Response: Lead and strategize responses to cyber threats. Secure Access Solutions: Implement secure authentication, authorization, and encryption strategies. Cyber Threat Awareness: Stay updated on security trends and threats. Change Management: Oversee security aspects of cloud changes and software deployments. Policy Documentation: Document and enforce security policies and procedures. Skill Development: Update and share technical knowledge on data protection. Metrics & Reporting: Generate Cloud Security status metrics. Mentorship & Leadership: Guide and mentor junior team members. Operational Support: Maintain security tools and systems. Compliance: Ensure compliance with regulations (NY State, PCI, GDPR, NIST). Project Support: Evaluate and implement new security technologies. Technical Resource: Serve as an expert for other departments. Communication: Convey security issues and solutions clearly. Additional Duties: Participate in incident response, change management, and system maintenance. Our must-haves: 3+ years related work experience & industry certification in cyber security. Bachelor's degree in Computer Science or Engineering with a focus on Cyber Security, Digital Forensics or related work experience/certification. Security+ or similar industry approved certifications. Other certifications that are a plus: ITIL, preferred Certified Cloud Security Professional - ISC2 .org (CCSP) Certified Information Systems Security Professional (CISSP) Certificate of Cloud Security Knowledge - CSA (CCSK) Information Systems Security Engineering Professional (ISSEP) Microsoft Certified: Azure Fundamentals (MCAF) Microsoft Certified Azure Administrator Associate (MCAAA) Microsoft Certified: Azure Security Engineer Associate (MCASEA) #LI-Hybrid #DEIB US Work Authorization US Work Authorization required. Markel does not provide visa sponsorship for this position, now or in the future. Pay information: Who we are: Markel Group (NYSE - MKL) a fortune 500 company with over 60 offices in 20+ countries, is a holding company for insurance, reinsurance, specialist advisory and investment operations around the world. We're all about people | We win together | We strive for better We enjoy the everyday | We think further What's in it for you: In keeping with the values of the Markel Style, we strive to support our employees in living their lives to the fullest at home and at work. We offer competitive benefit programs that help meet our diverse and changing environment as well as support our employees' needs at all stages of life. All full-time employees have the option to select from multiple health, dental and vision insurance plan options and optional life, disability, and AD&D insurance. We also offer a 401(k) with employer match contributions, an Employee Stock Purchase Plan, PTO, corporate holidays and floating holidays, parental leave. Are you ready to play your part? Choose ‘Apply Now' to fill out our short application, so that we can find out more about you. Caution: Employment scams Markel is aware of employment-related scams where scammers will impersonate recruiters by sending fake job offers to those actively seeking employment in order to steal personal information. Frequently, the scammer will reach out to individuals who have posted their resume online. These "job offers" include convincing offer letters and frequently ask for confidential personal information. Therefore, for your safety, please note that: All legitimate job postings with Markel will be posted on Markel Careers. No other URL should be trusted for job postings. All legitimate communications with Markel recruiters will come from Markel.com email addresses. We would also ask that you please report any job employment scams related to Markel to ***********************. Markel is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of any protected characteristic. This includes race; color; sex; religion; creed; national origin or place of birth; ancestry; age; disability; affectional or sexual orientation; gender expression or identity; genetic information, sickle cell trait, or atypical hereditary cellular or blood trait; refusal to submit to genetic tests or make genetic test results available; medical condition; citizenship status; pregnancy, childbirth, or related medical conditions; marital status, civil union status, domestic partnership status, familial status, or family responsibilities; military or veteran status, including unfavorable discharge from military service; personal appearance, height, or weight; matriculation or political affiliation; expunged juvenile records; arrest and court records where prohibited by applicable law; status as a victim of domestic or sexual violence; public assistance status; order of protection status; status as a smoker or nonsmoker; membership or activity in local commissions; the use or nonuse of lawful products off employer premises during non-work hours; declining to attend meetings or participate in communications about religious or political matters; or any other classification protected by applicable law. Should you require any accommodation through the application process, please send an e-mail to the ***********************. No agencies please.

Number of positions: 1 Length: 12Months + Work Address: Richmond, VA 23219 Immediate interviews Web Cam Interview Elect - Cybersecurity Engineer Is Remote. Seeking an Azure Senior Security Engineer (Cybersecurity Engineer 3) with minimum 5 years experience to work with an existing software development team. You will be working with our more established contractors and staff to focus on several web and Windows applications used both by internal staff and constituents of the Commonwealth of Virginia. The candidate will need expertise in all aspects of IT security and cloud security and experience working in an Agile/Scrum development environment interacting with technical and non-technical stakeholders. Candidate will need to have extensive knowledge of cybersecurity practices, industry security standards, and regulatory standards. A bachelors degree and/or applicable recognized industry certifications are strongly desired and will help you stand out in this position. using mobile and responsive design practices, so a familiarity with these methodologies would be a plus. Required/Desired Skills Candidates must have ALL the Required skills in order to be considered for the position. Desired or Highly Desired skills are a PLUS but may NOT be required. Skill Matrix (Please fill the last two columns of this matrix) Experience with Business workflow processes Required / Desired Amount of Experience Years of Experience Last Used 5+ years in IT security or cloud security roles required. Required 5 Years 3+ years of hands-on experience securing Azure environments Required 3 Years Bachelors degree in Computer Science, Cybersecurity, or related field or equivalent work experience required. Required 5 Years Relevant certifications (MS Certified Cybersecurity Architect Expert, Azure Security Engineer Associate (SC-300), CompTIA Security+, CISSP, CISM Highly desired 5 Years Experience with Azure Security Services (Azure Defender, MS Sentinel, Azure Key Vault, Azure Policy and Blueprints, Azure Security Center) required. Required 5 Years Experience with Azure Active Directory (AAD), including conditional access, MFA, and identity protection required. Required 5 Years Extensive knowledge of PIM and RBAC required Required 5 Years Experience with NSGs, ASGs, VPN, ExpressRoute, and hybrid connectivity security required Required 5 Years Ability to implement and moitor compliance with regulatory standards such as NIST, ISO 27001, GDPR, etc. is required Required 5 Years Extensive knowledge of threat modeling and vulnerability management, SIEM/SOAR tuning and response workflows, and security alert triage and forensics Required 5 Years Ability to perform scripting and automation using PowerShell, Bicep, ARM templates, or Terraform Required 5 Years Ability to perform perform integration with CI/CD pipelines for secure deployments (GitHub Actions, Azure DevOps) Required 5 Years Ability to create and deliver security architecture reports and documentation Required 5 Years Experience in risk assessment and mitigation strategies Required 5 Years

Trustmark's mission is to improve wellbeing - for everyone. It is a mission grounded in a belief in equality and born from our caring culture. It is a culture we can only realize by building trust. Trust established by ensuring associates feel respected, valued and heard. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture of diversity and inclusion where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. At Trustmark, we have a commitment to welcoming people, no matter their background, identity or experience, to a workplace where they feel safe being their whole, authentic selves. A workplace made up of diverse, empowered individuals that allows ideas to thrive and enables us to bring the best to our colleagues, clients and communities. We are seeking a highly skilled Cyber Security Engineer to join our team and play a pivotal role in safeguarding our organization's digital assets. The ideal candidate will possess a deep understanding of cybersecurity principles, a strong technical background, and a passion for protecting sensitive information. You will be responsible for engineering, implementing and monitoring security measures for the protection of Trustmark's computer systems, networks and information. The role helps identify and define system security requirements as well as develop detailed cyber security designs. **Responsibilities:** + Design, implement, and maintain security architectures, systems, and solutions to protect critical infrastructure and data. + Conduct vulnerability assessments and penetration testing to identify and mitigate risks. + Develop and implement security policies, standards, and procedures. + Monitor security systems and respond to incidents promptly and effectively. + Stay up-to-date with the latest cybersecurity threats and trends. + Collaborate with cross-functional teams to ensure security is integrated into all aspects of the business. + Provide technical guidance and support to internal stakeholders. **Qualifications:** + Bachelor's degree in Computer Science, Information Technology, or a related field or + 3-5 Years of network engineering or cyber engineering experience + Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001). + Proficiency in network security, systems security, application security, and data security. + Hands-on experience with security tools and technologies (e.g., firewalls, intrusion detection systems, encryption, SIEM). + Excellent problem-solving and analytical skills. + Strong communication and interpersonal skills. + Ability to work independently and as part of a team. **Preferred Qualifications:** + Certifications such as CISSP, CISA, or CEH. + Experience with cloud security (e.g., AWS, Azure, GCP). + Knowledge of scripting and programming languages (e.g., Python, PowerShell). Brand: Trustmark Come join a team at Trustmark that will not only utilize your current skills but will enhance them as well. Trustmark benefits include health/dental/vision, life insurance, FSA and HSA, 401(k) plan, Employee Assistant Program, Back-up Care for Children, Adults and Elders and many health and wellness initiatives. We also offer a Wellness program that enables employees to participate in health initiatives to reduce their insurance premiums. **For the fourth consecutive year we were selected as a Top Workplace by the Chicago Tribune.** The award is based exclusively on Trustmark associate responses to an anonymous survey. The survey measured 15 key drivers of engaged cultures that are critical to the success of an organization. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, sexual identity, age, veteran or disability. Join a passionate and purpose-driven team of colleagues who contribute to Trustmark's mission of helping people increase wellbeing through better health and greater financial security. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. Introduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match. When you join Trustmark, you become part of an organization that makes a positive difference in people's lives. You will play a vital role in delivering on our mission of helping people increase wellbeing through better health and greater financial security. Our customers tell us they simply appreciate the personal attention and knowledgeable service. Others tell us we've changed their lives. At Trustmark, you'll be part of a close-knit team. You'll enjoy abundant opportunities to grow your career. That's why so many of our associates stay at Trustmark and thrive. Trustmark benefits from more than 100 years of experience but pairs that rich history with a palpable sense of optimism, growth and excitement for what's ahead - and beyond. This is a place where associates bring their whole selves to work each day. A place where you can be yourself. Whatever your beyond is, you can achieve it at Trustmark.

Meta Security is looking for a threat intelligence investigator with extensive experience in investigating cyber threats with an intelligence-driven approach. You will be proactively responding to a broad set of security threats, as well as tracking actor groups with an interest or capability to target Meta and its employees. You will also be identifying the gaps in current detections and preventions by long-term intelligence tracking and research, and working with cross-functional stakeholders to improve Meta's security posture. You will help the team establish, lead and execute multi-year roadmaps that improve research efficiency and quality across the team, and drive improvements to stakeholder management across a broad range of intelligence requirements. **Required Skills:** Detection & Response Security Engineer, Threat Intelligence Responsibilities: 1. Influence and align the team's vision and strategy. Collaboratively prioritize and deliver specific multi-year roadmaps and projects 2. Build, cultivate, and maintain impactful relationships with intelligence stakeholders to identify and facilitate solutions to increase the impact of the team's work 3. Refine operational metrics, key performance indicators, and service level objectives to measure Intelligence research and services 4. Lead cross-functional projects to improve the security posture of Meta's infrastructure, such as red team operations, surface detection coverage expansion and vulnerability management discussions 5. Track threat clusters posing threats to Meta's infrastructure and employees, and identify, develop and implement countermeasures on our corporate network 6. Investigate, mitigate, and forecast emerging technical trends and communicate effectively with actionable suggestions to different types of audiences 7. Work closely with incident responders to provide useful and timely intelligence to enrich ongoing investigations 8. Improve the tooling of threat cluster tracking and intelligence data integration to existing systems **Minimum Qualifications:** Minimum Qualifications: 9. 8+ years threat intelligence experience 10. B.S. or M.S. in Computer Science or related field, or equivalent experience 11. Be a technical and process subject matter expert regarding Security Operations and Threat Intelligence services 12. Experience developing and delivering information on threats, incidents and program status for leadership 13. Expertise with campaign tracking techniques and converting tracking results to long term countermeasures 14. Expertise with threat modeling frameworks, such as Diamond Model or/and MITRE ATT&CK framework 15. Experience intelligence-driven hunting to spot suspicious activities in the network and identify potential risks 16. Proven track record of managing and executing on short term and long term projects 17. Ability to work with a team spanning multiple locations/time zones 18. Ability to prioritize and execute tasks with minimal direction or oversight 19. Ability to think critically and qualify assessments with solid communications skills 20. Coding or scripting experience in one or more scripting languages such as Python or PHP **Preferred Qualifications:** Preferred Qualifications: 21. Experience recruiting, building, and leading technical teams, including performance management 22. Experience close collaborating with incident responders on incident investigations 23. Experience in threat hunting including leveraging intelligence data to proactively identify and iteratively investigates suspicious behavior across networks and systems 24. Familiarity with malware analysis or network traffic analysis 25. Familiarity with nation-state, sophisticated criminal, or supply chain threats 26. Familiarity with file-based or network-based rules and signatures for detection and tracking of complex threats, such as YARA or Snort 27. Experience in one or more query languages such as SQL 28. Experience authoring production code for threat intelligence tooling 29. Experience conducting large scale data analysis 30. Experience working across the broader security community **Public Compensation:** $177,000/year to $251,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

CoStar Group (NASDAQ: CSGP) is a leading global provider of commercial and residential real estate information, analytics, and online marketplaces. Included in the S&P 500 Index and the NASDAQ 100, CoStar Group is on a mission to digitize the world's real estate, empowering all people to discover properties, insights and connections that improve their businesses and lives. We have been living and breathing the world of real estate information and online marketplaces for over 35 years, giving us the perspective to create truly unique and valuable offerings to our customers. We've continually refined, transformed and perfected our approach to our business, creating a language that has become standard in our industry, for our customers, and even our competitors. We continue that effort today and are always working to improve and drive innovation. This is how we deliver for our customers, our employees, and investors. By equipping the brightest minds with the best resources available, we provide an invaluable edge in real estate. In this role, you'll communicate and reinforce security concepts to technical and non-technical audiences within the CoStar Enterprise. The ideal candidate will have experience implementing, using and updating standard security software in the areas of vulnerability scanning/management, leading remediation efforts, end-node security, security tool integration and orchestration for incident response. As the security section grows, so will the tools and the Lead Security Engineer will be the person charged with implementing them. The successful candidate will be a self-starter motivated to learn new technologies and tools and assist in moving security forward as it is implemented within the CoStar Enterprise. This position can be located in Arlington or Richmond, VA and is in office Monday through Thursday and work from home on Friday. Responsibilities * Incident handling - serve as the incident response coordinator to oversee all incident response activities and ensure timely and successful resolution of incidents across various business verticals * Develop, mature and lead incident response functions and reporting of findings * Lead technical security assessments (network, application, database) for existing and newly acquired businesses or services and collaborate with other teams to adjust security configurations and architecture * Facilitate quarterly incident response tabletop exercises and updating of the Incident Response Plan * Team expert on Mitre Att&ck, tools, techniques, and practices of cyber attackers which you use to drive the overall strategy of the incident response team. * Ability to define and develop platform automations to increase efficiency in responding to observed threats. * Familiarity and comfort with at least one scripting language and basic understanding of CI/CD practices. * Coordinate, performance and derive work from the security review and monitoring of the production environment setup permissions of users, open ports/services and overall network setup * Ability to examine network, server, and application logs with forensic depth to determine trends and identify security incidents, and train and mentor others to deepen their skills * Use security tools to audit infrastructure, detect issues and coordinate remediation of any issues * Develop and mature threat hunting practices in the CoStar enterprise * Collaborate with other teams to remediate discovered deficiencies, and develop and improve network and endpoint security configuration procedures * Participate in 24x7 on-call rotation Basic Qualifications * Bachelor's Degree required from an accredited, not for profit university or college. * A track record of commitment to prior employers * One or more security certification such as SANS/GIAC, CISSP, CISM, GIAC Certified Incident Handler (GCIH), Certified Expert Incident Handler (CEIH) or equivalent * 10+ years in Information Security * Scripting/programming skills (Perl, Python, PowerShell) * Experience with Windows Server 2012/2016 /2019 and Active Directory Preferred Qualifications and Skills * Excellent oral and written communication skills to work effectively with others regardless of departmental or geographic boundaries * Ability to work on a cultural diverse team that spans international time zones and foster an environment of inclusions and participation with all team members * Experience with Microsoft Security tooling (Defender, Sentinel, EOP etc.) a plus * Ability to produce detailed technical documentation * Proficiency with PC software applications, E-Mail, and job associated applications/systems to expediently process work * Requires good organization skills to produce quality work, within required specifications, and within scheduled timelines * Excellent customer service skills What's in it for You When you join CoStar Group, you'll experience a collaborative and innovative culture working alongside the best and brightest to empower our people and customers to succeed. We offer you generous compensation and performance-based incentives. CoStar Group also invests in your professional and academic growth with internal training, and tuition reimbursement. Our benefits package includes (but is not limited to): * Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug * Life, legal, and supplementary insurance * Virtual and in person mental health counseling services for individuals and family * Commuter and parking benefits * 401(K) retirement plan with matching contributions * Employee stock purchase plan * Paid time off * Tuition reimbursement * On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes * Access to CoStar Group's Diversity, Equity, & Inclusion Employee Resource Groups * Complimentary gourmet coffee, tea, hot chocolate, fresh fruit, and other healthy snacks We welcome all qualified candidates who are currently eligible to work full-time in the United States to apply. However, please note that CoStar Group is not able to provide visa sponsorship for this position. #LI-AR CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. We are seeking a highly skilled and experienced Identity and Access Management (IAM) Engineer to join our team. In this pivotal role, you will be instrumental in designing, implementing, and managing IAM solutions that secure our enterprise applications and facilitate the secure, efficient, and seamless integration of identity and access systems in context of our rapid growth through Mergers and Acquisitions. You will ensure robust access controls, streamline user experiences, and maintain operational continuity across our diverse IT landscape. The ideal candidate will have deep technical expertise in modern IAM principles, protocols and products along with strong management and communication skills. **Responsibilities:** + **Application Integration Leadership:** Lead the integration of various enterprise applications (SaaS, on-premise, custom-built) with our core IAM infrastructure, ensuring secure authentication, authorization, and user provisioning/de-provisioning. + **M&A Integration Strategy & Execution:** Lead the planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Solution Design & Implementation:** Design, implement, and maintain IAM solutions including Single Sign-On (SSO), Multi-Factor Authentication (MFA), Privileged Access Management (PAM), and Role-Based Access Control (RBAC) frameworks. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications:** + **Education:** Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent practical experience. + **Experience:** 5+ years of progressive experience as an IAM Engineer, designing and implementing enterprise scale solutions with significant experience in supporting M&A integration projects preferred. + **Technical Expertise:** + Proficiency in directory services (e.g., Active Directory, Azure AD, LDAP). + Extensive knowledge and experience with authentication standards and technologies such as SSO (SAML, OAuth, OpenID Connect), MFA, and privileged access management (PAM). + Hands-on experience with leading IAM platforms (e.g., Okta, Microsoft Azure AD, CyberArk, ForgeRock, Ping Identity, SailPoint). + Experience with scripting languages (e.g., PowerShell, Python) for automation and integration. + Strong understanding of security principles, risk management, and access control models (e.g., RBAC). + Understanding of DevOps practices. + Familiarity with Zero Trust architecture principles. + Familiarity with AI/ML concepts and their practical application in security and risk management, especially in IAM context. + **M&A Specific Skills:** Proven track record of managing complex integration projects, including assessing existing IAM capabilities, workflow, systems, and processes of acquired entities. Ability to navigate the complexities of integrating diverse identity infrastructures. + Strong communication and interpersonal skills to collaborate effectively with various teams and stakeholders. + Detail-oriented mindset to ensure precise access control configurations and compliance. + Excellent problem-solving and analytical abilities to troubleshoot access issues and design solutions for unique business requirements + Must be a self-starter who takes full ownership of projects from inception to completion , holding oneself accountable for the security and operation integrity of IAM platform. + Ability to manage multiple priorities and meet tight deadlines in a fast-paced M&A environment. + Adaptability to stay ahead of evolving IAM technologies and security threats. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

Ready to be pushed beyond what you think you're capable of? At Coinbase, our mission is to increase economic freedom in the world. It's a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform - and with it, the future global financial system. To achieve our mission, we're seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company's hardest problems. Our ******************************** is intense and isn't for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there's no better place to be. While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported. The Application Security organization at Coinbase is seeking to hire an experienced Offensive Security Engineer specializing in Web3 penetration testing and Web3 bug bounty program management and optimization. In this role, you will collaborate with the Bug Bounty Program Lead to drive Web3 bug bounty triage, validation, and strategic initiatives aimed at increasing program efficiency, maturity, and hacker engagement. You will work closely with whitehat hackers, security engineers, and cross-functional teams to enhance Coinbase's security posture through an effective bug bounty program. Additionally, you will perform penetration tests on Web3 technologies and applications, ensuring the security of Coinbase's blockchain-based products and services. *What you'll be doing (ie. job duties):* * Conduct security assessments of Web3 products and services, including smart contracts, DeFi protocols, and blockchain infrastructure. * Collaborate with partner teams to enhance detection and response capabilities for Web3 vulnerabilities. * Stay informed on emerging security trends, advisories, and academic research in the Web3 space. * Lead Web3 bug bounty triage and validation, ensuring timely and accurate assessments of reported vulnerabilities. * Develop and implement strategies to incentivize high-quality bug bounty submissions and engage with the hacker community. * Manage the Web3 bug bounty program, including scope updates, researcher communication, and payout disbursements. * Analyze bug bounty data to identify trends, common vulnerabilities, and areas for improvement. * Collaborate with engineering teams to prioritize and remediate vulnerabilities identified through the bug bounty program. * Mentor and train junior security engineers in Web3 bug bounty triage and analysis. * Provide on-call support for critical Web3 bug bounty-related incidents. * Document and report on Web3 bug bounty metrics and program effectiveness. *What we look for in you (ie. job requirements):* * Bachelor's or Master's degree in Computer Science, Cybersecurity, Software Engineering, or a related field. * 3+ years of experience in Web3 application security and penetration testing. * Proven track record of identifying critical vulnerabilities across the blockchain protocol stack, Web2, and Web3 components. * Extensive knowledge of the blockchain ecosystem, including L1/L2 networks, DeFi protocols, and staking mechanisms. * Deep understanding of Web2 security concepts and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25). * Strong analytical skills to identify trends and patterns in vulnerabilities. * Excellent communication skills for engaging with internal teams. * Passion for security and a drive to improve Web3 security posture. * Ability to work independently and take ownership of penetration testing initiatives. * Energy and self-drive for continuous learning in the rapidly evolving crypto space. * Excellence in clear, direct, and kind communication with technical and non-technical stakeholders. * Experience building relationships with product, engineering, and security teams. *Nice to haves:* * Participation in CTFs, bug bounty programs, or open-source security research. * Expertise in Application Security, Network Security, or Cloud Security. * Relevant security certifications (e.g., OSCP, GPEN). * Experience developing and implementing security tooling to support bug bounty triage and analysis. * Experience with bug bounty programs and platforms, including triage, validation, and researcher communication. * Strong analytical skills to identify trends and patterns in bug bounty submissions. * Excellent communication skills to effectively engage with bug bounty researchers. Position ID: P69494 \#LI-remote *Pay Transparency Notice:* Depending on your work location, the target annual salary for this position can range as detailed below. Full time offers from Coinbase also include bonus eligibility + equity eligibility**+ benefits (including medical, dental, vision and 401(k)). Pay Range: $152,405-$179,300 USD Please be advised that each candidate may submit a maximum of four applications within any 30-day period. We encourage you to carefully evaluate how your skills and interests align with Coinbase's roles before applying. Commitment to Equal Opportunity Coinbase is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the *********************************************** in certain locations, as required by law. Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations*********************************** *Global Data Privacy Notice for Job Candidates and Applicants* Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available ********************************************************** By submitting your application, you are agreeing to our use and processing of your data as required. *AI Disclosure* For select roles, Coinbase is piloting an AI tool based on machine learning technologies to conduct initial screening interviews to qualified applicants. The tool simulates realistic interview scenarios and engages in dynamic conversation. A human recruiter will review your interview responses, provided in the form of a voice recording and/or transcript, to assess them against the qualifications and characteristics outlined in the job description. For select roles, Coinbase is also piloting an AI interview intelligence platform to transcribe and summarize interview notes, allowing our interviewers to fully focus on you as the candidate. *The above pilots are for testing purposes and Coinbase will not use AI to make decisions impacting employment*. To request a reasonable accommodation due to disability, please contact accommodations[at]coinbase.com

What part will you play? If you're looking for a place where you can make a meaningful difference, you've found it. The work we do at Markel gives people the confidence to move forward and seize opportunities, and you'll find your fit amongst our global community of optimists and problem-solvers. We're always pushing each other to go further because we believe that when we realize our potential, we can help others reach theirs. Join us and play your part in something special! Looking for a role that will have a meaningful impact on Security Engineering? We are looking for an individual to reduce enterprise risk through the secure design, implementation and administration of cybersecurity tools and helping to enhance department strategies to protect our customers, data, and associates. What part will you play? If you're looking for a place where you can make a meaningful difference, you've found it. The work we do at Markel gives people the confidence to move forward and seize opportunities, and you'll find your fit amongst our global community of optimists and problem-solvers. We're always pushing each other to go further because we believe that when we realize our potential, we can help others reach theirs. Join us and play your part in something special! The opportunity: We are seeking a Security Engineer to join our dynamic team, where you'll play a pivotal role in fortifying our company's internal network against unauthorized access and cyber threats. As a Security Engineer, you'll be at the forefront of our cybersecurity efforts, designing and implementing cutting-edge security strategies. You will have the chance to collaborate with a team of skilled security specialists to devise and execute robust architecture solutions that protect our digital assets. Your expertise will not only help mitigate potential damages during current attacks but also proactively identify and resolve hardware or software vulnerabilities before they become threats. In this role, you'll leverage your deep understanding of various hardware and software technologies, along with the Enterprise Security Framework, to drive innovative design solutions and provide strategic recommendations. Your insights and contributions will be crucial in shaping the security posture of our organization, ensuring that we stay ahead of evolving cyber risks. What you'll be doing: * Architect & Implement: Design and deploy cloud security architectures meeting business, security, and compliance needs. * Configuration Management: Secure cloud-based tools and mobile technology, ensuring safe access solutions. * Security Environments: Create and maintain testing environments for security solutions. * Risk Mitigation: Innovate security measures across on-premise and cloud environments. * Network Security Oversight: Manage cloud network security, including firewall approvals. * Automation & Scripting: Develop automation scripts for security needs. * Incident Response: Lead and strategize responses to cyber threats. * Secure Access Solutions: Implement secure authentication, authorization, and encryption strategies. * Cyber Threat Awareness: Stay updated on security trends and threats. * Change Management: Oversee security aspects of cloud changes and software deployments. * Policy Documentation: Document and enforce security policies and procedures. * Skill Development: Update and share technical knowledge on data protection. * Metrics & Reporting: Generate Cloud Security status metrics. * Mentorship & Leadership: Guide and mentor junior team members. * Operational Support: Maintain security tools and systems. * Compliance: Ensure compliance with regulations (NY State, PCI, GDPR, NIST). * Project Support: Evaluate and implement new security technologies. * Technical Resource: Serve as an expert for other departments. * Communication: Convey security issues and solutions clearly. * Additional Duties: Participate in incident response, change management, and system maintenance. Our must-haves: * 3+ years related work experience & industry certification in cyber security. * Bachelor's degree in Computer Science or Engineering with a focus on Cyber Security, Digital Forensics or related work experience/certification. * Security+ or similar industry approved certifications. Other certifications that are a plus: * ITIL, preferred * Certified Cloud Security Professional - ISC2 .org (CCSP) * Certified Information Systems Security Professional (CISSP) * Certificate of Cloud Security Knowledge - CSA (CCSK) * Information Systems Security Engineering Professional (ISSEP) * Microsoft Certified: Azure Fundamentals (MCAF) * Microsoft Certified Azure Administrator Associate (MCAAA) * Microsoft Certified: Azure Security Engineer Associate (MCASEA) #LI-Hybrid #DEIB US Work Authorization US Work Authorization required. Markel does not provide visa sponsorship for this position, now or in the future. Pay information: Who we are: Markel Group (NYSE - MKL) a fortune 500 company with over 60 offices in 20+ countries, is a holding company for insurance, reinsurance, specialist advisory and investment operations around the world. We're all about people | We win together | We strive for better We enjoy the everyday | We think further What's in it for you: In keeping with the values of the Markel Style, we strive to support our employees in living their lives to the fullest at home and at work. * We offer competitive benefit programs that help meet our diverse and changing environment as well as support our employees' needs at all stages of life. * All full-time employees have the option to select from multiple health, dental and vision insurance plan options and optional life, disability, and AD&D insurance. * We also offer a 401(k) with employer match contributions, an Employee Stock Purchase Plan, PTO, corporate holidays and floating holidays, parental leave. Are you ready to play your part? Choose 'Apply Now' to fill out our short application, so that we can find out more about you. Caution: Employment scams Markel is aware of employment-related scams where scammers will impersonate recruiters by sending fake job offers to those actively seeking employment in order to steal personal information. Frequently, the scammer will reach out to individuals who have posted their resume online. These "job offers" include convincing offer letters and frequently ask for confidential personal information. Therefore, for your safety, please note that: * All legitimate job postings with Markel will be posted on Markel Careers. No other URL should be trusted for job postings. * All legitimate communications with Markel recruiters will come from Markel.com email addresses. We would also ask that you please report any job employment scams related to Markel to ***********************. Markel is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of any protected characteristic. This includes race; color; sex; religion; creed; national origin or place of birth; ancestry; age; disability; affectional or sexual orientation; gender expression or identity; genetic information, sickle cell trait, or atypical hereditary cellular or blood trait; refusal to submit to genetic tests or make genetic test results available; medical condition; citizenship status; pregnancy, childbirth, or related medical conditions; marital status, civil union status, domestic partnership status, familial status, or family responsibilities; military or veteran status, including unfavorable discharge from military service; personal appearance, height, or weight; matriculation or political affiliation; expunged juvenile records; arrest and court records where prohibited by applicable law; status as a victim of domestic or sexual violence; public assistance status; order of protection status; status as a smoker or nonsmoker; membership or activity in local commissions; the use or nonuse of lawful products off employer premises during non-work hours; declining to attend meetings or participate in communications about religious or political matters; or any other classification protected by applicable law. Should you require any accommodation through the application process, please send an e-mail to the ***********************. No agencies please.

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. Lead IAM work for new customer onboardings and migrations. Collaborate with CAH Account Management, Application Teams, and Customers to design, implement, and test federated SSO solution based on customer login requirements. Provide technical guidance and act as primary point of contact for business partners and customer related to IAM work for onboarding. Additional responsibilities include supporting application integrations and enhancing SSO self service application onboarding. **Responsibilities:** + **Customer Onboarding IAM Efforts - Strategy & Execution :** Lead the planning, design, and execution for Customer Onboarding via federated SSO, ensuring alignment with overall business and security objectives. This includes assessing multiple Cardinal Health e-commerce applications, understanding login requirements for new/existing customers, designing, testing and implementing solutions etc to ensure top notch user login experience and enhancing Cardinal Health's security posture. + **Collaboration & Communication:** Coordinate cross-functional teams, including Customer Business and IT teams, Cardinal Health's Account Management/Sales and Application teams, Information Security and others to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical internal and external stakeholders. + **Application Integration Leadership:** Lead the integration of various enterprise applications (SaaS, on-premise, custom-built) with our core IAM infrastructure, ensuring secure authentication, authorization, and user provisioning/de-provisioning. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Solution Design & Implementation:** Design, implement, and maintain IAM solutions including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Role-Based Access Control (RBAC) frameworks. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications:** + **Education:** Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent practical experience. + **Experience:** 5+ years of progressive experience as an IAM Engineer, designing and implementing enterprise scale solutions with significant experience in supporting M&A integration projects preferred. + **Technical Expertise:** + Extensive knowledge and experience with authentication standards and technologies such as SSO (SAML, OAuth, OpenID Connect), MFA + Proficiency in directory services (e.g., Active Directory, Azure AD, LDAP). + Hands-on experience with leading IAM platforms (e.g., Okta, Microsoft Azure AD, CyberArk, ForgeRock, Ping Identity, SailPoint). + Strong understanding of security principles, risk management, and access control models (e.g., RBAC). + Familiarity with Zero Trust architecture principles. + Familiarity with AI/ML concepts and their practical application in security and risk management, especially in IAM context. + Strong communication and interpersonal skills to collaborate effectively with various teams and stakeholders. + Detail-oriented mindset to ensure precise access control configurations and compliance. + Excellent problem-solving and analytical abilities to troubleshoot access issues and design solutions for unique business requirements + Must be a self-starter who takes full ownership of projects from inception to completion , holding oneself accountable for the security and operation integrity of IAM platform. + Ability to manage multiple priorities and meet tight deadlines in a fast-paced M&A environment. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************