Security architect jobs in Rotterdam, NY

Introduction A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe. You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat. Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in groundbreaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience. Your role and responsibilities The SAP S/4HANA Defense & Security Architect assists the program solution architect with designing, developing, and implementing the Ministry of Defense for Ukraine's Defense and Security implementation. This role requires a mastery of specific business processes and requirements within the defense and security sectors, ensuring that our solution meets the priorities and needs of the Ukrainians. This individual assists in managing the integration of SAP S/4HANA with other components and systems, as well as oversee the test, deployment and sustainment of these solutions. Requires strong organization and communication skills and knowledge of integration with SAP functional areas. Possesses and applies a comprehensive knowledge across key tasks and high impact assignments Required education High School Diploma/GED Preferred education Bachelor's Degree Required technical and professional expertise * SAP functional SME with more than 15+ years delivering end to end complex SAP projects; experience in one or more SAP S/4HANA Line of Business * Comprehensive knowledge of SAP S/4HANA D&S with one or more successful SAP S/4HANA D&S implementations * Minimum Education: Bachelor's degree in a recognized technical, engineering, scientific, managerial, business, or other discipline related to area of expertise. An additional 4 years of relevant experience may be substituted for the bachelor's degree. * Must be able to obtain and maintain a NATO security clearance Preferred technical and professional experience * Proven stellar communication skills and strong teamwork experience with a multi-lingual team. * Experience leading teams and coordinating with other program leaders and stakeholders located in other time zones (6+ hours difference) * SAP Certified Application Associate ABOUT BUSINESS UNIT IBM Consulting is IBM's consulting and global professional services business, with market leading capabilities in business and technology transformation. With deep expertise in many industries, we offer strategy, experience, technology, and operations services to many of the most innovative and valuable companies in the world. Our people are focused on accelerating our clients' businesses through the power of collaboration. We believe in the power of technology responsibly used to help people, partners and the planet. YOUR LIFE @ IBM In a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better. Being an IBMer means you'll be able to learn and develop yourself and your career, you'll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background. Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do. Are you ready to be an IBMer? ABOUT IBM IBM's greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world. Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we're also one of the biggest technology and consulting employers, with many of the Fortune 500 companies relying on the IBM Cloud to run their business. At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it's time for you to join us on our journey to being a responsible technology innovator and a force for good in the world. IBM is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, neurodivergence, age, or other characteristics protected by the applicable law. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status. OTHER RELEVANT JOB DETAILS IBM will not be providing visa sponsorship for this position now or in the future. Therefore, in order to be considered for this position, you must have the ability to work without a need for current or future visa sponsorship. The compensation range and benefits for this position are based on a full-time schedule for a full calendar year. The salary will vary depending on your job-related skills, experience and location. Pay increment and frequency of pay will be in accordance with employment classification and applicable laws. For part time roles, your compensation and benefits will be adjusted to reflect your hours. Benefits may be pro-rated for those who start working during the calendar year.

As part of Meta Security, our Insider Trust team is dedicated to identifying and responding to insider threats that target our data. Our mission is to detect, investigate, and mitigate damage caused by insider threats. We handle a wide range of abuse cases, including misuse of user data, intellectual property theft, and leaks of sensitive information.We are seeking an experienced Security Engineer to join the team. This role involves investigating, hunting, and automating internal signals to detect malicious activities related to insider threats. **Required Skills:** Security Engineer Responsibilities: 1. Develop an understanding of the problem space and provide technical guidance during investigations and threat hunts 2. Influence and align the team's mission and strategy by collaboratively prioritizing and delivering multi-year roadmaps and projects 3. Create workflows and automations to streamline signal detection, threat hunts, and investigative processes 4. Collaborate with software and production engineering teams to build scalable and adaptable solutions for insider threat investigations 5. Identify gaps in our infrastructure and work with cross-functional partners to improve visibility through logging and automation 6. Prioritize efforts to maximize impact by enhancing visibility, automating processes, and scaling investigative capabilities 7. Coach, mentor, and support team members to foster long-term career growth, job satisfaction, and success **Minimum Qualifications:** Minimum Qualifications: 8. Bachelor's degree in Computer Science, Engineering, or equivalent experience 9. 8+ years of experience in Detection & Response Engineering, Insider Threat, or a similar Security Engineering role 10. In-depth technical and procedural expertise in conducting security investigations, including response, forensics, and large-scale log analysis 11. Proven experience leading and managing complex cross-functional programs 12. Extensive knowledge of attacker tactics, techniques, and procedures 13. Proficiency in coding or scripting in one or more general-purpose programming languages **Preferred Qualifications:** Preferred Qualifications: 14. Experience in threat hunting including leveraging intelligence data to proactively identify and iteratively investigates suspicious behavior across networks and systems 15. Broad knowledge across the Security domain, as well as deep focus in one (or more) areas such as Logs and events processing, Incident Management, Digital Forensics, Detection and/or response tool development **Public Compensation:** $177,000/year to $251,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

GE Vernova Research is building a USG Classified Program at our Niskayuna, NY site. Information systems have an important role in this and we are looking for an individual with experience as an Information Systems Security Manager (ISSM) or Information Systems Security Officer (ISSO) to fill our ISSM role and help us build and administer our IS program Job Description Roles and Responsibilities The Information Systems Security Manager will be responsible for leading GE Vernova Research's Classified Information Systems program ensuring it meets or exceeds all requirements. The ideal candidate will be a detail oriented, self-starter with a strong IT background and previous experience supporting classified programs. This role offers a great opportunity to have a significant impact providing leadership in an important, growing area of the company. In this role, you will: * Develop, maintain, and oversee the Information Systems (IS) security program and ensure policies and procedures are documented, up-to-date, and being followed. * Lead and ensure implementation of strong processes in the IS program (i.e. configuration management, change management, vulnerability management, incident management, investigation, reporting, ...). * Stay current with the latest threats, vulnerabilities and best practices, make changes to the program as required, and regularly test security controls to ensure IS security. * In partnership with the FSO, manage IS program relationship with USG representatives and coordinate IS security inspections, tests & reviews. * Develop and implement an effective IS security education, training, and awareness program. * Leverage your skills and abilities to lead and/or assist with GE Vernova Research non-classified IT governance Position Requirements * Bachelor's Degree in Computer Science or in "STEM" Majors (Science, Technology, Engineering and Math) * A minimum of 7 years' professional experience, with a minimum of 5 years' professional experience in IT security or governance (Risk management, Compliance, Audits, Software Governance, etc.) and 2 years as an ISSM or ISSO * Strong process focus, detail oriented * Strong written and verbal communication skills * Strong interpersonal skills and demonstrated ability to work as part of a high performing team * Must be willing to work out of an office located in Niskayuna, NY * Strong analytical and problem-solving skills * Due to the nature of the duties of this position, this role requires the individual to have US Government Security Clearance; prerequisite for a security clearance is U.S. citizenship. Desired Characteristics * U.S. Government classified program ISSM or ISSO experience * Information security certifications (CISSP, CISM, CISA, etc.) * Knowledge of risk management frameworks (ISO, NIST, etc.) * Prior experience in IT operations and support * Self-starter, identifies opportunities for improvement and implements positive change * Project management experience This role requires access to U.S. export-controlled information. If applicable, final offers will be contingent on ability to obtain authorization for access to U.S. export-controlled information from the U.S. Government. Additional Information GE Vernova offers a great work environment, professional development, challenging careers, and competitive compensation. GE Vernova is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. GE Vernova will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable). Relocation Assistance Provided: No For candidates applying to a U.S. based position, the pay range for this position is between $119,200.00 and $198,600.00. The Company pays a geographic differential of 110%, 120% or 130% of salary in certain areas. The specific pay offered may be influenced by a variety of factors, including the candidate's experience, education, and skill set. Bonus eligibility: discretionary annual bonus. This posting is expected to remain open for at least seven days after it was posted on December 18, 2025. Available benefits include medical, dental, vision, and prescription drug coverage; access to Health Coach from GE Vernova, a 24/7 nurse-based resource; and access to the Employee Assistance Program, providing 24/7 confidential assessment, counseling and referral services. Retirement benefits include the GE Vernova Retirement Savings Plan, a tax-advantaged 401(k) savings opportunity with company matching contributions and company retirement contributions, as well as access to Fidelity resources and financial planning consultants. Other benefits include tuition assistance, adoption assistance, paid parental leave, disability benefits, life insurance, 12 paid holidays, and permissive time off. GE Vernova Inc. or its affiliates (collectively or individually, "GE Vernova") sponsor certain employee benefit plans or programs GE Vernova reserves the right to terminate, amend, suspend, replace, or modify its benefit plans and programs at any time and for any reason, in its sole discretion. No individual has a vested right to any benefit under a GE Vernova welfare benefit plan or program. This document does not create a contract of employment with any individual.

Provide proven expertise and knowledge in Governance, Risk and Compliance (GRC), internal and external audit and assessment support and Information Security assurance initiatives. A firm knowledge of security compliance controls i.e NIST 800-53r4, HIPAA, HITECH, ISO27001 and other security standard frameworks is an absolute requirement. Gather and analyze metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure the information security program is meeting governance expectations and maturity. This candidate must be familiar with general security risk management principals, healthcare and government-designed security control standards and best practices for security and privacy. Candidate should be familiar with documented security plans, procedures, supporting evidence and risk rating standards based on NIST and other risk management frameworks. Assist with evaluation and testing as well as work with the applicable teams to track, address, and remediate audit and assessment findings to closure. Candidate must be familiar with threats and vulnerabilities, latest trends and risks and be able to understand the technical remediation action steps or plans and communicate them effectively to teams within the organization. Manage policy exceptions with requestors and coordinate the annual exception review process. Requires working directly with various teams to document exceptions, identify compensating controls, and remediation action plans accordingly. Provide process improvement suggestions for more effective management and review of exceptions. Support and help mature the overall security management program. Should be familiar with general governance, risk and compliance (GRC) programs with specific knowledge of government practices, and security risk and policy management. Provide support for ongoing BAA, third party risk reviews, including initial inherent risk, ongoing residual risk, and attestation campaigns. Support and help maintain risk appetite frameworks focused on security and business continuity risks. Additionally, support and maintain other general regulatory risk assurance program functions. Support and address regular IT general controls (ITGC) activity reviews and be able to rate and score maturity and compliance to standard control objectives. A knowledge of security architectures including SDLC, cloud or multi-tenant infrastructure and environments and network/boundary architectures. Should be familiar with SIEM, DLP, and other reporting and protection capabilities. Qualifications This position requires: BS or BA degree in a related field or equivalent work experience. Minimum 5 years in information security, Risk Management, IT compliance, or security/IT risk related field. Strong oral and written communication, as well as good interpersonal skills. Knowledge and experience in standard security and regulatory frameworks including HIPAA, HITECH, NIST 800-53, other NIST standards, ISO 27001/31000, FFIEC and PCI. Possess the ability to solve a wide range of complex problems, requiring ingenuity and innovation. Preferred/Nice-to-haves: Experience using GRC platforms or rating scorecards to show compliance levels and maturity. Experience with SharePoint administration, including workflow and process design. Current Certified Information Systems Security Professional CISSP certification (or similar security profession certificate). Current Certified Information Systems Auditor CISA certification (or similar). Additional Information PlanIT Group, LLC is an Equal Opportunity/Affirmative Action (M/F/D/V) Employer. All your information will be kept confidential according to EEO guidelines.

The New York Independent System Operator (NYISO) manages the efficient flow of electricity on more than 11,000 circuit-miles of high-voltage transmission lines, dispatching power from hundreds of generating units across the state. The New York Independent System Operator (NYISO) applies cutting-edge technology to operating a reliable electricity system, managing competitive markets for wholesale electricity, and planning for the Empire State's energy future. The NYISO's Information Technology department invites applications for a full-time Director, Enterprise Security & Chief Information Security Officer. The Director, Enterprise Security & Chief Information Security Officer is responsible for the design, implementation, and operations of the NYISO's physical and cyber security programs to ensure the protection of NYISO assets, operations, and employees. This position is responsible for all aspects of the NYISO's cyber and physical security program, including security risk management, threat & vulnerability management, incident response, data & information protection, security architecture, security infrastructure management, identity & access management, security training & awareness, and engagement on security matters with both internal and external entities, including government, law enforcement and NYISO stakeholders. The Director, Enterprise Security & Chief Information Security Officer ensures a strong security posture across the organization, with a high degree of operational readiness and capability to detect and respond to continuously evolving threats and vulnerabilities. This position requires the development and management of key external relationships with security service providers, vendors, government intelligence partners, and law enforcement agencies. The Director, Enterprise Security & Chief Information Security Officer leads participation in industry forums to augment the capabilities of the NYISO security staff and directs an internal team of security professionals charged with providing cyber and physical security services. The Director, Enterprise Security & Chief Information Security Officer oversees a security governance, risk, & compliance program that ensures adherence with applicable regulatory frameworks including NERC Critical Infrastructure Protection (CIP) standards and establishes trusted relationships throughout the electric utility industry to collaborate and share pertinent information. The Director, Enterprise Security & Chief Information Security Officer manages a team of cyber and physical security professionals, including a contract armed guard force, and reports directly to the Senior Vice President and Chief Information Officer. ESSENTIAL DUTIES and RESPONSIBILITIES Provides vision and leadership to guide the development of the NYISO cyber and physical security strategy and strategic plan and directs the implementation of the strategy through annual resource, budgetary, and project planning activities. Directs all operational security functions, including oversight of the NYISO's 24/7 Cyber Security Operations Center whose mission is to continuously monitor the threat landscape and immediately respond to events as necessary to protect the NYISO from cyber risks. Serves as senior cyber security escalation point for all cyber incidents and events and directs all activities across the organization during escalated cyber events and incidents. Oversees the cultivation of both classified and unclassified intelligence from government, law enforcement, and commercial partners, with processes that develop it into actionable information to be used by the cyber security analysts on the team. Leads the selection, design, engineering, and development of technical security infrastructure and cloud solutions. Develops security architectures to facilitate the application of security concepts and strategies into practical designs and configurations that are engineered to address evolving security challenges Oversees the NYISO's Security Governance, Risk & Compliance programs including policies and practices ensuring the organization's compliance with NERC Critical Infrastructure Protection standards, security components of Service Organization Control (SOC) 1, and other cyber and physical security standards. Engages in external outreach with NERC, NPCC, and other entities that audit NYISO's compliance with regulatory standards. Oversees the NYISO physical security program, with accountability for the protection of facilities, property, and physical assets, as well as access control & badging systems, video surveillance, workplace violence prevention, and other areas as required. Manages a large contract guard force (including armed guards) to ensure the safety and protection of all who enter NYISO property and facilities. Ensures the safe handling and storage of sidearms employed by armed guards. Develops and implements an engaging and effective security awareness & training program for all NYISO employees and contractors, and fosters a strong security-oriented culture across the NYISO. Works directly with the leaders of business units to facilitate risk analysis and risk management processes, identify acceptable levels of risk, and bridges security and the business units together through strong collaboration. Guides the implementation of information protection policies and processes to protect NYISO information assets from inappropriate disclosure. Manages NYISO employees assigned to the security team, including hiring, training, staff development, performance management and annual compensation review of department employees, and oversees contractors assigned in support of the physical security function. Provides presentations and briefings on all security matters to the Board of Directors, NYISO executive leadership, and industry leaders and dignitaries conveying security concepts in clear and concrete business terms. Oversees the business aspects of the security function including contracting, budgeting, vendor management and asset management. Develops strong, collaborative relationships with security service providers as a key component of the NYISO security program Provides subject matter expertise to senior leadership on a broad range of technical security standards and best practices. Represents the organization at conferences, seminars, and industry events. Establishes effective communications and reporting of security status at all levels of the organization. Briefs executive leadership, board members, and market participants on security matters, including strategy, operational status, security planning, and other matters. Establishes & maintains strong partnerships with local, state and federal law enforcement and other related government agencies. Builds relationships and forums with NYISO's stakeholders seeking to elevate the overall security awareness and posture of NY's electric industry. SUPERVISORY RESPONSIBILITIES This position does possess supervisory responsibility and there are supervisory employees who report to this position. Manages full time and contract employees. QUALIFICATIONS: Bachelor's Degree (BS) in Computer Science, Engineering, Management, or related technical field required; Master's Degree (MS/MBA) strongly preferred. At least fifteen years experience in progressively responsible IT management positions is required. Broad and deep understanding of technical security concepts and familiarity with related technologies and infrastructure, as well as a solid conceptual knowledge of enterprise IT architecture, infrastructure, software, and operational functions. Demonstrable experience in senior positions leading and motivating cross- functional, interdisciplinary teams, including strong enterprise security operations & incident management experience. Project management skills, experience managing department finances & budgets, and contracting and vendor negotiations. Experience in the energy sector and familiarity with Critical Infrastructure Protection standards is strongly desirable. CERTIFICATES, LICENSES, REGISTRATIONS Must be able to obtain and maintain a DHS, DOE, or DOD security clearance to be granted access to classified intelligence and information. Professional cyber security certification, such as a CPP, CISSP, CISM, CISA or other physical and/or information security credentials, is a plus. ADDITIONAL REQUIREMENTS Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures, and governmental regulations. Ability to write reports, business correspondence, and procedure manuals. Ability to write presentations and articles for publication that conform to prescribed style and format. Ability to effectively communicate security and risk-related concepts to technical and nontechnical audiences including senior NYISO leadership and the NYISO Board of Directors. Ability to define problems, collect data, establish facts and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables. High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity. Proficient with personal computers running the Windows operating system; experience with productivity software such as Microsoft Office applications, e-mail, and Internet programs. PHYSICAL DEMANDS While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand, walk, sit and use hands to perform routine office tasks. The employee is occasionally required to reach with hands and arms. The employee must occasionally lift and/or move up to 15 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. WORK ENVIRONMENT The noise level in the work environment is usually moderate. Contact with staff and public will occur. Travel may be required to attend and/or conduct meetings, conferences and training. This position may require work on nights, weekends or holidays. At the NYISO, we realize the importance of balancing the availability of remote work with the inherent value of bringing people together to attain success in the areas of maximum collaboration, relationship building and growth, teamwork, innovation and problem solving, as well as professional development and mentoring. In this role, you will be required to work onsite from our Rensselaer, NY location several days per workweek, with the option to work remotely on the remaining days. You will also be expected to respond to all business needs that may require any increase to the regular onsite requirements. The NYISO takes pride in recruiting, developing and retaining highly talented individuals. In addition to competitive salaries, we offer a comprehensive benefits package and innovative reward programs. All offers of employment will be made contingent upon the successful completion of a drug screening and background check. The NYISO is an Equal Opportunity Employer and as such, does not discriminate in its hiring or employment practices. #LI-Onsite Salary Range$170,500-$306,400 USD

Basic Qualifications Requires a Bachelor's degree in Systems Engineering, or a related Science, Engineering, Technology or Mathematics field. Also requires 2+ years of job-related experience, or a Master's degree and 6 months of job-related experience.. Agile experience preferred. CLEARANCE REQUIREMENTS: Department of Defense Secret security clearance is obtainable within a reasonable amount of time after hire. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information. Due to the nature of work performed within our facilities, U.S. citizenship is required. Responsibilities for this Position ROLE AND POSITION OBJECTIVES: As a Systems Engineer for the Nuclear Weapons Security program, you'll be a member of a cross functional team responsible for designing advanced security and information systems, as well as helping to maintain deployed systems. We encourage you to apply if you have any of these preferred skills or experiences: IBM DOORS MATLAB Simulink Requirements Decomposition Test Procedure Development Windows Powershell Cisco Networking Operating System Administration (Linux, Windows) Virtualization Cybersecurity Tool implementation and administration Database Administration (Mongo preferred) What sets you apart: Clear understanding of systems engineering concepts, principles, theories, and technical standards Clear understanding of requirements management and system modeling tools Creative thinker with ability to grasp and apply new information quickly and handle increasing responsibilities with growing complexity Team player who thrives in collaborative environments and revels in team success Commitment to ongoing professional development for yourself and others Our Commitment to You: An exciting career path with opportunities for continuous learning and development. Research oriented work, alongside award winning teams developing practical solutions for our nation's security Flexible schedules with every other Friday off work, if desired (9/80 schedule) Competitive benefits, including 401k matching, flex time off, paid parental leave, healthcare benefits, health & wellness programs, employee resource and social groups, and more See more at gdmissionsystems.com/careers/why-work-for-us/benefits Workplace Options: This position is Hybrid/Flex, but will require periods of 100% on site. While on-site, you will be a part of the Pittsfield, MA facility. #CJ2 #LI-Hybrid Salary Note This estimate represents the typical salary range for this position based on experience and other factors (geographic location, etc.). Actual pay may vary. This job posting will remain open until the position is filled. Combined Salary Range USD $97,754.00 - USD $108,445.00 /Yr. Company Overview General Dynamics Mission Systems (GDMS) engineers a diverse portfolio of high technology solutions, products and services that enable customers to successfully execute missions across all domains of operation. With a global team of 12,000+ top professionals, we partner with the best in industry to expand the bounds of innovation in the defense and scientific arenas. Given the nature of our work and who we are, we value trust, honesty, alignment and transparency. We offer highly competitive benefits and pride ourselves in being a great place to work with a shared sense of purpose. You will also enjoy a flexible work environment where contributions are recognized and rewarded. If who we are and what we do resonates with you, we invite you to join our high-performance team! Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

We understand that the world we want tomorrow starts with how we do business today, and that's why we're inspired to make A Better World for Pets. Antech is comprised of a diverse team of individuals who are committed to each other's growth and development. Our culture is centered on our guiding philosophy, The Five Principles: Quality, Responsibility, Mutuality, Efficiency and Freedom. Today Antech is driving the future of pet health as part of Mars Science & Diagnostics, a family-owned company focused on veterinary care. Current Associates will need to apply through the internal career site. Please log into Workday and click on Menu or View All Apps, select the Jobs Hub app, then click the magnifying glass to Browse Jobs. The Target Pay Range for this position is as follows: • Loveland, Colorado: $143,000- $178,000 annually. • Chicago $149,000 - $187,000 annually. • New York City: $156,000- $195,000 annually At Antech, pay decisions are determined using factors such as relevant job-related skills, experience, education, training and budget. Job Summary: The Senior Security Architect (SA) is responsible for designing and evolving secure enterprise architecture across our cloud, hybrid, and on-premises environments as part of the Cybersecurity function. The SA will work closely with Business Stakeholders, Enterprise Architects, and Information technology teams to ensure that SDx solutions designed follow Mars standards and are consistent throughout the SDx division. This individual will bring deep technical expertise in cloud security, API security, threat modeling, and design of reusable security reference architecture patterns to support scalable and resilient systems. Key Responsibilities: Define, design, and maintain enterprise-grade security architecture patterns, reference models and blueprints that align to Mars and SDx security standards and practices. Architect secure solutions across multi-cloud, hybrid and on-premise solutions. Work with our Product Security Engineers, Cloud and Development teams to embed security controls into our DevSecOps pipelines, micro-services, APIs and other components of SDx solutions. Lead and facilitate threat modeling sessions with our Product Security Engineers and Cloud Development teams using methods such as STRIDE, DREAD or MITRE ATT&CK to ensure adversarial and attack-route analysis is built into our models. Identify architectural risks and propose mitigation strategies early in the design lifecycle as well as performing retroactive security architecture reviews for existing solutions. Partner with enterprise architects, cloud engineers, and DevOps teams to enforce security best practices. Contribute to security policies, standards and guidelines aligning with business needs, Mars and any regulatory requirements. Serve as a trusted security advisor to product engineering and infrastructure teams. Support product security reviews, architecture discussions and secure design validation with our Product Security Engineers and Cloud Development teams. Work with Mars Global Digital Operations (GDO) teams to explore, adapt and incorporate solutions into SDx environment. Collaborate with Mars Risk Management, Vendor Cyber Risk Management, and other teams to ensure that risks identified are properly reported and managed through remediation. Serve as the SA subject matter expert and coordinate with our GRC Specialist for the implementation of SDx cybersecurity governance to enforce policies, procedures, and standards, following SDx and Mars business requirements and security best practices. Collaborate with critical teams including infrastructure, development, R&D, and Mars GDO to ensure alignment with Mars strategies. Collaborate with other teams to achieve efficiencies while building a secure environment that integrates validated technology stack components. Provide security architecture support in the design, implementation, and maintenance of solutions in an agile manner to improve efficiency and reduce errors or disruptions across SDx. Work with our R&D and IT departments to apply threat modeling and/or adversarial approaches to ensure customer-facing technologies and products are secure and updated to best security practices in security architecture. Qualifications & Experience: Bachelors in Cybersecurity, Information Technology, Computer Science, Engineering, or related field. Master's degree is a plus, but not essential. Knowledge applying Cloud and DevSecOps Security Architecture principles for Zero-trust. Security Architecture design and review expertise in API security such as OAuth 2, OpenIDConnect, mTLS, API gateways, among others. Threat Modeling and secure design reviews integrating them into a DevSecOps pipeline. Pen testing and red teaming knowledge, specifically privilege escalation paths and incident management as well as threat modeling, attack-route analysis, application testing and vulnerability management related to security architecture designs. Experience communicating complex security concepts effectively (technical, non-technical and executive level audiences). Relevant certifications such as CISSP, GIAC Defensible Security Architecture, CISA or Security+. Cloud security architecture or related certifications in Azure, AWS or GCP are preferred. Experience in regulated industries (finance, healthcare, manufacturing, etc.) applying regulatory regulations and/or security frameworks. Experience in a laboratory setting, veterinary clinics, healthcare or related systems. Strong problem-solving and analytical mindset. Hands-on background in DevSecOps, secure coding, and penetration testing. Experience applying Identity Governance & Administration (IGA). Required Qualifications: 8+ years of experience in designing security reference architectures and reusable components. Strong knowledge of network security principles including segmentation/microsegmentation and Zero Trust Architecture. Strong knowledge of security coding as well as DevSecOps and Systems Development Lifecycle (SDLC). Strong knowledge in Identity and Access Management solutions including Multi-factor authentication and Identity Service Providers (IdSP) such as Okta, ForgeRock, or other IAM tools. Strong knowledge of information security frameworks such as NIST, ISO 27001, HITRUST, CIS, SOC 1/2/3, PCI-DSS, as well as privacy-related regulatory frameworks including GDPR. Physical Demands: Extensive sitting, phone, and computer use Extend and reach with hands and arms and use hands and fingers Occasionally required to bend, kneel, stoop, or crouch May be required to lift, move, and carry up to 15 lbs. Specific vision abilities required including close vision, color vision, depth perception, and the ability to adjust focus. Hearing ability to effectively communicate via the telephone and in person Ability to communicate verbally on the telephone and in person Fluency in the English language Extended hours may be needed Work Environment: The employee will primarily work in a typical office environment including use of cubicles, computers and overhead lighting. Temperature extremes will be minimal to nonexistent. The noise level in the work environment is usually moderate. The employee will be required to use a computer, spreadsheets, database management, email, and the Internet. The employee is frequently required to use a calculator; fax, copy machine, and phone system. About Antech Antech is a leader in veterinary diagnostics, driven by our passion for innovation that delivers better animal health outcomes. Our products and services span 90+ reference laboratories around the globe; in-house diagnostic laboratory instruments and consumables, including rapid assay diagnostic products and digital cytology services; local and cloud-based data services; practice information management software and related software and support; veterinary imaging and technology; veterinary professional education and training; and board-certified specialist support services. Benefits Antech offers an industry competitive benefits package and continues to invest in and evolve benefits programs that meet the health, wellness and financial needs of our associates. Benefits eligiblity is based on employment status. Paid Time Off & Holidays Medical, Dental, Vision (Multiple Plans Available) Basic Life (Company Paid) & Supplemental Life Short and Long Term Disability (Company Paid) Flexible Spending Accounts/Health Savings Accounts Paid Parental Leave 401(k) with company match Tuition/Continuing Education Reimbursement Life Assistance Program Pet Care Discounts Commitment to Equal Employer Opportunities We are proud to be an Equal Opportunity Employer - Veterans / Disabled. For a complete EEO statement, please see our Career page at Antech Careers. Note to Search Firms/Agencies Antech Diagnostics, Inc. and its subsidiaries and affiliates (Antech) do not compensate search firms for unsolicited assistance unless they have a written search agreement with Antech and the requisition is position-specific. Any resumes, curriculum vitae, and other unsolicited assistance from search firms that do not have a written search agreement or position-specific requisition submitted to any Associate of Antech will be deemed the sole property of Antech and no fee will be paid in the event the candidate is hired by Antech.

ISSOEmployment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success:- Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. - Maintain responsibility for managing cybersecurity risk from an organizational perspective. - Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership.- Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies.- Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO).- Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes.- Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF.- Provide subject matter expertise for cyber security and trusted system technology. - Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems.- Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. - Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring.- Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications:- Bachelor's Degree.- A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc.- eMASS experience.- Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher.- Strong desktop publishing skills using Microsoft Word and Excel.- Experience with industry writing styles such as grammar, sentence form, and structure.- Ability to multi-task in a deadline-oriented environment. Ideally, you will also have:- CISSP, CASP, or a similar certificate is preferred.- Master's Degree in Cybersecurity or related field.- Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking.- Demonstrated ability to work well independently and as a part of a team.- Excellent work ethic and a high commitment to quality. Our Commitment:Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package.Health, Dental, and VisionLife Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation!Explore additional job opportunities with CGS on our Job Board:**************************************** more information about CGS please visit: ************************** or contact:Email: ******************* #CJ

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. **Responsibilities:** + **M&A Integration Execution:** Collaborate and engage with IAM Lead and other business partners on planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Design and Implement Sailpoint IIQ Solutions:** Configure and customize Sailpoint IIQ components (Lifecycel Manager, Compliance Manager etc). Also develop workflows, rules, and connectors for identity governance. + **Application integration with Sailpoint IIQ:** Integrate Sailpoint IIQ with enterprise applications, directories and cloud platforms in addition to developing and maintaining connectros for provisioning and de-provisioning. + **Sailpoint IIQ Development and Scripting:** Write and maintain BeanShell scripts, Java code and XML configurations, develop customer Sailpoint tasks and workflows. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications** + Experience with SailPoint IdentityIQ (IIQ) is a must + Experience with SailPoint IIQ Integrations (Workday, Active Directory/LDAP, Webservices, SCIM, JDBC, SAP) + Experience implementing Life Cycle Manager (LCM) Configuration workflow tasks that model business functions, including Lifecycle Requests (Role or Entitlement), Lifecycle Events (Joiner, Mover, or Leaver), and LCM Workflow Details (Workflows and Subprocesses) + Solid understanding of the SailPoint object model, rules, and policies + Experience with both lifecycle manager (LCM) and compliance manager (CM) modules + Knowledge of Active Directory, LDAP, Workday, and cloud platforms (GCP, MS Entra ID) is required + Proven track record of successful IAM implementations including large scale enterprise deployments. + Experience working within regulatory standards and requirements such as, SOX, HIPAA, GDPR etc. is desired. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

About the job : Application Security (AppSec) and DevSecOps Engineer Career Level : Mid-level Who We Are: This is Nexgentek, Inc - where every challenge is an opportunity, and every solution is a masterpiece in the making. As a full-lifecycle IT company, we transcend mere delivery; we engineer success. From inception to implementation, our seasoned expertise shepherds every phase of the journey. Be it planning, analysis, design, development, testing, or the seamless transition to production, we stand as steadfast partners in our clients' progress. At Spearhead Technology, quality isn't a mere aspiration-it's our ethos. Rooted in Tech Advisory, our methodology is guided by insights that spark transformative outcomes. We recognize the paramount importance of talent retention. Through a steadfast commitment to work-life balance, competitive remuneration packages, and an optimized operational model, we ensure our team remains as exceptional as our services. Step into Spearhead Technology, where innovation meets precision, and together, let's sculpt the future of technology with finesse and distinction. Requirements At Nexgentech. Inc, we're committed to building secure, reliable, and innovative systems that our clients and communities can trust. We're looking for an experienced and proactive Application Security (AppSec) and DevSecOps Engineer who is passionate about embedding security into every step of the software development lifecycle. In this role, you'll partner with engineering, operations, and security teams to design and implement scalable security practices that not only safeguard our applications and infrastructure but also support agility and growth. If you enjoy being hands-on, solving complex challenges, and mentoring others on secure development, this role is for you. What You'll Do Secure SDLC Integration Embed security from the earliest stages of design through development and deployment. Work closely with Agile/Scrum teams to identify, track, and resolve security issues during sprint cycles. Conduct security architecture and threat modeling reviews. Lead secure design discussions and threat modeling sessions. Educate development teams on secure coding standards and best practices. Help define and maintain a secure backlog, including user stories and acceptance criteria tied to security requirements. Champion secure development practices across teams and pipelines. CI/CD Pipeline Security Integrate tools for SAST, DAST, SCA, and IaC scanning into CI/CD workflows. Automate security checks to provide continuous feedback and compliance assurance. Ensure outputs are traceable by syncing findings with ticketing and tracking systems. Application Security Perform static and dynamic analysis, vulnerability assessments, and manual code reviews. Coordinate and lead internal and third-party penetration tests. Work with developers to remediate vulnerabilities efficiently and effectively. Track resolution progress through security-focused sprint cycles. Monitor and assess third-party and open-source components for risks. Infrastructure & DevSecOps Harden containerized environments (Docker, Kubernetes) and manage their security posture. Apply secure practices in cloud platforms like AWS, Azure, or GCP using IaC tools (Terraform, CloudFormation). Implement strong secrets management, access controls, and cloud-native protections. Governance & Compliance Align application security practices with standards like ISO 27001, SOC 2, HIPAA, NIST 800-53, and NIST SSDF. Support audit readiness by maintaining evidence and documentation for compliance controls. Map implemented security controls to regulatory frameworks and security policies. What You Bring Required Qualifications Bachelor's degree in Computer Science, Cybersecurity, or equivalent practical experience. 3-5+ years in AppSec, DevSecOps, or similar security-focused engineering roles. Strong experience with security tools: SAST (e.g., Checkmarx, SonarCloud), DAST (e.g., OWASP ZAP, Burp), SCA (e.g., Snyk), IaC scanning (e.g., tfsec). Proficiency with CI/CD systems like Jenkins, GitHub Actions, GitLab CI/CD. Knowledge of secure design principles, OWASP Top 10, and threat modeling. Experience with scripting languages (Python, Bash, etc.). Familiarity with containerization and orchestration (Docker, Kubernetes). Experience in regulated environments (e.g., HIPAA, SOC2) and knowledge of NIST 800-53 and NIST SSDF. Preferred Qualifications Certifications such as OSCP, CISSP, CSSLP, or CEH. Experience with multi-cloud security (Azure, AWS, GCP). Background leading pen tests and managing coordinated remediation. Participation in bug bounty or responsible disclosure programs. Experience with a security champions program. What Sets You Apart You're a great communicator who can translate complex security risks into actionable insights-whether speaking to engineers or executives. You're a natural collaborator who thrives in cross-functional teams. You're adaptable, resourceful, and capable of working independently with a proactive mindset. You bring not just technical acumen but also empathy, curiosity, and a commitment to doing things the right way. Benefits What's in it for you: At Spearhead Technology, we prioritize your well-being and professional growth. Here's what you can expect: Achieve a healthy work-life balance. Competitive compensation and abundant growth opportunities. Enjoy a standard 5-day workweek with 2 fixed weekly offs. Experience an employee-centric environment with supportive policies. Benefit from family-friendly and flexible work arrangements. Access our Performance Advancement and Career Enhancement (PACE) initiative and discover opportunities for both personal and professional growth. From tailored career development plans to expert counseling services, PACE empowers you to chart your course to success with confidence and clarity. Elevate your career trajectory with our Learning & Development (L&D) program. Join our team and embark on a transformative journey of upskilling and self-discovery. With continuous learning as your compass, you'll not only enhance your expertise but also open doors to new opportunities, paving the way for career growth and fulfillment. Please note : At Spearhead Technology, we value the importance of collaboration, learning, and fostering connections with clients, peers, leaders, and communities. While some in-person engagement may be required for certain roles, we are committed to providing flexibility to accommodate your individual work-life balance needs. As an equal opportunities' employer, Spearhead Technology welcomes and encourages applications from all members of society. We are dedicated to creating an inclusive environment where diversity is celebrated, and individuals are valued for their unique perspectives and contributions. We do not discriminate on the basis of race, religion or belief, ethnicity, disability, age, citizenship, marital or civil partnership status, sexual orientation, or gender identity.

Our Security team works on operational issues at the leading edge of machine learning technology. You will join a creative and solutions-oriented team collaborating with internal teams at Scale and externally with our customers. Scale is looking for an experienced security and compliance professional to support Assessment and Authorization and agency audit activities for Scale's products that are offered in the US Government and global Public Sector space. We are looking for relentlessly curious, deliberately open-minded, and action-oriented generalists who can design effective legal advice, internal policies, and operational processes while employing an empathetic interpersonal style. If you enjoy solving novel and challenging problems and building strong teams and relationships while doing it, we'd love to hear from you! You will: Lead public sector security compliance projects and audits (FedRAMP HIGH, DoD Cloud Computing SRG IL4/IL5/IL6 , NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework) Collaborate with product, engineering, security, operations, people operations, and legal to implement new technical, administrative, and operational controls Work with 3PAOs and federal government AOs to achieve compliance certifications and reports Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures Serve as a liaison between system owners and other security personnel, ensuring that selected security controls are effectively implemented and maintained throughout the lifecycle of projects Act as a liaison between system owners and other security personnel to facilitate effective communication and collaboration Develop, maintain, review, and update system security documentation on a continuous basis Conduct required vulnerability scans and develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities. Manage risks by coordinating correction or mitigation actions and tracking the completion of POAMs Coordinate system owner concurrence for correction or mitigation actions and monitor security controls to maintain security Authorized To Operate (ATO) Upload security control evidence to the Governance, Risk, and Compliance (GRC) application (eMASS or Xacta) to support security control implementation during the monitoring phase Lead Risk Management Assessment and Authorization (A&A) processes for deployments Perform Cloud system risk assessments, enhance process workflows, and develop new processes Implement all applicable manual Security Technical Implementation Guides (STIGs), vendor hardening guides and ensuring timely installation of all available patches Create and maintain ATO packages Lead security compliance reviews for new products, changes, and features Proactively evaluate and advise the business on new and evolving certification programs, requirements, and technologies Develop and provide training to improve the security awareness and knowledge for all employees and contractors Required: Active US Top Secret security clearance with minimum IAT Level 2 certification (Security +, CASP, or similar) Ideally you'd have: Experience implementing and maintaining some of the following frameworks and standards: FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, NIST 800-53. STIG/RMF policy knowledge & implementation, including validating compliance via ACAS and other relevant tests. Experience in project management and taking projects from conception to launch An ability to translate between business and technical risk and communicate clearly to leadership Excellent organizational and communications skills Understanding of cybersecurity controls for cloud service providers Knowledge of AWS and other government authorized cloud services 5+ years of security compliance or technology audit related experience Nice-to-haves: Bachelor's degree in accounting, information systems, computer science, or a related field Compensation packages at Scale for eligible roles include base salary, equity, and benefits. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position, determined by work location and additional factors, including job-related skills, experience, interview performance, and relevant education or training. Scale employees in eligible roles are also granted equity based compensation, subject to Board of Director approval. Your recruiter can share more about the specific salary range for your preferred location during the hiring process, and confirm whether the hired role will be eligible for equity grant. You'll also receive benefits including, but not limited to: Comprehensive health, dental and vision coverage, retirement benefits, a learning and development stipend, and generous PTO. Additionally, this role may be eligible for additional benefits such as a commuter stipend. Please reference the job posting's subtitle for where this position will be located. For pay transparency purposes, the base salary range for this full-time position in the locations of San Francisco, New York, Seattle is:$236,500-$295,900 USD PLEASE NOTE: Our policy requires a 90-day waiting period before reconsidering candidates for the same role. This allows us to ensure a fair and thorough evaluation of all applicants. About Us: At Scale, our mission is to develop reliable AI systems for the world's most important decisions. Our products provide the high-quality data and full-stack technologies that power the world's leading models, and help enterprises and governments build, deploy, and oversee AI applications that deliver real impact. We work closely with industry leaders like Meta, Cisco, DLA Piper, Mayo Clinic, Time Inc., the Government of Qatar, and U.S. government agencies including the Army and Air Force. We are expanding our team to accelerate the development of AI applications. We believe that everyone should be able to bring their whole selves to work, which is why we are proud to be an inclusive and equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability status, gender identity or Veteran status. We are committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities. If you need assistance and/or a reasonable accommodation in the application or recruiting process due to a disability, please contact us at accommodations@scale.com. Please see the United States Department of Labor's Know Your Rights poster for additional information. We comply with the United States Department of Labor's Pay Transparency provision . PLEASE NOTE: We collect, retain and use personal data for our professional business purposes, including notifying you of job opportunities that may be of interest and sharing with our affiliates. We limit the personal data we collect to that which we believe is appropriate and necessary to manage applicants' needs, provide our services, and comply with applicable laws. Any information we collect in connection with your application will be treated in accordance with our internal policies and programs designed to protect personal data. Please see our privacy policy for additional information.

Who we are We help enterprises unlock the future of AI, and realize untapped potential through a thoughtful approach to access, security, and scalability. We're a growing startup at the forefront of enterprise GenAI infrastructure. We are building a next-generation platform that empowers enterprises to securely adopt and manage advanced AI workflows. We know that successful technology adoption hinges on secure and appropriate access. Our founding team helped shape past technology revolutions - from pioneering secure API Management during the rise of mobile apps to driving enterprise AI adoption across Fortune 100 enterprises. At the core of all we do is our team. We're made up of builders, creators, and curious minds, on a mission to make AI safer, more responsible. Just as we are thoughtful about our products, we're thoughtful about how we build teams and our culture. We believe with each addition to the team, culture can be enhanced. Take a look at what we value in our About Barndoor page. If this speaks to you, we'd love to hear from you! How you'll make an impact Security is foundational to everything we build. As our core Security Engineer, you will directly continue to shape the architecture, policies, and culture that scale our secure software. The systems you design will enable our customers-enterprises with complex regulatory and operational needs-to safely deploy AI-powered agents at scale. Your work won't just prevent breaches-it will enable trust, unlock innovation, and differentiate our platform in the market. What You'll Be Working OnWhile all roles have fluidity, here's a sense of some of what you might work on at any given time. Core responsibilities and role responsibilities include: Responsibilities Audit and strengthen OAuth 2.0 and OIDC token flows across internal proxies, the control plane, and third-party integrations Identify and mitigate common and emerging threats in delegated authentication workflows Review and co-design REST, WebSocket, and streaming APIs with strong boundaries, secure defaults, and least-privilege access models Help define system boundaries for multi-agent, multi-tenant orchestration Integrate and tune automated CVE, SCA, and IaC scanning tools into CI/CD pipelines Convert security findings into high-signal engineering tickets with practical remediation paths Lead lightweight, iterative threat models for new features and services Define internal security baselines and policies, and mentor others to promote a strong security culture Favor automation-friendly controls over burdensome manual security processes Contribute to compliance initiatives such as SOC 2 and ISO 27001, supporting scalable security programs Leverage deep expertise in OAuth 2.0/OIDC with real-world experience securing authentication flows in production systems Design secure APIs, review system architectures, and implement scalable authentication and authorization models Apply hands-on experience with supply chain and container security tools such as Trivy, Snyk, Grype, and Terraform scanning Demonstrate familiarity with modern identity platforms like Auth0, Okta, and Keycloak, and with Zero Trust models Requirements 5+ years in application or platform security roles, ideally in high-growth SaaS or cloud-native environments. Deep expertise in OAuth 2.0/OIDC, including real-world experience securing auth flows in production systems. Strong track record designing secure APIs, reviewing system architectures, and implementing scalable authN/authZ models. Hands-on experience with supply chain and container security tools (e.g., Trivy, Snyk, Grype, Terraform scanning). Familiarity with modern identity platforms (Auth0, Okta, Keycloak) or Zero Trust models. Proven success contributing to SOC 2, ISO 27001, and overall compliance programs. Experience working with AI/ML platforms or agent-based architectures. Comfortable collaborating with infrastructure, product, and legal teams to align security priorities with company goals. Passion for mentorship, documentation, and building a strong security culture without over-engineering. Soft Skills That Matter Here Startup Agility: You thrive in fast-paced, evolving environments and are quick to take initiative without waiting for perfect clarity. Ownership Mentality: You see a gap and step in-you don't wait to be told what needs securing, you go find it. Collaborative Spirit: You work well across functions-engineering, product, sales, and beyond-to elevate the entire team's security awareness. Pragmatic Mindset: You balance ideal security outcomes with real-world constraints, always looking for simple, sustainable solutions. Mentorship and Influence: You uplift teammates by sharing knowledge and helping others build security into their everyday thinking. Travel RequirementsTeam connection is an important part of our culture. With a remote-friendly structure, we do require that our team be available to travel for in-person collaboration sessions and meetings. Some roles may have more travel than others. Typical team meetups are every 6-8 weeks, however, this may vary depending on team and business needs. We work to plan out our travel schedules in advance to give as much notice as possible. Equal Opportunity EmployerWe celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate based on race, color, ancestry, national origin, citizenship, religion or creed, sex (including pregnancy, childbirth, and related conditions), sexual orientation, gender identity or expression, age, marital status, veteran status, disability, genetic information, or any other legally protected status. We believe that diverse teams build better products, and we strive to ensure that our hiring, development, and advancement practices are fair, equitable, and welcoming for everyone.

Nominal is building the software infrastructure powering the world's most advanced hardware systems - from spacecraft and autonomous vehicles to next-generation industrial machines. Our platform ingests high-rate telemetry, validates complex autonomy software in real time, and enables engineers to iterate faster without sacrificing safety or precision. We're a small, fast-moving team of engineers and operators who own problems end-to-end, work across disciplines, and thrive on challenges at the intersection of hardware and software. As an early team hire dedicated to information security (Security) and governance, risk, and compliance (GRC), you'll be responsible for working across the organization, developing and maturing various Security and GRC controls. You'll also play a critical role in assisting Nominal to meet various authority to operate (ATO) initiatives. This may include tasks such as hardening Nominal's software platform (both security and availability), deploying into secure environments, assisting with incident response, managing Nominal's network, ensuring endpoint security, establishing baseline device configuration, guaranteeing technical compliance with information security standards, and more.🚀 About the role Own the Posture: Technical excellence in product hardening and information security is table-stakes for Nominal's success due to our product and industry. You'll need to internalize this and fully own it in a first-class way. Set Nominal up for success in serving large DoD and enterprise customers in a secure manner. Detect and Respond: Strengthen Nominal's operational and product security through active monitoring, threat detection, and incident response. Manage endpoint protection and logging tools (e.g., EDR, SIEM), investigate alerts, and collaborate with engineering to close gaps and prevent recurrences. Plan and Execute: Translate GRC requirements (e.g., CMMC, NIST 800-171, FedRAMP, NIST 800-53, Impact Level (IL) 4/5, and National Security Systems (NSS)) to propose and lead a rollout of technical actions and policies that meet stringent information security standards. Assist and support the maintenance of our Information Security Program. Apply technology standards to classified, air-gapped environments. Coach Our Team: Create and deliver approachable, relevant training to ensure all employees are equipped to maintain high technical standards for Security and Compliance. Provide guidance regarding procurement or download of secure, vetted third-party software, applications, and libraries. Communicate the Standard: Prepare communications for government partners, assessors, auditors, and customers that satisfactorily explain Nominal's technical security posture, both for our software platform and IT systems/endpoints, and inspire confidence in our secure product and business practices. 🔍 We're looking for someone with 4+ years of experience working as a Security Engineer/Security Analyst. Hands-on expertise in endpoint protection, event monitoring and logging (EDR & SIEM).Incident handlining experience including incident preparation, detection, analysis, containment & eradication, and post-mortem. Strong understanding of system administration, including network setup (VPN, SSIDs, firewalls), software & hardware allowlisting/blocklisting, encryption & secure protocols, identity and access management controls. Familiarity with cloud environments such as AWS GovCloud, Microsoft Azure, Microsoft Government Community Cloud (GCC).Experience implementing and maintaining compliance frameworks such as CMMC, NIST 800-171, FedRAMP, NIST 800-53, DoD Impact Levels (IL4/5), National Security Systems (NSS), SOC2, and ISO 27001/27002. Experience with federal contracting and data protection requirements, whether in government or industry settings. Experience conducting risk assessments, vulnerability management, and security control testing to proactively identify and remediate issues and areas of improvement. General knowledge of DevSecOps and infrastructure concepts, with the ability to effectively collaborate with engineering teams on planning, integrations, and implementation of security and compliance requirements. Strong organizational & writing skills, and attention to detail, commensurate to build out policy, procedure, plan, and standards documentation for customer, government, and auditor audiences. Strong project management, collaboration, and relational skills to work with cross-functional stakeholders across Nominal to ensure ongoing delivery of our Security and GRC posture. ✨ Benefits 🏥 100% coverage of medical, dental, and vision insurance 🏖️ Unlimited PTO and sick leave 🍽️ Free lunch, snacks, and coffee 🚀 Professional development stipend ✈️ Annual company retreat To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. § 1157, or (iv) Asylee under 8 U.S.C. § 1158, or be eligible to obtain the required authorizations from the U.S. Department of State.Please note that Nominal is unable to sponsor employment visas (H-1B, F-1 OPT, etc.) for this position. Applicants must be authorized to work in the U.S. without the need for visa sponsorship now or in the future. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.

Hudson River Trading (HRT) is looking for a Systems Engineer with a focus on physical security systems to join our Enterprise Technology team. This role will liaise closely with our Workplace and various Security teams to conduct research, design, and maintain physical security platforms. You'll join a lean and technical team with opportunities to architect, own, and evolve HRT's global physical security infrastructure, driving both strategic vision and hands-on execution, to help HRT stay secure while providing a great employee experience. Responsibilities Research, architect, and deploy physical security systems across our offices and supporting sites around the globe Conduct audits and risk assessments of the physical security of equipment and locations globally Curate an enjoyable employee experience while helping to maintain safety, security and compliance Manage user roles, permissions, and system access in compliance with company policies and best practices Troubleshoot hardware/software issues, perform diagnostics, and provide Level 2/3 support Create and maintain documentation of configurations, procedures, and system architecture Help lead technical response and forensic analysis for physical security incidents in collaboration with Workplace and Security Operations teams Collaborate with internal stakeholders to evaluate and adopt next-generation physical security technologies, such as AI-driven analytics, mobile credentials, or zero-trust physical systems Qualifications 5+ years of experience in the systems architecture, engineering, and administration of physical security systems (camera infrastructure, badge platforms, biometrics, environmental sensors, access control, etc.) Experience with open protocols and standards in physical security (OSDP, SNMP, etc.) Experience with consolidating and automating identity management, configuration, and logging for disparate physical security, access control, and digital IAM platforms Experience with data center physical security systems (VSS, ACS, IDS, anti-tailgating, anti-passback, mantraps, etc.) Experience automating through code (Python, Go, PowerShell) and working with SDKs/APIs Strong knowledge of networking concepts and protocols Familiarity with securing IP-based physical systems and awareness of modern physical security threats (e.g., firmware supply chain, OT/IT convergence) Willing to travel 20% of time to visit other offices and facilities as needed A certification like Certified Protection Professional (CPP) or Physical Security Professional (PSP) is a plus Experience using Linux is a plus Experience with public cloud providers (GCP, AWS, Azure) is a plus The estimated base salary range for this position is 150,000 to 250,000 USD per year (or local equivalent). The base pay offered may vary depending on multiple individualized factors, including location, job-related knowledge, skills, and experience. This role will also be eligible for discretionary performance-based bonuses and a competitive benefits package. Culture Hudson River Trading (HRT) brings a scientific approach to trading financial products. We have built one of the world's most sophisticated computing environments for research and development. Our researchers are at the forefront of innovation in the world of algorithmic trading. At HRT we welcome a variety of expertise: mathematics and computer science, physics and engineering, media and tech. We're a community of self-starters who are motivated by the excitement of being at the cutting edge of automation in every part of our organization-from trading, to business operations, to recruiting and beyond. We value openness and transparency, and celebrate great ideas from HRT veterans and new hires alike. At HRT we're friends and colleagues - whether we are sharing a meal, playing the latest board game, or writing elegant code. We embrace a culture of togetherness that extends far beyond the walls of our office. Feel like you belong at HRT? Our goal is to find the best people and bring them together to do great work in a place where everyone is valued. HRT is proud of our diverse staff; we have offices all over the globe and benefit from our varied and unique perspectives. HRT is an equal opportunity employer; so whoever you are we'd love to get to know you. Please be advised: Use of AI tools during interviews or assessments is strictly prohibited, unless otherwise instructed or agreed upon. We employ various methods to evaluate the authenticity of candidate responses. If we determine that AI assistance was used during any stage of the hiring process, we reserve the right to immediately disqualify your candidacy or rescind any job offers extended.

**Introduction** A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe. You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat. Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in groundbreaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience. **Your role and responsibilities** The SAP S/4HANA Defense & Security Architect assists the program solution architect with designing, developing, and implementing the Ministry of Defense for Ukraine's Defense and Security implementation. This role requires a mastery of specific business processes and requirements within the defense and security sectors, ensuring that our solution meets the priorities and needs of the Ukrainians. This individual assists in managing the integration of SAP S/4HANA with other components and systems, as well as oversee the test, deployment and sustainment of these solutions. Requires strong organization and communication skills and knowledge of integration with SAP functional areas. Possesses and applies a comprehensive knowledge across key tasks and high impact assignments **Required technical and professional expertise** - SAP functional SME with more than 15+ years delivering end to end complex SAP projects; experience in one or more SAP S/4HANA Line of Business - Comprehensive knowledge of SAP S/4HANA D&S with one or more successful SAP S/4HANA D&S implementations - Minimum Education: Bachelor's degree in a recognized technical, engineering, scientific, managerial, business, or other discipline related to area of expertise. An additional 4 years of relevant experience may be substituted for the bachelor's degree. - Must be able to obtain and maintain a NATO security clearance **Preferred technical and professional experience** - Proven stellar communication skills and strong teamwork experience with a multi-lingual team. - Experience leading teams and coordinating with other program leaders and stakeholders located in other time zones (6+ hours difference) - SAP Certified Application Associate IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

Meta's Product Security team is seeking a experienced hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses. Your skills will be the foundation of security initiatives that protect the security and privacy of over two billion people. You will be relied upon to provide engineering and product teams with the web, mobile, or native code security expertise necessary to make informed product decisions. Come help us make life hard for the bad guys. **Required Skills:** Product Security Engineer, AI Responsibilities: 1. Security Reviews: perform manual design and implementation reviews of products and services that make up the Meta ecosystem, like Instagram, WhatsApp, Oculus, Portal, and more 2. Developer Guidance: provide guidance and education to developers that help prevent the authoring of vulnerabilities 3. Automated Analysis and Secure Frameworks: build automation (static and dynamic analysis) and frameworks with software engineers that enable Meta to scale consistently across all of our products **Minimum Qualifications:** Minimum Qualifications: 4. BS or MS in Computer Science or a related field, or equivalent experience 5. 8+ years of experience finding vulnerabilities in interpreted languages. Knowledge of best practice secure code development 6. Experience with exploiting common security vulnerabilities 7. Knowledge of common exploit mitigations and how they work 8. Coding and scripting experience in one or more general purpose languages **Preferred Qualifications:** Preferred Qualifications: 9. Experience creating software that enables security processes, especially those leveraging AI/ML for automation or augmentation 10. Experience integrating or building AI-powered tools to assist with vulnerability detection, code review, or threat modeling 11. Experience creating software that enables security processes 12. 8+ years of experience finding vulnerabilities in C/C++ code 13. Contributions to the security community (public research, blogging, presentations, bug bounty) 14. Demonstrated ability to collaborate with AI researchers or engineers to apply AI in security workflows **Public Compensation:** $177,000/year to $251,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

SummaryGE Vernova Research is building a USG Classified Program at our Niskayuna, NY site. Information systems have an important role in this and we are looking for an individual with experience as an Information Systems Security Manager (ISSM) or Information Systems Security Officer (ISSO) to fill our ISSM role and help us build and administer our IS program Job Description Roles and Responsibilities The Information Systems Security Manager will be responsible for leading GE Vernova Research's Classified Information Systems program ensuring it meets or exceeds all requirements. The ideal candidate will be a detail oriented, self-starter with a strong IT background and previous experience supporting classified programs. This role offers a great opportunity to have a significant impact providing leadership in an important, growing area of the company. In this role, you will: Develop, maintain, and oversee the Information Systems (IS) security program and ensure policies and procedures are documented, up-to-date, and being followed. Lead and ensure implementation of strong processes in the IS program (i.e. configuration management, change management, vulnerability management, incident management, investigation, reporting, ...). Stay current with the latest threats, vulnerabilities and best practices, make changes to the program as required, and regularly test security controls to ensure IS security. In partnership with the FSO, manage IS program relationship with USG representatives and coordinate IS security inspections, tests & reviews. Develop and implement an effective IS security education, training, and awareness program. Leverage your skills and abilities to lead and/or assist with GE Vernova Research non-classified IT governance Position Requirements • Bachelor's Degree in Computer Science or in “STEM” Majors (Science, Technology, Engineering and Math) • A minimum of 7 years' professional experience, with a minimum of 5 years' professional experience in IT security or governance (Risk management, Compliance, Audits, Software Governance, etc.) and 2 years as an ISSM or ISSO • Strong process focus, detail oriented • Strong written and verbal communication skills • Strong interpersonal skills and demonstrated ability to work as part of a high performing team • Must be willing to work out of an office located in Niskayuna, NY • Strong analytical and problem-solving skills • Due to the nature of the duties of this position, this role requires the individual to have US Government Security Clearance; prerequisite for a security clearance is U.S. citizenship. Desired Characteristics • U.S. Government classified program ISSM or ISSO experience • Information security certifications (CISSP, CISM, CISA, etc.) • Knowledge of risk management frameworks (ISO, NIST, etc.) • Prior experience in IT operations and support • Self-starter, identifies opportunities for improvement and implements positive change • Project management experience This role requires access to U.S. export-controlled information. If applicable, final offers will be contingent on ability to obtain authorization for access to U.S. export-controlled information from the U.S. Government. Additional Information GE Vernova offers a great work environment, professional development, challenging careers, and competitive compensation. GE Vernova is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. GE Vernova will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable). Relocation Assistance Provided: No For candidates applying to a U.S. based position, the pay range for this position is between $119,200.00 and $198,600.00. The Company pays a geographic differential of 110%, 120% or 130% of salary in certain areas. The specific pay offered may be influenced by a variety of factors, including the candidate's experience, education, and skill set.Bonus eligibility: discretionary annual bonus.This posting is expected to remain open for at least seven days after it was posted on December 18, 2025.Available benefits include medical, dental, vision, and prescription drug coverage; access to Health Coach from GE Vernova, a 24/7 nurse-based resource; and access to the Employee Assistance Program, providing 24/7 confidential assessment, counseling and referral services. Retirement benefits include the GE Vernova Retirement Savings Plan, a tax-advantaged 401(k) savings opportunity with company matching contributions and company retirement contributions, as well as access to Fidelity resources and financial planning consultants. Other benefits include tuition assistance, adoption assistance, paid parental leave, disability benefits, life insurance, 12 paid holidays, and permissive time off.GE Vernova Inc. or its affiliates (collectively or individually, “GE Vernova”) sponsor certain employee benefit plans or programs GE Vernova reserves the right to terminate, amend, suspend, replace, or modify its benefit plans and programs at any time and for any reason, in its sole discretion. No individual has a vested right to any benefit under a GE Vernova welfare benefit plan or program. This document does not create a contract of employment with any individual.

Job DescriptionISSOEmployment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success:- Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. - Maintain responsibility for managing cybersecurity risk from an organizational perspective. - Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership.- Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies.- Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO).- Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes.- Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF.- Provide subject matter expertise for cyber security and trusted system technology. - Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems.- Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. - Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring.- Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications:- Bachelor's Degree.- A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc.- eMASS experience.- Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher.- Strong desktop publishing skills using Microsoft Word and Excel.- Experience with industry writing styles such as grammar, sentence form, and structure.- Ability to multi-task in a deadline-oriented environment. Ideally, you will also have:- CISSP, CASP, or a similar certificate is preferred.- Master's Degree in Cybersecurity or related field.- Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking.- Demonstrated ability to work well independently and as a part of a team.- Excellent work ethic and a high commitment to quality. Our Commitment:Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package.Health, Dental, and VisionLife Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation!Explore additional job opportunities with CGS on our Job Board:**************************************** more information about CGS please visit: ************************** or contact:Email: ******************* #CJ We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. We are seeking a highly skilled and experienced Identity and Access Management (IAM) Engineer to join our team. In this pivotal role, you will be instrumental in designing, implementing, and managing IAM solutions that secure our enterprise applications and facilitate the secure, efficient, and seamless integration of identity and access systems in context of our rapid growth through Mergers and Acquisitions. You will ensure robust access controls, streamline user experiences, and maintain operational continuity across our diverse IT landscape. The ideal candidate will have deep technical expertise in modern IAM principles, protocols and products along with strong management and communication skills. **Responsibilities:** + **Application Integration Leadership:** Lead the integration of various enterprise applications (SaaS, on-premise, custom-built) with our core IAM infrastructure, ensuring secure authentication, authorization, and user provisioning/de-provisioning. + **M&A Integration Strategy & Execution:** Lead the planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Solution Design & Implementation:** Design, implement, and maintain IAM solutions including Single Sign-On (SSO), Multi-Factor Authentication (MFA), Privileged Access Management (PAM), and Role-Based Access Control (RBAC) frameworks. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications:** + **Education:** Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent practical experience. + **Experience:** 5+ years of progressive experience as an IAM Engineer, designing and implementing enterprise scale solutions with significant experience in supporting M&A integration projects preferred. + **Technical Expertise:** + Proficiency in directory services (e.g., Active Directory, Azure AD, LDAP). + Extensive knowledge and experience with authentication standards and technologies such as SSO (SAML, OAuth, OpenID Connect), MFA, and privileged access management (PAM). + Hands-on experience with leading IAM platforms (e.g., Okta, Microsoft Azure AD, CyberArk, ForgeRock, Ping Identity, SailPoint). + Experience with scripting languages (e.g., PowerShell, Python) for automation and integration. + Strong understanding of security principles, risk management, and access control models (e.g., RBAC). + Understanding of DevOps practices. + Familiarity with Zero Trust architecture principles. + Familiarity with AI/ML concepts and their practical application in security and risk management, especially in IAM context. + **M&A Specific Skills:** Proven track record of managing complex integration projects, including assessing existing IAM capabilities, workflow, systems, and processes of acquired entities. Ability to navigate the complexities of integrating diverse identity infrastructures. + Strong communication and interpersonal skills to collaborate effectively with various teams and stakeholders. + Detail-oriented mindset to ensure precise access control configurations and compliance. + Excellent problem-solving and analytical abilities to troubleshoot access issues and design solutions for unique business requirements + Must be a self-starter who takes full ownership of projects from inception to completion , holding oneself accountable for the security and operation integrity of IAM platform. + Ability to manage multiple priorities and meet tight deadlines in a fast-paced M&A environment. + Adaptability to stay ahead of evolving IAM technologies and security threats. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************