Security architect jobs in Santa Cruz, CA - 282 jobs

A leading financial technology company based in Menlo Park, CA seeks an Offensive Security Engineer to enhance security and build resilience across their products. This role involves mentoring, conducting Red Team exercises, and collaborating on security findings with various teams. Ideal candidates have 5+ years of experience and strong communication skills. Attractive compensation includes health insurance and support for personal wellness. Join us to help democratize finance for all. #J-18808-Ljbffr

A leading tech company in Palo Alto is seeking a Security Engineer to ensure security best practices across systems. Responsibilities include designing security testing infrastructure, performing audits, and mentoring team members. Ideal candidates have over 5 years of experience in systems security, strong knowledge of cryptography, and the ability to work with distributed teams. Familiarity with Bitcoin and the Lightning Network is highly desirable. #J-18808-Ljbffr

A leading data protection firm is seeking a Machine Learning Engineer to develop GenAI architectures and secure AI workflows. Ideal candidates should hold a PhD or MS in Computer Science and possess 2+ years of relevant experience. Key responsibilities include developing and testing machine learning models, conducting experiments, and collaborating within a team. The role offers competitive compensation along with benefits including health, PTO, and 401K options. #J-18808-Ljbffr

A cybersecurity consulting firm based in Palo Alto is seeking a seasoned Cyber Security Specialist. The ideal candidate will have 5-8 years of experience, responsible for implementing and maintaining security infrastructure, conducting threat detection, and responding to incidents. Candidates should have a bachelor's degree in Cybersecurity or a related field, along with experience in XDR/EDR solutions and strong analytical skills. #J-18808-Ljbffr

A leading technology firm in Palo Alto is seeking a knowledgeable security expert to oversee day-to-day threat management and improve incident responses. The ideal candidate has 2+ years of experience in information security and strong Python scripting skills. You will work on enhancing security monitoring and collaborate with various teams to handle security incidents effectively. This role comes with a competitive salary range and comprehensive benefits including equity, medical coverage, and a 401(k) plan. #J-18808-Ljbffr

A globally leading consumer device company headquartered in Mountain View, CA is looking for a Senior Offensive Security Engineer to proactively identify, exploit, and help eliminate security weaknesses across our web platforms and AI/ML systems. In this role, you will think like an attacker, operate with engineering rigor, and work closely with product, platform, and AI teams to raise the security bar across the organization. You will lead complex penetration tests, design novel attack techniques for web and modern AI-powered applications, and influence secure-by-design architecture at scale. Responsibilities: • Conduct offensive security assessments on large-scale web applications, REST APIs, and cloud-backed services. • Identify and validate vulnerabilities including injection flaws, access control issues, authentication/authorization weaknesses, SSRF, deserialization, and logic bugs. • Evaluate LLM-based systems and AI agents for prompt injection, data exfiltration, model abuse and jailbreaks • Design and execute red team-style engagements simulating real-world adversaries. • Develop custom exploitation tools, PoCs, and fuzzers for web and AI attack surfaces. • Identify systemic security weaknesses and collaborate with engineering teams to drive long-term mitigations. • Review architectures and designs for new products with an attacker mindset. • Produce clear, actionable security reports and present findings to technical and executive stakeholders. Minimum Qualifications: • Master's degree in Computer Science, Computer Engineering, Information Security, or a closely related technical field. • Doctorate (PhD) in a relevant field is a plus but not required. • 5+ years of experience in offensive security, penetration testing, or red teaming. • Deep expertise in web application security. • Strong understanding of API security. • Hands-on experience testing AI/ML or LLM-based systems, or strong motivation with demonstrated research in this area. • Proficiency in at least one scripting or programming language (Python, Go, JavaScript, or similar). • Strong knowledge of common exploitation techniques and attacker tooling. Preferred Qualifications: • Prior work on adversarial ML, red-teaming AI systems, or secure LLM pipeline design. • Experience with cloud security (AWS, GCP, Azure) and containerized environments. • Background in security research, published CVEs, CTF experience, blog posts, or conference talks. • OSCP, OSEP, OSWE, CRTO, or similar. What We Look For: • An attacker-first mindset with strong engineering discipline. • Ability to go beyond scanners and find novel, high-impact vulnerabilities. • Clear communicator who can translate complex exploits into actionable fixes. • Curiosity about emerging threats, especially in AI security. • Ownership mentality and comfort operating in ambiguous problem spaces. Type: Contract Duration: 12 months with extension Work Location: Mountain View, CA (on site) Pay Range: $ 85.00 - $ 100.00 (DOE)

Consultant Network & Security page is loaded## Consultant Network & Securityremote type: Hybrid or Remotelocations: Contern\_EXCtime type: Full timeposted on: Posted 30+ Days Agojob requisition id: R0287400Les entreprises et les gouvernements comptent sur Thales pour apporter de la confiance aux milliards d'interactions numériques qu'ils établissent avec les utilisateurs. L'Activité Mondiale Identité & Sécurité Numériques (DIS) fournit des technologies et services (des logiciels sécurisés en passant par la biométrie ou encore le cryptage), qui permettent aux entreprises ainsi qu'aux gouvernements de vérifier des identités, et de protéger les données afin qu'elles restent sûres.**Tasks and responsibilities*** Act as the dedicated technical advisor towards the customer in the limit of the scope of skills of the consultant* Gather technical needs from customer and propose the most adapted solutions to customer* Define architecture and participate to conception of technical solutions* Realize advisory and expertize missions* Support Account Managers during the presales phase of writing offers to customers such as “Proof of Concept” realization, writing Statements of Work, technical solutions presentations, preparation of technical aspects for all call for tenders* Implement and support operational teams during rollout phases* Manage and ensure engagement on deliverables in due time in the limit of the scope of skills of the consultant* Maintain updated general skills on network security (best practices, protocols, security fundamentals, risks identification, methodology etc.)* Technical skills to maintain updated (certifications / self-training / trainings to follow) further to the Personal targets defined* Skills, tailor made trainings and knowledge transfer towards customers* Skills, tailor made trainings and knowledge transfer towards team mates (to ensure coverage in case of absence)* Coaching junior consultants in order to make them grow up in terms of soft and technical skills* Coaching trainees (manage and follow up of the whole internship of the trainees)* Creativity in problem solving on a constant basis in day to day tasks and in exceptional tasks (such as incidents) in the limit of the scope of skills of the consultant* Detect and evaluate level of importance of any crisis situation* Escalate any crisis situation (previously detected and evaluated by the junior consultant himself) to confirmed and senior peers when necessary* Reporting and documentation (French and English)* Act the role of Back-Up for 1rst/2nd line support Engineer* Act the role of 3rd line for the SOD in the limit of the scope of skills of the consultant**Prerequisite**Expertise in one or more of the following areas:* Firewalls,* Web and Database Application firewalls,* Protection systems against unknown threats (Sandboxing* Messaging Security,* Strong authentication and SAML identity federation, OpenID Connect, …* Encryption (IPSEC VPN, data encryption, …),* Hardware Security Module (HSM),* More specifically, you are familiar with the technologies of the following manufacturers,* Firewalls: Checkpoint, Palo Alto Networks, Fortinet,* Web Proxy: Bluecoat ProxySG, McAfee Web Gateway R,* Load Balancing / WAFF: F5, Netscaler, DenyAll, Imperva,* Email Security: Cisco, TrendMicro, Trustwave,* Strong authentication: RSA, Gemalto, RCDevs,* HSM: Gemalto, Thales,* Sandboxing: BlueCoat MAA, TrendMicro,* Identity Federation: Microsoft ADFS, auth0, okta.**Security*** In-depth knowledge of IT security practices, including identity and access management, vulnerability management, network and operating system security, and application security* Competence in cryptography and data security* Knowledge of information security standards and regulations* Experience in detecting and responding to information security incidents, including compliance management and conducting information security audits**Back-up**Other Senior consultants / Practice Leader/ Team LeaderThales, entreprise Handi-Engagée, reconnait tous les talents. La diversité est notre meilleur atout. Postulez et rejoignez nous !remote type: Hybrid or Remotelocations: Contern\_EXCtime type: Full timeposted on: Posted 30+ Days Ago #J-18808-Ljbffr

We are seeking a highly skilled Principal Cloud Security Architect with deep experience designing and securing distributed systems that span embedded devices, edge components, and cloud-based infrastructures. This individual will be responsible for evaluating and supporting the security of our cloud-connected robotic and inspection products. They will also support the creation of cloud-based multiple product integrations, both within the company and with partner customers and companies. The ideal candidate will combine strong software engineering skills with expertise in cybersecurity, secure coding, and modern cloud technologies. You will play a critical role in evaluating system designs, reviewing code, and ensuring secure deployments across the full technology stack. Key Responsibilities Architect and Design: Evaluate and document end-to-end system architectures integrating embedded, edge, and cloud components. Evaluate and coordinate efforts to establish integrated solutions between multiple product-specific systems. Security and Compliance: Establish and maintain secure coding and deployment standards. Drive adoption of DevSecOps principles and security automation throughout CI/CD pipelines. Perform code reviews and threat modeling for embedded, backend, and cloud software. Collaborate with IT and product security teams to ensure compliance with security frameworks (e.g., ISO 27001, NIST, OWASP, or similar). Evaluate new technologies, frameworks, and tools for secure and efficient deployment. Work closely with firmware, backend, and cloud engineering teams to define interfaces and data security requirements. Partner with product management and operations to align architecture with product roadmaps and reliability goals. Required Qualifications Education: Bachelor's or Master's degree in Computer Science, Electrical Engineering, Software Engineering, or related field. Experience: 7-10+ years of professional experience in software architecture, system design, or cybersecurity engineering. Technical Expertise: Proven experience designing distributed or hybrid cloud systems (AWS, Azure, or GCP). Hands-on coding experience in one or more modern languages (Python, C/C++, Go, Java, or Rust). Experience evaluating and enforcing secure coding design, particularly in evaluating risks in deploying cloud-connected embedded devicies. Experience implementing effective CI/CD scanning and analysis tools. Strong understanding of embedded software principles, real-time systems, and device-to-cloud communication (MQTT, REST, gRPC, etc.). Familiarity with infrastructure-as-code (Terraform, CloudFormation) and container orchestration (Kubernetes, Docker) and the key methods of baking security into those products. Knowledge of common vulnerabilities and exposures (CVEs), and mitigation strategies in both embedded and cloud contexts. Preferred Qualifications Experience with zero-trust architectures, identity management (OAuth2, JWT, IAM), and secure OTA updates. Background in industrial IoT, energy systems, or mission-critical control environments. Contributions to open-source security tools or frameworks. Security certifications such as CISSP, CEH, CSSLP, or AWS/Azure Security Specialty. Soft Skills Excellent communication skills for cross-functional collaboration. Ability to balance innovation with compliance and operational reliability. Nextpower offers a comprehensive benefits package. We provide health care coverage, dental and vision, 401(K) participation including company matching, company paid holidays with unlimited paid time off, generous discretionary company bonuses, life and disability protection and more. Employees in certain positions may be eligible for stock compensation. All plans are in accordance with relevant plan documents. For more information on Nextpower 's benefits please view our company website at ****************** Pay is based on market location and may vary based on factors including experience, skills, education and other job-related reasons. The annual salary range for this position is $220,000 - $250,000. At Nextpower, we are driving the global energy transition with an integrated clean energy technology platform that combines intelligent structural, electrical, and digital solutions for utility-scale power plants. Our comprehensive portfolio enables faster project delivery, higher performance, and greater reliability, helping our customers capture the full value of solar power. Our talented worldwide teams are redefining how solar power plants are designed, built, and operated every day with smart technology, data-driven insights, and advanced automation. Together, we're building the foundation for the world's next generation of clean energy infrastructure. Nextpower is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We are Nextpower

About the Hiring Team Tencent Overseas IT has the mission to empower Tencent's rapid global growth with future ready, global IT platforms, applications and services. We are chartered to lead the Overseas IT strategy, architecture, roadmap and execution. Satisfying our internal/external customers and becoming a world class global IT team are our top aspirations. What the Role Entails Tencent Overseas IT is committed to accelerating Tencent's international business growth and enabling its success through the deployment of cutting-edge technology platforms in IT services, cloud, security, and DevOps. As leaders in IT technology, we are responsible for defining and executing on Tencent's Overseas IT strategy, architecture, and roadmap. Our primary focus is to deliver exceptional value to satisfy the diverse needs of our internal and external customers, while striving to build a world-class global IT team. Responsibilities We're seeking a Principal Security Architect to drive the overall security architecture of Tencent overseas business. This role will work closely with foundation IT and Business teams to ensure compliance with security best practices, regulatory requirements, and internal policies. Key responsibilities include: * Security Strategy and Planning: Defining and implementing the organization's security strategy, roadmaps, and long-term vision. * Security Architecture Design: Developing and maintaining the overall security architecture, including defining security frameworks, standards, and controls. * Incident Response: Participating in incident response activities, providing expertise in identifying, containing, and recovering from security incidents. * Risk Management: Identifying and assessing security risks, developing mitigation strategies, and ensuring alignment with business objectives. * Security Compliance: Ensuring compliance with relevant security regulations, industry standards (e.g., NIST, ISO 27001, HIPAA), and internal policies. Who We Look For Key Skills * Security Architecture Design: Ability to design and implement secure and scalable architectures across various environments (e.g., cloud, containerized, on-premises), including developing and maintaining threat models and security reference architectures, with a strong emphasis on Zero Trust principles. * Security Operations & Incident Response: Experience with Security Information & Event Management (SIEM) systems, vulnerability scanners, malware analysis, and handling security incidents. The ability to lead threat modeling activities and support penetration testing is also important. * Networking: In-depth knowledge of networking principles, including routers, switches, firewalls, load balancers, and wireless devices, as well as network security protocols and technologies like VLANs, VPNs, IDS/IPS, and network segmentation. * Cloud Security: Expertise in cloud security principles and technologies across major platforms like AWS, Azure, and GCP, including implementing security controls and best practices in cloud environments. * Identity and Access Management (IAM): Strong understanding of enterprise IAM systems, including platforms like Okta, SailPoint, and Active Directory (AD), and the ability to implement and manage secure access controls based on the principle of least privilege. * Data Protection: Knowledge of data protection methods like encryption, pseudonymization, and shuffling, and how to apply them effectively to safeguard against data corruption, compromise, and loss. * Security Testing & Analysis: Experience in conducting penetration testing, vulnerability assessments, ethical hacking, and risk analysis to identify and mitigate security risks. * Security Automation & DevSecOps: Hands-on experience with security automation tools and scripting languages (e.g., Python, Lambda, Terraform) to streamline security processes and embed security into CI/CD workflows and Infrastructure-as-Code (IaC) processes. * Security Tools & Technologies: Proficiency in using various security tools and technologies, including SIEM platforms, XDR, cloud-native threat detection tools, vulnerability scanners, and encryption tools. * Operating Systems: Experience with various operating systems, including Windows, Linux, and UNIX. * Application Security: Experience in web application security, OWASP, API security, and secure design and testing. * SaaS Security: Experience with SaaS permission management, experience with SSPM (SaaS Security Posture Management) * AI for Security: real word experience with AI/LLM/Agentic for security, especially adopt LLM in SIEM rule, SOAR optimization. * Scripting skills in Python, PowerShell or Bash Qualifications * Education: Typically, a master's degree in computer science, Information Security, or a related technical field is required. * Minimum of 10-12+ years of progressive experience in cybersecurity, including at least 5-7 years in a security architecture or senior-level engineering role. * Experience securing workspace and key enterprise systems, including IAM, e-mail, DevSecOps, SaaS, and back-office systems. * Essential soft skills: Analytical Thinking; Problem-Solving; Risk Management; Adaptability & Continuous Learning;Attention to Detail * Experience working with remote, globally distributed teams * Previous experience in the gaming industry is a plus. * Relevant certifications: * Certified Information Systems Security Professional (CISSP) * Certified Cloud Security Professional (CCSP) * Certified Information Security Manager (CISM) * AWS Certified Security - Specialty * Other certifications like AWS Certified SA, Certified Ethical Hacker (CEH), CompTIA Security+, and GIAC Security Essentials Certification (GSEC) can also be beneficial. Location State(s) US-California-Palo Alto The expected base pay range for this position in the location(s) listed above is $141,200.00 to $328,400.00 per year. Actual pay may vary depending on job-related knowledge, skills, and experience. Employees hired for this position may be eligible for a sign on payment, relocation package, and restricted stock units, which will be evaluated on a case-by-case basis. Subject to the terms and conditions of the plans in effect, hired applicants are also eligible for medical, dental, vision, life and disability benefits, and participation in the Company's 401(k) plan. The Employee is also eligible for up to 15 to 25 days of vacation per year (depending on the employee's tenure), up to 13 days of holidays throughout the calendar year, and up to 10 days of paid sick leave per year. Your benefits may be adjusted to reflect your location, employment status, duration of employment with the company, and position level. Benefits may also be pro-rated for those who start working during the calendar year. Equal Employment Opportunity at Tencent As an equal opportunity employer, we firmly believe that diverse voices fuel our innovation and allow us to better serve our users and the community. We foster an environment where every employee of Tencent feels supported and inspired to achieve individual and common goals.

The TV u0026 Sports Engineering team delivers the Apple TV+ streaming service, bringing customers Apple Original shows and movies, and live sports from MLS and MLB on Apple, Windows, Android, and third-party TV platforms. The team works on the Apple Sports app, the ultra-fast and easy-to-navigate app with real-time scores and stats for sports fans. This team is also responsible for ensuring the security of our Apple devices, users' identity, and content with FairPlay technologies. Our team is seeking a Software System Engineer to work on our software security technologies to develop and launch new products. You'll work on projects that touch all aspects of Apple products, and will demonstrate your strong software and interpersonal skills as you integrate new technology on multiple platforms and architectures. We are looking for someone who has a track record of software developement. You have a familiarity with various architectures (x86/ARM, mac OS/iOS, Android and others), and the ability to work with dynamic teams to produce reliable, robust code. Familiarity with security technologies (DRM, TrustZone, cryptography) is a huge plus. This is an outstanding opportunity to be involved in something new from the beginning. Show us your talent. It's meaningful, fun, and exciting. It's what makes us Apple. 5+ years of Experience with or passion for Systems security 5+ years of Experience with containerized server applications and their deployment Strong Software Engineering programming skills (C, C++) Experience with Embedded Systems Development Experience with or passion for Systems Security Experience with Android development Able to clearly communicate ideas and concerns Able to work effectively with different teams

The Security Architect is responsible for designing enterprise and systems security throughout the development lifecycle for the Defense Language Institute Foreign Language Center (DLIFLC) Academic Network Labor Contract to administer, maintain, secure, and accredit the DLIFLC Academic Network which provides the IT environment for 100% of the DLIFLC teaching and instructing for all students, staff, faculty, and guests in a learning environment at the unclassified level. Responsibilities · This role involves translating technology and environmental conditions, such as laws and regulations, into effective security designs and processes, with a focus on implementing Zero Trust principles. · Security Design: Develop and implement security architectures for enterprise systems throughout the development lifecycle, incorporating Zero Trust principles. · Regulatory Compliance: Translate laws, regulations, and environmental conditions into security designs and processes. · Lifecycle Management: Ensure security is integrated at every stage of the system and software development lifecycles. · Collaboration: Work with cross-functional teams to ensure security requirements are met. · Stay Informed: Keep up-to-date with security trends, threats, and best practices. Qualifications Required: · AA/AS from an accredited college or university, or substitute with 3+ years experience with any one of the following: IAT Level II (CySA+, Security+, CND, or SSCP) Certification and CE/OS Certification. · Relevant Skills: Zero Trust, Microsoft 365, Entra ID/Active Directory, GitLab, SaaS Security, Palo Alto Networks. · Secret Clearance Salary Range: $160,000 - $171,000 The above salary range represents a general guideline. Integral Federal considers a number of factors when determining base salary offers, such as the scope and responsibilities of the position and the candidate's experience, education, skills, and current market conditions. Depending on the position, employees may be eligible for overtime, shift differential, and/or discretionary bonuses in addition to base pay. Company Overview Integral partners with federal defense, intelligence, and civilian leaders to tackle their most important challenges and deliver positive outcomes. Since our founding in 1998, we have helped clients leverage existing and emerging technologies to transform their enterprises, empower growth, drive innovation, and build sustainable success. The forward-leaning solutions we deliver are tailored to each mission with a focus on keeping our nation safe and secure. Integral is headquartered in McLean, VA and serves clients throughout the country. We offer a comprehensive total rewards package including paid parental leave and immediate vesting in our 401(k). Give us a try and become part of a curated group of professionals at Integral Federal! Our package also includes: · Medical, Dental & Vision Insurance · Flexible Spending Accounts · Short-Term and Long-Term Disability Insurance · Life Insurance · Paid Time Off & Holidays · Earned Bonuses & Awards · Professional Training Reimbursement · Paid Parking · Employee Assistance Program Equal Opportunity Employer/Protected Veteran/Disability

QA Automation and Security Test Architect Job ID: 21-14390 Top must haves are: * 5+ years of experience as Automation Architect and doing web application security testing as per OWASP standards * 5+ years of experience designing, developing and executing Automation Scripts using Selenium * Ability to provide application security risk assessment of technologies stack used in cloud or web applications. TECHNICAL KNOWLEDGE AND SKILLS: * 5+ years of experience as an Automation Architect and doing web application security testing as per OWASP standards * 5+ years of experience designing, developing and executing Automation Scripts using Selenium * Knowledge and experience in other Automation tools (like QTP, Rational Robot, AutoIT) * Understanding and working knowledge with Data Driven, Keyword Driven and Hybrid frameworks * Knowledge of Defect Management Tool (Quality Center, JIRA) * Exploit application security flaws and vulnerabilities with attack simulations on multiple projects working against specific client-focused scopes of work. * Ability to provide application security risk assessment of technologies stack used in cloud or web applications. * Ability to perform application vulnerability assessments or application penetration testing, utilizing tools commercial and open source tools. * Perform, review and analyze security vulnerability data to identify applicability and false positives. * Create risk based security code reviews (Static, Dynamic and Interactive). * Conduct application security testing in line with OWASP (Open Web application Security Project) * Mentor junior engineers to build their skills and contribution levels * Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment. * Perform Proof of Concept testing and do evaluation of new security technologies and tools. * Assist and support Security Test Analysts as they perform vulnerability, network and network security assessments. * Experience DevOps tools like DynaTrace, Chef, Splunk and Vagrant. * Experience with scripting languages (e.g. python, PERL, SQL) a plus * Ability to perform below tasks: o Dynamic Application Security Testing (DAST) o Static Application Security Testing (SAST) o Interactive Application Security Testing (IAST) o Web Application Penetration Testing o Product Security Testing o Cloud Application Security Testing o Web Services Security Testing o Security Code Review o Network Security Assessment * Application Security Testing Tools: VeraCode, Synopsys, Contrast IAST, Burp Suite, Tamper Data, Live http Headers, Client Fortify, VeraCode, OWASP Top 10, N-Stealth, Hailstorm, Paros, SANS Top 20, Acunetix, Nessus * Fast learning, problem solving and analytical skills * Excellent communication, presentation, and interpersonal skills * Track record of good time management * Efficient in effort estimation, planning and prioritization * Ability to understand Business Requirements and transform them to functional units * Knowledge of SDLC and implementation * Knowledge of SoapUI * Proficiency in Java language * Proficiency in SQL * Job details *

The Information Security Director is responsible for the development and oversight of a comprehensive information security, compliance and privacy program. The scope of this position is global and requires a working knowledge of the various regulations. This role is responsible for the integration of IT systems with security policies and information protection strategies. The role is also responsible for developing, maintaining, and publishing privacy and information security standards, procedures, and guidelines for use within the IT organization. This position will require some day-to-day, hands on management of the various applications used for information security companywide. The candidate will make sure security policies, standards and procedures are established and enforced. The candidate must be prepared to provide presentations to Audit Committee on company security posture exhibiting professionalism and maturity at all times. Job Responsibilities include (but are not limited to): Develops and maintains a risk strategy that formalizes risk into a comprehensive program for management to assess areas of concern. Maintains a governance program that ensures all Information Security controls are adequately maintained and reported. Works with business teams to maintain information security policies, procedures, and standards and assists the various departments and practice groups in adhering to them Develops, publishes, and maintains a comprehensive organization-wide information privacy and security strategy, plans, policies, procedures, and guidelines. Manages the development, implementation, and maintenance of security policies, standards, and guidelines. Directs the development and enforcement of information security and privacy policies in compliance with federal and state regulations and standards. Coordinates the development of an ongoing information security awareness and knowledge program to ensure that employees are aware of threats and how to help ensure privacy of company information. Identifies current security infrastructure and defines what kind of security must be designed and implemented in order to meet organization requirements. Work with legal to ensure data protection practices are consistent with international regulatory requirements. Researches and maintains proficiency in tools, techniques, countermeasures, and basic trends in computer and network threats and exploits. Maintains appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted client information and reasonably protects against anticipated threats and vulnerabilities Conducts risk analysis and assessments to ensure there are solutions in place to mitigate those risks. Assists in the responses to RFI\RFPs and security related concerns. Provides management with up to date information on the different threats and security vulnerabilities that the organization may face. Ensures compliance through adequate training programs and oversight of periodic internal security audits. Serves as active participant in Information Security Steering Committee and serves as IT owner for security-related incident responses Technical Skills Required: The successful candidate must possess a strong understanding of the following: Technical implications of security threats and vulnerabilities Technical analysis and evaluation of network and security vulnerabilities, and managing security systems such as anti-virus, firewalls, patch management, intrusion detection and encryption Vulnerability scanning, intrusion detection, anomaly detection, and associated technologies Intrusion Detection\Prevention Systems, firewalls, ACLs and encryption technologies Tools, techniques, and standards used to conduct penetration testing of networks and applications The latest information security threats & vulnerabilities and appropriate countermeasures Best Practices related to information\computer forensic investigation processes and techniques TCP/IP and other related protocols Soft Skills Required: The successful candidate must possess the following soft skills: Must be an intelligent, articulate, consensus building, and persuasive leader who can serve as an effective member of the senior management team and communicate information security-related concepts to a broad range of technical and non-technical staff Must demonstrate the ability to maintain strict confidentiality of company internal and personnel affairs. Ability to manage multiple concurrent objectives or activities, and effectively make judgments in prioritizing and time allocation in a high-pressure environment Ability to deal with changes and adapt to a changing environment Ability to work well with others, harness different skills and experience, and build a strong sense of team spirit Highly self-motivated and directed Ability to work in a multi-office environment and willingness to travel to other offices as required Excellent verbal communication and writing skills Presentation Skills - Prepare and deliver formal and informal presentations to illustrate ideas, solutions and issues to upper management Intermediate project management experience Must have strong documentation\technical writing skills Education and Experience: The candidate must have extensive experience in information security with a technical background in computer science, mathematics, engineering, or a related field. This technical background must be balanced with effective management skills, because the Director of Information Security must interact with people at all levels of the organization. Experience with disaster recovery planning and testing, auditing, risk analysis, business resumption planning, and contingency planning Bachelor's degree in Computer Science, Engineering, Mathematics or related disciplines (or equivalent experience) 10+ years practical experience in IT security related positions (IT Security Director, IT Security Manager, Security Auditor, Security Analyst, etc.) CISSP, CISM, CISA, CEH, ITIL, and Project Management certifications preferred.

Role Purpose The Director of Information and Data Security will establish and lead Eltropy's IT and Cybersecurity function, responsible for developing foundational systems, processes, and governance across infrastructure, data protection, and compliance. This leader will drive security maturity across the organization, balancing hands-on execution with long-term strategic planning, and partnering with external GRC consultants to build a scalable security and compliance framework aligned with industry standards (e.g., SOC 2, ISO 27001). Key Responsibilities IT and Infrastructure Security * Oversee endpoint management, asset inventory, and identity and access management (IAM). * Establish standards for device hardening, patch management, and secure configuration. * Define and manage the budget for all security and IT tools, services, and human capital, ensuring cost-effectiveness and alignment with the overall security roadmap. * Implement centralized visibility and control across systems and SaaS applications. Cybersecurity and Data Protection * Lead threat detection, vulnerability management, and incident response operations. * Implement and maintain a Cloud Security Posture Management (CSPM) solution to monitor cloud infrastructure (AWS/Azure) for misconfigurations and compliance issues. * Deploy and tune SIEM/XDR solutions to enhance visibility and threat detection across environments. * Conduct regular penetration testing, track remediation, and drive security awareness programs. * Define and enforce data protection policies covering classification, encryption, and retention. Governance, Risk, and Compliance (in partnership with GRC Consultant) * Partner with external GRC consultants to design and operationalize Eltropy's information security and compliance framework. * Translate consultant-driven recommendations into actionable internal controls, policies, and monitoring mechanisms. * Manage the Third-Party Risk Management (TPRM) program, including vendor due diligence, security questionnaires, and ongoing risk monitoring. * Maintain a centralized risk register and oversee remediation tracking. * Own operational compliance for frameworks such as SOC 2, ISO 27001, and GDPR. Security Architecture and Product Collaboration * Work closely with Engineering and Product teams to embed security-by-design principles in SaaS architecture and cloud deployments. * Implement automated security testing (SAST/DAST) within the CI/CD pipeline to shift security left and reduce vulnerabilities early in the development lifecycle. * Review architecture and third-party integrations to ensure alignment with data security and privacy standards. Incident Management and Business Continuity * Establish and operationalize the company's Incident Response Plan (IRP) and Business Continuity/Disaster Recovery (BCP/DR) framework. * Conduct tabletop exercises and post-incident reviews to enhance preparedness and learning. Security Awareness and Culture * Develop and implement a company-wide security awareness program. * Partner with HR and Operations to ensure onboarding/offboarding includes security compliance and periodic training. * Foster a security-first culture emphasizing accountability and vigilance across teams. Leadership and Department Setup * Build and lead a high-performing IT and Security team, including IT administrators and cybersecurity engineers. * Define structure, roles, and hiring priorities aligned with the company's growth stage. * Create a phased roadmap for security maturity, including technology adoption and process optimization. Key Performance Indicators (KPIs) * Security Tool Coverage: Achieve at least X% deployment and agent coverage across all corporate and cloud assets within the first 6 months. * Vulnerability Remediation: Maintain average time-to-remediate critical and high vulnerabilities below X days. * Compliance Milestones: Achieve SOC 2 / ISO 27001 readiness within agreed timelines. * Asset Visibility: 100% endpoint and asset inventory completeness. * Incident Management: Reduction in mean time to detect (MTTD) and mean time to respond (MTTR) for incidents. * Team Ramp; Process Setup: Completion of key hires and operational processes within the first year. Requirements * Independent, self-starter with strong ownership and execution bias. * Ability to prioritize and execute in a resource-constrained, fast-paced SaaS environment. * Strategic thinker with operational depth; able to balance long-term maturity goals with immediate risk mitigation. * Excellent communication skills with the ability to influence and align cross-functional stakeholders. * Proven experience setting up IT or cybersecurity programs in a SaaS or technology environment. * Strong understanding of endpoint protection, cloud infrastructure security (AWS/Azure), IAM, and network security. * Experience with SIEM and/or XDR deployment and tuning for threat detection and monitoring. * Familiarity with CSPM, SAST/DAST, and vulnerability management tools. * Knowledge of GRC frameworks (SOC 2, ISO 27001) and translating them into practical, auditable controls. Reporting to: VP of Operations Level: Senior Leadership Direct Reports: * IT Team * Cybersecurity Engineer(s)

Role Purpose The Director of Information and Data Security will establish and lead Eltropy's IT and Cybersecurity function, responsible for developing foundational systems, processes, and governance across infrastructure, data protection, and compliance. This leader will drive security maturity across the organization, balancing hands-on execution with long-term strategic planning, and partnering with external GRC consultants to build a scalable security and compliance framework aligned with industry standards (e.g., SOC 2, ISO 27001). Key Responsibilities IT and Infrastructure Security Oversee endpoint management, asset inventory, and identity and access management (IAM). Establish standards for device hardening, patch management, and secure configuration. Define and manage the budget for all security and IT tools, services, and human capital, ensuring cost-effectiveness and alignment with the overall security roadmap. Implement centralized visibility and control across systems and SaaS applications. Cybersecurity and Data Protection Lead threat detection, vulnerability management, and incident response operations. Implement and maintain a Cloud Security Posture Management (CSPM) solution to monitor cloud infrastructure (AWS/Azure) for misconfigurations and compliance issues. Deploy and tune SIEM/XDR solutions to enhance visibility and threat detection across environments. Conduct regular penetration testing, track remediation, and drive security awareness programs. Define and enforce data protection policies covering classification, encryption, and retention. Governance, Risk, and Compliance (in partnership with GRC Consultant) Partner with external GRC consultants to design and operationalize Eltropy's information security and compliance framework. Translate consultant-driven recommendations into actionable internal controls, policies, and monitoring mechanisms. Manage the Third-Party Risk Management (TPRM) program, including vendor due diligence, security questionnaires, and ongoing risk monitoring. Maintain a centralized risk register and oversee remediation tracking. Own operational compliance for frameworks such as SOC 2, ISO 27001, and GDPR. Security Architecture and Product Collaboration Work closely with Engineering and Product teams to embed security-by-design principles in SaaS architecture and cloud deployments. Implement automated security testing (SAST/DAST) within the CI/CD pipeline to shift security left and reduce vulnerabilities early in the development lifecycle. Review architecture and third-party integrations to ensure alignment with data security and privacy standards. Incident Management and Business Continuity Establish and operationalize the company's Incident Response Plan (IRP) and Business Continuity/Disaster Recovery (BCP/DR) framework. Conduct tabletop exercises and post-incident reviews to enhance preparedness and learning. Security Awareness and Culture Develop and implement a company-wide security awareness program. Partner with HR and Operations to ensure onboarding/offboarding includes security compliance and periodic training. Foster a security-first culture emphasizing accountability and vigilance across teams. Leadership and Department Setup Build and lead a high-performing IT and Security team, including IT administrators and cybersecurity engineers. Define structure, roles, and hiring priorities aligned with the company's growth stage. Create a phased roadmap for security maturity, including technology adoption and process optimization. Key Performance Indicators (KPIs) Security Tool Coverage: Achieve at least X% deployment and agent coverage across all corporate and cloud assets within the first 6 months. Vulnerability Remediation: Maintain average time-to-remediate critical and high vulnerabilities below X days. Compliance Milestones: Achieve SOC 2 / ISO 27001 readiness within agreed timelines. Asset Visibility: 100% endpoint and asset inventory completeness. Incident Management: Reduction in mean time to detect (MTTD) and mean time to respond (MTTR) for incidents. Team Ramp; Process Setup: Completion of key hires and operational processes within the first year. Requirements Independent, self-starter with strong ownership and execution bias. Ability to prioritize and execute in a resource-constrained, fast-paced SaaS environment. Strategic thinker with operational depth; able to balance long-term maturity goals with immediate risk mitigation. Excellent communication skills with the ability to influence and align cross-functional stakeholders. Proven experience setting up IT or cybersecurity programs in a SaaS or technology environment. Strong understanding of endpoint protection, cloud infrastructure security (AWS/Azure), IAM, and network security. Experience with SIEM and/or XDR deployment and tuning for threat detection and monitoring. Familiarity with CSPM, SAST/DAST, and vulnerability management tools. Knowledge of GRC frameworks (SOC 2, ISO 27001) and translating them into practical, auditable controls. Reporting to: VP of Operations Level: Senior Leadership Direct Reports: - IT Team - Cybersecurity Engineer(s)

This job requires relocation to the United States, Silicon Valley, through the use of a TN visa. If selected for this job, the process of coming to the United States will be handled by Tech-Mex. The Information Security Engineer maintains 24x7 support, responds to vendor security questionnaires, performs monitoring and maintenance of the security infrastructure and components, participates in project planning and deployment of new technologies and will be responsible for remediation of identified compliance and risk gaps. He/she works independently, operating under the defined guidelines established by the Director of Information Technology and Security. ESSENTIAL Job Duties & Responsibilities Monitor and advise on information security issues related to the systems and workflow to ensure the internal and external security controls for the company are appropriate and operating as intended Documenting gaps between vendor requirements and National MIs infrastructure Coordinate and execute IT security projects Coordinate response to information security incidents Conduct company-wide audits and manage remediation plans Collaborate with other areas of IT to manage security vulnerabilities Conduct research to keep abreast of latest security issues Ensures that system documentation is accurate and updated as needed Participates in disaster recovery (DR) exercises as directed Logfile review and analysis Install and maintain new systems Prioritize remediation of gaps based on internal and external audits Prepares compliance reports by collecting, analyzing, and summarizing data Evaluates information to determine compliance with laws, regulations, or standards MINIMUM QUALIFICATIONS 3-5 plus years related work experience Vendor audit and compliance experience, preferably with the SIG framework Strong technical skills in anti-virus, DLP, and PKI Strong experience with the McAfee suite of products Solid understanding of networking concepts and system administration Experience with Nessus, RSA envision, RedHat Linux and database security Knowledge of data compliance and privacy standards and regulations as they apply to insurance and banking industries Knowledge of Information Security Standards (ISO27001, NIST, etc) Self-motivated, self-directed and shows attention to detail while working Ability to effectively prioritize and execute reporting tasks in a fast-paced, results-driven environment Extensive experience working in a team-oriented, collaborative environment with a diverse team of business and IT staff Bachelor's degree in Computer Science or Information Systems preferred; Professional certifications are an advantage Essential Worker Competencies The ability to function independently with minimal supervision. Works ethically and with integrity supporting organizational goals and values Displays commitment to excellence Completes work in a timely manner and meets deadlines Good verbal and written communication skills Meets productivity standards and achieves key outcomes Is dependable and keeps commitments Contributes to building a positive team spirit and treats others with respect Candidate will be relocated to the United States

LinkedIn is the world's largest professional network, built to create economic opportunity for every member of the global workforce. Our products help people make powerful connections, discover exciting opportunities, build necessary skills, and gain valuable insights every day. We're also committed to providing transformational opportunities for our own employees by investing in their growth. We aspire to create a culture that's built on trust, care, inclusion, and fun - where everyone can succeed. Join us to transform the way the world works. Job Description At LinkedIn, our approach to flexible work is centered on trust and optimized for culture, connection, clarity, and the evolving needs of our business. This role may be remote or hybrid. At LinkedIn, hybrid roles are performed both from home and from a LinkedIn office on select days, as determined by the business needs of the team. Remote roles are performed from the designated home work location upon time of hire, and any changes to this home work location requires a review of remote status and approval. LinkedIn's members entrust us with their information every day and we take their security seriously. Our core value of putting our members first powers all the decisions we make, including how we manage and protect the data of our members and customers. We never stop working to ensure LinkedIn is secure. We follow industry standards and have developed our own best practices to stay ahead of the increasing number of threats facing all Internet services and infrastructure. LinkedIn is looking for an experienced Engineering Manager to lead the Detection Engineering team in the US and to be an integral part of our Information Security organization. The Detection Engineering team is responsible for developing and maintaining threat detection capabilities, security monitoring systems, and detection rules to protect our infrastructure, applications, and, most importantly, our members. This is a key role in supporting and growing our security detection and monitoring capabilities. Responsibilities: Leadership and Team Management Lead and manage the detection engineering team, including hiring, training, and mentoring team members. Develop and maintain detection engineering policies, procedures, infrastructure, and guidelines. Coordinate and oversee all activities of the detection engineering team during threat detection development and implementation. Detection Development and Management Serve as the primary point of contact for all threat detection development and enhancement initiatives. Ensure timely development, testing, and deployment of detection rules and monitoring capabilities. Conduct post-deployment analysis and create detailed reports on detection effectiveness with KPIs, including tuning recommendations and optimization strategies. Communication and Coordination Communicate detection development status, updates, metrics and reporting, and capabilities to senior management, stakeholders, and security teams regularly. Coordinate with internal and external teams, including security operations, defense infrastructure, incident response, and product engineering teams to develop and maintain effective detection capabilities. Develop and maintain an effective detection engineering communication plan. Continuous Improvement Continuously evaluate and improve detection engineering processes, tools, and capabilities. Conduct and report on regular detection testing and validation exercises to test and refine detection rules and monitoring systems. Stay current with emerging threats, attack techniques, and detection technologies to enhance the detection engineering program. Reporting and Documentation Maintain comprehensive documentation of all detection rules, including development rationale, testing results, and performance metrics. Prepare and present detection engineering reports and metrics to senior leadership and stakeholders. Ensure compliance with regulatory requirements and industry standards related to threat detection and monitoring. Training and Awareness Develop and deliver detection engineering training programs for team members and other relevant personnel. Promote security detection awareness and best practices across the organization. Ensure the detection engineering team is up-to-date with the latest tools, techniques, and procedures. Budget and Resource Management Manage the detection engineering budget and allocate resources effectively. Evaluate and recommend tools, technologies, and services to enhance the detection engineering program. Ensure the team has the necessary resources and support to perform their duties effectively. Qualifications Basic Qualifications: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related technical discipline, or equivalent practical experience. 1+ year(s) of management experience or 1+ year(s) of staff level engineering experience with management training. 7+ years of experience in cybersecurity, with a focus on detection engineering, security monitoring, threat intelligence, incident response, or related security roles. Experience leading or managing a cybersecurity, incident response, or detection engineering team. Experience in cybersecurity frameworks and standards (e.g., NIST, MITRE ATT&CK, OCSF). Experience in detection engineering tools and technologies (e.g., Query Languages, CI/CD, YARA, Sigma rules, threat intelligence platforms). Experience with threat analysis, detection rule development, automation engineering, and security monitoring optimization. Project management experience with managing budgets and resources. Preferred Qualifications: Master's degree in Cybersecurity, Information Assurance, or a related field. 10+ years of experience in cybersecurity, with significant experience in detection engineering, threat intelligence, or incident response. 3+ years of management experience in building small to medium-sized teams, demonstrating growth and a track record of successful deliveries. Ability to work under pressure and manage multiple detection development projects simultaneously as well as managing an oncall team. Relevant certifications (e.g., CISSP, CISM, GCIH, GCFA, SANS). Experience in developing and delivering detection engineering training and awareness programs. Strong proficiency in Kusto Query Language (KQL) and SQL. Proficiency in programming or scripting languages (e.g., Python, Go, etc.) for automating detection development and testing processes. Experience with cloud security and detection engineering in cloud environments especially Azure. Knowledge of advanced threat detection techniques, including threat hunting and behavioral analysis as well as applied threat intelligence. Familiarity with detection engineering frameworks and best practices (e.g., Sigma, YARA, STIX/TAXII, OCSF). Strong communication skills, both written and verbal, with the ability to convey complex technical information to non-technical stakeholders. Suggested Skills : Security Information and Event Management (SIEM) Query languages (KQL, SPL, SQL, Elastic, etc.) Detection Rule Development (YARA, Sigma) Scripting and Automation (e.g., Python, PowerShell, SQL) Threat Intelligence Integration Cloud Security (e.g., Azure, GCP) You will Benefit from our Culture We strongly believe in the well-being of our employees and their families. That is why we offer generous health and wellness programs and time away for employees of all levels. LinkedIn is committed to fair and equitable compensation practices. The pay range for this role is $152,000 - $248,000. Actual compensation packages are based on a wide array of factors unique to each candidate, including but not limited to skill set, years & depth of experience, certifications and specific office location. This may differ in other locations due to cost of labor considerations. The total compensation package for this position may also include annual performance bonus, stock, benefits and/or other applicable incentive compensation plans. For additional information, visit: ************************************** Additional Information Equal Opportunity Statement We seek candidates with a wide range of perspectives and backgrounds and we are proud to be an equal opportunity employer. LinkedIn considers qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other legally protected class. LinkedIn is committed to offering an inclusive and accessible experience for all job seekers, including individuals with disabilities. Our goal is to foster an inclusive and accessible workplace where everyone has the opportunity to be successful. If you need a reasonable accommodation to search for a job opening, apply for a position, or participate in the interview process, connect with us at [email protected] and describe the specific accommodation requested for a disability-related limitation. Reasonable accommodations are modifications or adjustments to the application or hiring process that would enable you to fully participate in that process. Examples of reasonable accommodations include but are not limited to: Documents in alternate formats or read aloud to you Having interviews in an accessible location Being accompanied by a service dog Having a sign language interpreter present for the interview A request for an accommodation will be responded to within three business days. However, non-disability related requests, such as following up on an application, will not receive a response. LinkedIn will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by LinkedIn, or (c) consistent with LinkedIn's legal duty to furnish information. San Francisco Fair Chance Ordinance Pursuant to the San Francisco Fair Chance Ordinance, LinkedIn will consider for employment qualified applicants with arrest and conviction records. Pay Transparency Policy Statement As a federal contractor, LinkedIn follows the Pay Transparency and non-discrimination provisions described at this link: ******************************** Global Data Privacy Notice for Job Candidates Please follow this link to access the document that provides transparency around the way in which LinkedIn handles personal data of employees and job applicants: ********************************************

Palo Alto, CA (on-site) About 1X We build humanoid robots that work alongside people to solve labor shortages and create abundance. The Role We are seeking a Product Security Engineer with expertise in operating system security to strengthen the foundation of our robotics platform. In this role, you will design and implement security features such as secure boot, trusted execution environments, and system service hardening. Your work will ensure that sensitive operations and data remain protected while enabling developers to follow security best practices. This position is critical to increasing the resilience and trustworthiness of our systems. You Will * Develop and maintain secure critical services for Linux systems * Implement secure boot chains using fused hardware keys with rollback protection * Integrate OP-TEE to safeguard sensitive assets including mTLS certificates and disk encryption keys * Harden system services using least-privilege operations, systemd features, namespacing, and syscall filtering * Build hardening templates and automation tools to streamline security enforcement for developers * Automate security validation processes within CI/CD pipelines * Design and enforce device access controls for Linux systems * Contribute and ship C/C++ code (or similar) to production environments

About xAI xAI's mission is to create AI systems that can accurately understand the universe and aid humanity in its pursuit of knowledge. Our team is small, highly motivated, and focused on engineering excellence. This organization is for individuals who appreciate challenging themselves and thrive on curiosity. We operate with a flat organizational structure. All employees are expected to be hands‑on and to contribute directly to the company's mission. Leadership is given to those who show initiative and consistently deliver excellence. Work ethic and strong prioritization skills are important. All engineers are expected to have strong communication skills. They should be able to concisely and accurately share knowledge with their teammates. About the Role You will be responsible for leading day‑to‑day security threat management. You will help identify and manage potential incidents and work with partner teams on known or suspected security threats. You will support threat intelligence, threat hunting, intrusion detection, and incident response efforts that adhere to, and push forward, best practices. Responsibilities Drive continual improvement in processes, procedures and automations to improve the quality and effectiveness of the team. Participate in a 24/7 on‑call rotation performing security incident response Commandeering security incidents and updating stakeholders. Identify and develop new detection use cases and optimize existing detections. Collaborate on technical directions and solutions with other teams. Research and analyze patterns in security events across X's global infrastructure. Identify, design, and lead threat hunting missions to quantify and reduce threats. Manage and support the log collection, security scanning, intrusion detection, and other security‑related systems. Design and assist in the development of automation to reduce false positives and handle events automatically. Analyze the security posture of systems via testing and vulnerability impact analysis. Required Qualifications 2+ years of relevant information security experience Self starter, can receive a task and execute with minimal supervision Strong Python scripting skills for implementing security automation Knowledge of networking and mac OS, Windows or Linux operating systems. Knowledge of cloud security fundamentals and practices (vendor agnostic). Experience managing and/or deploying security technology. Experience with building queries and dashboards for security monitoring. Knowledge of current threats and techniques and a desire to research and learn more. Experience with malware analysis, forensics or penetration testing. Problem solving skills or experience with troubleshooting. Preferred Qualifications Elastic / OpenSearch or similar platforms Open Source security automation tooling Annual Salary Range $140,000 - $180,000 USD Benefits Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long‑term disability insurance, life insurance, and various other discounts and perks. xAI is an equal opportunity employer. California Consumer Privacy Act (CCPA) Notice #J-18808-Ljbffr