Security architect jobs in Wheeling, WV

Are you ready to take on a pivotal role that will shape the future of security architecture in a leading financial institution? We are seeking three seasoned and visionary Distinguished Enterprise Architects to join our dynamic security organization, each aligned to one of our key business areas: Commercial Banking, Consumer Banking, and Private Banking. In this highly strategic role, you will have the opportunity to drive architecture across these domains, partnering closely with technical and business leaders to make a lasting impact. While the role resides within the security function, this is far from a narrow security engineering position. You will leverage core enterprise architecture principles to ensure secure, scalable, and resilient design across all technology layers including cloud, infrastructure, applications, and data, grounded in frameworks such as TOGAF, Zachman, and NIST. Your expertise will be instrumental in transforming our security landscape and empowering our business units to achieve their strategic goals with confidence. Key Responsibilities + Champion customer protection on the front lines of delivering strategic initiatives for the company. + Define and evolve enterprise-wide architecture strategies aligning with both business goals and cybersecurity objectives. + Partner with line-of-business architects, ensuring cohesive integration of business, application, data, and technology architecture domains. + Lead the development of architecture standards, creating reference models and reusable patterns that promote consistency across cloud platforms, DevOps, and software development efforts. + Champion secure-by-design principles, applying these principles across the full SDLC without being prescriptive to specific languages, stacks, or front-end design. + Serve as a senior advisor, translating regulatory requirements and risk posture into actionable architectural guidance across technology and security teams. + Collaborate with Infrastructure, DevOps, SRE, and Engineering leaders to embed architectural controls into CI/CD pipelines, runtime environments, and operational workflows. + Evaluate and guide the adoption of emerging technologies focusing on cloud-native platforms, identity frameworks, API security, secure data exchange, and container orchestration with an emphasis on innovation and risk reduction Qualifications + 15+ years of experience in senior technical roles with demonstrated leadership at the enterprise or divisional level. + Ability to drive security-focused initiatives, unifying technical security, enterprise architecture, application architecture, and business outcomes. + Ability to align security priorities with the broader business context, tailoring security policies and measures to meet the organization's evolving needs. + Strong communication and presentation skills with the ability to distill complex architecture topics for both technical and executive audiences. + Experience embedding security into key business initiatives such as digital transformation, customer experience enhancement, and operational efficiency. + Strong grounding in enterprise architecture concepts with practical application across multiple architecture domains. + Demonstrated success achieving results within tight budgetary constraints. + A passion for coaching junior team members. + Deep experience in cloud (AWS, Azure, or GCP), DevOps and infrastructure automation, and modern application architectures (microservices, APIs, containers). + Hands-on experience with Enterprise application development, including expertise in multiple programming languages and database technologies. + Solid understanding of cybersecurity architecture, including identity, access, encryption, secure network design, and threat modeling. + Proactive security design experience, ensuring security concerns are proactively designed (shift-left) to enable the organization to pursue its strategic goals with confidence. + Experience fostering a security-driven culture, promoting security as a business enabler, driving secure scalability, protecting sensitive data, and maintaining regulatory compliance, all while accelerating business value and supporting long-term growth. + Ability to work across a matrixed environment, influencing without direct authority. + This is not a management position, but experience is a plus. + Experience working with regulatory agencies is a plus. Education and Certifications + Required: Bachelor's degree in Software Engineering, Computer Science, Computer Engineering, related discipline, or equivalent experience. + Preferred: Master's degree in Software Engineering, Computer Science, Engineering, Mathematics, or related discipline. Pay Transparency The salary range for this position is $170,000 - $230,000 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience. We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens' paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit *************************************** #LI-Citizens1 Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance. Equal Employment Opportunity Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability. Why Work for Us At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth Background Check Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information. 12/31/2025

Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities? If so, Deloitte & Touche LLP could be the place for you. Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join Deloitte's Cloud Cyber Services team and become a member of the largest group of cybersecurity professionals worldwide. Recruiting for this role ends on 03/01/2026 Work You'll Do As a Cloud Security Architect (Manager), you will play an integral role in defining and assessing the client organization's cloud security strategy, architecture and practices. This individual's primary function is to provide cloud security planning, deployment and review expertise to project teams and client organizations in the Cyber space. Responsibilities include: * Lead the overall delivery of Cloud Cyber Risk projects in a project manager and or architect role, overseeing the activities of onsite and offshore engineers and architects across 8 key cyber domains: Governance, Identity, Application Security, PaaS security, Infrastructure security, Security Monitoring, Resilience and Data protection * Assist in business development activities such as defining scope of services, building resource estimates and related pricing, packaging proposals and supporting the delivery of the proposal to the client for AWS, GCP, Azure and/or Oracle Cloud services * Function as the primary client day to day interface building rapport and trust with the client * Function as an expert in CNAPP, CWPP and CSPM technologies and security risk frameworks relevant to cloud as well as the industry leading benchmarks * Review and oversee the generation of all project deliverables such as assessment reports, system designs/ architectures and risk/security recommendations * Assist clients with security frameworks, cloud configuration standards and resolving cloud vulnerabilities * Lead the execution of cloud security engagements during different phases of the lifecycle - assess, design, and implementation. * Lead engagements to perform technical health checks for cloud platforms/environments prior to broader deployments. * Oversee technical support for AWS, GCP, Azure and/or Oracle cyber services and resolve service-related issues through research and troubleshooting and working with vendors. * Conduct cloud security analysis, recommendations and configurations of prospective clients' platforms and environments based on Deloitte's Cloud Cyber Risk Framework. * Perform technical health checks for these cloud platforms/environments prior to broader deployments including DevSecOps and CI/CD pipelines * Assist clients with transitions to using cloud services such as tenant setup and service configuration, focused on cloud cyber risk mitigation. Additional technologies include: MFA, SSO, Conditional Access, PIM, Security Operations tooling and scanning solutions * Assist clients with the deployment of third-party technologies to assist in securing the cloud platform such as firewall, WAF, PAM and cloud workload protection. * Assist clients with configuration and delivery of cloud security and compliance reports. * Provide technical support for AWS, Azure, GCP, Oracle, Wiz, Snyk and third-party security services and resolve service-related issues through research and troubleshooting and working with third-party vendors. * Implementation of industry leading practices around Azure, AWS, GCP, Wiz, Snyk and cloud security services for clients. * Designing and developing cloud-specific security policies, standards and procedures e.g., tenant, management group and subscription management and configuration, identify management and access control, firewall management, auditing and monitoring, security incident and event management, data protection (DLP, encryption), user and administrator account management, SSO, conditional access controls and password/key management. * Troubleshooting system level problems in a multi-vendor, multi-protocol network environment. * Documenting platform technical issues, analysis, client communication, and resolution as part of cyber risk mitigation steps. * Executing on cloud security engagements during different phases of the lifecycle - assess, design, and implementation & post-implementation reviews. * Implementing industry leading practices around cyber risks and cloud security for clients. * Provide internal cloud and DevSecOps security technical training to Advisory personnel as needed. * Acting as a subject matter specialist on cloud cyber risk for the cloud platforms. * Manage to Point-of-Views (PoVs) on providing leading practices to our clients on the cyber challenges they face. * Contribute to eminence activities, such as whitepapers pertaining to cloud security capabilities. * Support talent process in the manager role such as for recruiting and coaching. The team Deloitte's Cloud Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Qualifications: * 6+ years of experience in technical consulting, client problem solving, architecting and designing solutions in a consulting role with project leadership and/or architect experience in AWS, GCP, Azure, Oracle, Wiz and/or Snyk; with a security focus strongly preferred * 2+ years of hands-on technical experience designing and implementing security solutions for leading Cloud service providers across SPI models and environments (Public, Private, Hybrid) * 2+ years working experience designing cloud security architectures and strategies for enterprises * 2+ years working with Cloud security industry standards such as Cloud Security Alliance (CSA), ISO/IEC 27017 and NIST CSF * 2+ years working experience with Cloud security technologies/vendors (e.g., IAM, SIEM, IDS) and/or providers (e.g., Okta, CipherCloud, AlertLogic), a big plus * 2+ years working with Cloud orchestration and automation (Continuous Integration and Continuous Delivery (CI/CD)) in single and multi-tenant environments * 3+ years working with CNAPP, CSPM or CWPP technologies or planning for large-scale deployments of these technologies * BA/BS Degree preferably in a Technical field (ex. Computer Science, Cyber Security, Information Security, Engineering, Information Technology) * Maintain strong domain knowledge of multi-hyperscaler cloud solutions and security concepts and technologies * Experience with and leading use of leading cyber tooling for cloud such as Wiz and Snyk * Limited sponsorship may be available Required: * Locations include: Houston, Dallas, Cleveland, Detroit, St. Louis, Pittsburgh, Boston, Charlotte, Atlanta, Miami, Memphis, Denver, Phoenix, Salt Lake City, Los Angeles, San Diego, San Franciso, Seattle. Must be within a reasonable commute and willing to work part-time in the Deloitte and/or client offices * Ability to travel up to 80%, on average, based on the work you do and the clients and industries/sectors you serve Preferred: * Previous Consulting or Big 4 experience preferred. * Industry or Vendor Security Certifications such as CCSP or other cloud architect domains * Experience with Virtualization including security for at least one or more of the following: Compute, Network, Storage, End-point, Application * Experience designing IAM technologies and services * Experience or strong working knowledge of managing enterprise security infrastructure and perimeter security appliances - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology * Experience with Azure data, analytics, or AI/ML services (Azure SQL, HDInsight, Databricks, Data Factory, Data Lake Storage, Azure Analysis Services, Synapse Analytics, Azure Machine Learning, etc.) * Understanding of industry security standards, guidelines and regulatory/compliance requirements related to information security and cloud computing such as ISO 27001, ISO 27018, NIST CSF, NIST 800-53, PCI DSS, SOC2, HIPAA, PCI, SOX, GLBA, etc. The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $144,200 to $265,600 You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance. 'Information for applicants with a need for accommodation: ************************************************************************************************************ Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte's purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Learn more. Professional development From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. As used in this posting, "Deloitte" means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see ************************* for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. Qualified applicants with criminal histories, including arrest or conviction records, will be considered for employment in accordance with the requirements of applicable state and local laws, including the Los Angeles County Fair Chance Ordinance for Employers, City of Los Angeles's Fair Chance Initiative for Hiring Ordinance, San Francisco Fair Chance Ordinance, and the California Fair Chance Act. See notices of various fair chance hiring and ban-the-box laws where available. Fair Chance Hiring and Ban-the-Box Notices | Deloitte US Careers Requisition code: 316853 Job ID 316853

Are you ready to take on a pivotal role that will shape the future of security architecture in a leading financial institution? We are seeking three seasoned and visionary Distinguished Enterprise Architects to join our dynamic security organization, each aligned to one of our key business areas: Commercial Banking, Consumer Banking, and Private Banking. In this highly strategic role, you will have the opportunity to drive architecture across these domains, partnering closely with technical and business leaders to make a lasting impact. While the role resides within the security function, this is far from a narrow security engineering position. You will leverage core enterprise architecture principles to ensure secure, scalable, and resilient design across all technology layers including cloud, infrastructure, applications, and data, grounded in frameworks such as TOGAF, Zachman, and NIST. Your expertise will be instrumental in transforming our security landscape and empowering our business units to achieve their strategic goals with confidence. Key Responsibilities * Champion customer protection on the front lines of delivering strategic initiatives for the company. * Define and evolve enterprise-wide architecture strategies aligning with both business goals and cybersecurity objectives. * Partner with line-of-business architects, ensuring cohesive integration of business, application, data, and technology architecture domains. * Lead the development of architecture standards, creating reference models and reusable patterns that promote consistency across cloud platforms, DevOps, and software development efforts. * Champion secure-by-design principles, applying these principles across the full SDLC without being prescriptive to specific languages, stacks, or front-end design. * Serve as a senior advisor, translating regulatory requirements and risk posture into actionable architectural guidance across technology and security teams. * Collaborate with Infrastructure, DevOps, SRE, and Engineering leaders to embed architectural controls into CI/CD pipelines, runtime environments, and operational workflows. * Evaluate and guide the adoption of emerging technologies focusing on cloud-native platforms, identity frameworks, API security, secure data exchange, and container orchestration with an emphasis on innovation and risk reduction Qualifications * 15+ years of experience in senior technical roles with demonstrated leadership at the enterprise or divisional level. * Ability to drive security-focused initiatives, unifying technical security, enterprise architecture, application architecture, and business outcomes. * Ability to align security priorities with the broader business context, tailoring security policies and measures to meet the organization's evolving needs. * Strong communication and presentation skills with the ability to distill complex architecture topics for both technical and executive audiences. * Experience embedding security into key business initiatives such as digital transformation, customer experience enhancement, and operational efficiency. * Strong grounding in enterprise architecture concepts with practical application across multiple architecture domains. * Demonstrated success achieving results within tight budgetary constraints. * A passion for coaching junior team members. * Deep experience in cloud (AWS, Azure, or GCP), DevOps and infrastructure automation, and modern application architectures (microservices, APIs, containers). * Hands-on experience with Enterprise application development, including expertise in multiple programming languages and database technologies. * Solid understanding of cybersecurity architecture, including identity, access, encryption, secure network design, and threat modeling. * Proactive security design experience, ensuring security concerns are proactively designed (shift-left) to enable the organization to pursue its strategic goals with confidence. * Experience fostering a security-driven culture, promoting security as a business enabler, driving secure scalability, protecting sensitive data, and maintaining regulatory compliance, all while accelerating business value and supporting long-term growth. * Ability to work across a matrixed environment, influencing without direct authority. * This is not a management position, but experience is a plus. * Experience working with regulatory agencies is a plus. Education and Certifications * Required: Bachelor's degree in Software Engineering, Computer Science, Computer Engineering, related discipline, or equivalent experience. * Preferred: Master's degree in Software Engineering, Computer Science, Engineering, Mathematics, or related discipline. Pay Transparency The salary range for this position is $170,000 - $230,000 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience. We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens' paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit *************************************** #LI-Citizens1 Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance. Equal Employment Opportunity Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability. Background Check Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information. Benefits We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. View Benefits Awards We've Received Age-Friendly Institute's Certified Age-Friendly Employer Dave Thomas Foundation's Best Adoption-Friendly Workplace Disability:IN Best Places to Work for Disability Inclusion Human Rights Campaign Corporate Equality Index 100 Award Fair360 Top Regional Company FORTUNE's World's Most Admired Companies Military Friendly Employer

* Bachelor degree or equivalent required; Bachelor degree in IT related field preferred * Seven to twelve years of experience in the development and implementation of information security systems required * Experience or detailed technical knowledge of securing applications, operating systems and networks required * Experience or detailed knowledge of security technology including: Next Generation Firewalls, Email Security, network monitoring, Identity Access Solutions and endpoint security devices required * Working knowledge of: risk assessment products; IS automated tools; various authentication schemes (including Active Directory); browser security functionality; policy development; data privacy; and common information security issues preferred MAJOR DUTIES: * Works across multiple technology teams to effectively identify our technology vision. * Ensures the overall environment continuously evolves to support the firm's objectives, across investment management, trading, IM operations, compliance, product development, marketing, sales, corporate management, etc. * Create an Information Security Strategy that works across the enterprise to enable the secure use of leading edge technology. * Assist in building a strategic roadmap that implements the strategy by properly sequencing people, process and technology solutions. * Execute the strategic roadmap by streamlining the overall suite of security tools, and making cost effective and optimized investment in emerging security technology. * Provide security expertise for security-relevant enterprise initiatives such as data governance, account administration, and governance processes. * Assists in establishing and maintaining standards and policies related to Information Security. HOURS/LOCATION: * 8:30 a.m. - 5:00 p.m. (over time as required) * Warrendale Location - Warrendale, PA 15086 (will be required to work at other Federated locations) EXPLANATORY COMMENTS * Strong oral and written communication skills * Effective people management and customer service skills * Demonstrates a cooperative attitude and effective interpersonal and communication skills with clients, coworkers and vendors. * Demonstrates flexibility and the ability to work as a member of a team * Possess the ability to facilitate technical discussions and negotiate resolutions when there are differing technical opinions

Enterprise Security Architect Duration: Full Time Interview mode: Inperson Brand new role Serve as a member of the enterprise architecture team, providing technical security insight that aligns with business objectives and security requirements. Establish and evangelize the security architecture (principles, policies, standards and patterns) to development groups, business groups and other stakeholders; Govern adherence to the architecture golden rules. Analyze gaps between current and target security architecture and develops plans to close the gaps. Responsibilities: Works with IT departments, information security architects, technical architects, data custodians, and governance groups to develop and update Client security policies, standards, procedures, and solutions for secure application architecture. Ensures that security practices are aligned with Client's overall business strategies. Advises and drives the security maturity of the development lifecycle including secure coding and system security for operations. Recommends and implements changes in security procedures and practices using best-in-class information to ensure that Client is maintaining best-in-class security practices. Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs. Conducts Penetration Test, Vulnerability, and Risk assessments to improve the security architecture and security product toolset. Prepares system security reports by collecting, analyzing, and summarizing data and trends. Executes validation by external vendors. Verifies security systems and network configurations by developing and implementing test scripts while monitoring adherence to standards in architecture, application design, development, and testing frameworks. Qualifications Qualifications: Bachelor degree with Master preferred. Security certification required. 7 to 10 years of experience operating in a cloud environment (e.g. Azure, AWS, Rackspace) along with at least 5 years working in a dedicated information security role with a focus on Security Architecture for at least 3 years. 7 to 10 years of experience with PaaS, IaaS, SaaS, and/or mobile architecture Solid experience with security hacking tools and techniques. Solid understanding in application architectures and technology including web applications, mobile technology, identity and access management, security event and incident management as well as web security controls (e.g. Web Application Firewall, Database Activity Monitor, Distributed Denial of Service controls, etc.) Extensive working knowledge of web application security best practices to include, but not limited to, Cloud Security Alliance controls matrix, OWASP Top 10. Experience with compliance standards such as HIPAA, CMS, SOX, GLBA; as well as security frameworks such as SANS 20 CSC, CoBIT, or NIST. Previous involvement with developing and/or maintaining an Enterprise Security Architecture. Familiarity with TOGAF is a plus Strong understanding and experience of software development methodologies and life cycles Excellent written and verbal communications skills required, with the ability to explain advanced concepts to audiences of varying levels Can be counted on to exceed goals successfully, very bottom-line orientated while steadfastly pushes self and others for results. Has working knowledge of web application security best practices to include, but not limited to, Cloud Security Alliance controls matrix, OWASP Top 10. Demonstrated ability to make sound decisions using a mixture of analysis, wisdom, experience, and judgement coupled with a strong ability to learn on the fly (quickly learns new tasks, open to change). Certifications, licenses or registrations: Security+, CISSP, CISA, CEH Proven ability to organize/manage multiple priorities coupled with the flexibility to quickly adapt to ever-changing business needs. Additional Information All your information will be kept confidential according to EEO guidelines.

Pittsburgh, PA Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions. At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities. Learn more at *************** Follow us on LinkedIn THE OPPORTUNITY CONTEXT: Our growing international IT department (EMEA, AMER, APAC) is composed of over sixty experts responsible for the deployment and operation of the Ivalua Cloud, which hosts environments for our clients around the world. It is also responsible for internal IT infrastructure, IT applications and data, as well as IT support for our users. In this context of growth, we are looking for an experienced Security Analyst (SOC) to strengthen our global SOC team. ROLE: As part of the SOC (Security Operations Center) team, you will be responsible for developing and implementing the SOC strategy for our information systems. You will detect suspicious or malicious activities. You will contribute to the handling of confirmed security incidents in support of the InfoSec teams. Your experience will allow you to mentor more junior SOC analysts and act as a liaison between the SOC team and the company's IT and cybersecurity communities. As the highest-level technical officer of the SOC, you will be responsible for: The technical aspects of a SOC, ensuring that security measures are implemented and maintained to protect Ivalua's information assets Day-to-day operations, ensuring that security incidents are identified, analyzed, and addressed quickly and efficiently WHAT YOU WILL DO WITH US Be the technical point of contact for the SOC team, collaborating directly with the infrastructure, infosec, and cybersecurity solution management teams Serve as the highest escalation point for other SOC analysts Provide mentorship, share best practices, and lead security projects Provide technical advice and support to team members Be the driving force behind the continuous improvement of SOC processes and tools Contribute to standard SOC activities, including monitoring, incident management, and vulnerability management Participate in threat intelligence activities in direct collaboration with the infosec teams Guard SOC communication with other teams (Security, Infrastructure, Business IT, R&D, etc.) as well as senior IT management Participate in the studies, deployments, and development of cybersecurity solutions, particularly SOC tools Implement the necessary processes and reports to analyze logs to detect abnormal user and software behavior, using our SIEM tool and other security consoles. Define the event log collection strategy. Performs regular vulnerability assessments, prioritizes remediation, and tracks closure of security gaps. Manage the coordination, tracking, and remediation of incidents at the global level (EMEA, AMER, APAC). Contributes to ongoing monitoring of threats, vulnerabilities, and attack methods. Improve dashboards reporting on alert tracking and SOC KPIs. Maintain SOC procedures and tools, as well as documentation and knowledge bases. Ensures adherence to security policies, standards, and regulatory requirements (e.g., GDPR, HIPAA, SOC, FEDRAMP, etc. YOUR PROFILE If you have the below experience and strengths this role could be for you: Skills and Experience: Bachelor's degree in relevant field preferred with a minimum of 7 years of relevant professional experience, OR Master's degree in relevant field with a minimum of 5 years of relevant professional experience, OR Equivalent combination of education and experience Minimum of 7 years in the field of IT security, primarily in SOC (analyst, senior analyst, lead, etc.) Solid knowledge of Systems and Networks Knowledge of SIEM tools (MS Sentinel, ELK, Q-Radar, Splunk, AlienVault, etc.) Knowledge of EDR tools (Microsoft Defender, CrowdStrike, etc.) Knowledge of Rapid7 or other vulnerability scanning tools would be a plus Relevant certifications (e.g., CSA, CySA+, CISSP, GCIA,CEH) a plus Desired Qualities: Rigor, attention to detail, curiosity, autonomy, analytical thinking, adaptability, problem-solving Leadership & mentorship, continuous learning, ethical judgment Good communication and writing skills Motivation to thrive in a scale-up, international, dynamic, and fast-growing environment WHAT HAPPENS NEXT If your application fits this specific position's needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals - apply today! Our Talent team will guide you through every step of the interview process - from preparation to completion. They're here to support you! Our recruitment process is designed to assess your competencies through a series of personalized interviews with internal stakeholders relevant to the role. Interviews will be conducted virtually via video or on-site with face-to-face meetings. LIFE AT IVALUA Hybrid working model (3 days in the office per week) We're a team dedicated to pushing the boundaries of product innovation and technology Sustainable Growth, Privately Held A stable and cash-flow positive Company since 10 years Snacks and weekly lunches in the office Feel empowered to pursue your goals with improved team collaboration and increased creativity/productivity Unlock and unleash your full professional potential with our exceptional training and career development program Join a dynamic and international team of top-notch professionals who are experts in their respective fields. Collaborate with like-minded individuals who are deeply passionate and highly motivated about their work. Experience a truly diverse and inclusive work environment where your unique contributions are highly valued Regular social events, competitive outings, team running events, and musical activities, Comparably recognized Ivalua for the following (******************************************** : Powered by People - Powered by You! United by our values we embrace diversity and equity in the broadest possible sense to create an inclusive workplace. To help our customers make supply chains more efficient, sustainable and resilient, we rely on a global team with a variety of backgrounds, skills and views. We believe in equal opportunity and in diversity as a driver of innovation that cultivates a spirit of inclusiveness, creates a productive and fun place to work, and provides fulfilling career opportunities for all Ivaluans. ********************************************** One of Ivalua's core values is to Care & Grow People. We take matters like pay equity very seriously and strive to reward our employees appropriately and fairly for their talents. The salary range for this position is based upon careful and continual market compensation research. In addition to location, salary may also vary based upon job-related knowledge, skills, and experience. Title: Sr Security Analyst Base range minimum: $115,000 Base range maximum: $175,000 *Additional compensation / rewards: In addition to the base salary information above, Ivalua offers an uncapped commission plan as part of the competitive compensation package. Other compensation factors may also be considered. Ivalua also offers exceptional benefits including medical, dental, vision, retirement (with company match), and much more. #LI-SG1 #LI-HYBRID

About Us Recognized among Pittsburgh's 2024 Top Workplaces and Fastest-Growing Companies, Wolfe has been a leader in the Gift Card and FinTech sectors for over 25 years. We power gift card programs for national merchants like KFC. Our flagship consumer brand, PerfectGift.com, enables customers to create customized gift cards. We are a fast-paced environment, like kayaking down a white-water river, not canoeing on a lake. Learn more about our company culture, core values, and industry recognition on our career page (****************************** Role Summary Wolfe is seeking a Senior Cloud Security Engineer to lead the protection of our cloud-based systems, data, and applications. This is a pivotal role focused on embedding security into every layer of our cloud infrastructure, particularly within AWS environments. You'll work closely with Developers, DevOps, and Infrastructure teams to manage vulnerabilities, mature security controls, and drive secure practices across our technology organization. In this hands-on role, you'll architect and implement cloud-native security solutions, enhance cloud protections, and build tools and procedures that safeguard sensitive data and workloads. You'll help shape how Wolfe builds and maintains secure cloud systems while balancing risk, performance, and delivery. If you are an experienced DevOps engineer looking to grow into a security-focused role, we encourage you to apply! This is a five-day onsite role based in Pittsburgh, PA. Wolfe does not provide visa sponsorship. Responsibilities Analyze cloud security models, protocols, and systems. Monitor and analyze cloud security tools and technologies for potential risks. Develop best practices and processes for cloud security. Implement security measures to protect the cloud infrastructure from external threats. Collaborate with other teams to ensure the security of the cloud environment. Continuously enhance cloud security technologies and services in designated security domains. Analyze, design, and create applications, tests, and infrastructure automation tools. Impact Statement Example expectations for this role include but are not limited to: Lead the initiative to strengthen cloud account security by eliminating user keys and deploying updated policy controls within three months. Deploy enhanced firewall solutions and expand application protection platforms to production environments, achieving cost savings and increased security over the next four months. Manage and mature privileged access management (PAM) solutions for databases, phasing out legacy access methods where possible, and extend PAM deployment to new environments within six months. Perform comprehensive assessments of new accounts and prepare for resource cleanup across multiple cloud projects. Enhance cloud security maturity by improving KPI tracking and maturing security metrics reporting within three months. Assist with developing penetration test scopes and support the execution of penetration tests within six months, while ensuring visibility of cloud vulnerabilities for developers. Qualification 3+ years security engineering or 3+ years cloud infrastructure engineering experience Strong communication skills Proficient with AWS; familiar with Azure and/or GCP Passionate about cloud security and driving secure infrastructure Deep experience in cloud security technologies, processes, and best practices Familiarity of non-cloud native security tools like CrowdStrike, SentinelOne Singularity, Wiz, or Prisma History of developing and implementing security policies and procedures Solid understanding of network security protocols and security architecture Excellent problem-solving abilities Effective team player focused on team goals Experience in a fast-paced environment with the ability to think quickly and creatively to solve problems. Familiar with frameworks: NIST CSF, OWASP DSOMM, CSA STAR, CCM Recommended certifications: CCSP, AWS Certified - Security, GCSA, CISSP Compensation & Benefits Wolfe is committed to providing a comprehensive benefits package to support your well-being, along with competitive compensation targeting the top 25% (75th percentile) in the local market. Our benefits and perks include but not limited to: Restricted Stock Units (RSUs) Profit Share Medical, Prescription, Vision, and Dental insurance for employees and dependents (Wolfe pays 80% of premium) Short-Term Disability Insurance (Wolfe pays 100% of premium) Voluntary Long-Term Disability Insurance, Life Insurance, Critical Illness Insurance, Accident Insurance, and Hospital Indemnity coverage PTO (vacation) Corporate Holidays 401(k) Employee recognition program Charitable Donation to a charity of your choice yearly Employee Referral Bonus Tuition Reimbursement Internal Training and Information sessions Family Picnic, Holiday Party, and other outings Internal Culture Club --- Wolfe is an Equal Opportunity Employer. Wolfe does not sponsor employment visas.

We are focused on imparting effective business staffing services through high level cost effective solutions. We have a strong foundation built on legacy and emerging technologies, including excellent track record of on-time delivery. We are leaders in providing additional custom IT Services with a proficient approach towards development of emerging mobile-based applications and web based application development. We are emerging as one of the largest private talent sourcing and management firms in the US. Our client- one of the leading ICT for development - ICT4D - organization, providing low cost solutions using ICT to tackle poverty and to overcome disadvantage, working closely with local communities seeks an accomplished IT Security Leader. Job Description Title: Information Risk Consultant Location: Pittsburgh PA Duration: 12+ months Responsible for providing support to technical professionals with regard to a variety of administrative, systems, and business operations problems, and participation in related system development projects of the most complex nature. Requires a seasoned expert on the integration of multiple systems or large-scale development projects. Responsibilities may include: determining and defining system specifications, process improvement, quality assurance, interaction with customers and technical staff, strong emphasis on problem resolution, and project-lead activities. Other Skills: Information Risk Governance/Information Security Additional Information I would love to talk to you if you think this position suits your interest. If you are looking for rewarding employment and a company that puts its employees first, we would like to work with you. We also offer group health insurance. NOTE: “Candidates that are offered a position are required to pass pre-employment drug and background screening”

The Information Security Engineer with EdgeCo Holdings is responsible for designing, implementing, and monitoring security measures to protect EdgeCo's organization's computer networks and systems from cyber-attacks across the parent and all divisional companies. This role requires a deep understanding of both offensive and defensive security tactics, as well as the ability to anticipate and mitigate potential vulnerabilities. The role is required to understand Information Security risks as it pertains to our various businesses as well as trends in Information Security including offensive threats and appropriate defensive controls to manage them. The role will be required to understand Information Security risks and how these risks are managed by our Information Security Program and how to manage risks using technologies, tools, and logical and administrative controls to our risk tolerance and appetite. The role works with the Enterprise IT organization working with and running projects with Desktop Support, Infrastructure, and Operations as well as with our various business line development teams to ensure secure supportable applications and systems. The role will work with stakeholders to develop comprehensive security strategies that align with business objectives while performing standard security assessments of architecture to identify risks and any residual risk to be accepted. Location: Pittsburgh, PA - hybrid We are interested in qualified candidates who are eligible to work in the United States. However, we are not able to sponsor visas. Duties/Responsibilities: Configure, monitor, and/or support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. Assist with the identification, response, investigation, and remediation of potential breaches and issues surrounding data security. Recommend enhancements to existing and new security hardware, software, or related tools. Ensure security best practices are identified and integrated into all facets of projects according to the published Software Development Life Cycle (SDLC). Perform vulnerability scans and research new vulnerabilities and malicious software; review the company's potential exposure. Perform network, system, and server security assessments as well as ad-hoc audits to company policies, processes, procedures and validate according to internal and external industry standards and best practices. Monitor, analyze, and communicate security alerts and information according to policies and procedures for primary ownership areas in our InfoSec tool set. Regularly make recommendations to improve the security posture of enterprise systems and network infrastructure. Participate in IR processes for specialty areas and tool sets under their management and to support standard IR processes and procedures. Assist with new technology reviews, consulting with I&O teams in the support of new enterprise applications and technologies entering the infrastructure, proposing, and recommending process improvements, and working collaboratively with peers and support teams. Contribute to the development of InfoSec strategies to align with the overall business strategy as well as corporate strategy. Contribute, perform and act as primary owner in the development, implementation and execution of 'best practice' standards as well as departmental policies and procedures. Process or program management, and mentoring junior staff members. Required Skills/Abilities: Demonstrated experience supporting third party tools to manage and audit information systems. Working knowledge of security concepts such as: security information and event management (SIEM); point products like anti-virus (AV) and intrusion detection system/intrusion prevention system (IDS/IPS) and penetration testing tools. Cloud security exposure that includes tools and associated risks as well as Cloud based information security tools for Data Loss Prevention, CASB, Cloud Security Posture tools, WAF, SASE and other Infosec tools. Exposure to various regulatory requirements and or frameworks such as Payment Card Industry (PCI) or COBIT/NIST CSF/ NIST 800.53, ISO 27001/Cloud Security Alliance etc.). High degree of proficiency in MS Office Suite, Outlook & Internet applications. Strong, professional, and effective verbal and written communication skills. Strong analytical, prioritizing, problem-solving and presentation skills. Ability to work closely with cross-functional teams, while operating independently. Self-motivated with critical attention to details and deadlines. Ability to adapt well to change in direction and priority in a fast-paced and deadline-oriented environment. Preferred Skills/Abilities: Desired certifications include: MCSE, MCSA, A+, Network+, CISSP, Cisco, VMware, PMP or Project+, and Information Technology Infrastructure Library or relevant experience. Strong hands-on/technical knowledge of core Microsoft technologies including but not limited to Windows Servers, Active Directory. Technical knowledge of core networking tools and products. Experience as an Azure Administrator or equivalent role. Experience with SCRUM/Agile development methodologies. Ability to keep up to date with cloud offerings and solutions. Education and Experience: BS degree in the field of Computer Science, Information Systems, or related field and/or relevant certification with 5+ years equivalent work experience. 5+ years managing Information Security tools, services and risk exposure and risk assessment processes. Demonstrated experience in successfully supporting an Information Security program in a mid-sized company with significant regulatory and contractual obligations. 5+ years of Information Security experience 5+ years in a professional environment Strong Reading/Writing skills required

The Systems Engineer position is responsible for providing full cycle implementation and support of customer systems, while working across multiple company departments to ensure full client satisfaction. Under the direction of a manager or dispatcher, coordinates the design and maintenance of all access control, intrusion, and video surveillance systems. Incumbent receives and evaluates work orders and requests, investigates requests and troubleshoots problems where appropriate, establishes priorities and coordinates with contractors, when required. Requirements Essential functions and responsibilities: Assists with security systems integration, mapping and software updates and helps train personnel in the use of these systems. Assists on new projects in both existing areas and new construction helping with security assessments, vendor selection, technology upgrades, product selections, testing, field verification of systems and inspection of work in progress for compliance with standards Assess work sites, conditions, and logistics for each project; Develop Method of Procedure based on pre-project assessment. Design, develop and provide documentation of systems, configurations, and other pertinent information for the customer. Communicate with clients to resolve issues in a professional and confidential manner; Develop and execute client specific solutions. Manage the allocation of project resources, including software, hardware, tools, and related items specific to each customer and/or project. Direct the work responsibilities of union labor personnel based on specific project needs. Design and oversee training programs for new and existing customers; Determine which customers receive training. Collaborate with Customer Relationship Managers on demonstrations for new and potential clients. Perform installation, configuration, programming, and final commissioning of customer systems. Work collaboratively with installation, project management and engineering teams. Perform infrastructure services, including pulling cables, installing wall, and ceiling cabling, and installing surface mounted devices, as required. Perform system wiring and terminations services, as required. Deliver on-going remote and on-site technical support for existing customers and systems. Additional responsibilities may be required as necessary, including but not limited to: Provide internal support for basic trouble shooting. Organizes and manage parts stock and tools. Perform other duties as needed. Success factors/job competencies: Effectively communicate both in writing and verbally Work independently and prioritize multiple tasks and adapt to needed change Analysis Mechanical aptitude Comprehend technical language and read and interpret blueprints, wiring diagrams, and schematics Safety orientation Customer Focus Attention to Detail Teamwork/Collaboration Stay abreast of changes in security technology Physical demands and work environment: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Individual will be required to travel to customer sites as needed. While performing the duties of this job, the employee is occasionally exposed to moving mechanical parts. The employee is occasionally exposed to outside weather conditions and risk of electrical shock. Individual will regularly be required to lift, push, pull, and carry up to 50 pounds, and occasionally up to 75 pounds. Incumbent will be required to use a computer with keyboard, telephone, or handheld mobile device for extended periods of time, and office machinery as needed. Incumbent must be able to read, see, hear, and speak. Workdays and Shifts: Position works Monday-Friday, daylight hours, and additional time as needed to complete work. Education/Certification(s)/License(s) required: Bachelor's Degree in Electronics, Information Technology or related field, or equivalent experience. May be required to participate in safety trainings and/or certifications provided by the Company or customers. Valid driver's license, as employee will be required to travel to local and overnight client sites as needed. Manufacturer specific certifications, as required. Responsible to maintain active certifications and obtain new and updated certifications as required by the Company. Experience/Other required: Position requires two (2) to three (3) years of relevant experience in the electronic services. Strong knowledge of Microsoft Office. Strong computer skills with advanced software aptitude. Security systems to include, service and maintenance across a broad spectrum of access control, intrusion and video surveillance systems such as, Genetec, Milestone, Bosch, and DMP. Applicants must be currently authorized to work in the United States on a full-time basis. Visa sponsorship is not available for this position. This is a full-time, in-person position, and candidates must be able to work from our office located in Pittsburgh, Pennsylvania.

Identity & Security Engineer - Browser Security Second preference is other tech hubs Dallas TX, Columbus OH, Cleveland OH , Pheonix AZ and Birmingham AL Shift Times/Preferred Time Zone: M-F 9-4 EST but also night and weekend work (flex schedule) network configuration adjustments after hours and weekends Length of Assignment: 12 months Organizational Structure And Impact: Impact/Function this role has within the bank/LOB i.e., mitigating risk, cost reduction, revenue, etc.: Mitigating Risk/ fraud and security operations Team Background and Preferred Candidate History: Security engineering team, mitigating risks, fraud and security operations Key responsibilities: Deploying Island.io Browser to PNC Must have technical skills/experience (ask for alternative/tool/version): + Island.io Browser exp + Security browser exp + Browser extensions Flex Skills: Azure or AWS Cloud exp Education: No Bachelor's needed, Exp more important Screening Questions: + Describe your experience in detail with Island.io Browser or other security browsers? + Describe your experience with OS deployment of Island.io Browser or other security browser? Logistics (Interviews) : 2 step, 1 hr first 2nd 30 mins + 1st round: Hm and a few Sr engineers (used to narrow down to 2nd round) + 2nd round: HM and Mgr Skills: + Browser extensions + Island.io Browser + Security browser exp Share your resume with ***********************. Also connect me at LinkedIn : (16) Ariz J. Khan | LinkedIn (************************************************** Ref: #404-IT Pittsburgh System One, and its subsidiaries including Joulé, ALTA IT Services, CM Access, TPGS, and MOUNTAIN, LTD., are leaders in delivering workforce solutions and integrated services across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible full-time employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan. System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.

Are you a cybersecurity and/or AI researcher who enjoys a challenge? Are you excited about pioneering new research areas that will impact academia, industry, and national security? If so, we want you for our team, where you'll collaborate to deliver high-quality results in the emerging area of AI security. The CERT Division of the Software Engineering Institute (SEI) is seeking applicants for the AI Security Researcher role. Originally created in response to one of the first computer viruses -- the Morris worm - in 1988, CERT has remained a leader in cybersecurity research, improving the robustness of software systems, and in responding to sophisticated cybersecurity threats. Ensuring the robustness and security of AI systems is the next big challenge on the horizon, and we are seeking life-long learners in the fields of cybersecurity, AI/ML, or related areas, who are willing to cross-train to address AI Security. As part of the Threat Analysis Directorate, you will join a group of security experts focused on advancing the state of the art in AI security at a national and global scale. Our tasks include vulnerability discovery and assessments for AI systems, evaluation of the effectiveness and robustness of defenses and mitigations for AI systems, reverse engineering AI systems and models, and identifying new areas where security research is needed. We participate in communities of network defenders, software developers and vendors, security researchers, AI practitioners, and policymakers. You'll get a chance to work with elite AI and cybersecurity professionals, university faculty, and government representatives to build new methodologies and technologies that will influence national AI security strategy for decades to come. You will co-author research proposals, execute studies, and present findings and recommendations to our DoD sponsors, decision makers within government and industry, and at academic conferences. The SEI is a non-profit, federally funded research and development center (FFRDC) at Carnegie Mellon University. What you'll do: Develop state of the art approaches for analyzing robustness of AI systems. Apply these approaches to understanding vulnerabilities in AI systems and how attackers adapt their tradecraft to exploit those vulnerabilities. Reverse engineer malicious code in support of high-impact customers, design and develop new analysis methods and tools, work to identify and address emerging and complex threats to AI systems and effectively participate in the broader security community. Study and influence the AI security and vulnerability disclosure ecosystems. Evaluate the effectiveness of tools, techniques and processes developed by industry and the AI security research community. Uncover and shape some of the fundamental assumptions underlying current best practice in AI security. Develop thought models, tools and data sets that can be used to characterize the threats to, and vulnerabilities in, AI systems, and publish those results. You will also use these results to aid in the testing, evaluation and transition of technologies developed by government-funded research programs. Identify opportunities to apply AI to improve existing cybersecurity research. Who you are: You have BS in machine learning, cybersecurity, statistics, or related discipline with ten (10) years of experience; OR MS in the same fields with eight (8) years of experience; OR PhD in the same fields with five (5) years of experience. You have a deep interest in AI/ML and cybersecurity with a penchant for intellectual curiosity and a desire to make an impact beyond your organization. You have practical experience with applying cybersecurity knowledge toward vulnerability research, analysis, disclosure, or mitigation. You have experience with advising on a range of security topics based on research and expert opinion. You have familiarity with implementing and applying AI/ML techniques to solving practical problems. You have familiarity with common AI/ML software packages and tools (e.g., Numpy, Pytorch, Tensorflow, ART). You have knowledge or familiarity with reverse engineering tools (e.g. NSA Ghidra, IDA Pro) You have experience with Python, C/C++, or low-level programming. You have experience developing frameworks, methodologies, or assessments to evaluate effectiveness and robustness of technologies. You have excellent communication skills (oral and written), particularly regarding technical communications with non-experts. You enjoy mentoring and cross-training others and sharing knowledge within the broader community. Candidates with strong technical proficiency in either AI/ML or cybersecurity are welcome to apply, provided a demonstrated intellectual agility and commitment required for accelerated learning within the role. You are able to: Travel to various locations to support the SEI's overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion (5%). You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance. Why work here? Join a world-class organization that continues to have a significant impact on software. Work with cutting-edge technologies and dedicated experts to solve tough problems for the government and the nation. Be surrounded by friendly and knowledgeable staff with broad expertise across AI/ML, cybersecurity, software engineering, risk management, and policy creation. Get 8% monthly contribution for your retirement, without having to contribute yourself. Get tuition benefits to CMU and other institutions for you and your dependent children. Enjoy a healthy work/life balance with flexible work arrangements and paid parental and military leave. Enjoy annual professional development opportunities; attend conferences and training or obtain a certification and get reimbursed for membership in professional societies. Qualify for relocation assistance and so much more. Joining the CMU team opens the door to an array of exceptional benefits. Benefits eligible employees enjoy a wide array of benefits including comprehensive medical, prescription, dental, and vision insurance as well as a generous retirement savings program with employer contributions. Unlock your potential with tuition benefits, take well-deserved breaks with ample paid time off and observed holidays, and rest easy with life and accidental death and disability insurance. Additional perks include a free Pittsburgh Regional Transit bus pass, access to our Family Concierge Team to help navigate childcare needs, fitness center access, and much more! For a comprehensive overview of the benefits available, explore our Benefits page. At Carnegie Mellon, we value the whole package when extending offers of employment. Beyond credentials, we evaluate the role and responsibilities, your valuable work experience, and the knowledge gained through education and training. We appreciate your unique skills and the perspective you bring. Your journey with us is about more than just a job; it's about finding the perfect fit for your professional growth and personal aspirations. Are you interested in an exciting opportunity with an exceptional organization?! Apply today! Location Pittsburgh, PA Job Function Software/Applications Development/Engineering Position Type Staff - Regular Full Time/Part time Full time Pay Basis Salary More Information: Please visit “Why Carnegie Mellon” to learn more about becoming part of an institution inspiring innovations that change the world. Click here to view a listing of employee benefits Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran. Statement of Assurance

Are you a cybersecurity and/or AI researcher who enjoys a challenge? Are you excited about pioneering new research areas that will impact academia, industry, and national security? If so, we want you for our team, where you'll collaborate to deliver high-quality results in the emerging area of AI security. The CERT Division of the Software Engineering Institute (SEI) is seeking applicants for the AI Security Researcher role. Originally created in response to one of the first computer viruses -- the Morris worm - in 1988, CERT has remained a leader in cybersecurity research, improving the robustness of software systems, and in responding to sophisticated cybersecurity threats. Ensuring the robustness and security of AI systems is the next big challenge on the horizon, and we are seeking life-long learners in the fields of cybersecurity, AI/ML, or related areas, who are willing to cross-train to address AI Security. As part of the Threat Analysis Directorate, you will join a group of security experts focused on advancing the state of the art in AI security at a national and global scale. Our tasks include vulnerability discovery and assessments for AI systems, evaluation of the effectiveness and robustness of defenses and mitigations for AI systems, reverse engineering AI systems and models, and identifying new areas where security research is needed. We participate in communities of network defenders, software developers and vendors, security researchers, AI practitioners, and policymakers. You'll get a chance to work with elite AI and cybersecurity professionals, university faculty, and government representatives to build new methodologies and technologies that will influence national AI security strategy for decades to come. You will co-author research proposals, execute studies, and present findings and recommendations to our DoD sponsors, decision makers within government and industry, and at academic conferences. The SEI is a non-profit, federally funded research and development center (FFRDC) at Carnegie Mellon University. What you'll do: * Develop state of the art approaches for analyzing robustness of AI systems. * Apply these approaches to understanding vulnerabilities in AI systems and how attackers adapt their tradecraft to exploit those vulnerabilities. * Reverse engineer malicious code in support of high-impact customers, design and develop new analysis methods and tools, work to identify and address emerging and complex threats to AI systems and effectively participate in the broader security community. * Study and influence the AI security and vulnerability disclosure ecosystems. * Evaluate the effectiveness of tools, techniques and processes developed by industry and the AI security research community. * Uncover and shape some of the fundamental assumptions underlying current best practice in AI security. * Develop thought models, tools and data sets that can be used to characterize the threats to, and vulnerabilities in, AI systems, and publish those results. You will also use these results to aid in the testing, evaluation and transition of technologies developed by government-funded research programs. * Identify opportunities to apply AI to improve existing cybersecurity research. Who you are: * You have BS in machine learning, cybersecurity, statistics, or related discipline with ten (10) years of experience; OR MS in the same fields with eight (8) years of experience; OR PhD in the same fields with five (5) years of experience. * You have a deep interest in AI/ML and cybersecurity with a penchant for intellectual curiosity and a desire to make an impact beyond your organization. * You have practical experience with applying cybersecurity knowledge toward vulnerability research, analysis, disclosure, or mitigation. * You have experience with advising on a range of security topics based on research and expert opinion. * You have familiarity with implementing and applying AI/ML techniques to solving practical problems. * You have familiarity with common AI/ML software packages and tools (e.g., Numpy, Pytorch, Tensorflow, ART). * You have knowledge or familiarity with reverse engineering tools (e.g. NSA Ghidra, IDA Pro) * You have experience with Python, C/C++, or low-level programming. * You have experience developing frameworks, methodologies, or assessments to evaluate effectiveness and robustness of technologies. * You have excellent communication skills (oral and written), particularly regarding technical communications with non-experts. * You enjoy mentoring and cross-training others and sharing knowledge within the broader community. * Candidates with strong technical proficiency in either AI/ML or cybersecurity are welcome to apply, provided a demonstrated intellectual agility and commitment required for accelerated learning within the role. You are able to: * Travel to various locations to support the SEI's overall mission. This includes within the SEI and CMU community, sponsor sites, conferences, and offsite meetings on occasion (5%). * You will be subject to a background check and will need to obtain and maintain a Department of Defense security clearance. Why work here? * Join a world-class organization that continues to have a significant impact on software. * Work with cutting-edge technologies and dedicated experts to solve tough problems for the government and the nation. * Be surrounded by friendly and knowledgeable staff with broad expertise across AI/ML, cybersecurity, software engineering, risk management, and policy creation. * Get 8% monthly contribution for your retirement, without having to contribute yourself. * Get tuition benefits to CMU and other institutions for you and your dependent children. * Enjoy a healthy work/life balance with flexible work arrangements and paid parental and military leave. * Enjoy annual professional development opportunities; attend conferences and training or obtain a certification and get reimbursed for membership in professional societies. * Qualify for relocation assistance and so much more. Location Pittsburgh, PA Job Function Software/Applications Development/Engineering Position Type Staff - Regular Full time/Part time Full time Pay Basis Salary More Information: * Please visit "Why Carnegie Mellon" to learn more about becoming part of an institution inspiring innovations that change the world. * Click here to view a listing of employee benefits * Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran. * Statement of Assurance

We are seeking an experienced AI Security Engineer to lead the development of next -generation cybersecurity solutions for advanced AI systems. This individual will be responsible for researching, designing, and implementing cutting -edge security controls to protect AI models, data pipelines, and infrastructure from adversarial attacks, privacy vulnerabilities, and regulatory risks. The ideal candidate has a strong background in AI and understanding of cybersecurity principles, has been published in leading academic conferences (NeurIPS, ICLR, Black Hat, DEFCON, etc.), and has experience working at a frontier AI lab. Requirements Experience: 5+ years in AI/ML with a strong focus on cybersecurity. Education: Bachelor's or Master's in Computer Science, Cybersecurity, AI/ML, or a related field. PhD preferred. Technical Expertise: Strong understanding of AI security challenges, including adversarial ML, LLM backdoor, (in)direct prompt injections, model poisoning, and data leakage. Proficiency in cybersecurity frameworks (NIST, MITRE ATLAS, OWASP AI Top 10) and security tools. Hands -on experience with AI frameworks (TensorFlow, PyTorch, OpenAI API, Hugging Face) and securing AI pipelines. Expertise in cryptography, secure data handling, and privacy -preserving AI techniques (federated learning, differential privacy). Proficiency in Python and security -related programming (e.g., secure coding, AI model evaluation). Familiarity with AI agents, autonomous agents, large language models (LLMs), and multi -modal AI systems. Preferred: Experience in compliance, regulatory, or risk frameworks for AI (e.g., OWASP, MITRE, GDPR, HIPAA, GLBA, NIST AI RMF). An interest in robotics would be preferred as well. Publication & Research: Proven track record of research contributions in top AI/ML and cybersecurity conferences. Industry Experience: Prior work at a leading AI research lab, security -focused AI startup, or a major tech company's AI division. Benefits Competitive salary and equity options. 100% paid medical insurance coverage. Research and publication opportunities. Opportunity to work on cutting -edge AI security challenges that expand beyond software systems. Flexible work environment with remote and in -office options. Access to industry -leading AI security research and resources. A dynamic, mission -driven team shaping the future of AI security.

Are you ready to elevate security practices to new heights? Our organization is on the lookout for a dynamic Application Security Engineer who will revolutionize our application security strategies. Located in the vibrant city of Pittsburgh, PA, this on\-site role is the perfect opportunity to collaborate with key stakeholders in Technology, Product, and Strategic Business Units to tackle the most pressing security challenges head\-on. As a Application Security Engineer, you will spearhead the secure software development lifecycle, embedding cutting\-edge security practices at every step of our DevOps pipelines and application security processes. Your expertise in maturity models like DSOMM (DevSecOps Maturity Model), CI\/CD pipelines, and vulnerability management tools will be crucial in transforming our security landscape. Join forces with our engineering, DevOps, Product, and Technology teams to implement automated security controls, threat modeling, and risk mitigation strategies that will shape the future of our software development lifecycle. This role requires minimal travel and the ability to work in a fast\-paced, dynamic environment. The position may involve working outside normal business hours to address urgent compliance or security incidents. Key Responsibilities DevSecOps & Maturity Measurement Implementation: Assess, report, and assist with improving application security and DevSecOps Maturity, utilizing a measurement framework such as DSOMM or BSIMM, across the organization. Define and implement security policies, standards, and best practices for DevOps, CI\/CD pipelines, and cloud security. Work with development and DevOps teams to integrate automated security testing (SAST, DAST, SCA, IaC security scanning, etc.) into pipelines. Establish security gates in CI\/CD workflows to prevent deployment of vulnerable code. Application Security & Code Vulnerabilities: Perform code reviews, static\/dynamic security testing (SAST\/DAST), and secure coding guidance to developers. Identify and remediate vulnerabilities in application code, libraries, containers, and infrastructure as code (IaC). Develop and enforce secure coding standards in alignment with OWASP, NIST, and other frameworks. Conduct threat modeling and security architecture reviews for applications and services. For example, assist application teams with developing accurate data flow diagrams and developing appropriate identity management solutions. Manage and mature Bot Management services for all applications. Assist with WAF management and maturity. Improve secrets management and API security. Vulnerability Management & Risk Reduction: Manage and mature enterprise\-wide Bug Bounty program (e.g. BugCrowd, HackerOne) Manage vulnerability scanning tools (e.g., Tenable, Qualys, Sonar, Snyk) and prioritize remediation efforts. Track, assess, and coordinate the remediation of vulnerabilities across the application, infrastructure, and cloud environments. Develop risk\-based vulnerability management workflows and collaborate with engineering teams to drive fixes. Monitor security dashboards and metrics, ensuring vulnerabilities are patched in alignment with SLAs. Security CI\/CD Automation & Tooling: Implement security automation using APIs, scripts, and cloud\-native security controls. Work with DevOps engineers to integrate security tooling (like SemGrep, Snyk, Cycode) or within Jenkins, GitHub, GitLab CI\/CD, or AWS DevOps. Automate security findings triage, reporting, and prioritization processes. Security Awareness & Collaboration: Train and mentor developers on secure coding, threat modeling, DevSecOps, and vulnerability management best practices. Collaborate with security operations, incident response, and compliance teams on security initiatives. Participate in security assessments, penetration testing, and security incident investigations. Requirements Qualifications & Experience Bachelor's Degree in Information Security, Cybersecurity, Computer Science, or a related field OR a minimum of 6 years' equivalent experience in lieu of a degree 4+ years of experience in application security, DevSecOps, and security engineering OR a combination of 2+ years experience as a developer and 2+ years in application security, DevSecOps, and security engineering Hands\-on experience with DevSecOps tools (SAST, DAST, SCA, container security, IaC security), integrating security solutions within CI\/CD pipelines, strong knowledge of secure coding principles (OWASP Top 10, SANS CWE Top 25), and familiarity with AI ML or LLM usage within security tooling. Experience with vulnerability management, web app penetration testing tooling, and security certifications like CISSP, OSCP, GCPN, GCSA, AWS Security Specialty, or CSSLP are preferred. Proficiency in Bot Management tooling, client\-side monitoring tooling, and implementing maturity measurement frameworks such as DSOMM or BSIMM in an enterprise setting. Ability to understand and communicate best\-practice system architectures, data flows, and security controls within modern web applications and cloud (SaaS\/PaaS, IaaS). Excellent verbal and written communication skills, with the ability to communicate complex security concepts to technical and non\-technical stakeholders. "}}],"is Mobile":false,"iframe":"true","job Type":"Full time","apply Name":"Apply Now","zsoid":"641871163","FontFamily":"PuviRegular","job OtherDetails":[{"field Label":"Industry","uitype":2,"value":"Engineering"},{"field Label":"Work Experience","uitype":2,"value":"5+ years"},{"field Label":"City","uitype":1,"value":"Pittsburgh"},{"field Label":"State\/Province","uitype":1,"value":"Pennsylvania"},{"field Label":"Zip\/Postal Code","uitype":1,"value":"15205"}],"header Name":"Application Security Engineer","widget Id":"**********00072311","is JobBoard":"false","user Id":"**********00133003","attach Arr":[],"custom Template":"5","is CandidateLoginEnabled":true,"job Id":"**********06714003","FontSize":"15","google IndexUrl":"https:\/\/hdjassociates.zohorecruit.com\/recruit\/ViewJob.na?digest=UnBknG4YeUTpH3g.ao7JoWAjgPO2l6C2tdKjPQTIaoc\-&embedsource=Google","location":"Pittsburgh","embedsource":"CareerSite","indeed CallBackUrl":"https:\/\/recruit.zoho.com\/recruit\/JBApplyAuth.do"}

Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities? If so, Deloitte & Touche LLP could be the place for you. Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join Deloitte's Cloud Cyber Services team and become a member of the largest group of cybersecurity professionals worldwide. Recruiting for this role ends on 03/01/2026 Work You'll Do As a Cloud Security Architect (Manager), you will play an integral role in defining and assessing the client organization's cloud security strategy, architecture and practices. This individual's primary function is to provide cloud security planning, deployment and review expertise to project teams and client organizations in the Cyber space. Responsibilities include: + Lead the overall delivery of Cloud Cyber Risk projects in a project manager and or architect role, overseeing the activities of onsite and offshore engineers and architects across 8 key cyber domains: Governance, Identity, Application Security, PaaS security, Infrastructure security, Security Monitoring, Resilience and Data protection + Assist in business development activities such as defining scope of services, building resource estimates and related pricing, packaging proposals and supporting the delivery of the proposal to the client for AWS, GCP, Azure and/or Oracle Cloud services + Function as the primary client day to day interface building rapport and trust with the client + Function as an expert in CNAPP, CWPP and CSPM technologies and security risk frameworks relevant to cloud as well as the industry leading benchmarks + Review and oversee the generation of all project deliverables such as assessment reports, system designs/ architectures and risk/security recommendations + Assist clients with security frameworks, cloud configuration standards and resolving cloud vulnerabilities + Lead the execution of cloud security engagements during different phases of the lifecycle - assess, design, and implementation. + Lead engagements to perform technical health checks for cloud platforms/environments prior to broader deployments. + Oversee technical support for AWS, GCP, Azure and/or Oracle cyber services and resolve service-related issues through research and troubleshooting and working with vendors. + Conduct cloud security analysis, recommendations and configurations of prospective clients' platforms and environments based on Deloitte's Cloud Cyber Risk Framework. + Perform technical health checks for these cloud platforms/environments prior to broader deployments including DevSecOps and CI/CD pipelines + Assist clients with transitions to using cloud services such as tenant setup and service configuration, focused on cloud cyber risk mitigation. Additional technologies include: MFA, SSO, Conditional Access, PIM, Security Operations tooling and scanning solutions + Assist clients with the deployment of third-party technologies to assist in securing the cloud platform such as firewall, WAF, PAM and cloud workload protection. + Assist clients with configuration and delivery of cloud security and compliance reports. + Provide technical support for AWS, Azure, GCP, Oracle, Wiz, Snyk and third-party security services and resolve service-related issues through research and troubleshooting and working with third-party vendors. + Implementation of industry leading practices around Azure, AWS, GCP, Wiz, Snyk and cloud security services for clients. + Designing and developing cloud-specific security policies, standards and procedures e.g., tenant, management group and subscription management and configuration, identify management and access control, firewall management, auditing and monitoring, security incident and event management, data protection (DLP, encryption), user and administrator account management, SSO, conditional access controls and password/key management. + Troubleshooting system level problems in a multi-vendor, multi-protocol network environment. + Documenting platform technical issues, analysis, client communication, and resolution as part of cyber risk mitigation steps. + Executing on cloud security engagements during different phases of the lifecycle - assess, design, and implementation & post-implementation reviews. + Implementing industry leading practices around cyber risks and cloud security for clients. + Provide internal cloud and DevSecOps security technical training to Advisory personnel as needed. + Acting as a subject matter specialist on cloud cyber risk for the cloud platforms. + Manage to Point-of-Views (PoVs) on providing leading practices to our clients on the cyber challenges they face. + Contribute to eminence activities, such as whitepapers pertaining to cloud security capabilities. + Support talent process in the manager role such as for recruiting and coaching. The team Deloitte's Cloud Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Qualifications: + 6+ years of experience in technical consulting, client problem solving, architecting and designing solutions in a consulting role with project leadership and/or architect experience in AWS, GCP, Azure, Oracle, Wiz and/or Snyk ; with a security focus strongly preferred + 2+ years of hands-on technical experience designing and implementing security solutions for leading Cloud service providers across SPI models and environments (Public, Private, Hybrid) + 2+ years working experience designing cloud security architectures and strategies for enterprises + 2+ years working with Cloud security industry standards such as Cloud Security Alliance (CSA), ISO/IEC 27017 and NIST CSF + 2+ years working experience with Cloud security technologies/vendors (e.g., IAM, SIEM, IDS) and/or providers (e.g., Okta, CipherCloud, AlertLogic), a big plus + 2+ years working with Cloud orchestration and automation (Continuous Integration and Continuous Delivery (CI/CD)) in single and multi-tenant environments + 3+ years working with CNAPP, CSPM or CWPP technologies or planning for large-scale deployments of these technologies + BA/BS Degree preferably in a Technical field (ex. Computer Science, Cyber Security, Information Security, Engineering, Information Technology) + Maintain strong domain knowledge of multi-hyperscaler cloud solutions and security concepts and technologies + Experience with and leading use of leading cyber tooling for cloud such as Wiz and Snyk + Limited sponsorship may be available Required: + Locations include: Houston, Dallas, Cleveland, Detroit, St. Louis, Pittsburgh, Boston, Charlotte, Atlanta, Miami, Memphis, Denver, Phoenix, Salt Lake City, Los Angeles, San Diego, San Franciso, Seattle. Must be within a reasonable commute and willing to work part-time in the Deloitte and/or client offices + Ability to travel up to 80%, on average, based on the work you do and the clients and industries/sectors you serve Preferred: + Previous Consulting or Big 4 experience preferred. + Industry or Vendor Security Certifications such as CCSP or other cloud architect domains + Experience with Virtualization including security for at least one or more of the following: Compute, Network, Storage, End-point, Application + Experience designing IAM technologies and services + Experience or strong working knowledge of managing enterprise security infrastructure and perimeter security appliances - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology + Experience with Azure data, analytics, or AI/ML services (Azure SQL, HDInsight, Databricks, Data Factory, Data Lake Storage, Azure Analysis Services, Synapse Analytics, Azure Machine Learning, etc.) + Understanding of industry security standards, guidelines and regulatory/compliance requirements related to information security and cloud computing such as ISO 27001, ISO 27018, NIST CSF, NIST 800-53, PCI DSS, SOC2, HIPAA, PCI, SOX, GLBA, etc. The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $144,200 to $265,600 You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance. 'Information for applicants with a need for accommodation: ************************************************************************************************************ All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Location: Atlanta, Chicago, New York, Hoboken, Pittsburgh, Philadelphia, Cleveland, Akron, Dallas, Los Angeles At EY, we're all in to shape your future with confidence. We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Every challenge and every opportunity an organization faces today demands change. And with change comes risk. As a Risk Technology professional, you will be addressing client issues such as business performance variability, business and process controls transformation, application security integrity, governance, risk, and control (GRC) technology enablement, continuous controls monitoring, and IT risk management. You will belong to an international network of specialists helping our clients transform risk functions and implement technology solutions that support risk management and governance. With rapid growth across the SAP and Governance, Risk and Compliance (GRC) space, we're looking for people who understand the challenges of risk management and can focus on improving business performance using GRC technologies. As a member of our Risk Technology national practice, you will belong to a network of professionals helping our clients implement technology solutions to enrich and improve decision making, provide visibility and transparency of risk and compliance to stakeholders, and automate manual processes. **The opportunity** As our Risk Technology practice continues to expand, we are seeking a highly motivated Senior Associate, focused on SAP application risk and controls and technology enablement, to manage client engagement teams, work with a wide variety of clients to deliver professional services, and manage business development activities on strategic and global priority accounts. We will support you with career-long training and coaching to develop your skills in risk strategy, risk function design, risk management and performance enhancement. Since EY is a global leading service provider in this space, you will be working with the best people in a collaborative environment so that whenever you join and for however long you stay, the exceptional EY experience lasts a lifetime. **Your key responsibilities** Leveraging your knowledge of IT environments and industry trends, you will work across competencies, service lines and sectors to develop innovation solutions to build and sustain risk management and governance programs for our clients. You will support EY teams responsible for transforming risk functions and implementing leading practice technology solutions. **Skills and attributes for success** + You will leverage your SAP experience and project management skills, to effectively support client engagement teams and provide technical expertise in the assessment, design, and implementation of controls, security, and IT risk solutions. + Deliver facts, analyses, and recommendations in an accurate, clear, and concise manner. + Foster relationships with client personnel at appropriate levels + Drive high-quality work products on your team within expected timeframes and budget. **To qualify for the role, you must have** + A bachelor's or master's degree and approximately 2-3 years of related work experience + Demonstrate an understanding of SAP business processes (e.g., purchase-to-pay, record-to-report, order-to-cash) + Experience testing controls, sensitive access, and segregation of duties. + Basic project management and client service skills + Strong written and verbal communication skills + Strong analytical and problem-solving skills + Excellent teaming skills + A valid driver's license in the US and a valid passport required; willingness and ability to travel both domestically and internationally to meet client needs. **Ideally, you'll also have** + Prior experience as a consultant or client-serving professional. + Industry related certification (e.g., CPA/CA, CISA, RICS) + Strong understanding of IT industry trends + Foundational understanding of SAP auditing **What we look for** We're interested in passionate leaders with strong vision and a desire to stay on top of SAP and GRC industry trends. If you have a genuine passion for helping businesses achieve leading practice risk functions, this role is for you. **What we offer you** At EY, we'll develop you with future-focused skills and equip you with world-class experiences. We'll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more . + We offer a comprehensive compensation and benefits package where you'll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $102,500 to $187,900. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $122,900 to $213,400. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. + Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year. + Under our flexible vacation policy, you'll decide how much vacation time you need based on your own personal circumstances. You'll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. **Are you ready to shape your future with confidence? Apply today.** EY accepts applications for this position on an on-going basis. For those living in California, please click here for additional information. EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. **EY | Building a better working world** EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY's Talent Shared Services Team (TSS) or email the TSS at ************************** .

(Pittsburgh - Pennsylvania) Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions. At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities. Learn more at *************** Follow us on LinkedIn and Twitter. THE OPPORTUNITY CONTEXT: Our team is dedicated to serve our clients post going-live the best way we can to secure an exceptional client experience. With over 10 global team members, Infosec team needs to work with IT and R&D teams to keep our enterprise-class SaaS service secure from a variety of threats. ROLE: This is an exciting opportunity for a Senior Security Engineer role at Ivalua. You will engineer, implement, review and monitor technical security controls to protect and enhance the security of our hosting and corporate infrastructure, networks and applications. You will also help with operational security aspects which will include performing security reviews on infrastructure changes, reviewing firewalls rules, analyzing results from vulnerability or penetration testing reports, investigating security events by analyzing logs and identifying actionable plans to address in the infrastructure. WHAT YOU WILL DO WITH US Perform technical security design, architecture, change and/or configuration audits/reviews on our hosting and corporate infrastructure systems including Azure cloud environments, servers, network devices, endpoints, and security technologies deployed (CNAPP, MDM, WAF, DDoS, etc.) Act as the main SPOC for the network and cloud vulnerability management activities to perform scanning, internal and third-party penetration testing and red teaming as well as analysis and retesting of the reported security findings Collaborate with the SOC team to enhance our detection and response processes and capabilities Support the security initiatives for securing our Azure environments (EntraID Conditional Access, CSPM, Infrastructure as Code, NSG rules review etc.) Provide support to the GRC team on the technical security controls related to compliance initiatives (such as FedRAMP, PCI, NIST 800-53 r5, IRAP, SANS CIS 20) and the technical security questions from customers and prospects Act as the SME on infrastructure and cloud security topics, expand and develop sharing of technical knowledge and collaborate with multiple internal teams to review and improve the technical architecture and efficiency of IT and security operational processes YOUR PROFILE If you have the below experience and strengths this role could be for you: Skills and Experience: 5+ years of hands-on experience on infrastructure and network security engineering / architecture, protocols and technologies like CNAPP, CSPM, MDM, IAM, DDoS 5+ years of hands-on experience in performing network and/or cloud penetration testing Experience with scripting (such as Python, PowerShell etc.) Knowledge of Active Directory (key concepts, protocols, services, tiering, main attacks, best practices for hardening etc.) Knowledge of Cryptography concepts, encryption algorithms, protocols, keys and certificates management Hands-on experience with security concepts on Azure cloud environments and services (Azure EntraID, Azure Key Vault, Azure encryption, Azure Sentinel, NSG, Azure firewall etc.) Experience with security incident response and investigation Ability to foster collaborative, open and working relationships with technology and other stakeholders Experience with security standards and compliance programs such as OWASP, NIST, FedRAMP, PCI, SANS CIS 20 An Information Security qualification or evidence of starting to work towards e.g. OSCP, eJPT AZ-500, GIAC GPEN or similar certification Ability to handle multiple tasks, prioritize and meet deadlines Soft Skills : Ability to handle multiple tasks, prioritize and meet deadlines Ability to foster collaborative, open and working relationships with technology and other stakeholders WHAT HAPPENS NEXT If your application fits this specific position's needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals - apply today! Our Talent team will guide you through every step of the interview process - from preparation to completion. They're here to support you! Our recruitment process is designed to assess your competencies through a series of personalized interviews with internal stakeholders relevant to the role. Interviews will be conducted virtually via video or on-site with face-to-face meetings. LIFE AT IVALUA Hybrid working model (3 days in the office per week) We're a team dedicated to pushing the boundaries of product innovation and technology Sustainable Growth, Privately Held A stable and cash-flow positive Company since 10 years Snacks and weekly lunches in the office Feel empowered to pursue your goals with improved team collaboration and increased creativity/productivity Unlock and unleash your full professional potential with our exceptional training and career development program Join a dynamic and international team of top-notch professionals who are experts in their respective fields. Collaborate with like-minded individuals who are deeply passionate and highly motivated about their work. Experience a truly diverse and inclusive work environment where your unique contributions are highly valued Regular social events, competitive outings, team running events, and musical activities, Comparably recognized Ivalua for the following (******************************************** : Powered by People - Powered by You! United by our values we embrace diversity and equity in the broadest possible sense to create an inclusive workplace. To help our customers make supply chains more efficient, sustainable and resilient, we rely on a global team with a variety of backgrounds, skills and views. We believe in equal opportunity and in diversity as a driver of innovation that cultivates a spirit of inclusiveness, creates a productive and fun place to work, and provides fulfilling career opportunities for all Ivaluans. ********************************************** Experience life at Ivalua - check out our captivating video! Gain insight into our unique company culture and get a glimpse of what it's like to work with us. Ivalua's core values include a priority on Care & Grow People. We take matters like pay equity very seriously and strive to reward our employees appropriately and fairly for their talents. The compensation range for this position reflects the cost of labor across our US locations and is based upon careful and continual market research. In addition to location, compensation may also vary based upon job-related knowledge, skills, and experience. Title: Senior Security Engineer Range minimum: USD 112000 Range maximum: USD 208000 Additional compensation / rewards: Ivalua also offers exceptional benefits including medical, dental, vision and transportation. #LI-PDE #LI-HYBRID

* Familiarity with security architecture frameworks such as SABSA and TOGAF. * Familiarity with Threat modelling methodologies such as STRIDE. * Familiarity with security frameworks such as NIST800, CIS, ISO27001. * Familiarity with independent assurance frameworks such as SOC2. * Industry recognized technical certifications are desirable (CISSP, CCSP, CompTIA Security+, GIAC security essentials). * Familiarity with security and privacy regulations impacting financial services such as SOX and GDPR. * Prior experience with risk assessments and general understanding of risk management principles. * Excellent written and verbal communications skills. MAJOR DUTIES: * Conduct formal end to end Information Security Assessments (review of questionnaires, third party security audit reports and evidence, onsite assessments, etc.) * Perform security reviews for technical products, identify gaps in security and assist in providing guidance on mitigating controls. * Perform risk analysis on third party capabilities (i.e., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change). * Use third-party risk evaluation tools to monitor and reduce organizational cyber risk associated with third parties. * Assess remediation plans and non-compliance acceptances where Information Security standards compliance cannot be achieved. Review services and data in scope of the assessment and analyze security risk ratings. * Work on projects as directed by management. HOURS/LOCATION: * 8:30 a.m. - 5:00 p.m. (Overtime as required) * Hybrid schedule (in-office / remote) * Warrendale, PA - 15086 * Work at downtown location when required EXPLANATORY COMMENTS: * Good communication and interpersonal skills * Good decision making and problem-solving skills * Good analytical skills with attention to detail and accuracy * Ability to work on multiple projects simultaneously * Ability to work effectively both individually and as a member of a project team