Security engineer jobs in Fontana, CA

Alignment Health is breaking the mold in conventional health care, committed to serving seniors and those who need it most: the chronically ill and frail. It takes an entire team of passionate and caring people, united in our mission to put the senior first. We have built a team of talented and experienced people who are passionate about transforming the lives of the seniors we serve. In this fast-growing company, you will find ample room for growth and innovation alongside the Alignment Health community. Working at Alignment Health provides an opportunity to do work that really matters, not only changing lives but saving them. Together. This position is responsible for identifying, analyzing, and helping with remediate security vulnerabilities within our applications. This role requires a strong understanding of application security principles, hands-on experience with various security testing methodologies, and excellent communication skills to collaborate effectively with development teams and other stakeholders. Job Responsibilities: Conduct static application security testing (SAST), dynamic application security testing (DAST), and interactive application security testing (IAST) on a continuous basis. Identify, triage, and validate security vulnerabilities using both automated tools and manual review. Work closely with software development and DevOps teams to provide clear, actionable guidance on how to fix vulnerabilities and implement secure coding practices. Help integrate security controls and checks into the software development lifecycle (SDLC) and CI/CD pipelines. Drive and support application security reviews and threat modeling. Manage and configure a suite of application security tools, ensuring their effective use and reporting. Stay up-to-date with the latest security threats, trends, and technologies, and conduct research on new vulnerabilities and attack vectors. Contribute to the creation and maintenance of application security policies, standards, and procedures to guide development teams and ensure compliance. Develop and deliver security awareness and secure coding training to engineering teams. Support and lead third-party penetration testing. Job Requirements: Experience: Required: 5-7+ years of progressive experience in information security, with a strong focus on application security testing and vulnerability management. Proven track record of working directly with developers and engineering teams to identify and remediate security vulnerabilities in a fast-paced environment. Experience in a large-scale enterprise environment with complex application portfolios. Preferred: Experience in healthcare or another highly regulated field. Education: Required: Bachelor's degree or equivalent work experience in Computer Science, Information Security, or a related technical discipline. Preferred: Relevant professional certifications such as Offensive Security Certified Professional (OSCP), GIAC Web Application Penetration Tester (GWAPT), or Certified Secure Software Lifecycle Professional (CSSLP) are highly desirable. ISC2 Certified Information Systems Security Professional (CISSP) Specialized Skills: Required: Experience with general threat hunting techniques and tools. Experience with one or more programming languages (i.e., C#, Scala, Python). Essential Physical Functions: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 1. While performing the duties of this job, the employee is regularly required to talk or hear. The employee regularly is required to stand, walk, sit, use hand to finger, handle or feel objects, tools, or controls; and reach with hands and arms. 2. The employee frequently lifts and/or moves up to 10 pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus. Pay Range: $113,332.00 - $169,999.00 Pay range may be based on a number of factors including market location, education, responsibilities, experience, etc. Alignment Health is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, age, protected veteran status, gender identity, or sexual orientation. *DISCLAIMER: Please beware of recruitment phishing scams affecting Alignment Health and other employers where individuals receive fraudulent employment-related offers in exchange for money or other sensitive personal information. Please be advised that Alignment Health and its subsidiaries will never ask you for a credit card, send you a check, or ask you for any type of payment as part of consideration for employment with our company. If you feel that you have been the victim of a scam such as this, please report the incident to the Federal Trade Commission at ******************************* If you would like to verify the legitimacy of an email sent by or on behalf of Alignment Health's talent acquisition team, please email ******************.

Job Description ABOUT ROCKET LAB Rocket Lab is an end-to-end space company delivering responsive launch services, complete spacecraft design and manufacturing, payloads, satellite components, and more - all with the goal of opening access space. The rockets and satellites we build, and launch enable some of the most ambitious and vital space missions globally, supporting scientific exploration, Earth observation and missions to combat climate change, national security, and exciting new technology demonstrations. Our Electron rocket has become the second most frequently launched U.S. rocket annually and has delivered more than 230 satellites to orbit, all while we work to develop Neutron, our upcoming medium-lift, reusable launch vehicle for larger constellation deployment. Our Space Systems business designs and builds our extensive line of satellites, payloads, and their components, including spacecraft that have been selected to support NASA missions to the Moon and Mars and components used on the James Webb Space Telescope. IT Rocket Lab's IT team is responsible for how our global teams access information and run operations across our computer systems, networks, and devices. Our hardworking IT team is a group of flexible problem-solvers working in a fast-paced environment but who also thrive under the challenge of supporting all of our proprietary systems and people, from finance to launch operations. PRINCIPAL CLOUD SECURITY ENGINEER Based onsite at Rocket Lab's office in Long Beach, CA the Senior Cloud Security Engineer must demonstrate a firm grasp of cloud-first, automated, API-driven security and statistical risk concepts and communication. They will work on securing all facets of Rocket Lab's cloud presence: the wide array of vendor services, code pipelines deploying into prod and non-prod environments, and automation performing an assortment of business-critical operations. They will provide analyses including quantifiable statistical information regarding IT and Cybersecurity risk to business partners with fiduciary responsibility. They will support the IT organization to develop a secure, reliable, and fiercely efficient platform to empower the Rocket Lab's objectives as a rapidly growing multinational space company. WHAT YOU'LL GET TO DO: Design, implement, and maintain security controls for hybrid cloud-based environments, including infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and function as a service (FaaS) solutions. Design and develop custom automation in pursuit of cyber team objectives. Provide security support for internal and external design reviews related to security. Conduct security assessments and risk analyses to identify vulnerabilities and develop mitigation strategies for automated infrastructure such as public cloud, CI/CD pipelines, and agentic systems. Work with Infrastructure Operations to Implement and manage identity and access management (IAM) solutions to control access to cloud resources and applications. Develop documentation, plans, and proofs of concept for cybersecurity-related platform improvements. Configure and monitor cloud security tools and services. Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC), DevOps, and MLOps processes. Maintain systems to help the team stay up-to-date on emerging threats, vulnerabilities, and industry best practices related to DevSecOps/MLOps and recommend proactive measures to enhance security posture. Provide guidance and support to internal teams on security-related matters, including incident response, compliance, and security awareness training. Participate in regular security audits, assessments, and compliance reviews to ensure adherence to regulatory requirements and industry standards. YOU'LL BRING THESE QUALIFICATIONS Education and Experience in IT and Cybersecurity 12+ years of experience in scripting languages (e.g., Bash, PowerShell, Python) and configuration management/infrastructure as code tools (e.g., Puppet, Ansible, Terraform). Bachelor's degree or equivalent years of work experience (16+ years of total work experience) Cloud Security and Architecture Expertise Proven experience in cloud security architecture, design, and implementation across major cloud platforms (AWS, Azure, Google Cloud). Hands-on experience with cloud security tools and services (e.g., AWS Security Hub, Azure Security Center, Google Cloud Security Command Center). Compliance, Vulnerability Management, and IT Governance Experience working under US Government compliance regimes (e.g., CMMC, NIST, DISA STIG) and ITIL/Change Review systems. Proficiency in vulnerability management systems (e.g., Tenable, Bringa) and CLI scanning tools (e.g., Trivy, OpenSCAP). Version Control, Networking, and Secure Communication Extensive experience with git-driven version control systems (e.g., GitHub, GitLab, Bitbucket). Strong understanding of networking concepts, encryption techniques, and secure communication protocols. Data and Analytics Expertise Experience with databases (e.g., PostgreSQL, SQLite) and data formats (e.g., Parquet, Arrow). Proficiency in analytics systems (e.g., PowerBI, Jupyter) and vendor-agnostic assessment engines (e.g., Cloud Custodian, Panther). THESE QUALIFICATIONS WOULD BE NICE TO HAVE: Advanced degree in computer science, information technology, cybersecurity, or equivalent career experience Involvement with community cybersecurity organizations Experience with the following: AWS GovCloud / Azure GCC High CI/CD pipeline security Tier 2 cloud vendors Hybrid cloud engineering SAST and DAST testing Secrets management / vaults / HSMs Cloud incident response / forensics Log aggregators like Graylog, ELK, or Splunk ADDITIONAL REQUIREMENTS: Specific vision abilities required by this job include close vision, distance vision, peripheral vision, depth perception, and the ability to focus. Regularly required to sit, use hands and fingers, operate computer keyboard and controls, and communicate verbally and in writing. Must be physically able to commute to buildings. Occasional exposure to dust, fumes and moderate levels of noise. Level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, and experience. Base salary is just one component of our total rewards package at Rocket Lab. Employees may also receive company equity and access to a robust benefits package including: top tier medical HMO, PPO & a 100% company-sponsored medical HSA plan option, dental and vision coverage, 3 weeks paid vacation and 5 days sick leave per year, 11 paid holidays per year, flexible spending and dependent care savings accounts, paid parental leave, disability insurance, life insurance, and access to a 401(k) retirement plan with company match. Other perks include: Discounted employee stock purchase program, subsidized EV charging stations, onsite gym, food and drinks, and other discounts. Eligibility for benefits may vary based on employment status, please check with your recruiter for a comprehensive list of the benefits available for this role. Benefit programs are subject to change at the company's discretion. Base Pay Range (CA Only)$150,000-$175,000 USD WHAT TO EXPECT We're on a mission to unlock the potential of space to improve life on Earth, but that's not an easy task. It takes hard work, determination, relentless innovation, teamwork, grit, and an unwavering commitment to achieving what others often deem impossible. Our people out-think, out-work and out-pace. We pride ourselves on having each other's backs, checking our egos at the door, and rolling up our sleeves on all tasks big and small. We thrive under pressure, work to tight deadlines, and our focus is always on how we can deliver, rather than dwelling on the challenges that stand in the way. Important information: FOR CANDIDATES SEEKING TO WORK IN US OFFICES ONLY: To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), Rocket Lab Employees must be a U.S. citizen, lawful U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum, or be eligible to obtain the required authorizations from the U.S. Department of State and/or the U.S. Department of Commerce, as applicable. Learn more about ITAR here. Rocket Lab provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment at Rocket Lab, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Applicants requiring a reasonable accommodation for the application/interview process for a job in the United States should contact Giulia Johnson at ***********************.This dedicated resource is intended solely to assist job seekers with disabilities whose disability prevents them from being able to apply/interview. Only messages left for this purpose will be considered. A response to your request may take up to two business days. FOR CANDIDATES SEEKING TO WORK IN NEW ZEALAND OFFICES ONLY: For security reasons background checks will be undertaken prior to any employment offers being made to an applicant. These checks will include nationality checks as it is a requirement of this position that you be eligible to access equipment and data regulated by the United States' International Traffic in Arms Regulations. Under these Regulations, you may be ineligible for this role if you do not hold citizenship of Australia, Japan, New Zealand, Switzerland, the European Union or a country that is part of NATO, or if you hold ineligible dual citizenship or nationality. For more information on these Regulations, click here ITAR Regulations.

The Orange County Department of Education (OCDE) serves some of Orange County's most vulnerable student populations and provides support and mandated fiscal oversight to 28 school districts serving more than 600 schools and approximately 475,000 students. In addition to providing direct instruction to students through its own alternative and special education programs, OCDE administers an array of programs and services that are critical to the operations of local school districts and community colleges, facilitating professional development, legal guidance, payroll, career and technical education support, high-speed internet access, Local Control and Accountability Plan assistance and approval, resources for families, and student enrichment. OCDE's vision is that "Orange County students will lead the nation in college and career readiness and success." Department staff are working to achieve this goal in collaboration with educators at all levels of student development, from early childhood through higher education, and in partnership with families, businesses and community organizations. See attachment on original job posting Education and Experience: Any combination of education and experience that would likely provide the required knowledge and abilities is qualifying. A typical way to obtain the knowledge and abilities would be: • Bachelor's degree or equivalent from an accredited college or university with major course work in information security, or a related field. • One to two years of experience in information security technology, specifically with penetration testing, intrusion detection, incident response, or digital forensics; or an equivalent combination of training and experience. There are supplemental questions in the application. Please note that the EdJoin system will time-out after a 20-minute period of perceived inactivity. To assist you in the preparation of your application, the supplemental questions are listed here. Your responses should be thoughtful and thorough, and within the limit of 5,000 characters or less. We recommend that you prepare your responses in advance of beginning the application. 1. Explain a cybersecurity framework or methodology you know and how you have applied it in a previous role or project. 2. Describe your approach to investigating and assessing cybersecurity events and incidents. How do you prioritize incidents, and what criteria do you use to determine severity and impact? 3. Why are you passionate about pursuing a career in cybersecurity, and how do you stay current with the latest trends and developments in the field? Notice to Applicants: If you require accommodations in the application process, please inform us. Education and Experience: Any combination of education and experience that would likely provide the required knowledge and abilities is qualifying. A typical way to obtain the knowledge and abilities would be: • Bachelor's degree or equivalent from an accredited college or university with major course work in information security, or a related field. • One to two years of experience in information security technology, specifically with penetration testing, intrusion detection, incident response, or digital forensics; or an equivalent combination of training and experience. There are supplemental questions in the application. Please note that the EdJoin system will time-out after a 20-minute period of perceived inactivity. To assist you in the preparation of your application, the supplemental questions are listed here. Your responses should be thoughtful and thorough, and within the limit of 5,000 characters or less. We recommend that you prepare your responses in advance of beginning the application. 1. Explain a cybersecurity framework or methodology you know and how you have applied it in a previous role or project. 2. Describe your approach to investigating and assessing cybersecurity events and incidents. How do you prioritize incidents, and what criteria do you use to determine severity and impact? 3. Why are you passionate about pursuing a career in cybersecurity, and how do you stay current with the latest trends and developments in the field? Notice to Applicants: If you require accommodations in the application process, please inform us. Comments and Other Information Resumes will not be accepted in lieu of the completed online application. Before receiving authorization to work in this position, the individual selected will be required to provide a current negative TB authorization, within the last 60 days, and submit fingerprints for the purpose of conducting a confidential background investigation and record check. The tests are arranged and paid for by OCDE. The Immigration Reform and Control Act of 1986 requires employers to verify the employability of all new employees. Before the Department will finalize an offer of employment, the candidate selected will be required to show original documents which establish both the individual's identity and employment authorization. The candidate must also sign a statement under penalty of perjury regarding his/her employability. We reserve the right to reopen, readvertise, or delay filling this position. AA/EOE/ADA

at loan Depot loan Depot's Security Operations team is at the forefront of cyber defense for the organization. We are seeking a Senior Security Analyst who will act as both a technical authority and front-line commander within our Security Operations Center. This is a strategic, high-impact role for a seasoned professional who can seamlessly integrate with our team on Day One, bringing the composure, knowledge, experience, and precision necessary to contain and eradicate cyber threats from our environment.Reporting directly to the Information Security Operations Manager, this position partners closely with our Level 1 MSSP, internal business units, and external incident response partners to ensure that every incident is managed with accountability, consistency, and efficiency. The ideal candidate is resourceful, quick-thinking, and deeply fluent with the leading security stacks and tools, capable of turning strands of data into decisive action and information. The Sr. Cyber SOC Analyst must be able to come into the Irvine, CA office 2-3 times per week. Responsibilities: Lead and execute end-to-end security incident response activities including detection and triage, containment, eradication, and recovery for incidents ranging from simple to complex. Serve as incident commander for high-severity security events, ensuring clear communication and timely resolution across stakeholders. Partner with Level 1 MSSP partners to validate escalations, refine detection logic, and ensure consistent handling workflows. Coordinate with external partners and internal teams to contain and mitigate threats while maintaining operational resilience. Detection, Analysis, & Threat Hunting Utilize industry standard and/or custom tools for telemetry to conduct deep-dive investigations and root cause analysis. Develop and optimize queries, analytic rules, and playbooks to enhance threat detection and automation, pushing incidents towards level 0 where possible. Conduct proactive threat hunts and adversary emulation exercises to identify emerging tactics, techniques, and procedures (TTPs) before they escalate into incidents. Leverage MITRE ATT&CK, NIST SP800-61r3, NIST CSF2, and other frameworks to ensure methodical and repeatable investigation practices. Operational Excellence & Leadership Document and refine incident response playbooks and runbooks to improve team consistency and speed. Produce detailed incident reports, post-incident reviews, and executive summaries with actionable insights. Mentor other analysts and emerging prospects, reinforcing our culture of accountability, consistency, and efficiency. Participate in weekly high-severity incident case reviews and contribute to the continuous improvement of SOC metrics and performance. Other duties as assigned. Requirements: Bachelor's Degree in a related field preferred, but not required. Minimum of five (5) + years' experience working in a security operations center or similar environment preferred. A demonstrated mastery of industry leading tools in SIEM, EDR, and CSPM. Expertise in querying, hunting, and correlating disparate data points across large telemetry datasets using SQL/KQL/Cypher. A demonstrated ability to lead complex investigations and coordinate across technical and business stakeholders. A solid understanding of cybersecurity frameworks such as MITRE ATT&CK, NIST CSF 2, NIST SP800-61r3. Excellent written and verbal communication skills, with the ability to translate technical findings into business-relevant narratives. Experience in log aggregation technologies and SIEM tuning processes. Experience in the Mortgage industry preferred. CISSP, GIAC Certified Incident Handler, or other related certifications preferred. Why work for #teamloan Depot: Competitive compensation based on skillset and relatable experience. Work with other passionate, purposeful, and customer-centric team members. Inclusive, diverse, and collaborative culture where people from all backgrounds can thrive. Extensive internal growth and professional development opportunities including tuition reimbursement. Comprehensive benefits package including Medical/Dental/Vision. Wellness program to support both mental and physical health. Discretionary Time Off (DTO) policy to support work-life balance in addition to Paid Voluntary Time Off. About loan Depot: loan Depot (NYSE: LDI) is a digital commerce company committed to serving its customers throughout the home ownership journey. Since its launch in 2010, loan Depot has revolutionized the mortgage industry with a digital-first approach that makes it easier, faster, and less stressful to purchase or refinance a home. Today, loan Depot enables customers to achieve the American dream of homeownership through a broad suite of lending and real estate services that simplify one of life's most complex transactions. With headquarters in Southern California and offices nationwide, loan Depot is committed to serving the communities in which its team lives and works through a variety of local, regional, and national philanthropic efforts. Base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay for this roles is between $99,000 and $136,000. Your base pay will depend on multiple individualized factors, including your job-related knowledge/skills, qualifications, experience, and market location. We are an equal opportunity employer and value diversity in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Are you passionate about administrating and enforcing solutions that safeguard data? Are your interested in serving your fellow team and the community? If so, we want to talk to you - we are currently looking for Service Superstars to join our Team! An Information Security Analyst 1 takes a lead role in the research, design, and implementation of all information security related hardware or software; including operating systems and communications products, coordinating implementations with third party vendors and supporting representatives as needed. This role also serves as a liaison between vendors and other departments on information security related projects. Duties and Essential Functions: Service * Personally, provides exceptional member service; uses Service Standards in every work-related interaction. * Ensures that exceptional member service is being provided to members and team members, at all times. * Serves as a strong example of leadership in work ethic, professionalism, and conduct. * Promotes a harmonious work environment that motivates others towards team participation, goal setting/accomplishment, and personal development. Daily Operations * Assists in the management of multiple information security systems, ensuring proper integration of the components with computer systems, network equipment and other devices. * Assists in research of data security needs and requirements for current and future systems. * Performs regular vulnerability analysis for intentional and unintentional systems misuse and identifies appropriate counter measures. * Takes a supporting role in the management of the Credit Union's information security program including establishing, implementing and monitoring of information security, incident response procedures and policies, system configuration standards and ongoing risk assessments. * Assists the credit union management team with the creation, modification, and implementation of Information Security policies and standards. * Performs routine audits of security databases including Active Directory, Anti-Virus, Data Loss Prevention (DLP), Group Policy, Remote Authentication Dial-In User Service (RADIUS), and regularly reviews other security logging systems. Designs and/or implements changes to these systems in response to any discovered vulnerabilities. * Performs regular audits of credit union procedures including new hire/transfer/separation process, configuration checklists, firewall changes, Uniform Resource Locator (URL)/Spam filter changes, DLP changes, file permission changes, inventory changes, equipment changes, and system health checks. * Takes a supporting role in the management of Credit Union patch management, anti-virus, Spam filtering, DLP, URL filtering, and intrusion prevention systems. * Assists with the development and implementation of active directory group policy objects with an emphasis on enhancing computer systems security. * Manages the creation, deletion, or alteration of systems access for Credit Union team members. Makes key decisions on whether to honor system access requests and responds appropriately. * Takes a supporting role in the research, design, and implementation of all information security related hardware or software including operating systems and communications products; assists with coordination of implementations with third party vendors and supports representatives as needed; serves as a liaison between vendors and other departments on information security related projects. * Conducts various training and instruction programs for credit union team members on the secure use of e-mail and the internet as well as operating systems, networking, computer applications and databases. * Assists in the evaluation of new projects and proposes systems for security risks and makes recommendations for implementation to management. * Takes supporting role in analyzing, planning and implementing projects including software, in-house development, hardware, and networks to provide new products and services to members of the credit union and to improve the effectiveness of member data security. Performs capacity planning and tuning of information security systems to assure maximum availability and optimal utilization; directs/assists with hardware and software upgrades as needed. * Develops project scope and timeline documents for individual projects per Information Systems (IS) Department standards. * Stays current with evolving trends in information security related hardware, applications, development, and the internet. * Provides guidance and assistance on technical skills to other IS staff. * Provides regular documentation and reports on the progress of information security initiatives as well as provides suggestions or plans to further improve the credit union's security efforts. * Other duties as deemed necessary and assigned by Supervisor to achieve the goals of the department and the Credit Union. Benefits Include: (not a complete list) Wellbeing * Weekly pay * 401K Retirement Savings Plan with company match * Paid time off accrual begins upon hire, 15 paid vacation days, 11 paid holidays * Paid sick leave * Company-provided life insurance at twice your annual salary * Financial Education Programs * DoorDash DashPass Health * Medical, Dental, and Vision Insurance for part-time and full-time employees * Modern Health * Care.com subscription * Teladoc Career Development * Career development opportunities * Team members are eligible to apply for assistance with educational expenses through ArrowHeart's scholarship program. To learn more about Arrowhead Credit Union and our service culture, visit our Career page, and our ArrowHeart Foundation. The pay range for this position is listed below. Starting pay for successful applicants is generally within the minimum to midpoint of the pay range. Our consideration for pay is designed to support career growth and development over time. Offers extended depend on a variety of job-related factors, including but not limited to individual experience, knowledge, training, education, geographic location, market demands, and internal equity. Pay range: Minimum: $35.11/hourly| Midpoint: $43.89/hourly | Maximum: $52.67/hourly

Headquartered in the United States, TP-Link Systems Inc. is a leading global provider of networking devices and smart home products. Consistently ranked as the world's top provider of Wi-Fi devices, TP-Link is dedicated to delivering innovative solutions that improve people's lives by offering faster, more reliable connectivity. Serving customers in over 170 countries, we are committed to expanding our global footprint. At TP-Link Systems Inc., we believe that technology has the power to transform the world for the better. Our mission is to design reliable, high-performance products that connect users worldwide to the limitless possibilities of technology. We are driven by our core values of professionalism, innovation, excellence, and simplicity. Our goal is to help clients achieve outstanding global performance and to provide consumers with a seamless, effortless technology experience. TP-Link Systems Inc. is seeking a skilled and proactive Sr. Security Compliance Analyst who will be responsible for developing and overseeing TP-Link's enterprise security governance framework, ensuring compliance with regulatory requirements, industry standards, and internal policies. This individual will collaborate with cross-functional teams to embed security into business operations, manage risk, and enhance security resilience across TP-Link's enterprise ecosystem. Key Responsibilities: Security Governance & Policy Development * Develop, implement, and maintain security policies, standards, and guidelines aligned with industry best practices (e.g., NIST, ISO 27001, CIS). * Establish and lead a security governance framework to ensure consistent application of security controls across the enterprise. Risk Management & Compliance * Identify, assess, and mitigate security risks across TP-Link's global operations. * Ensure compliance with regulatory requirements such as GDPR, CCPA, NIST CSF, and other applicable cybersecurity frameworks. * Oversee security audits, risk assessments, and third-party security evaluations. * Partner with legal, IT, and business leaders to address security compliance gaps. Third-Party & Supply Chain Security * Develop and enforce security requirements for vendors, suppliers, and third-party partners. * Conduct security assessments of supply chain partners to identify and mitigate potential risks. Security Awareness & Training * Develop and lead security awareness programs to educate employees on cybersecurity risks and best practices. * Foster a security-first culture across all levels of the organization. * Provide guidance and training on security governance processes for internal stakeholders. Incident Response & Continuous Improvement * Support security incident response efforts by ensuring governance processes facilitate rapid detection and response. * Lead post-incident analysis to refine security policies and controls. * Monitor emerging threats, regulatory changes, and industry trends to evolve TP-Link's security governance strategies.

Country: United States of America Onsite U.S. Citizen, U.S. Person, or Immigration Status Requirements: Active and transferable U.S. government issued security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance Security Clearance: Secret - Current At Raytheon, the foundation of everything we do is rooted in our values and a higher calling - to help our nation and allies defend freedoms and deter aggression. We bring the strength of more than 100 years of experience and renowned engineering expertise to meet the needs of today's mission and stay ahead of tomorrow's threat. Our team solves tough, meaningful problems that create a safer, more secure world. Raytheon is seeking a well-qualified Systems Security Engineer II (P2) to join our Systems Security Engineering (SSE) team in developing solutions to protect the Warfighter's technology advantage. Systems Security Engineering creates holistic security solutions leveraging Cyber Security, Software Assurance and Supply Chain Risk Management to support Program Protection Implementation on embedded weapons systems. Join our highly visible team and perform technically challenging assignments, which will directly contribute to protecting our nation and our Warfighters. This is an onsite position at Raytheon in Fullerton, CA. What You Will Do * Lead the patch team, ensuring on-time delivery of patches to our customer * Perform analysis on cybersecurity collected data and test results * Validate secure configuration of routers, switches, firewalls, servers, operating systems, applications, and other assets, using DoD approved scanning and assessment tools such as Nessus, STIG, Evaluate STIG, and/or RADIX * Create and maintain Linux Bash and Python scripts * Create patch artifacts such as patch media and information assurance posture reports Qualifications You Must Have * Typically requires a Bachelor's Degree in Science, Technology, Engineering or Mathematics (STEM) and 2 years of prior relevant experience * Active and transferable U.S. government issued DoD Secret security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance * Experience in System Security Engineering, computer technology reverse engineering, cybersecurity or embedded security Qualifications We Prefer * Experience with scrum planning and scrum tools such as Jira * Experience in the SSE implementation throughout the entire life cycle * Experience contributing to a team environment for the purpose of developing creative solutions to technical problems * Cyber Certifications in accordance with DoDD 8570/DoDD 8140 such as CISSP, GSLC, CEH * Experience supporting the development of Risk Management Framework (RMF) documents and controls validation testing for Authority to Operate (ATO) accreditations * Candidate must exhibit an exceptional degree of ingenuity, creativity and resourcefulness * Excellent communication, technical writing, oral presentation and interpersonal skills What We Offer * Our values drive our actions, behaviors, and performance with a vision for a safer, more connected world. At RTX we value: Trust, Respect, Accountability, Collaboration, and Innovation * Relocation Eligible - Relocation assistance is available As part of our commitment to maintaining a secure hiring process, candidates may be asked to attend select steps of the interview process in-person at one of our office locations, regardless of whether the role is designated as on-site, hybrid or remote. The salary range for this role is 72,000 USD - 144,000 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate's work experience, location, education/training, and key skills. Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement. Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company's performance. This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply. RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window. RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans' Readjustment Assistance Act. Privacy Policy and Terms: Click on this link to read the Policy and Terms

Department Description At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences. The Enterprise Technology mission is to deliver technological solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: * Secure the Magic by protecting information systems and platforms. * Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. * Strengthen the business through optimizing execution, application, and technology used to protect the Company. * Innovate by investing in core capabilities to enhance operational efficiency. Team Description: Global Information Security (GIS) supports all of Disney's business segments, including Disney Entertainment & ESPN (DE&E). DE&E encompasses the operations of Disney's streaming services-Disney+, Hulu, ESPN+, Disney+ Hotstar, Star, and the upcoming Venu Sports streaming service-as well as Disney's broadcast and cable networks, including ABC, ESPN, FX, Disney Channels, and National Geographic. DE&E sits at the intersection of entertainment, sports, and technology, striving to connect viewers with beloved stories while advancing the streaming industry with consumer-first innovations. Security professionals supporting DE&E work with industry-leading technologies to deliver world-class, highly secure services to customers. What You'll Do: * Independent audit support for: * SOX 404 ITGCs * PII * PCI * ISPS * Collaborate with Enterprise Controls and Compliance (ECC) to scope systems and respective ITGCs. * Perform control health checks and remediation testing procedures to address issues identified via audit assessments, access control reviews, internal or external audits and/or other assessments. * Develop and lead the Control Assurance Programs (ISPS and SOX). * Lead Audit Readiness efforts to ensure proper system scoping and respective ITGCs, control validations and timely program onboarding. * Participate in audit walkthrough meetings to help establish internal testing procedures to gain operational comfort in the design of the Company's automated controls. * This includes control self-evaluations of new controls or processes that impact the effectiveness of an existing control. * Perform impact analysis and risk assessment on deficiency findings and documentation associated with the assessment. * Work with management and internal audit on maintaining the master Risk and Control Matrix over the systems material to Disney Entertainment and ESPN (Broadcast TV and Streaming - Hulu, Disney+, ESPN+, STAR+ products) * Ensure for timely management response of audit findings into our corporate SOCD/SAD. * Oversee ISPS Management Audit coordination and open action plans. * Provide consultancy to Development leads to identify and implement automation and efficiency opportunities to meet governance and compliance demands. * Management of GRC workflows around coordination of certifications and attestations. * Partner with leadership to support the PCI-DSS compliance program. * Develop training materials, coordinate training sessions, and monitor compliance with training requirements. * Oversee and manage a team of compliance analysts, ensuring day-to-day operations run smoothly and efficiently. * Assign tasks and projects to team members based on priorities, deadlines, and individual strengths. * Provide executive level updates on Compliance programs Must Haves (Years of Experience, languages, programs, tools, etc.): * Minimum of 8 years of related work experience, with 3 in management roles * IT SOX experience and proven experience in supporting IT audit/compliance functions * Experience in managing people * Thorough understanding of SOX ITGC and ICFR 404 standards and audit objectives * Interpersonal skills with the ability to work with teams cross-functionally * Strong verbal and written communication skills and ability to effectively communicate to technical and non-technical audiences, including developers and tech operators * Detail-oriented but able to understand the big picture. Highly organized and efficient * Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and deliver on commitments * Experience with cloud-based services, specifically AWS Nice To Haves (see above): * Experience and knowledge of NIST framework, ISO 27001, K-ISMS, GDPR * Experience working with companies that have a heavy microservice architecture Education: Bachelor's degree in Computer Science, CPA license, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience The hiring range for this position in Glendale, CA and Santa Monica, CA is $141,900 to $190,300 per year and in New York, NY is $148,700 to $199,400 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. About The Walt Disney Company (Corporate): At Disney Corporate you can see how the businesses behind the Company's powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you'll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe. About The Walt Disney Company: The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise that includes three core business segments: Disney Entertainment, ESPN, and Disney Experiences. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney's stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished. This position is with Disney Worldwide Services, Inc., which is part of a business we call The Walt Disney Company (Corporate). Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, religion, color, sex, sexual orientation, gender, gender identity, gender expression, national origin, ancestry, age, marital status, military or veteran status, medical condition, genetic information or disability, or any other basis prohibited by federal, state or local law. Disney champions a business environment where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a constantly evolving world. Apply Now Apply Later Current Employees Apply via My Disney Career Explore Location

The System Security Engineer Level II is required to be a highly skilled and hands-on security engineer, and will be responsible for helping to maintain and expand the infrastructure of the entire Cambro network, ensuring that they are protected from cyber threats and attacks, ensuring compliance, and responding to incidents. In this role, the responsibility is to manage, monitor, and maintain our Network IT infrastructure from CVEs, cyber threats, manage and implement device firmware and software updates. Also, the role is required to assist in projects and initiatives to support, upgrade, and maintain our technical environment to improve network security. The role requirement is to be proficient with cybersecurity frameworks including NIS, ISO27001/27002, CIS, HIPAA, CCPA/CPRA and GDPR. The role requires to have a multi-disciplined background including experience with Cybersecurity Operations, firewalls, IDS/IPS, switches, VLANs, routing protocols, IPsec, VPN tunnels, multi factor authentication and e-mail security. In addition, they must have a solid understanding of virtualized servers, Windows workstations and services. This role is required to have the network monitoring skills and technologies for detecting unusual activity, investigate security breaches and lead incidence response. ESSENTIAL JOB FUNCTIONS • Monitor network traffic for anomalies, investigate alerts and respond to security incidents. • Conduct regular vulnerability scans, risk assessments, patch management and mitigation across network devices. • Ensure adherence to cybersecurity frameworks including NIS, ISO27001/27002, CIS, HIPAA, CCPA/CPRA and GDPR. • Able to proactively scan servers and network devices for vulnerable ports and protocols and rogue devices. • Manage our firewall environment with the ability to create route policies and apply cybersecurity recommendations • Install and configure Network Equipment (Switches, Firewalls, and other networking hardware) • Perform (Layer 2) switch administration and configuration on Cisco/Ruckus switches. Including configuring LAGs, interfaces, creating trunks, creating, and managing segmented VLANs. • Possess a solid understanding of Windows Server services and roles including installation and configuration • Create certificates for network devices and servers that have a web management capability • A strong understanding of Windows Active Directory and can design, implement, and configure and troubleshoot Active Directory issues • Create, Manage and Deploy Group Policy Objects (GPO's) to deploy applications and implement security including windows firewalls • Effectively use PowerShell to automate and standardize administrative tasks • Capable of installing a Linux VM and execute basic Linux commands and managing Linux appliances • Manage our virtualized server environment managing, creating VM's and patching the VMware environment. • Strong understanding of Virtual Switches, Port Groups (Distributed and Standard) • Manage the Active Backup for Business on Synology and other advanced Synology administration features • Maintain and monitor Backup solutions. • Manage our users email accounts using the cloud service M365 from Microsoft • Responsible for creating and maintaining server and network documentation to include tasks and procedures • Proactively monitor our network using a variety of tools to help identify potential network and server issues • Assist in patching our entire infrastructure when needed using a variety of tools • Maintains strong technical abilities, knowledge of new and changing technologies • Prepare for emergencies by creating and/or updating action plans • Jumping into time-sensitive projects wherever needed • Showing flexibility and a willingness to learn • Maintain healthy communication with IT Staff, IT Customers and Vendors • Actively participate in IT Infrastructure and Operations projects, managing, completing, communicating, and fully documenting assigned tasks and deliverables. • Maintain reliable and consistent attendance, including being punctual, and dependable in order to meet the needs of the department and the organization. • Execute each essential duty satisfactorily to perform job successfully. • Follows all safety procedures required in work area, wears PPE as needed, attends all safety meetings, and reports safety issues regarding equipment or unsafe/hazardous conditions. • Performs effectively as a team member, able to work well with others, open to receiving and give feedback, and treats everyone with respect. • Takes ownership of own work and behavior, accepts accountability for own actions, encourages solutions, and communicates status of work/projects. • Follow all department quality standards/criteria. Raise concerns and issues to immediate manager. • Able to understand and demonstrate Cambro company culture, display company core values (Safety, Quality, Respect, and Service). • Understands department's key performance indicators and contributes to achieve these goals both individually and as a team. • Maintains reliable and consistent attendance, including being punctual, dependable, and flexible to potential schedule changes to meet the needs of the department and the organization. • Executes each essential duty satisfactorily to perform job successfully. • Follows all safety procedures required in work area, wears PPE as needed, attends all safety meetings, and reports safety issues regarding equipment or unsafe/hazardous conditions. • Performs effectively as a team member, able to work well with others, open to receive and give feedback, and treats everyone with respect. • Takes ownership of own work and behavior, accepts accountability for own actions, encourages solutions, and communicates status of work/projects. • Follows all department quality standards/criteria. Raises concerns and issues to management. • Understands department's key performance indicators (KPIs) and contributes to achieve these goals both individually and as a team. • Other duties as needed or required. ADDITIONAL RESPONSIBILITIES • Ability to be on call 24 hours a day, 7 days a week for global operations, by periodically providing off-hours, evening, and weekend support to accommodate maintenance windows and issue resolution • Occasional travel to various Cambro locations domestically and internationally as required (15%) • May occasionally guide less experienced associates to help with technical projects • Some travel may be required. REQUIRED QUALIFICATIONS The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. • Bachelor's degree (B.A.) from a four-year accredited college or university. • 5-10 years of experience in IT security, network, administration, and support roles. • Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form. • Ability to adapt and adjust plans to meet changing needs. • Proficient in Microsoft Office Suite • Experience with Fortinet solutions, EDR, email security solutions • Solid knowledge of cybersecurity frameworks including NIS, ISO27001/27002, CIS, HIPAA, CCPA/CPRA and GDPR. • Solid working knowledge of Layer 2 (VLANs, Inter-VLANs, VTP Domains, bridge groups, MVRP, ACL's) technologies and network segmentation. • Strong knowledge of DNS records including reverse zones and maintaining DNS records • Strong DHCP Knowledge to include DHCP Fail over and able to configure DCHP relay on Switches • Solid understanding of routing protocols, static routes and ARP cache • Proficient in creating and implementing certificates on layer 2 devices (Switches, Firewalls, Linux Appliances) • Strong troubleshooting skills and possess the ability to find security and network issues in a timely manner • Strong Windows administration skills including Active Directory/GPO's and security policies • Solid working knowledge of Virtualization, such as VMware ESXi servers and vCenter 7.x • Solid working knowledge of Veeam/Bacula/Exagrid backup software to manage backup and restore procedures • Must be able to follow instructions and procedures and ask questions if something is unclear • Excellent documentation skills including ability to create network drawings • Self-motivated and energetic with the ability to manage time efficiently without supervision and to work effectively under pressure • Strong customer service and communication skills • Excellent organizational skills and strong sense of urgency • Familiarity with various network types including LANs, WANs, SDWAN, WLANs, SANs, and VoIP networks • Great accuracy and attention to detail PREFERRED QUALIFICATIONS • Experience in Business Continuity and disaster recovery is a plus • Knowledge of Ruckus Access Points and Switches • Knowledge of IBMi PHYSICAL DEMANDS The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Sitting, walking, standing, bending at the neck, bending at the waist, squatting, climbing, kneeling, crawling, twisting at the neck and waist, repetitive use of hands, simple grasping, power grasping, fine manipulation, pushing and pulling, reaching above and below the shoulder, carrying/lifting up to 50 lbs. Driving cars and other IT equipment Working around equipment and machinery Exposure to excessive noise Exposure to dust, gas, fumes or chemicals Working at heights Use of special visual or auditory protective equipment Walking on uneven ground PPE Requirements Safety glasses Steel-toe slip-resistant shoes - When in production area Hearing protection (e.g. ear plugs, ear muffs) - When in production area Face covering (mask) in accordance with company policy. Hardhat/bump camp IT Application COMPENSATION RANGE: $97,000- $120,000 Salary may vary based on experience. CAMBRO is proud to be an equal-opportunity workplace. All qualified applicants will receive consideration for employment without regard to and will not be discriminated against based upon race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic information, military or veteran status, or other characteristics protected by law.

What you do Be responsible for Pre Sales Support & End User Support for, but not limited to the design, configuration, and operation of complete building low voltage systems, including fire, security, and other low voltage control sub-systems (i.e. lighting, nurse call, data networks, etc.) to meet the intent of the project requirements. Accountable to field teams for quality, timeliness and efficiency of designs. Develops complex software programs, commissions and troubleshooting to ensure proper operations of the building control system. Provides detailed information and submittals to communicate design and operation to customers, consultants, Johnson Controls field installation team and subcontractors. How will you do it - Sales Support and End User Support · Possible job walks with the Sales Team on the initial design phase · Designs and configures are technically complex building control systems as defined by the contract documents. · Creates flow diagrams, sequence of operations, bill of material, network layouts and electrical schematics as required. · Develop and tests software programs necessary to operate the system per the project requirements' intent. · Coordinates the creation of necessary drawings and equipment schedules for submittals and installation. · Assists in the loading and commissioning of all system and network-level controllers as required. · Assists in validation of complete system functionality and troubleshoots problems with subcontractors and other trades to ensure proper operation. · Provides field change information to the project team for the creation of as-built drawings and software. · Keeps management and JCI contractor or customer informed of job progress and issues. · Assists in performing site-specific training for owner/operator on the total building control system. · Participates in release meeting with the project field team. · Performs value engineering to provide cost effective results while maintaining customer satisfaction. · Adheres to safety standards. · High degree of employee and subcontractor safety. What we look for Required Qualifications · Minimum of seven years of experience, or an associate degree in a related technical field with seven years of relevant work experience required. · Demonstrated knowledge of the construction, mechanical, electrical, or HVAC service industry. · Demonstrated knowledge of mechanical drawings, electrical wiring diagrams, control theory, automatic temperature controls, building automation systems and other building subsystems. · Demonstrated experience in the integration of low voltage building sub-systems using various industry protocols (i.e. LON, BACnet, etc.). · Ability to relate technical knowledge to a non-technical audience. · Demonstrated advanced computer skills required, particularly computer-related drafting tools, such as Visio. Preferred Qualifications · Bachelor's degree in engineering with a minimum of five years of experience, or an associate degree in a related technical field with seven years of relevant work experience required. · Understanding of IP networking for building automation systems. · Understanding of Tridium/Niagara Framework HIRING SALARY RANGE: $100K to $125K (Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, location and alignment with market data.) This role offers a competitive Bonus plan that will take into account individual, group, and corporate performance. This position includes a competitive benefits package. For details, please visit the About Us tab on the Johnson Controls Careers site at ***************************************** Johnson Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, sexual orientation, gender identity, status as a qualified individual with a disability or any other characteristic protected by law. To view more information about your equal opportunity and non-discrimination rights as a candidate, visit EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit here.

About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: - Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. - Build-time controls: Managing applications/products security controls and activities during development. - Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Support or develop components of the security analytics platform. Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. Support the security operations team with the vulnerability management lifecycle for products and services under your purview. Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. In addition to the above salary, this role may be eligible for a bonus. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

The Information Security Analyst will be tasked with monitoring and identifying organizational security risks, detecting attack methods and sources, and preserving electronic evidence when required. This role requires expertise in analyzing, recommending, designing, implementing, and maintaining systems and processes that safeguard business and client data. Core responsibilities include conducting risk assessments, performing security analyses, and creating remediation strategies. The individual should be capable of working independently while contributing to security programs as part of the incident response team. Strong written communication skills are essential for preparing formal reports. Professional fluency in English and Portuguese is required. This is an onsite position in Brazil, five days per week, offered as a 6-12 month contract with potential for extension or conversion to a full-time role. Responsibilities but not limited to: - IT Security Administration: Focus on minimizing downtime and ensuring scalability by addressing security risks across systems and networks. - Application Security Alignment: Guarantee that security architecture, designs, plans, controls, and policies comply with IT standards and overall security requirements. - Documentation: Develop and maintain detailed records for all security systems and networks, updating documentation whenever changes occur. - Project Participation: Contribute to initiatives and projects centered on information security. - Program Support: Assist with implementing, maintaining, and monitoring the information security program, including gap analysis, risk assessments, third-party evaluations, procedure development, recurring processes, and incident response. - Solution Deployment: Handle integration, initial configuration, and upgrades of new and existing security solutions following industry best practices. - Operating Systems Expertise: Demonstrate advanced knowledge of Linux, Windows, and OS X environments. - Cloud Security: Apply experience in securing cloud infrastructures such as AWS and Azure. - Vulnerability Management: Lead efforts to identify and remediate security weaknesses in networks and systems, providing technical guidance and support. - Policy Development: Create, implement, and maintain internal procedures to safeguard data and manage incident response effectively. - Collaboration: Work with project teams and system architects to design secure systems and project plans that meet established security standards. - Threat Awareness: Stay informed on current and emerging security threats and design architectures to mitigate potential risks. We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to ********************.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: **************************************************** Skills and Requirements · Knowledge with Security solutions: SIEM, IAM, PAM, EDR/XDR, CSAM, CASB, Proxies, ZTNA · Solid security understanding with Microsoft security controls (AD, Entra, O365, Intune MDM, etc) · Minimum 7+ years of experience in information technology security or equivalent combination of education and experience · Security+, CISSP, CISA or SANS GIAC certification · Understanding of application, network, operating system, and core infrastructure security concepts. · Knowledge on security monitoring tools such as UTM, IPS, IDS and other security appliances · Project management, organizational and prioritizing skills · Understanding of WAN, MPLS, and technologies such as VoIP beneficial · Working knowledge of common information technology management frameworks such as ISO/IEC 27001, ITIL, COBIT, and NIST

This position is responsible for ensuring that the Bank's Security operations and preventive controls are managed and maintained in accordance with established Information Security policies, standards and procedures, published regulations and industry best practices. Primarily responsible for the constant review of vendor security controls in comparison with policies and industry frameworks, risk assessments, determination of control gaps and their remediation. ESSENTIAL FUNCTIONS Performs vendor security risk assessments to determine inherent risk on proposed projects and assesses vendor security controls to determine residual risk. Evaluates the potential exposure to application security risks and threats based on industry security frameworks and recommends appropriate mitigation. Assesses security practices including Information Security governance, Identity and access control, Incident monitoring and response, Vulnerability assessment and Penetration tests, Network Security and Endpoint Security, among others. Acts as liaison with Third Party Risk Management, Information Technology and business department Relationship Managers related to vendor risk assessments. Reports information security risks and follows-up remediations. Remediates audit and regulatory findings and recommendations related to Information Security and Vendor Risk Management. QUALIFICATIONS Education: College degree in Information Technology or Information Security or equivalent; Security+, SSCP, CISSP, CISM or similar information security certifications preferred. Experience: Minimum two years of experience in Information Security Risk, Information Security Operations or Security Auditing. Proven experience on third-party risk management and vendor security assessments. Working knowledge of security practices such as Endpoint Security, Network Security, Security Operations and Security Governance required. Experience working with Vendor Risk Management (VRM) applications preferred. Skills/Ability: Proven ability to initiate and manage projects. Excellent communication and problem-solving skills. Strong inter-personal communication and collaboration skills. Self-starter, highly motivated, and able to work with general supervision. OTHER DETAILS $28.84 - $33.65 / hour Pay determined based on job-related knowledge, skills, experience, and location. This position may be eligible for a discretionary bonus.

Sr. Information Security Engineer External Description: Alignment Healthcare is a data and technology driven healthcare company focused on partnering with health systems, health plans and provider groups to provide care delivery that is preventative, convenient, coordinated, and that results in improved clinical outcomes for seniors. We are experiencing rapid growth (backed by top private equity firms), and our team is looking for the best and brightest individuals. We love our customers and understanding them better makes it possible to provide the best clinical outcomes and care experience. Are you an Information Security Engineer with experience in automation, cloud technologies, and endpoint security? Would you like to work in an environment where your skills can be utilized effectively, and you have opportunities to make significant impact? If you are passionate about security and can reduce risk in practical ways that scale, we want to hear from you! Major Responsibilities Contributes to the daily operational aspects of the Information Security Team, primarily from a technical implementation perspective. Assists with break/fix of tools and automation that are owned by the Information Security Team. Works with internal and external customers on a variety of issues, from a simple security review of a mundane and routine ask, to a complex deep dive into a new feature implementation in O365, Azure, or AWS. Balances operational work (approximately 70% of the day) to help meet team SLAs, and project work (approximately 30% of the day) to meet assigned team deliverables. Contributes to the design, implementation, and documentation of new security tools. Collaborates with other internal information technology teams (networking, cloud, traditional architecture, developers, and data scientists) to support internal and external systems. Utilizes scripting and DevOps to provide automation and orchestration between: information security tools, such as the SIEM (Logstash, FortiSIEM, IBM QRadar, etc.); endpoint protection (Symantec, McAfee, Cylance, CrowdStrike Falcon, etc.); vulnerability scanners (Rapid7, Nessus, etc.); patch management (SCCM, Altiris, PDQ, etc.); other applications; OS' (Windows, MacOS, Linux, iOS, Android); cloud platforms (AWS, Azure); and IAM platforms (Active Directory, Okta, Auth0, PingIdentity, SAML, OIDC). Clearly documents designed automation and system relationships. Contributes and participates in the Information Security Team daily stand-ups and other meetings as necessary. Participates in regular reporting, maintaining accountability and transparency within the Information Security Team. Remains current on industry trends in cyber risk with industry standards (ISO 27001/2, NIST, CIS) and regulatory requirements (HIPAA, HITECH, HITRUST, etc.) Technical knowledge of common information security tools and systems: DLP, MAM/MDM, Firewall/VPN, endpoint protection, PKI, RBAC, IAM, etc. Demonstrated practical experience with one or more programming or scripting languages. (PowerShell, Python, C#, VB, VBA, Ruby, NodeJS, SQL, etc.) We're not picky, but you must be able to deliver practical automation! Demonstrated practical experience with one or more of the major cloud providers (AWS, Azure, GCP). Excellent oral and written communication skills, and an ability to present and discuss technical information in a way that establishes rapport and trust. Detail orientated, with an ability and desire to build to 100%, but being ok with building to 90% as tasked. An ability to be productive as an individual contributor with little supervision to meet agreed upon deliverables. Preferred Prior experience in the healthcare or a related HIPAA regulated industry. A working knowledge of the NIST CSF and/or CIS Critical Security Controls (CSC). A working knowledge of Git and GitHub. Previous experience contributing to projects using agile tools (Jira, Azure DevOps, Pivotal) and processes (Scrum, Kanban). One or more cloud security certifications. Education Bachelor's degree in Computer Science, Computer Engineering, or related technical discipline, and/or equivalent work experience. 3+ years' experience working in a technical, hands-on, information security role. One or more current security related certifications (e.g., CISSP, SANS GIAC, etc.) City: Orange State: California Location City: Orange Schedule: Full Time Location State: California Community / Marketing Title: Sr. Information Security Engineer Company Profile: Alignment Healthcare was founded with a mission to revolutionize health care with a serving heart culture. Through its unique integrated care delivery models, deep physician partnerships and use of proprietary technologies, Alignment is committed to transforming health care one person at a time. By becoming a part of the Alignment Healthcare team, you will provide members with the quality of care they truly need and deserve. We believe that great work comes from people who are inspired to be their best. We have built a team of talented and experienced people who are passionate about transforming the lives of the seniors we serve. In this fast-growing company, you will find ample room for growth and innovation alongside the Alignment community. EEO Employer Verbiage: On August 17, 2021, Alignment implemented a policy requiring all new hires to receive the COVID-19 vaccine. Proof of vaccination will be required as a condition of employment subject to applicable laws concerning exemptions/accommodations. This policy is part of Alignment's ongoing efforts to ensure the safety and well-being of our staff and community, and to support public health efforts. Alignment Healthcare, LLC is proud to practice Equal Employment Opportunity and Affirmative Action. We are looking for diversity in qualified candidates for employment: Minority/Female/Disable/Protected Veteran. If you require any reasonable accommodation under the Americans with Disabilities Act (ADA) in completing the online application, interviewing, completing any pre-employment testing or otherwise participating in the employee selection process, please contact ******************.

ABOUT ROCKET LAB Rocket Lab is an end-to-end space company delivering responsive launch services, complete spacecraft design and manufacturing, payloads, satellite components, and more - all with the goal of opening access space. The rockets and satellites we build, and launch enable some of the most ambitious and vital space missions globally, supporting scientific exploration, Earth observation and missions to combat climate change, national security, and exciting new technology demonstrations. Our Electron rocket has become the second most frequently launched U.S. rocket annually and has delivered more than 230 satellites to orbit, all while we work to develop Neutron, our upcoming medium-lift, reusable launch vehicle for larger constellation deployment. Our Space Systems business designs and builds our extensive line of satellites, payloads, and their components, including spacecraft that have been selected to support NASA missions to the Moon and Mars and components used on the James Webb Space Telescope. IT Rocket Lab's IT team is responsible for how our global teams access information and run operations across our computer systems, networks, and devices. Our hardworking IT team is a group of flexible problem-solvers working in a fast-paced environment but who also thrive under the challenge of supporting all of our proprietary systems and people, from finance to launch operations. PRINCIPAL CLOUD SECURITY ENGINEER Based onsite at Rocket Lab's office in Long Beach, CA the Senior Cloud Security Engineer must demonstrate a firm grasp of cloud-first, automated, API-driven security and statistical risk concepts and communication. They will work on securing all facets of Rocket Lab's cloud presence: the wide array of vendor services, code pipelines deploying into prod and non-prod environments, and automation performing an assortment of business-critical operations. They will provide analyses including quantifiable statistical information regarding IT and Cybersecurity risk to business partners with fiduciary responsibility. They will support the IT organization to develop a secure, reliable, and fiercely efficient platform to empower the Rocket Lab's objectives as a rapidly growing multinational space company. WHAT YOU'LL GET TO DO: * Design, implement, and maintain security controls for hybrid cloud-based environments, including infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and function as a service (FaaS) solutions. * Design and develop custom automation in pursuit of cyber team objectives. * Provide security support for internal and external design reviews related to security. * Conduct security assessments and risk analyses to identify vulnerabilities and develop mitigation strategies for automated infrastructure such as public cloud, CI/CD pipelines, and agentic systems. * Work with Infrastructure Operations to Implement and manage identity and access management (IAM) solutions to control access to cloud resources and applications. * Develop documentation, plans, and proofs of concept for cybersecurity-related platform improvements. * Configure and monitor cloud security tools and services. * Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC), DevOps, and MLOps processes. * Maintain systems to help the team stay up-to-date on emerging threats, vulnerabilities, and industry best practices related to DevSecOps/MLOps and recommend proactive measures to enhance security posture. * Provide guidance and support to internal teams on security-related matters, including incident response, compliance, and security awareness training. * Participate in regular security audits, assessments, and compliance reviews to ensure adherence to regulatory requirements and industry standards. YOU'LL BRING THESE QUALIFICATIONS * Education and Experience in IT and Cybersecurity * 12+ years of experience in scripting languages (e.g., Bash, PowerShell, Python) and configuration management/infrastructure as code tools (e.g., Puppet, Ansible, Terraform). * Bachelor's degree or equivalent years of work experience (16+ years of total work experience) * Cloud Security and Architecture Expertise * Proven experience in cloud security architecture, design, and implementation across major cloud platforms (AWS, Azure, Google Cloud). * Hands-on experience with cloud security tools and services (e.g., AWS Security Hub, Azure Security Center, Google Cloud Security Command Center). * Compliance, Vulnerability Management, and IT Governance * Experience working under US Government compliance regimes (e.g., CMMC, NIST, DISA STIG) and ITIL/Change Review systems. * Proficiency in vulnerability management systems (e.g., Tenable, Bringa) and CLI scanning tools (e.g., Trivy, OpenSCAP). * Version Control, Networking, and Secure Communication * Extensive experience with git-driven version control systems (e.g., GitHub, GitLab, Bitbucket). * Strong understanding of networking concepts, encryption techniques, and secure communication protocols. * Data and Analytics Expertise * Experience with databases (e.g., PostgreSQL, SQLite) and data formats (e.g., Parquet, Arrow). * Proficiency in analytics systems (e.g., PowerBI, Jupyter) and vendor-agnostic assessment engines (e.g., Cloud Custodian, Panther). THESE QUALIFICATIONS WOULD BE NICE TO HAVE: * Advanced degree in computer science, information technology, cybersecurity, or equivalent career experience * Involvement with community cybersecurity organizations * Experience with the following: * AWS GovCloud / Azure GCC High * CI/CD pipeline security * Tier 2 cloud vendors * Hybrid cloud engineering * SAST and DAST testing * Secrets management / vaults / HSMs * Cloud incident response / forensics * Log aggregators like Graylog, ELK, or Splunk ADDITIONAL REQUIREMENTS: * Specific vision abilities required by this job include close vision, distance vision, peripheral vision, depth perception, and the ability to focus. * Regularly required to sit, use hands and fingers, operate computer keyboard and controls, and communicate verbally and in writing. * Must be physically able to commute to buildings. * Occasional exposure to dust, fumes and moderate levels of noise. Level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, and experience. Base salary is just one component of our total rewards package at Rocket Lab. Employees may also receive company equity and access to a robust benefits package including: top tier medical HMO, PPO & a 100% company-sponsored medical HSA plan option, dental and vision coverage, 3 weeks paid vacation and 5 days sick leave per year, 11 paid holidays per year, flexible spending and dependent care savings accounts, paid parental leave, disability insurance, life insurance, and access to a 401(k) retirement plan with company match. Other perks include: Discounted employee stock purchase program, subsidized EV charging stations, onsite gym, food and drinks, and other discounts. Eligibility for benefits may vary based on employment status, please check with your recruiter for a comprehensive list of the benefits available for this role. Benefit programs are subject to change at the company's discretion. Base Pay Range (CA Only) $150,000-$175,000 USD WHAT TO EXPECT We're on a mission to unlock the potential of space to improve life on Earth, but that's not an easy task. It takes hard work, determination, relentless innovation, teamwork, grit, and an unwavering commitment to achieving what others often deem impossible. Our people out-think, out-work and out-pace. We pride ourselves on having each other's backs, checking our egos at the door, and rolling up our sleeves on all tasks big and small. We thrive under pressure, work to tight deadlines, and our focus is always on how we can deliver, rather than dwelling on the challenges that stand in the way. Important information: FOR CANDIDATES SEEKING TO WORK IN US OFFICES ONLY: To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), Rocket Lab Employees must be a U.S. citizen, lawful U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum, or be eligible to obtain the required authorizations from the U.S. Department of State and/or the U.S. Department of Commerce, as applicable. Learn more about ITAR here. Rocket Lab provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment at Rocket Lab, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Applicants requiring a reasonable accommodation for the application/interview process for a job in the United States should contact Giulia Johnson at ***********************.This dedicated resource is intended solely to assist job seekers with disabilities whose disability prevents them from being able to apply/interview. Only messages left for this purpose will be considered. A response to your request may take up to two business days. FOR CANDIDATES SEEKING TO WORK IN NEW ZEALAND OFFICES ONLY: For security reasons background checks will be undertaken prior to any employment offers being made to an applicant. These checks will include nationality checks as it is a requirement of this position that you be eligible to access equipment and data regulated by the United States' International Traffic in Arms Regulations. Under these Regulations, you may be ineligible for this role if you do not hold citizenship of Australia, Japan, New Zealand, Switzerland, the European Union or a country that is part of NATO, or if you hold ineligible dual citizenship or nationality. For more information on these Regulations, click here ITAR Regulations.

Job Description Headquartered in the United States, TP-Link Systems Inc. is a leading global provider of networking devices and smart home products. Consistently ranked as the world's top provider of Wi-Fi devices, TP-Link is dedicated to delivering innovative solutions that improve people's lives by offering faster, more reliable connectivity. Serving customers in over 170 countries, we are committed to expanding our global footprint. At TP-Link Systems Inc., we believe that technology has the power to transform the world for the better. Our mission is to design reliable, high-performance products that connect users worldwide to the limitless possibilities of technology. We are driven by our core values of professionalism, innovation, excellence, and simplicity. Our goal is to help clients achieve outstanding global performance and to provide consumers with a seamless, effortless technology experience. TP-Link Systems Inc. is seeking a skilled and proactive Sr. Security Compliance Analyst who will be responsible for developing and overseeing TP-Link's enterprise security governance framework, ensuring compliance with regulatory requirements, industry standards, and internal policies. This individual will collaborate with cross-functional teams to embed security into business operations, manage risk, and enhance security resilience across TP-Link's enterprise ecosystem. Key Responsibilities: Security Governance & Policy Development Develop, implement, and maintain security policies, standards, and guidelines aligned with industry best practices (e.g., NIST, ISO 27001, CIS). Establish and lead a security governance framework to ensure consistent application of security controls across the enterprise. Risk Management & Compliance Identify, assess, and mitigate security risks across TP-Link's global operations. Ensure compliance with regulatory requirements such as GDPR, CCPA, NIST CSF, and other applicable cybersecurity frameworks. Oversee security audits, risk assessments, and third-party security evaluations. Partner with legal, IT, and business leaders to address security compliance gaps. Third-Party & Supply Chain Security Develop and enforce security requirements for vendors, suppliers, and third-party partners. Conduct security assessments of supply chain partners to identify and mitigate potential risks. Security Awareness & Training Develop and lead security awareness programs to educate employees on cybersecurity risks and best practices. Foster a security-first culture across all levels of the organization. Provide guidance and training on security governance processes for internal stakeholders. Incident Response & Continuous Improvement Support security incident response efforts by ensuring governance processes facilitate rapid detection and response. Lead post-incident analysis to refine security policies and controls. Monitor emerging threats, regulatory changes, and industry trends to evolve TP-Link's security governance strategies. Requirements Qualifications Education: Bachelor's degree in Computer Science, Cybersecurity, Information Security, or a related field. Experience: 5+ years of experience in security governance, risk management, or compliance in a global technology or networking company. Proven track record in developing and implementing security governance frameworks for enterprise security. Experience managing compliance with industry standards and regulations (ISO 27001, NIST CSF, SOC 2, GDPR, CCPA, etc.). Hands-on experience with supply chain security, third-party risk management, and vendor security assessments. Skills: Deep understanding of security frameworks (ISO 27001, NIST, CIS, SOC 2) and regulatory requirements. Strong expertise in risk management methodologies, security policy development, and compliance auditing. Proficient in conducting security assessments, third-party risk evaluations, and internal security reviews. Ability to communicate complex security concepts to business and technical stakeholders effectively. Strong leadership skills with experience in cross-functional collaboration and executive reporting. Benefits Salary range: $100,000-$150,000 Free snacks and drinks, and provided lunch on Fridays Fully paid medical, dental, and vision insurance (partial coverage for dependents) Contributions to 401k funds Bi-annual reviews, and annual pay increases Health and wellness benefits, including free gym membership Quarterly team-building events At TP-Link Systems Inc., we are continually searching for ambitious individuals who are passionate about their work. We believe that diversity fuels innovation, collaboration, and drives our entrepreneurial spirit. As a global company, we highly value diverse perspectives and are committed to cultivating an environment where all voices are heard, respected, and valued. We are dedicated to providing equal employment opportunities to all employees and applicants, and we prohibit discrimination and harassment of any kind based on race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Beyond compliance, we strive to create a supportive and growth-oriented workplace for everyone. If you share our passion and connection to this mission, we welcome you to apply and join us in building a vibrant and inclusive team at TP-Link Systems Inc. Please, no third-party agency inquiries, and we are unable to offer visa sponsorships at this time.

**Country:** United States of America ** Onsite **U.S. Citizen, U.S. Person, or Immigration Status Requirements:** Active and transferable U.S. government issued security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance **Security Clearance:** Secret - Current At Raytheon, the foundation of everything we do is rooted in our values and a higher calling - to help our nation and allies defend freedoms and deter aggression. We bring the strength of more than 100 years of experience and renowned engineering expertise to meet the needs of today's mission and stay ahead of tomorrow's threat. Our team solves tough, meaningful problems that create a safer, more secure world. Raytheon is seeking a well-qualified **Systems Security Engineer II (P2)** to join our Systems Security Engineering (SSE) team in developing solutions to protect the Warfighter's technology advantage. Systems Security Engineering creates holistic security solutions leveraging Cyber Security, Software Assurance and Supply Chain Risk Management to support Program Protection Implementation on embedded weapons systems. Join our highly visible team and perform technically challenging assignments, which will directly contribute to protecting our nation and our Warfighters. This is an onsite position at Raytheon in Fullerton, CA. **What You Will Do** + Lead the patch team, ensuring on-time delivery of patches to our customer + Perform analysis on cybersecurity collected data and test results + Validate secure configuration of routers, switches, firewalls, servers, operating systems, applications, and other assets, using DoD approved scanning and assessment tools such as Nessus, STIG, Evaluate STIG, and/or RADIX + Create and maintain Linux Bash and Python scripts + Create patch artifacts such as patch media and information assurance posture reports **Qualifications You Must Have** + Typically requires a Bachelor's Degree in Science, Technology, Engineering or Mathematics (STEM) and 2 years of prior relevant experience + Active and transferable U.S. government issued DoD Secret security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance + Experience in System Security Engineering, computer technology reverse engineering, cybersecurity or embedded security **Qualifications We Prefer** + Experience with scrum planning and scrum tools such as Jira + Experience in the SSE implementation throughout the entire life cycle + Experience contributing to a team environment for the purpose of developing creative solutions to technical problems + Cyber Certifications in accordance with DoDD 8570/DoDD 8140 such as CISSP, GSLC, CEH + Experience supporting the development of Risk Management Framework (RMF) documents and controls validation testing for Authority to Operate (ATO) accreditations + Candidate must exhibit an exceptional degree of ingenuity, creativity and resourcefulness + Excellent communication, technical writing, oral presentation and interpersonal skills **What We Offer** + Our values drive our actions, behaviors, and performance with a vision for a safer, more connected world. At RTX we value: Trust, Respect, Accountability, Collaboration, and Innovation + Relocation Eligible - Relocation assistance is available **_As part of our commitment to maintaining a secure hiring process, candidates may be asked to attend select steps of the interview process in-person at one of our office locations, regardless of whether the role is designated as on-site, hybrid or remote._** The salary range for this role is 72,000 USD - 144,000 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate's work experience, location, education/training, and key skills. Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement. Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company's performance. This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply. RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window. _RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans' Readjustment Assistance Act._ **Privacy Policy and Terms:** Click on this link (******************************************************** to read the Policy and Terms Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Department Description At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences. The Enterprise Technology mission is to deliver technological solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: Secure the Magic by protecting information systems and platforms. Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. Strengthen the business through optimizing execution, application, and technology used to protect the Company. Innovate by investing in core capabilities to enhance operational efficiency. Team Description: Global Information Security (GIS) supports all of Disney's business segments, including Disney Entertainment & ESPN (DE&E). DE&E encompasses the operations of Disney's streaming services-Disney+, Hulu, ESPN+, Disney+ Hotstar, Star, and the upcoming Venu Sports streaming service-as well as Disney's broadcast and cable networks, including ABC, ESPN, FX, Disney Channels, and National Geographic. DE&E sits at the intersection of entertainment, sports, and technology, striving to connect viewers with beloved stories while advancing the streaming industry with consumer-first innovations. Security professionals supporting DE&E work with industry-leading technologies to deliver world-class, highly secure services to customers. What You'll Do: Independent audit support for: SOX 404 ITGCs PII PCI ISPS Collaborate with Enterprise Controls and Compliance (ECC) to scope systems and respective ITGCs. Perform control health checks and remediation testing procedures to address issues identified via audit assessments, access control reviews, internal or external audits and/or other assessments. Develop and lead the Control Assurance Programs (ISPS and SOX). Lead Audit Readiness efforts to ensure proper system scoping and respective ITGCs, control validations and timely program onboarding. Participate in audit walkthrough meetings to help establish internal testing procedures to gain operational comfort in the design of the Company's automated controls. This includes control self-evaluations of new controls or processes that impact the effectiveness of an existing control. Perform impact analysis and risk assessment on deficiency findings and documentation associated with the assessment. Work with management and internal audit on maintaining the master Risk and Control Matrix over the systems material to Disney Entertainment and ESPN (Broadcast TV and Streaming - Hulu, Disney+, ESPN+, STAR+ products) Ensure for timely management response of audit findings into our corporate SOCD/SAD. Oversee ISPS Management Audit coordination and open action plans. Provide consultancy to Development leads to identify and implement automation and efficiency opportunities to meet governance and compliance demands. Management of GRC workflows around coordination of certifications and attestations. Partner with leadership to support the PCI-DSS compliance program. Develop training materials, coordinate training sessions, and monitor compliance with training requirements. Oversee and manage a team of compliance analysts, ensuring day-to-day operations run smoothly and efficiently. Assign tasks and projects to team members based on priorities, deadlines, and individual strengths. Provide executive level updates on Compliance programs Must Haves (Years of Experience, languages, programs, tools, etc.): Minimum of 8 years of related work experience, with 3 in management roles IT SOX experience and proven experience in supporting IT audit/compliance functions Experience in managing people Thorough understanding of SOX ITGC and ICFR 404 standards and audit objectives Interpersonal skills with the ability to work with teams cross-functionally Strong verbal and written communication skills and ability to effectively communicate to technical and non-technical audiences, including developers and tech operators Detail-oriented but able to understand the big picture. Highly organized and efficient Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and deliver on commitments Experience with cloud-based services, specifically AWS Nice To Haves (see above): Experience and knowledge of NIST framework, ISO 27001, K-ISMS, GDPR Experience working with companies that have a heavy microservice architecture Education: Bachelor's degree in Computer Science, CPA license, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience The hiring range for this position in Glendale, CA and Santa Monica, CA is $141,900 to $190,300 per year and in New York, NY is $148,700 to $199,400 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. Job Posting Segment: Enterprise Technology Job Posting Primary Business: Corporate Global Information Security Primary Job Posting Category: Security Governance Employment Type: Full time Primary City, State, Region, Postal Code: Glendale, CA, USA Alternate City, State, Region, Postal Code: USA - CA - 2450 Broadway, USA - NY - 7 Hudson Square Date Posted: 2025-11-21

About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: - Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. - Build-time controls: Managing applications/products security controls and activities during development. - Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Support or develop components of the security analytics platform. Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. Support the security operations team with the vulnerability management lifecycle for products and services under your purview. Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI.