Security engineer jobs in Michigan City, IN - 249 jobs

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation. AtAHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD. We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived. We embraceall candidatesthatwillcontribute to the diversification and enrichment of ideas andperspectives at AHEAD. Senior consultants are experienced experts in information security and/or information security governance or compliance. Successful candidates support the Security Practice in delivery, business development, and practice development. This senior consultant will specifically support the cyber advisory program which seeks to advise clients at various points of maturity and help design and improve their cyber security programs. While each client has a different starting point, most start with common infrastructure hardening and hygiene challenges. This senior consultant will be expected to confidently advise on remediation of discovered vulnerabilities. These vulnerabilities may range from common software vulnerabilities to general architecture concerns. The consultant must leverage previous experience to convey potential impacts and criticality of remediation. The senior consultant is not expected to have knowledge or experience with every vulnerability but must be able to use their knowledge and experience to research potential solutions. Communicating the impact and criticality of vulnerabilities and remediation is a critical part of this role. This requires the consultant to understand the client's environment, concerns, business drivers, and potential impact of remediation efforts. Finally, the consultant must be comfortable in acting as authority on recommendations. The senior consultant is often asked to review and sometimes create common security program documentation such as policies, risk registers, and other assessment documents. The ability to manage small teams is a requirement for success in this role. This program requires frequent evolution as the program must keep pace with changes in technology, techniques, and vulnerabilities. Because of this, this senior security consultant must be flexible, self-motivated, and willing to take on dynamic challenges. Responsibilities Client Delivery Facilitate sessions of strategy, roadmap, design, and planning workshops for service engagements Effectively communicate risk to stakeholders and work to drive security program success Ensure that customer expectations are appropriately set and managed Lead project engagement teams through the delivery of consulting service offerings Understand vulnerabilities and create remediation plans Break down risks or issues into manageable segments, identify the factors that contribute to risk and determine how best to approach the risk Creation and finalization of project deliverables, may perform peer review for collateral developed by others on a delivery team Presentation of deliverables to client executive management Act as the Engagement Lead on customer facing projects, when assigned Business Development Support business development pursuits through client discovery meetings Support sales opportunities throughout the sales cycle, including project scoping, proposal development, and presenting proposals to clients. Familiarity with AHEAD's enterprise service portfolio to identify opportunities for cross-practice collaboration Practice Development & Thought Leadership Maintain subject matter expertise in security domains and security solutions Participate in the development, enhancement, and standardization of AHEAD in-practice service offerings Own and/or enable more than one service capability Maintain a broad knowledge and understanding of current and future state IT trends, technologies, and standards Lend support and mentorship to others Requirements Undergraduate degree in Computer Sciences or Business Management is preferred, but not required Minimum of 2 years of information security leadership experience 7+ years technical work experience 2 professional and/or technical certifications, including industry-recognized certifications which align to AHEAD's Security service portfolio, or commensurate work experience (CISSP, CISM, SANS certs, etc.) Cybersecurity background (vulnerability management, various security controls such as EDR, firewalls, content filtering, etc.) Active directory experience (group policy and Intune experience) Securing windows servers and desktops (system hardening such as Microsoft Baseline/STIGS/CIS) Office 365 experience Common written policy understanding Excellent verbal and written communication skills Comfort in addressing groups of people in virtual or in-person settings Ability to solve complex, abstract problems Excellent interpersonal skills, good listener, ability to connect with different personalities Exhibit Executive presence with leadership characteristics Demonstrated experience as a technology change agent $165,000 - $195,000 a year Why AHEAD Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between. We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning. USA Employment Benefits include Medical, Dental, and Vision Insurance 401(k) Paid company holidays Paid time off Paid parental and caregiver leave Plus more! See benefits for additional details. The compensation range indicated in this posting reflects the On-Target Earnings (“OTE”) for this role, which includes a base salary and any applicable target bonus amount. This OTE range may vary based on the candidate's relevant experience, qualifications, and geographic location. #J-18808-Ljbffr

Our client, a top-tier IT services and consulting company, is seeking a Principal Infrastructure & Security Architect to provide deep technical leadership across cloud infrastructure, cybersecurity, and Informatica security modernization. This role will strengthen the client's IDMC security posture, redesign secure connectivity, and guide the end-to-end transformation of their secure agent and IAM environments. Requirements & Qualifications Deep technical and administrative expertise in Information Security / Cybersecurity across cloud and hybrid environments. Proven experience designing secure private network paths and enforcing controlled routing for platform traffic. Ability to create private connectivity patterns and align network security with Informatica and internal cloud teams. Strong background restoring centralized IAM functions, preferably through Entra ID (Azure AD), including automated provisioning, access controls, and audit-ready workflows. Hands‑on experience modernizing secure agent infrastructure, removing legacy components, and standardizing deployment patterns. Expertise overseeing security monitoring, logging integrations, and compliance activities across Informatica environments. Ability to collaborate with architecture, cloud, and security teams to ensure end-to-end alignment with enterprise standards. #J-18808-Ljbffr

Senior Physical Security Consultant Chicago, IL. WEC Energy Group is one of the nation's largest electric generation and distribution and natural gas delivery holding companies serving 4.7 million customers across the Midwest. We are committed to providing clean, reliable, and affordable energy in an environmentally sustainable manner. Customers are the heart of our business, and we work every day to help grow and support communities where we provide vital energy services. As a Fortune 500 company, we value and develop our employees who are making a difference in a mission that matters. We don't just offer a job; we provide fulfilling careers where safety and well-being are paramount. Join our team and experience first‑hand our commitment to your success. We offer competitive pay and benefits to recognize your hard work and dedication. If you're talented, energetic and ready for a career with a future, we want you on our team. We are powered by a diverse and inclusive workforce fueled by the pride in what we do. If you're driven by the passion to change lives, this is the place for you. WBS, a subsidiary of WEC Energy Group, is seeking a Senior Physical Security Consultant in our Chicago, Illinois location. Job Summary The Physical Security Consultant (Senior) is responsible for identifying security gaps, concerns, threats, and/or risks and follow internal procedures and protocol to elevate or resolve issues as appropriate, such as conducting investigations or sharing threat intelligence with appropriate members of the organization. Specific functional areas include, but are not limited to, enterprise protection, operational integration, intelligence, investigations, situational awareness and security projection. This position is the primary interface for the business and operations to share information and coordinate security‑related activities and requirements. Physical Security Consultants are expected to develop and maintain relationships with key internal and external stakeholders such as contract security personnel, local law enforcement, and internal business areas who work closely with security. Job Responsibilities Provides security protection services, consulting services and advisory support to the business and operations to reduce risks, maximize workforce safety, and protect property Leads investigations in close support and coordination with cybersecurity, HR, ethics, and/or external law enforcement as appropriate Follows policy and procedures to elevate security matters, file reports, collect evidence, and maintain relevant databases or information in security systems Executes company policies and procedures for the physical security program aligned with the overarching enterprise security model and best practice standards and ensure compliance with applicable industry standards and regulations (e.g. NERC CIP, TSA) Provides work direction, site training, policy and process training, and maintains relationships with contract security personnel Maintains an understanding of the application of security technology to the company's processes to mitigate risk Develops and maintains relationships and represents the company with local law enforcement, other security‑related external agency stakeholders and the broader intelligence community Responds to crises or urgent situations to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property and operational assets Participates in internal and external emergency response and business continuity planning exercises Analyzes intelligence to identify trends and determine risks Foster a culture that promotes security as an integral part of safety. Maintains key performance and process metrics to evaluate the efficiency and effectiveness of processes, procedures, and systems The Senior Physical Security Consultant performs all duties of a Physical Security Consultant, usually in a lead role Minimum Qualifications Physical Security Consultant - Minimum 2- 4 years of physical security work experience in law enforcement, investigations or intelligence in a civilian or military organization required. Senior Physical Security Consultant - Minimum 4 -7 years of physical security work experience in law enforcement, investigations or intelligence in a civilian or military organization required. Preferred experience with or understanding of nation state threats to critical infrastructure. It requires some out-of-state travel and is subject to 24 hour call out. Preferred Qualifications A Bachelor's degree in Criminal Justice, Police Science, Security Management or Business Administration is preferred. A combination of associate degree, military, law enforcement or professional physical security experience and physical security certification (CPP, PSP) or certificates (enterprise security risk management, security risk assessment, workplace violence prevention, executive protection, etc) will be considered Preferred experience with or understanding of nation state threats to critical infrastructure Project and Contract Management experience (Threat Assessments, CCTV System Installation, etc.) Familiarity with the City of Chicago Neighborhoods and Streets, in addition to the Urban areas #J-18808-Ljbffr

About the job at GVW Group, LLC. Job Title: Chief Information Security Officer (CISO). . Reports to: Chief Financial Officer (CFO) of GVW Group. Job Summary The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the enterprise's vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO is a key leadership role tasked with safeguarding sensitive data, mitigating risks, ensuring compliance, and responding effectively to cybersecurity incidents. Key Responsibilities Strategic Leadership Develop, implement, and maintain an enterprise-wide information security strategy and roadmap. Advise senior management and the Board of Directors on cybersecurity risks, compliance, and emerging threats. Align security initiatives with business objectives to support growth while managing risk. Risk Management and Compliance Identify, assess, and prioritize cybersecurity risks and establish measures to mitigate them. Ensure compliance with relevant legal, regulatory, and contractual requirements (e.g., GDPR, HIPAA, CCPA, ISO 27001). Develop and enforce company-wide security policies, procedures, and standards. Cybersecurity Operations Oversee the design, implementation, and maintenance of security infrastructure, including firewalls, intrusion detection systems, and encryption technologies. Lead the development of incident response plans and oversee their execution in case of security breaches. Conduct regular audits, risk assessments, and penetration testing to ensure system integrity. Emerging Threats and Innovation Monitor the threat landscape and emerging technologies to proactively address vulnerabilities. Develop partnerships with industry groups, government agencies, and vendors to stay ahead of cybersecurity trends. Oversee security for cloud infrastructure, DevSecOps, and third-party vendors. Qualifications Education & Certifications Bachelor's degree in Computer Science, Information Technology, or a related field (Master's preferred). Industry certifications such as CISSP, CISM, CISA, or CRISC are highly desirable. Experience 10+ years of experience in information security, IT risk management, or related fields, with at least 5 years in a senior leadership role. Proven track record of managing enterprise-level cybersecurity programs. Skills & Competencies Deep understanding of cybersecurity frameworks (e.g., NIST, ISO 27001, COBIT). Strong analytical, problem-solving, and decision‑making skills. Excellent leadership, communication, and collaboration abilities. Experience in incident response, cloud security, and data protection strategies. Key Performance Indicators (KPIs) Reduction in security incidents and breaches. Compliance with regulatory and internal security standards. Employee cybersecurity awareness scores. Incident response times and recovery rates. Compensation We offer an attractive compensation and benefits package, to include base salary, incentive bonus opportunities, and benefits such as medical, dental, vision options, 401(k) plan, etc. We know how to fine‑tune corporate security because we've led effective and efficient Fortune 500‑level security programs. The SEC helps businesses find the best balance of risk mitigation, cost, and innovation. Want insight delivered to your inbox? Subscribe to Security Insight newsletter. #J-18808-Ljbffr

Posting Type Remote As a Lead Cyber Security Engineer, you will ensure the security of Relativity's network and infrastructure. In this role, the main responsibilities will be to investigate and analyze emerging threats against our assets, identities, and clients. You will also provide actionable remediation guidance to end users and collaborate with highly skilled cyber experts to anticipate and mitigate evolving threats using world-class toolsets and next generation capabilities. Job Description and Requirements Responsibilities: Review, validation, and triage of alerts and technical analysis of log data from a diverse inventory of sensors, correlated signature logic, and threat intelligence sources. Assess the impact of security events by leveraging host, cloud and network-based indicators and evidence to deliver actionable incident escalations. Develop and deploy detection and prevention signatures with response actions as part of a layered defensive strategy leveraging multiple technologies and data types. Build automation to search through collected telemetry to detect and isolate advanced threats that evade existing security solutions. Create Standard Operating Procedures, SOC playbooks, configuration guides, and secure standards. Automate incident handling processes. Engage in the continuous research of emerging threats and apply appropriate countermeasures within the context of a rapidly changing environment. Serve as a subject matter expert in the mechanism and analysis of observed malicious activity. Clearly document and communicate investigation findings to both technical and executive stakeholders. Identify and automate away technical burden. Build automation to deploy, operate and connect multiple cyber security tools and applications. Preferred Qualifications: 7+ years of experience in a Security Operations Center, Incident Response, or Threat Detection team for Cloud applications and corporate networks Exposure to threat detection development and tuning Experience in software design and development DevSecOps experience Ability to perform threat hunting, threat emulation, and/or purple teaming exercises Familiarity with industry standard security devices and their configuration Experience in reverse engineering malicious code to explore infection and propagation mechanisms Experience with threat intelligence tools and processes Certifications: One or more of the following certifications are preferred (GCFA, GCIA, GCIH, GNFA, GREM, OSCP, OSEP, OSED, OSWE, OSDA, OSCE3, CompTIA Security+, CCNA CyberOps, or CEH) 5+ years of experience in a Security Operations Center, Incident Response, or Threat Detection team Strong cyber incident response skills (such as: Network forensics, memory forensics, and/or packet analysis) Ability to read, write and analyze PowerShell, C#, and Python Capability to independently manage the prioritization of complex security events Advanced understanding of common SOC/CIRT operational processes and documentation Advanced knowledge of TCP/IP, network services, cryptography, cloud, and web application attacks Ability to collaborate within a global cross-functional team to execute on high-level objectives and drive the maturation of Relativity's security posture Deep understanding of infection mechanisms, malicious behavior, exploitation techniques, and mitigating controls Good understanding of tools, tactics, and procedures utilized by attackers to access private systems and data Strong analytical and problem-solving skills Minimum Qualifications: 5+ years of experience in a Security Operations Center, Incident Response, or Threat Detection team Strong cyber incident response skills (such as: Network forensics, memory forensics, and/or packet analysis) Ability to read, write and analyze PowerShell, C#, and Python Capability to independently manage the prioritization of complex security events Advanced understanding of common SOC/CIRT operational processes and documentation Advanced knowledge of TCP/IP, network services, cryptography, cloud, and web application attacks Ability to collaborate within a global cross-functional team to execute on high-level objectives and drive the maturation of Relativity's security posture Deep understanding of infection mechanisms, malicious behavior, exploitation techniques, and mitigating controls Good understanding of tools, tactics, and procedures utilized by attackers to access private systems and data Strong analytical and problem-solving skills Ability to leverage programming and scripting languages to build automations and develop SOAR playbooks Relativity is committed to competitive, fair, and equitable compensation practices. This position is eligible for total compensation which includes a competitive base salary, an annual performance bonus, and long-term incentives. The expected salary range for this role is between following values: $150,000 and $226,000 The final offered salary will be based on several factors, including but not limited to the candidate's depth of experience, skill set, qualifications, and internal pay equity. Hiring at the top end of the range would not be typical, to allow for future meaningful salary growth in this position. Suggested Skills: Cybersecurity, Infrastructure Security, Network Security, Penetration Testing, Security Architecture Design, Security Audit, Security Information, Security Information and Event Management (SIEM), Security Operations, Vulnerability Management

PG Forsta is the leading experience measurement, data analytics, and insights provider for complex industries-a status we earned over decades of deep partnership with clients to help them understand and meet the needs of their key stakeholders. Our earliest roots are in U.S. healthcare -perhaps the most complex of all industries. Today we serve clients around the globe in every industry to help them improve the Human Experiences at the heart of their business. We serve our clients through an unparalleled offering that combines technology, data, and expertise to enable them to pinpoint and prioritize opportunities, accelerate improvement efforts and build lifetime loyalty among their customers and employees. Like all great companies, our success is a function of our people and our culture. Our employees have world-class talent, a collaborative work ethic, and a passion for the work that have earned us trusted advisor status among the world's most recognized brands. As a member of the team, you will help us create value for our clients, you will make us better through your contribution to the work and your voice in the process. Ours is a path of learning and continuous improvement; team efforts chart the course for corporate success. Our Mission: We empower organizations to deliver the best experiences. With industry expertise and technology, we turn data into insights that drive innovation and action. Our Values: To put Human Experience at the heart of organizations so every person can be seen and understood. Energize the customer relationship:Our clients are our partners. We make their goals our own, working side by side to turn challenges into solutions. Success starts with me:Personal ownership fuels collective success. We each play our part and empower our teammates to do the same. Commit to learning:Every win is a springboard. Every hurdle is a lesson. We use each experience as an opportunity to grow. Dare to innovate:We challenge the status quo with creativity and innovation as our true north. Better together:We check our egos at the door. We work together, so we win together. We are seeking a Staff Network Engineer (Team Lead) to serve as the senior technical anchor and day-to-day leader for our Network Engineering function. This role blends deep technical expertise with operational leadership-driving architecture, reliability, compliance, and performance across a modern hybrid cloud environment spanning AWS, Azure, and enterprise on-prem infrastructure. The ideal candidate is a highly skilled network engineer who thrives in complex environments, enjoys owning critical network services, and can provide technical leadership, prioritization, and mentorship to a small but capable team. This role is hands-on, fast-paced, and directly tied to our cloud migration, acquisition integrations, and overall platform modernization. What You'll Do Technical Leadership & Architecture Serve as the lead engineer responsible for designing, building, and maintaining secure, scalable enterprise network infrastructure across hybrid cloud and data center environments. Architect and support complex routing, switching, firewalling, VPN, and load-balancing solutions using Cisco, FortiGate, F5, Cloudflare, and Azure/AWS native controls. Lead the networking components of cloud migrations, landing zones, hybrid connectivity, and acquisition integrations. Establish engineering standards for network architecture, automation, segmentation, and operational excellence. Operational Ownership & Reliability Lead troubleshooting and root cause analysis for high-severity incidents, ensuring durable fixes and proactive risk reduction. Develop and maintain monitoring, observability, and alerting using LogicMonitor and cloud-native tools. Build and maintain SOPs, runbooks, configuration standards, and knowledge-base materials to support operational consistency. Security, Compliance & Audit Support Maintain secure configurations aligned with Zero Trust principles, segmentation strategies, and firewall best practices. Participate in SOC2, HIPAA, HITRUST, and HITECH audits by preparing and submitting required network-related artifacts. Ensure strict adherence to change management-including reviewing, approving, and validating production changes. Team Leadership & Collaboration Provide day-to-day technical direction, workload prioritization, and mentorship to Network Engineers and cross-functional partners. Collaborate with Cloud, Security, Infrastructure, and Architecture teams to deliver scalable, highly available solutions. Evaluate new technologies, drive continuous improvement, and influence long-term network strategy. Required Qualifications (Must-Haves) Candidates must demonstrate strong hands-on expertise in the following areas: Core Networking & Infrastructure BGP and advanced routing protocols, and Cisco Switches Cisco Firewalls and FortiGate Firewalls VPN technologies (IPSec, policy-based and route-based) F5 Load Balancers (LTM/ASM) Cloudflare (WAF, CDN, network services) Cloud Networking Azure: ExpressRoute, VNETs, routing, firewalls, hybrid connectivity AWS: VPC networking, Transit Gateway, routing, hybrid connectivity Automation & Tooling Scripting (Python, PowerShell, Groovy) Configuration automation (Terraform/IaC experience is strongly preferred) Governance & Compliance Experience supporting SOC2, HIPAA, HITRUST, HITECH Ability to prepare and submit artifacts during audits Experience participating in structured change management processes Nice to Have (Not required, but beneficial) FortiWeb (WAF) Scrum Master, ITIL, or project management background Jira / Confluence Terraform / IaC tooling Experience in M&A network integration Cloud networking certifications (Azure/AWS) Cisco, Fortinet, or similar industry certifications Who You Are You are a senior-level engineer who: Owns outcomes, not just tickets Excels in complex hybrid environments Balances hands-on engineering with day-to-day team leadership Is comfortable making architectural decisions with business impact Communicates clearly across engineering and non-technical teams Operates with discipline, accountability, and integrity Don't meet every single requirement?Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At PG Forsta we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your past experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles. Additional Information for US based jobs: Press Ganey Associates LLC is an Equal Employment Opportunity/Affirmative Action employer and well committed to a diverse workforce. We do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, veteran status, and basis of disability or any other federal, state, or local protected class. Pay Transparency Non-Discrimination Notice - Press Ganey will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. The expected base salary for this position ranges from $110,000 to $140,000. It is not typical for offers to be made at or near the top of the range. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, licensure or certifications obtained. Market and organizational factors are also considered. In addition to base salary and a competitive benefits package, successful candidates are eligible to receive a discretionary bonus or commission tied to achieved results. All your information will be kept confidential according to EEO guidelines. Our privacy policy can be found here:legal-privacy/

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Job Description: Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the security resilience of the bank's applications to malicious hacking activity. This senior technical role is responsible performing and leading ethical hacking assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include leading and performing research, understanding the bank's security policies, working with appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. These individuals are expected to perform application security-oriented dynamic and static assessments across a multitude of technologies including web UI, web APIs, mobile and cloud, including associated source code. Key Responsibilities in order of importance: * Perform assigned analysis of internal and external threats on information systems and predict future threat behavior. * Incorporate threat actors' tactics, techniques, and procedures into offensive security testing to identify high-value vulnerabilities/chained attacks. * Developing Proof-of-concepts for exploitation. * Perform assessments of the security, effectiveness, and practicality of multiple technology systems. * Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. * Prepare and present detailed technical information for various media including documents, reports, and notifications. * Provide clear and practical advice regarding managing risks. * Learn and develop advanced technical and leadership skills, mentor Junior and Intermediate assessors in technical tradecraft and soft skills. * Respond to security incidents and provide technical assistance to leadership across the Information Security organization. Required Skills: * Minimum of 5+ years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment * Detailed technical knowledge in at least 5 of the following areas: * security engineering * application architecture * authentication and security protocols * application session management * applied cryptography * common communication protocols * mobile frameworks * single sign-on technologies * exploit automation platforms * Web APIs * Cloud environments * LLM security * Mobile application analysis * Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings * Experience performing manual web application assessments i.e., must be able to simulate a OWASP Top 10 vulnerabilities without the use of tools * Experience performing manual code reviews for security relevant issues * Experience working with DAST and SAST tools to identify vulnerabilities * Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) * Experience with vulnerability assessment tools and penetration testing techniques. * Solid programming/debugging skills, development frameworks, CVE and CWE research/reproduction * Threat Analysis, threat modelling and SBOM analysis * Innovative thinking, threat actor simulation * Technology Systems Assessment * Technical Documentation * Advisory Desired: * CEH, OSCP/OSCE/OSWE/GXPN/GPEN/GWAPT/GMOB/All Practitioner Certs [Port Swigger BSP Academy]/Cloud Cert(s)/ eWPT; eWPTX; eMAPT [INE Pentester Academy] * Strong programming/scripting skills * Frida * Binary analysis (disassembly skills) Skills: * Advisory * Innovative Thinking * Technical Documentation * Technology System Assessment * Threat Analysis * Adaptability * Collaboration * Scenario Planning and Analysis * Test Engineering * Written Communications * Attention to Detail * Information Systems Management * Issue Management * Presentation Skills * Prioritization This job will be open and accepting applications for a minimum of seven days from the date it was posted. Shift: 1st shift (United States of America) Hours Per Week: 40

The Aspen Group (TAG) is one of the largest and most trusted retail healthcare business support organizations in the U.S. and has supported over 20,000 healthcare professionals and team members with close to 1,500 health and wellness offices across 48 states in four distinct categories: dental care, urgent care, medical aesthetics, and animal health. Working in partnership with independent practice owners and clinicians, the team is united with a single purpose: to prove that healthcare can be better and smarter for everyone. TAG provides a comprehensive suite of centralized business support services that power the impact of five consumer-facing businesses: Aspen Dental, ClearChoice Dental Implant Centers, WellNow Urgent Care, Chapter Aesthetic Studio, and Lovet. Each brand has access to a deep community of experts, tools and resources to grow their practices, and an unwavering commitment to delivering high-quality consumer healthcare experiences at scale. As a reflection of our current needs and planned growth we are very pleased to offer a new opportunity to join our dedicated team as a AI Security Engineer. Job Overview: An AI security engineer designs and implements security controls for AI systems, protecting models, data, and infrastructure from threats like adversarial attacks and prompt injection. Key responsibilities include performing technical security assessments, developing AI-specific defenses, integrating security into the AI/ML lifecycle, and creating automated security tools for tasks like threat detection and compliance. This role requires a combination of cybersecurity fundamentals and AI-specific knowledge, including secure coding for AI and understanding AI-related vulnerabilities. Essential Job Duties Collaboratively develop agent RBAC (role-based access control) to ensure AI agents operate under permissions aligned to firm roles, enforcing least-privilege access Design integrations for AI systems with corporate IAM/SSO (Entra, Okta, etc.) to manage persona- and role-based access across the enterprise Design Data Loss Prevention (DLP) and redaction pipelines to prevent confidential, regulated, or proprietary data from being sent to external LLM endpoints Provide technical advice, direction, and hands-on support to design and develop safe, compliant, and resilient AI workflows Evaluate existing and proposed AI/ML architectures for bias, fairness, drift, hallucination, and security risks; recommend controls aligned with NIST AI RMF, EU AI Act, ISO/IEC 42001, CIS Collaborate with Information Security, Cloud, Governance, and Engineering teams to implement standardized AI safety and compliance practices Actively contribute to the development of AI security standards, playbooks, and architectural patterns Automate guardrails, compliance checks, and AI gateway protections for scale and efficiency Build and maintain initiative-level artifacts, including AI policy-as-code configs (YAML), architectural diagrams, and risk assessments Monitor, log, and audit AI activity for policy violations, compliance tracking, and security event correlation. YAML-based guardrails, architectural diagrams, and AI risk assessments Design and build systems to detect and prevent AI abuse, such as anti-abuse agents. Perform technical security assessments, code reviews, and penetration testing on AI products and systems. Integrate security controls throughout the AI/ML lifecycle, from data handling and model training to deployment and monitoring. Develop and implement AI-driven automation for tasks like real-time alert enrichment, log analysis, and incident triage using tools like Security Copilot and other AI-assisted platforms. Research and reproduce vulnerabilities in AI systems, develop mitigation strategies, and work with engineering teams to improve security. Contribute to creating and implementing governance policies, security standards, and privacy frameworks for AI systems. Develop AI-specific incident response plans and playbooks. Stay up-to-date on emerging AI security threats, such as adversarial attacks, prompt injection, and data leakage. Skills and Experience At least 5+ years' experience in cybersecurity, including compliance and risk management with a system and network security engineering background. Strong background in traditional cybersecurity, including networking, web-based protocols, and security systems. Experience in secure software development, including secure coding for AI-powered applications. Familiarity with AI concepts, machine learning, and the AI/ML lifecycle. Experience with implementing security controls like encryption, access controls, and authentication for AI systems. Experience with security tools and platforms like Chronicle & Orca/Wiz, and familiarity with concepts like SAST/DAST. Excellent problem-solving, communication, and leadership skills. Experience with dynamic and static analysis tools. Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively. Additional Qualifications Experience with applications hosted in Google Cloud Platform (GCP), Amazon Web Services (AWS) or Microsoft Azure. Experience with cryptography controls and measures to secure applications and data. Proficiency with scripting in Python, JavaScript, PowerShell, PHP or Ruby. Proficiency with Terraform, Python, and cloud automation Prior experience in cloud security, data protection, and SIEM/logging for AI traffic Experience with one or more of the following: ISO 27001, NIST, PCI Data Security Standard (PCI DSS), HIPAA, Health Information Technology for Economic and Clinical Health (HITECH) Act, SOX, the General Data Protection Regulation (GDPR), Center for Internet Security (CIS) standards or Service Organization Controls (SOC) 2. Working knowledge of Windows, Linux and Unix. Familiarity with state privacy laws. Highly trustworthy; leads by example. Education Requirements Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent. Experience Requirements 5-7+ years of related experience required Certification Requirements SANS certifications (GWAPT) and others; CISSP (preferred, or CSSLP), OSCP (and related) Annual Salary Range: $130,000-$150,000/year, with a generous benefits package that includes paid time off, health, dental, vision, and 401(k) savings plan with match. If you are an applicant residing in California, please view our privacy policy here: *********************************************************************************

The Cloud Security Engineer is primarily responsible for designing, implementing, and supporting secure Microsoft Azure cloud environments for the Firm. This individual will ensure that cloud-based development platforms, APIs, and applications follow best practices, regulatory requirements, and Firm-specific policies to protect sensitive Client and Firm data. The Cloud Security Engineer acts as a subject matter expert, collaborating with cross-functional teams to establish secure coding, deployment, and data management processes. This role also participates in security incident response activities related to cloud infrastructure and applications, ensuring timely detection, containment, and remediation of potential threats. This person will also contribute to our overall Cloud Security Strategy. Duties and Responsibilities * Design, configure, and maintain secure Microsoft Azure environments aligned with industry best practices and Firm policies. Familiarity with AWS and Google cloud needed as well. * Implement and manage cloud security controls, including identity and access management, network segmentation, encryption, and security monitoring. * Protect sensitive data stored or processed in the cloud through encryption, access controls, and secure key management. * Develop, enforce, and maintain secure API management processes, including authentication, authorization, rate limiting, and auditing. * Build and maintain secure DevSecOps pipelines, ensuring that only reviewed, tested, and approved code is promoted to production. * Integrate automated security testing and vulnerability scanning into Continuous Integration / Continuous Delivery (CI/CD) workflows. * Collaborate with application developers, infrastructure engineers, and security teams to ensure secure design and deployment practices. * Create and maintain documentation, standards, and procedures for cloud security configurations, incident handling, and code promotion processes. * Monitor and respond to security alerts from cloud-native tools and third-party monitoring solutions. * Participate in risk assessments, audits, and compliance efforts related to cloud security (e.g., ISO 27001, GDPR, CCPA). * Stay current with emerging cloud security threats, vulnerabilities, and evolving best practices, especially within the Microsoft Azure ecosystem. Salaries vary by location and are based on numerous factors, including, but not limited to, the relevant market, skills, experience, and education of the selected candidate. If an estimated salary range for this role is available, it will be provided in our Target Salary Range section. Our compensation package also includes bonus eligibility and a comprehensive benefits program. Benefits information can be found at Sidley.com/Benefits. Target Salary Range $127,000 - $147,000 if located in Illinois Qualifications To perform this job successfully, an individual must be able to perform the Duties and Responsibilities (Duties) above satisfactorily and meet the requirements below. The requirements listed below are representative of the minimum knowledge, skill, and/or ability required. Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of the job. If you need such an accommodation, please email ************************** (current employees should contact Human Resources). Education and/or Experience: Required: * Bachelor's degree with a preference for those with a degree in Computer Science, Information Security, Technology or a related field. * Minimum of 3 years of experience in cloud security engineering, with a strong focus on Microsoft Azure. * Hands-on experience with Azure security services (e.g., Azure Security Center, Defender for Cloud, Key Vault, Azure AD, Application Gateway, API Management). * Experience designing and managing secure DevSecOps pipelines using Azure DevOps or equivalent tools. * Strong understanding of cloud-based network security, encryption, and identity management best practices. * Demonstrated ability to assess, troubleshoot, and remediate security issues in cloud environments. Preferred: * Relevant cloud and security certifications (e.g., Microsoft Certified: Azure Security Engineer Associate (AZ 500, Microsoft Certified: Azure Solutions Architect Expert, CISSP, CCSP, Security+). * Experience in the legal, financial, or other highly regulated industries. * Relevant certifications (e.g. CISSP, Security+, etc.) * Familiarity with AWS and Google a plus. Other Skills and Abilities: The following will also be required of the successful candidate: * Strong organizational skills * Strong attention to detail * Good judgment * Strong interpersonal communication skills * Strong analytical and problem-solving skills * Able to work harmoniously and effectively with others * Able to preserve confidentiality and exercise discretion * Able to work under pressure * Able to manage multiple projects with competing deadlines and priorities Sidley Austin LLP is an Equal Opportunity Employer #LI-Hybrid #LI-HM1

Full-time Description WHO WE ARE: At ZBeta we endeavor to be the most sought-after Security Partner in the world. This drives every decision we make, and the most effective way to realize this goal is through garnering a reputation for excellence and innovation in everything we do. The ZBeta Innovation Lab (LabZ) initiative is a specialized team and program with the mission of inventing, developing, testing, and analyzing better ways, both big and small, to do physical security - for us, for our clients, and for the industry. LabZ seeks to optimize the value of physical security to the client's business mission, to optimize the value of the solutions we recommend, design, deliver, and manage, and to continuously identify opportunities to perform at a higher level. The LabZ program helps ensure that ZBeta and its approach are always data-driven, technology-led, and human-centered. Find out more about us here. WHO YOU ARE: You are a forward-thinking strategic partner with a passion for the physical security mission and for building programs, optimizing operations, and delivering integrated solutions. You excel in fast-paced settings where your leadership abilities can catalyze meaningful action and tangible progress towards objectives. You thrive in a workplace culture that is: Innovative Excellence Focused Reliable Detail Oriented Adaptable Highly Organized Client Obsessed Curious Resilient Does this sound like you? If so, join us in our mission to redefine security standards and make a lasting difference in our community. WHAT YOU'LL DO: The Physical Security Research Engineer (PSRE) is a critical resource of the ZBeta LabZ team and will conduct research and proof of concept (PoC) testing at the LabZ facility for clients and internal teams. The PSRE assists in requirements gathering, testing, and report production in the ZBeta LabZ program and leads, develops, manages, and completes key LabZ efforts for the testing and analysis of stand-alone and integrated physical security technology solutions. The PSRE is familiar with security software applications, integrations, and network-connected devices and engages both internally and externally, working collaboratively with other LabZ engineering resources and with project and production team members. The PSRE will help grow, mature, and optimize the LabZ program by contributing to the tools and processes LabZ uses to effectively evaluate physical security products against real-world design requirements and generate research reports. This is an in-office position at the ZBeta LabZ location in Schiller Park, IL. Relocation assistance provided. Core Competencies Growth Minded: High self-awareness of strengths and areas for development with a curiosity and appetite for change and innovation Data-Driven: Strong analytical skills, with the ability to work effectively with data and think critically Collaborative: Ability to solicit and understand multiple perspectives and maximize the application of team talent and experience Evaluative: Ability to evaluate outputs rigorously to ensure consistent excellence in delivery Tactical: Ability to recognize current priorities, manage changes and risks, and efficiently clear roadblocks and resolve issues Position Responsibilities The essential duties and responsibilities include, but are not limited to the following: ZBeta Lab Environment In partnership with ZBeta LabZ team, maintain a ZBeta test/dev environment of technology solutions that represent both client and industry standards. Work with ZBeta IT to build appropriate server environments and remote access abilities for LabZ platforms. Load, configure, and update Lab environment software applications, and wire, connect, and configure test hardware, devices, and technologies. Design and build (or manage the production of) custom testing apparatus, devices, and mechanisms. Maintain current knowledge of and training in key applications and products. Solution Testing Work with ZBeta LabZ team and client resources to plan, implement, and conduct hands-on testing of physical security products, applications and functions, and integrated solutions. Lead the development of testing concepts to address client and industry needs, challenges, & opportunities. Manage and execute testing scope related to server, application, and IoT elements. Create test plans and testing requirement documentation, record and analyze testing results, and document outcomes and conclusions in testing reports. Research & Requirements Gathering Conduct studies and analysis of technology categories, trends, solution proposals, and industry approaches. Research, collect, and analyze relevant documentation and data to reach meaningful conclusions, form opinions of value propositions, generate ideas for solutions and approach improvement, and categorize study topics in terms of potential application and impact to client and industry needs and expectations. Work with consultants to gather requirements for client proof of concept tests and internal teams for quarterly research projects. Research Program Development Assist in the development and ongoing management of process, approach, and standards for the research performed in the ZBeta LabZ program. Identify opportunities and initiatives for improvements in the efficiency and thoroughness of ZBeta LabZ research deliverables. Hold regular research update meetings to review, improve, and manage the status of ongoing projects and deliverables. Requirements WHAT YOU'LL NEED: Experience: 5+ years of physical security industry and technology experience. 3+ years of experience in a software or hardware engineering role. Education: Bachelor's degree in engineering, computer science, or related technical field, or equivalent work experience Knowledge: Knowledge of and working familiarity with server and network storage solutions, operating systems architecture and key considerations, and network architecture models and principles. Professional knowledge of and training in the principles of electrical systems, components, and circuits. Skills: Highly proficient in the use of Microsoft Office applications including Word, Excel, PowerPoint, Teams, OneNote and Visio Proficiency in project management tools, such as MS Project, SharePoint and QuickBase Training and manufacturer certification in multiple industry-leading platforms and equipment components, with particular emphasis on software applications and network-connected security devices. Genetec and LenelS2 experience a plus. Abilities: Demonstrated excellence in communication and interpersonal skills, with proven ability to communicate and present complex information to technical and non-technical stakeholders, both verbally and in written form Strong technical documentation, technical writing, and data analysis and interpretation skills Exceptional attention to detail and highly organized, with the ability to prioritize and balance workloads Team player with the ability to establish collaborative working relationships across all levels of the organization Self-directed problem solver who takes the initiative to start projects, work unsupervised, complete tasks independently, solve roadblocks, and address issues before they become problems Physical Demands: Lifting and Carrying: Ability to lift and carry equipment weighing up to 50 lbs or more, including cameras, control panels, and tools. Climbing and Crawling: Must be able to climb ladders, scaffolding, and operate a high lift to install and maintain equipment Manual Dexterity: Requires good hand-eye coordination and fine motor skills for handling tools, wiring components, and making precise adjustments to security systems Kneeling, Squatting, and Crawling: Must be comfortable kneeling, squatting, or crawling to install or troubleshoot security equipment. WHAT WE OFFER: Competitive salary based on job-related skills, experience, and qualifications Our excellent benefits package includes 100% paid premiums on health, dental, vision, and life insurance, a 401(k) retirement plan, and significant work schedule and workplace flexibility. Diverse and supportive culture WHAT'S IMPORTANT TO KNOW: Full-time, in-office role at our Schiller Park, IL LabZ facility (relocation assistance provided). While ZBeta is a remote-first company, this role requires hands-on, on-site lab work. This position is not eligible for visa sponsorship Candidates must be able to meet client and/or government security screening requirements for the role This position requires verification of U.S. citizenship due to citizenship-based legal restrictions. As a condition of employment, the successful candidate will be required to provide proof of citizenship. The successful completion of a background check is required upon hire and every two years thereafter We look forward to connecting with individuals who are passionate about our mission and can bring diverse contributions to our team - not just those who check all the boxes. We are committed to creating a supportive, encouraging environment where everyone can fully express their diverse perspectives, showcase their talents, and grow their knowledge, skills, and abilities. The base pay offered will depend on factors, including but not limited to job-related knowledge, skills, experience, and internal equity. At ZBeta, new hires are rarely placed at the top of the pay range; compensation is determined by the specific circumstances of each position and candidate. A note to third-party recruiters - we do not accept unsolicited agency resumes, and we are not responsible for any fees related to unsolicited resumes. Salary Description $110,000 - $130,000

Role -Business Analyst/ Information Security Governance Analyst Project Overview: We are seeking an analyst with experience in governance of security products, authentication, authorization, and access management with business analysis background. These resources will support the SaaS initiatives Contractor's Role: As a member of Governance team you will play a vital role in ensuring the secure implementation of various solutions (Hybrid and Cloud) developed in technologies like Java, .Net etc. Experience level: Level 3 Qualifications - Bachelor's degree in computer science, audit or a related discipline and experience in information security, or an equivalent combination of education and work experience. - Excellent consultative and communication skills, and the ability to work effectively with client, partner, and IT management and staff. - 5 -6 years of experience in the Information Security or Audit role. - Strong collaboration skills and a analytical ability - Knowledge of SOX methodology implementation for applications & Internal & External Audit executions Requirements Nice to Haves: - Knowledge on Obsidian Remediation Tasks & Responsibilities - Drive governance and risk framework around applications using authentication and authorization - Define and respond to risks surrounding the business functions and the security capabilities - Define and respond to audits from internal and external parties - Knowledge of control execution and design - Collect and maintain evidence of control testing - Collect and maintain evidence of application attestation to standards

Job Title: SAP Security Architect Duration for Contract: 5 Months + - ECC 6.0 Security design / architecture is the base requirement for the role. - 7+ years of experience in application or SAP ECC, BI, HR, portal and CRM security architecture, design and administration. Summary: Provide solutions architecture oversight for new development projects specific to SAP according to timelines and budget, while following accepted programming, testing and change control standards, and accepted business intelligence technology best practices. Job Responsibilities: • Define and document the structure, connections and relationships of business processes, organizational work groups, SAP data models, SAP applications, user interfaces, applications interfaces, SAP infrastructure and network topology. • Provide standards, guidelines and statements of direction for IT system architectures, establishing a framework that constrains the design of systems for the purpose of integration of systems and accessibility of data supporting various business processes and functions. • Define, design and develop the SAP enterprise systems information architecture to enable cross functional operational reporting and performance optimization. • Identify strategic opportunities and drive cross-business and cross-functional change. Skills: • Knowledge of ITIL and SDLC. • Experience in business system application design, development and installation. • Experience in planning/architecture development and support. • Experience designing and implementing advanced SAP application architectures. Education/Experience: • Bachelor's degree in Computer Science or a related field. • Master's degree in Business or Management Information Systems preferred. • 8-10 years of SAP functional systems experience. • SAP Certification preferred. Additional Information All your information will be kept confidential according to EEO guidelines.

The Role We're looking for an Information Security Governance, Risk & Compliance Analyst to join our growing Information Security team. This role will be reporting to the Manager of Information Security Governance, Risk & Compliance. Our security team works to create a strong Information Security function within GTI that enables the business to continue its tremendous growth. The Information Security Governance, Risk & Compliance Analyst is responsible for maintaining continuous compliance with security policies, industry laws, and regulations (HIPAA, SOX, NIST, etc.). The candidate must communicate effectively with business partners and team members to help raise the level of security awareness, security compliance, and security risk. The candidate will perform environment-specific risk assessments factoring in both qualitative and quantitative risks and assist with the deployment of various controls based on those assessments. This role will also involve ongoing monitoring and improvement of security governance, ensuring a proactive approach to risk management. The role is based out of our Chicago, office. While the role is primarily remote, you need to live in the Chicagoland area and commute to the office on an as needed basis. Responsibilities Own the relationship working with IT and business stakeholders to perform ongoing internal and vendor risk assessments, providing reporting to stakeholders, and ensuring appropriate action is taken. Update and track KPIs from the Information Security risk register and work with stakeholders on developing Corrective Action Plans to address risks. Provide guidance to newer staff working with internal IT stakeholders for vulnerability management, ensuring vulnerabilities are remediated in accordance with policy and SLAs. Own the process for working with IT and business stakeholders to perform ongoing compliance reviews in line with security policies, information security regulations (HIPAA, SOX/ITGC), and security frameworks (NIST, MITRE, etc.). Assist with ongoing internal operations and tasks, including ITGC security reviews. Spearhead the ongoing internal and external SOX and HIPAA audits and other security audits that are relevant to GTI's business. Provide updates and insight during the development and maintenance of Information Security policies, standards and procedures, aligning with NIST. Lead the identification of security training and awareness initiatives for the organization. Participate in incident response tabletops, business continuity tests, and other compliance activities and exercises. Maintain KPIs and KRIs for Information Security risk & compliance activities. Execute tasks as a member of the Information Security team as assigned by management. Provide mentorship and guidance to Associate Information Security GRC Analysts. Stay up to date on relevant laws and regulations to ensure continuous compliance and audit readiness. Collaborate with the IT and security teams in response to security incidents, ensuring proper documentation and reporting. Qualifications 3+ years of experience with responsibilities relating to security and compliance. Bachelor's degree or higher in Information Security or Information Technology may help you stand out but is not required. Demonstrated work experience can be substituted. Strong written and oral communication skills. Strong conceptual understanding of Information Security theories. Knowledge of network, application, and cloud security controls. Knowledge of regulatory frameworks and compliance standards such as NIST, MITRE, OWASP, HIPAA, PCI-DSS and SOX. Strong analytical and problem-solving skills with well-organized and structured work habits, and the ability to identify and mitigate risks. Security certifications, such as CRISC, CISA are preferred, but not required. We're doing some big things, and we'll find some roadblocks along the way, big and small. A big part of this role is keeping an even keel and finding the route through or around the obstacles. This role requires lots of communication with customers and everyone at GTI. Your colleagues will rely on your ability to translate security requirements into digestible bits of information for them. Customers will expect you to quickly articulate components of the GTI security program to help them assess risk, including as part of the business development process. An insatiable intellectual curiosity and the ability to learn quickly in a complex space. Additional Requirements Must pass any and all required background checks Must be and remain compliant with all legal or company regulations for working in the industry Must be a minimum of 21 years of age #LI-HYBRID The pay range is competitive and based on experience, qualifications, and/or location of the role. Positions may be eligible for a discretionary annual incentive program driven by organization and individual performance. Green Thumb Pay Range$80,000-$100,000 USD

The Principal Cloud Security Architect evaluates cloud architectures, identity models, permissions, and security controls across large-scale environments. This role focuses on identifying architectural risks, misconfigurations, and long‑term security design gaps. What You'll Do Assess cloud architectures (AWS, Azure, GCP) for security gaps Review IAM configurations, network segmentation, and resource policies Identify misconfigurations, privilege risks, and insecure patterns Summarize architectural flaws and provide structured mitigation guidance Validate alignment with security frameworks and best practices Support recurring assessments of cloud environments and deployment patterns What You Bring Must-Have: Deep experience in cloud security architecture Strong understanding of IAM, network design, and cloud service models Ability to document complex architectures in clear, structured form Nice-to-Have: Experience with multi-cloud, zero‑trust, or high‑compliance environments $40 - $80 an hour #J-18808-Ljbffr

A top-tier IT services and consulting company is seeking a Principal Infrastructure & Security Architect to drive technical leadership in cybersecurity and cloud infrastructure. This role involves modernizing security protocols, ensuring compliance, and redesigning secure connectivity. The ideal candidate has deep expertise in Information Security and is experienced in IAM functions. Strong collaboration skills with architecture and security teams are essential. #J-18808-Ljbffr

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Job Description: Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the vulnerability of the bank's applications to malicious hacking activity. This intermediate technical role is responsible for performing application security assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include performing research, understanding the bank's security policies, working with the appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. Key Responsibilities in order of importance: * Perform assigned analysis of internal and external threats on information systems and predict future threat behavior * Incorporate threat actors' tactics, techniques, and procedures into offensive security testing * Perform assessments of the security, effectiveness, and practicality of multiple technology systems * Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. * Prepare and present detailed technical information for various media including documents, reports, and notifications * Provide clear and practical advice regarding managed risks * Learn and develop advanced technical and leadership skills, Mentor Junior assessors in technical tradecraft and soft skills Required Skills: * Minimum of 4 years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment * Detailed technical knowledge in at least 3 of the following areas: security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services * SQL injection/XSS attack without the use of tools * Experience performing manual code reviews for security relevant issues * Experience working with SAST tools to identify vulnerabilities * Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings * Experience performing manual web application assessments i.e., must be able to simulate a * Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) * Experience with vulnerability assessment tools and penetration testing techniques * Solid programming/debugging skills * Experience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL Map * Threat Analysis * Innovative Thinking * Technology Systems Assessment * Technical Documentation * Advisory Desired: * CISSP, CEH, OSCP, OSWE, GPEN, PenTest+ or similar * Strong programming/scripting skills * Mobile application analysis * Frida * Binary analysis (disassembly skills) Skills: * Advisory * Innovative Thinking * Technical Documentation * Technology System Assessment * Threat Analysis * Adaptability * Collaboration * Executive Presence * Scenario Planning and Analysis * Test Engineering * Controls Management * Information Systems Management * Issue Management * Mentoring * Presentation Skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. Shift: 1st shift (United States of America) Hours Per Week: 40

The Cloud Security Engineer is primarily responsible for designing, implementing, and supporting secure Microsoft Azure cloud environments for the Firm. This individual will ensure that cloud-based development platforms, APIs, and applications follow best practices, regulatory requirements, and Firm-specific policies to protect sensitive Client and Firm data. The Cloud Security Engineer acts as a subject matter expert, collaborating with cross-functional teams to establish secure coding, deployment, and data management processes. This role also participates in security incident response activities related to cloud infrastructure and applications, ensuring timely detection, containment, and remediation of potential threats. This person will also contribute to our overall Cloud Security Strategy. Duties and Responsibilities Design, configure, and maintain secure Microsoft Azure environments aligned with industry best practices and Firm policies. Familiarity with AWS and Google cloud needed as well. Implement and manage cloud security controls, including identity and access management, network segmentation, encryption, and security monitoring. Protect sensitive data stored or processed in the cloud through encryption, access controls, and secure key management. Develop, enforce, and maintain secure API management processes, including authentication, authorization, rate limiting, and auditing. Build and maintain secure DevSecOps pipelines, ensuring that only reviewed, tested, and approved code is promoted to production. Integrate automated security testing and vulnerability scanning into Continuous Integration / Continuous Delivery (CI/CD) workflows. Collaborate with application developers, infrastructure engineers, and security teams to ensure secure design and deployment practices. Create and maintain documentation, standards, and procedures for cloud security configurations, incident handling, and code promotion processes. Monitor and respond to security alerts from cloud-native tools and third-party monitoring solutions. Participate in risk assessments, audits, and compliance efforts related to cloud security (e.g., ISO 27001, GDPR, CCPA). Stay current with emerging cloud security threats, vulnerabilities, and evolving best practices, especially within the Microsoft Azure ecosystem. Salaries vary by location and are based on numerous factors, including, but not limited to, the relevant market, skills, experience, and education of the selected candidate. If an estimated salary range for this role is available, it will be provided in our Target Salary Range section. Our compensation package also includes bonus eligibility and a comprehensive benefits program. Benefits information can be found at Sidley.com/Benefits. Target Salary Range $127,000 - $147,000 if located in Illinois Qualifications To perform this job successfully, an individual must be able to perform the Duties and Responsibilities (Duties) above satisfactorily and meet the requirements below. The requirements listed below are representative of the minimum knowledge, skill, and/or ability required. Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of the job. If you need such an accommodation, please email ************************** (current employees should contact Human Resources). Education and/or Experience: Required: Bachelor's degree with a preference for those with a degree in Computer Science, Information Security, Technology or a related field. Minimum of 3 years of experience in cloud security engineering, with a strong focus on Microsoft Azure. Hands-on experience with Azure security services (e.g., Azure Security Center, Defender for Cloud, Key Vault, Azure AD, Application Gateway, API Management). Experience designing and managing secure DevSecOps pipelines using Azure DevOps or equivalent tools. Strong understanding of cloud-based network security, encryption, and identity management best practices. Demonstrated ability to assess, troubleshoot, and remediate security issues in cloud environments. Preferred: Relevant cloud and security certifications (e.g., Microsoft Certified: Azure Security Engineer Associate (AZ 500, Microsoft Certified: Azure Solutions Architect Expert, CISSP, CCSP, Security+). Experience in the legal, financial, or other highly regulated industries. Relevant certifications (e.g. CISSP, Security+, etc.) Familiarity with AWS and Google a plus. Other Skills and Abilities: The following will also be required of the successful candidate: Strong organizational skills Strong attention to detail Good judgment Strong interpersonal communication skills Strong analytical and problem-solving skills Able to work harmoniously and effectively with others Able to preserve confidentiality and exercise discretion Able to work under pressure Able to manage multiple projects with competing deadlines and priorities Sidley Austin LLP is an Equal Opportunity Employer #LI-Hybrid #LI-HM1

Job Description Job Title: SAP Security Architect Duration for Contract: 5 Months + - ECC 6.0 Security design / architecture is the base requirement for the role. - 7+ years of experience in application or SAP ECC, BI, HR, portal and CRM security architecture, design and administration. Summary: Provide solutions architecture oversight for new development projects specific to SAP according to timelines and budget, while following accepted programming, testing and change control standards, and accepted business intelligence technology best practices. Job Responsibilities: • Define and document the structure, connections and relationships of business processes, organizational work groups, SAP data models, SAP applications, user interfaces, applications interfaces, SAP infrastructure and network topology. • Provide standards, guidelines and statements of direction for IT system architectures, establishing a framework that constrains the design of systems for the purpose of integration of systems and accessibility of data supporting various business processes and functions. • Define, design and develop the SAP enterprise systems information architecture to enable cross functional operational reporting and performance optimization. • Identify strategic opportunities and drive cross-business and cross-functional change. Skills: • Knowledge of ITIL and SDLC. • Experience in business system application design, development and installation. • Experience in planning/architecture development and support. • Experience designing and implementing advanced SAP application architectures. Education/Experience: • Bachelor's degree in Computer Science or a related field. • Master's degree in Business or Management Information Systems preferred. • 8-10 years of SAP functional systems experience. • SAP Certification preferred. Additional InformationAll your information will be kept confidential according to EEO guidelines.

Denver, Colorado;Seattle, Washington; Jacksonville, Florida; Charlotte, North Carolina; Jersey City, New Jersey; Boston, Massachusetts; Washington, District of Columbia; Chicago, Illinois **To proceed with your application, you must be at least 18 years of age.** Acknowledge Refer a friend **To proceed with your application, you must be at least 18 years of age.** Acknowledge (*********************************************************************************************** **:** At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! **Job Description:** Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the security resilience of the bank's applications to malicious hacking activity. This senior technical role is responsible performing and leading ethical hacking assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include leading and performing research, understanding the bank's security policies, working with appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. These individuals are expected to perform application security-oriented dynamic and static assessments across a multitude of technologies including web UI, web APIs, mobile and cloud, including associated source code. Key Responsibilities in order of importance: + Perform assigned analysis of internal and external threats on information systems and predict future threat behavior. + Incorporate threat actors' tactics, techniques, and procedures into offensive security testing to identify high-value vulnerabilities/chained attacks. + Developing Proof-of-concepts for exploitation. + Perform assessments of the security, effectiveness, and practicality of multiple technology systems. + Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. + Prepare and present detailed technical information for various media including documents, reports, and notifications. + Provide clear and practical advice regarding managing risks. + Learn and develop advanced technical and leadership skills, mentor Junior and Intermediate assessors in technical tradecraft and soft skills. + Respond to security incidents and provide technical assistance to leadership across the Information Security organization. Required Skills: + **Minimum of 5+ years of** **professional** **pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment** + Detailed technical knowledge in at least 5 of the following areas: + security engineering + application architecture + authentication and security protocols + application session management + applied cryptography + common communication protocols + mobile frameworks + single sign-on technologies + exploit automation platforms + Web APIs + Cloud environments + LLM security + Mobile application analysis + Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings + Experience performing manual web application assessments i.e., must be able to simulate a OWASP Top 10 vulnerabilities without the use of tools + Experience performing manual code reviews for security relevant issues + Experience working with DAST and SAST tools to identify vulnerabilities + Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) + Experience with vulnerability assessment tools and penetration testing techniques. + Solid programming/debugging skills, development frameworks, CVE and CWE research/reproduction + Threat Analysis, threat modelling and SBOM analysis + Innovative thinking, threat actor simulation + Technology Systems Assessment + Technical Documentation + Advisory Desired: + CEH, OSCP/OSCE/OSWE/GXPN/GPEN/GWAPT/GMOB/All Practitioner Certs [Port Swigger BSP Academy]/Cloud Cert(s)/ eWPT; eWPTX; eMAPT [INE Pentester Academy] + Strong programming/scripting skills + Frida + Binary analysis (disassembly skills) **Skills:** + Advisory + Innovative Thinking + Technical Documentation + Technology System Assessment + Threat Analysis + Adaptability + Collaboration + Scenario Planning and Analysis + Test Engineering + Written Communications + Attention to Detail + Information Systems Management + Issue Management + Presentation Skills + Prioritization This job will be open and accepting applications for a minimum of seven days from the date it was posted. **Shift:** 1st shift (United States of America) **Hours Per Week:** 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates. View your **"Know your Rights (************************************************************************************** "** poster. **View the LA County Fair Chance Ordinance (************************************************************************************************** .** Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work. This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.