Security Engineer jobs at The Walt Disney Company - 316 jobs

A leading entertainment and media enterprise is seeking a Senior Software Engineer to enhance cybersecurity efforts. The role involves designing internal tools, managing security frameworks, and collaborating with compliance teams. Candidates should possess at least 5 years of software development experience, knowledge in DevSecOps, and familiarity with cloud technologies. This position is integral to securing information systems across various Disney platforms, supporting innovative consumer experiences and operational excellence. #J-18808-Ljbffr

About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all - bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Application Security The Role: Staff Blockchain Security Engineer As a member of the Application Security (AppSec) team, you will share in the responsibility of protecting the company and our customers against application security threats. The AppSec team is focused on the advancement of modern application security practices and supports the engineering organization by finding, fixing, and preventing software security vulnerabilities. As a Staff Blockchain Security Engineer on the Application Security team focusing on blockchain security, you will work closely with on-chain engineering and product teams to provide security recommendations and identify security issues throughout the on-chain software development lifecycle. You will lead security reviews of Web3 products, integrate secure development practices into our on-chain SDLC, and develop tooling to identify, mitigate, and monitor blockchain-specific threats. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office. Responsibilities Lead in-depth security reviews of smart contracts, blockchain protocols, and Web3 applications for architectural flaws, security vulnerabilities, and best practice violations Collaborate and advise on-chain engineering teams on Web3 security best practices and vulnerability remediation Design and implement secure on-chain SDLC processes for on-chain product teams Develop, maintain, and improve security tooling for blockchain ecosystems (fuzzers, static analysis, etc.) Partner with legal, compliance, and risk teams to address security, regulatory, and operational risks of blockchain features Minimum Qualifications 8+ years of experience in application security, Web3 security, or similar roles Strong background in Web3 security reviews such as smart contract audits, blockchain protocols, and dApps Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.) Experience with secure key management and wallet systems Familiarity with blockchain security tools (slither, echidna, etc) Some background in development or scripting experience (Python, Scala, C++, JavaScript, etc.) Familiarity with and ability to understand business objectives, business context, and security risk Strong communication skills and the ability to collaborate on a cross-functional team Preferred Qualifications Experience with formal verification of smart contracts Prior experience in cryptocurrency exchanges, DeFi platforms, or NFT marketplaces Active contributor to blockchain security communities, bug bounty programs, or published exploit research Ability to define and execute a long-term blockchain security roadmap in partnership with engineering leadership It Pays to Work Here The compensation & benefits package for this role includes: Competitive starting salary A discretionary annual bonus Long-term incentive in the form of a new hire equity grant Comprehensive health plans 401K with company matching Paid Parental Leave Flexible time off Salary Range The base salary range for this role is between $168,000 - $240,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate's compensation, we consider a number of factors including skillset, experience, job scope, and current market data. In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce. At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know. #J-18808-Ljbffr

About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all - bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Application Security The Role: Staff Blockchain Security Engineer As a member of the Application Security (AppSec) team, you will share in the responsibility of protecting the company and our customers against application security threats. The AppSec team is focused on the advancement of modern application security practices and supports the engineering organization by finding, fixing, and preventing software security vulnerabilities. As a Staff Blockchain Security Engineer on the Application Security team focusing on blockchain security, you will work closely with on-chain engineering and product teams to provide security recommendations and identify security issues throughout the on-chain software development lifecycle. You will lead security reviews of Web3 products, integrate secure development practices into our on-chain SDLC, and develop tooling to identify, mitigate, and monitor blockchain-specific threats. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office. Responsibilities Lead in-depth security reviews of smart contracts, blockchain protocols, and Web3 applications for architectural flaws, security vulnerabilities, and best practice violations Collaborate and advise on-chain engineering teams on Web3 security best practices and vulnerability remediation Design and implement secure on-chain SDLC processes for on-chain product teams Develop, maintain, and improve security tooling for blockchain ecosystems (fuzzers, static analysis, etc.) Partner with legal, compliance, and risk teams to address security, regulatory, and operational risks of blockchain features Minimum Qualifications 8+ years of experience in application security, Web3 security, or similar roles Strong background in Web3 security reviews such as smart contract audits, blockchain protocols, and dApps Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.) Experience with secure key management and wallet systems Familiarity with blockchain security tools (slither, echidna, etc) Some background in development or scripting experience (Python, Scala, C++, JavaScript, etc.) Familiarity with and ability to understand business objectives, business context, and security risk Strong communication skills and the ability to collaborate on a cross-functional team Preferred Qualifications Experience with formal verification of smart contracts Prior experience in cryptocurrency exchanges, DeFi platforms, or NFT marketplaces Active contributor to blockchain security communities, bug bounty programs, or published exploit research Ability to define and execute a long-term blockchain security roadmap in partnership with engineering leadership It Pays to Work Here The compensation & benefits package for this role includes: Competitive starting salary A discretionary annual bonus Long-term incentive in the form of a new hire equity grant Comprehensive health plans 401K with company matching Paid Parental Leave Flexible time off Salary Range The base salary range for this role is between $168,000 - $240,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate's compensation, we consider a number of factors including skillset, experience, job scope, and current market data. In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce. At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know. #J-18808-Ljbffr

About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all - bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Application Security The Role: Staff Application Security Engineer As a member of the Application Security (AppSec) team, you will share in the responsibility of protecting the company and our customers against application security threats. The AppSec team is focused on the advancement of modern application security practices and supports the engineering organization by finding, fixing, and preventing software security vulnerabilities. As a Staff Application Security Engineer on Gemini's AppSec team, you will work closely with security, engineering, and product teams to set technical direction and provide security recommendations while identifying security issues throughout the software development lifecycle. This includes leading high-risk secure design reviews, threat modeling, and building paved roads among other activities. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office. Responsibilities Own and evolve the Gemini Secure Software Development Lifecycle guardrails as an application security subject matter expert Lead architecture reviews, threat modeling, code reviews, and penetration testing for high-risk applications and services Research, build and drive adoption of high-signal application security automation and secure‑by‑default frameworks Create and deliver hands‑on application security training to enable engineers at scale Participate in the Application Security on‑call rotation and lead post‑incident hardening Minimum Qualifications Proven ability to perform design reviews, threat modeling, secure code reviews, and penetration testing with an attacker mindset Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.) Deep code review proficiency in Scala/JVM (preferred) or other languages and at least one of Python/Go/etc for building; able to review production services in other languages Experience implementing custom detection and prevention application security controls to eliminate application security issues beyond OWASP Top 10 Familiarity with and ability to understand business objectives, business context, and security risk Strong cross‑functional communication and collaboration (Security, Engineering, and Product) Typically 7‑10+ years of experience or equivalent impact in application security, product security, or similar roles Preferred Qualifications Experience implementing supply chain security controls (SCA, SLSA, signing, etc.) Prior experience in cryptocurrency firms or highly regulated environments (PCI DSS, SOX, SOC2, ISO 27001) Open‑source impact such as conference talks, blogs/papers, tooling, or libraries It Pays to Work Here Competitive starting salary A discretionary annual bonus Long‑term incentive in the form of a new hire equity grant Comprehensive health plans 401K with company matching Paid Parental Leave Flexible time off Salary Range The base salary range for this role is between $168,000 - $240,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate's compensation, we consider a number of factors including skillset, experience, job scope, and current market data. In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in‑person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce. At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know. #J-18808-Ljbffr

A leading data collaboration platform in San Francisco seeks a Senior Security Engineer to enhance threat detection and automation strategies. The role involves implementing detection logic, automating workflows, and developing scalable cloud solutions. Candidates should have a Bachelor's degree in a relevant field and strong skills in security automation and detection engineering. This position offers competitive compensation with a base range of $131,500 to $203,000. #J-18808-Ljbffr

A blockchain technology company is seeking a Software Engineer in San Francisco to design and build core infrastructure. Responsibilities include developing secure distributed systems and collaborating with teams to enhance blockchain accessibility. The role offers competitive compensation, autonomy in work, and opportunities for international candidates with visa sponsorship. A minimum salary range of $150,000 - $190,000 is provided. #J-18808-Ljbffr

A leading entertainment and media enterprise is seeking a Senior Software Engineer to enhance cybersecurity efforts. The role involves designing internal tools, managing security frameworks, and collaborating with compliance teams. Candidates should possess at least 5 years of software development experience, knowledge in DevSecOps, and familiarity with cloud technologies. This position is integral to securing information systems across various Disney platforms, supporting innovative consumer experiences and operational excellence. #J-18808-Ljbffr

A leading entertainment and media enterprise is seeking a Senior Software Engineer to enhance cybersecurity efforts. The role involves designing internal tools, managing security frameworks, and collaborating with compliance teams. Candidates should possess at least 5 years of software development experience, knowledge in DevSecOps, and familiarity with cloud technologies. This position is integral to securing information systems across various Disney platforms, supporting innovative consumer experiences and operational excellence. #J-18808-Ljbffr

A leading media and community platform is seeking a Product Manager specializing in Access & Identity. This role involves owning the strategy to enhance user account protection and ensure compliance with regulations. The ideal candidate will have extensive product management experience focused on identity verification and fraud prevention. The position supports a hybrid work model where team members are expected to work in-office two days a week. Competitive salary and benefits are offered. #J-18808-Ljbffr

Ready to play a key role in building the future of living? Join Samara in tackling California's housing shortage and enabling people to attain sustainable housing without compromising design or quality. Our flagship product, Backyard, is a fully turnkey, premium accessory dwelling unit (ADU) designed for homeowners and real estate developers. As we expand our offerings and scale our in-house development initiatives, we're at a pivotal moment, redefining homeownership through high-quality, attainable infill housing. Backed by top-tier investors, including Airbnb, Thrive Capital, and 8VC, Samara is positioned for significant growth and market impact. To support our next phase of growth, we're hiring product-focused engineers to advance and scale the technical foundation of our modular system. These roles go beyond traditional design work-they refine system standards, improve factory repeatability, and ensure our units are code-compliant, manufacturable, and built to the highest standards of quality and performance. The MEP Systems Engineer will be responsible for the detailed design and implementation of mechanical, electrical, plumbing, and PV systems tailored for modular construction building systems. This role requires a deep understanding of MEP systems combined with practical experience in modular construction. You will collaborate closely with leadership, crossfunctional design and engineering teams to integrate all technical and user experience requirements into our designs to ensure optimal functionality, sustainability, and compliance with all regulations. What You'll Do Design and develop integrated MEP systems for our new and existing designs including solar energy systems, including PV and ESS, optimized for prefabricated modular construction Ensure that solar and energy storage designs align with overall MEP system functionality and building energy requirements Lead the creation of comprehensive design documents, schematics, component material selections and system layouts, preferably using CAD and BIM software Provide technical leadership during the installation and commissioning phases to ensure systems meet design specifications and performance standards Conduct system testing and validation to ensure functionality, efficiency, and safety of both MEP and PV installations Collaborate closely with installation teams to facilitate seamless and efficient factory and onsite implementation of design Engage in research and application of the latest technologies and practices in renewable energy and modular construction Work with program managers and other engineering disciplines to ensure holistic integration of all systems within Samara modular units What We're Looking For Modular construction experience in factory builds, multi-mod, stackable and/or other hands on related experience. Licensed Electrician or Mechanical Contractor -and/or- Bachelor's degree in Mechanical, Electrical, or Energy Systems Engineering, or a related field Professional Engineering (PE) license preferred Minimum of 7 years of experience in one of the following: Mechanical, Electrical, Solar and/or Plumbing System design Comprehensive knowledge of building codes, safety regulations, and sustainability practices relevant to MEP and renewable energy systems Proficiency in design software such as Onshape, Revit, and/or other BIM methodologies preferred Excellent problem-solving skills and the ability to adapt designs to changing technological and regulatory landscapes Strong communication and leadership skills, capable of driving project decisions and managing complex stakeholder relationships Ability to travel to our factory in Mexico up to 25-40%. What We Offer Salary range of $120-160K and performance-based bonuses. Hybrid work schedule with 3 days each week in our Redwood City office. Snacks and Lunch on in-office days Early stage employee equity. Exceptional health, dental, and vision insurance. 401k eligibility after 6 months. Flexible PTO policy. How to Apply If you're excited to support Samara's mission and have the skills to match, we'd love to hear from you. Please submit your resume and a brief letter of introduction to our team. Let's build something extraordinary-together.

About the Company Rain makes the next generation of payments possible across the globe. We're a lean and mighty team of passionate builders and veteran founders. Our infrastructure makes stablecoins usable in the real-world by powering card transactions, cross-border payments, B2B purchases, remittances, and more. We partner with fintechs, neobanks, and institutions to help them launch solutions that are global, inclusive, and efficient. You will have the opportunity to deliver massive impact at a hypergrowth company that is funded by some of the top investors in fintech, crypto, and SaaS, including Sapphire Ventures, Norwest, Galaxy Ventures, Lightspeed, Khosla, and several more. If you're curious, bold, and excited to help shape a borderless financial future, we'd love to talk. Our Ethos We believe in an open and flat structure. You will be able to grow into the role that most aligns with your goals. Our team members at all levels have the freedom to explore ideas and impact the roadmap and vision of our company. What You'll Do As a Security Engineer with a focus on Application Security, you'll be a key contributor in embedding security into Rain's engineering lifecycle and supporting delivery of secure, trusted applications: Lead application security assessments, including vulnerability scanning, code reviews, and threat modeling with engineering teams Partner closely with product and development squads to drive remediation and help teams understand and resolve security findings efficiently Integrate and scale automated security tooling across CI/CD pipelines (SAST, DAST, SCA, IaC) to shift security left Develop and maintain application security standards, patterns, and guardrails that reduce risk and support rapid delivery Drive threat modeling and risk assessments for new features, APIs, and services Collaborate with Cloud & Infrastructure Security to align security controls across layers and support cloud-native security requirements Support incident response for application-level security events and contribute to root-cause analysis and future mitigation strategies Help build internal training and awareness programs to elevate secure coding and developer security literacy Track and surface key security metrics, trends, and continuous improvement insights to leadership What we're looking for 4-8+ years of experience in security engineering, application security, offensive security, or secure software development; strong track record of securing modern applications Hands-on experience with security tools such as Semgrep, Burp Suite, Snyk, Trivy, or similar for static, dynamic, and dependency security analysis Solid understanding of web, API, and mobile security vulnerabilities (e.g., OWASP Top 10, API Top 10) Experience driving or participating in threat modeling and secure design reviews Familiarity with cloud concepts and securing cloud workloads Collaborative mindset - you enjoy working closely with engineers to co-create practical security solutions Practical understanding of SDLC and integrating security into development workflows Ability to independently identify, prioritize, and drive remediation on critical findings Experience balancing security risk with business and technical constraints Nice to have, but not mandatory Experience or exposure to runtime application protection (RASP) or advanced monitoring (e.g., eBPF-based tooling) Experience with cloud security automation frameworks such as Security Hub remediations or DLP improvements Security certifications like CISSP, CSSLP, OSCP, GWAPT, or similar Familiarity with compliance frameworks like SOC 2, ISO 27001, OWASP SAMM and aligning controls Prior experience in fintech, payments, or highly regulated environments Exposure to API security tooling and design best practices Things that enable a fulfilling, healthy, and happy experience at Rain: Unlimited time off 🌴 Unlimited vacation can be daunting, so we require Rainmakers to take at least 10 days off. Flexible working ☕ We support a flexible workplace. If you feel comfortable at home, please work from home. If you'd like to work with others in an office, feel free to come in. We want everyone to be able to work in the environment in which they are their most confident and productive selves. New Rainmakers will receive a stipend to create a comfortable home environment. Easy to access benefits 🧠For US Rainmakers, we offer comprehensive health, dental, and vision plans for you and your dependents, as well as a 100% company subsidized life insurance plan. Retirement goals💡Plan for the future with confidence. We offer a 401(k) with a 4% company match. Equity plan 📦 We offer every Rainmaker an equity option plan so we can all benefit from our success. Rain Cards 🌧️ We want Rainmakers to be knowledgeable about our core products and services. To support this mission, we issue a card for our team to use for testing. Health and Wellness 📚 High performance begins from within. Rainmakers are welcome to use their card for eligible health and wellness spending like gym memberships/fitness classes, massages, acupuncture - whatever recharges you! Team summits ✨ Summits play an important role at Rain! Time spent together helps us get to know each other, strengthen our relationships, and build a common destiny. Expect team and company off-sites both domestically and internationally.

Prelude Security is building the category leader in Runtime Memory Protection - an endpoint product that detects and blocks in-memory execution, memory zero-day exploitation, and ransomware execution entirely from user mode. We are a small team of security researchers and software developers working to reinvent the way we protect endpoints in a world where threats are complex, emergent, and accelerating. Backed by Sequoia Capital, Insight Partners, and other leading investors, we are building an advanced security solution to detect in-memory attacks on endpoints, which is written in Rust and runs exclusively in user mode. It leverages advances in modern edge computing architecture, hardware-level telemetry, and a graph-based understanding of the Windows operating system to catch adversaries the moment that they compromise an endpoint. Rather than endlessly attempting to predict what an adversary might do, trapping adversaries at this universal and unavoidable chokepoint that lies at the center of their operations allows us to focus all of our efforts on what they must do, regardless of their sophistication or how much creativity (or AI) they apply to their tactics. Our goal is simple: to detect out-of-context execution in a way that remains entirely outside the adversary's control. Out-of-context execution occurs when an attacker coerces an application to run code paths that were not intended by the original application. This includes in-memory execution techniques such as local and remote injection, exploitation that results in the execution of dynamic code, and fileless malware Role Prelude is seeking a Principal Security Researcher to conduct in-depth technical analysis of modern and adaptive adversary tactics, Windows internals, and operating system telemetry sources, enabling the development of relevant tests and effective detections within Prelude's endpoint protection platform. As a subject matter expert, you will specialize in one or more areas crucial to Prelude's research, such as operating system internals, reverse engineering, malware development, offensive security, program analysis, performance profiling or detection engineering. Success in this role hinges on delivering high-quality research, driving innovation, adapting swiftly, and fostering collaboration across teams and business units. Given the confidential nature of our work, we require an NDA to be signed after an introductory call if there is mutual interest in moving forward. Responsibilities Conduct in-depth research on operating system internals to pinpoint sources of defensive telemetry crucial for detecting adversary tactics, specifically targeting code execution Analyze modern adversary tradecraft, deciphering technique relevance, inner workings, and detectability Translate and implement research findings into actionable improvements for Prelude's endpoint protection platform Produce high-quality, public-facing security research content, including blog posts and conference talks Stay abreast of cutting-edge offensive and defensive security techniques through continuous self-study and research Serve as the subject matter expert in adversary tradecraft and security operations, supporting other business units on their projects as needed Support other Researchers on the team with their research and actively engage in team-driven initiatives Skills and Experience Deep knowledge of Windows operating system internals and static/dynamic reverse engineering Our most commonly used tools: IDA Pro, Binary Ninja, Ghidra, and WinDbg 5+ years of experience in one or more of the following areas: Offensive security, specifically red team operations or purple teaming Detection engineering, specifically, writing robust, production-scale queries in any major EDR Systems programming, ideally using Rust or C/C++ Program analysis and performance profiling Strong understanding of how modern EDRs/XDRs work internally Ability to explain complex technical concepts and research outputs to both executive-level and highly technical consumers Aptitude for working in a fast-paced, adaptive startup environment Nice to Haves Prior experience in enterprise software development using Rust Prior vulnerability research and exploit development experience Working at Prelude Prelude is a fully remote team across the US & Canada, built on trust, autonomy, and excellence. We empower our team to take ownership, move with purpose, and continuously improve. Our culture values top performers who align with our mission and embrace high standards. We offer generous healthcare, flexible PTO, and home-office support, ensuring our team has the freedom and resources to thrive. While we move fast, we prioritize quality, collaboration, and remain committed to building impactful security solutions with precision.

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to accomplish their financial goals and help them save time and money. We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments. We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com. As a Cyber Defense Lead, you will join Experian's Cyber Fusion Center, performing in-depth analysis, evaluation and response to security threats. The team provides global 24x7 security operations and monitoring for cybersecurity events affecting Experian. It is the first line of defense in Experian's broader incident response and incident management responsibilities. The team receives and triages cybersecurity alerts, including being the dedicated contact for potential security incidents reported by users (e.g., Experian employees). You will report into the Sr. Manager of SecOps and Threat Detection. You'll have opportunity to: + Monitor the daily operations of the team, being the primary liaison between analysts and leadership + Provide advanced support and act as a designated contact for the Cyber Defense Analysts (e.g., consulting on investigation / analysis) + Oversee response activities for security events and alerts associated with cyber threats, intrusions, or compromises + Use investigative experience and technical skills to analyze events using security tooling and logging (e.g., SIEM, EDR) and assess potential risk + Monitor for anomalous changes in metrics, notable open incidents, quality concerns, or observed risks + Complete assigned caseload throughout the incident response lifecycle, including analysis, containment, eradication, recovery, and lessons learned + Ensure incident updates are performed, documented and that case hand-off processes are completed + Be a mentor to Cyber Defense Analysts, providing feedback on the quality of work to analyst(s) and management + Lead the development of relevant Standard Operating Procedures (SOPs), and training materials + Collaborate with the Cyber Threat Intelligence (CTI) and content development teams (Threat Detection Engineering) on use case developments + 5+ years of information security experience working within a Security Operations Center or Cyber Security Incident Response Teams; at least 1 of which ideally includes experience as a team lead + Bachelor's Degree in Computer Science, Computer Engineering, Information Systems, Information Security, or a related field. + History of interpreting device and application logs from a variety of sources (e.g., Firewalls, Proxies, System Logs, Splunk) to identify cause + 1+ professional certifications related to Digital Forensics, Incident Response, or Ethical Hacking(e.g., GCIH, GMON, GSOC, CEH, GCFA, ENCE) + Information security management certifications (CISSP, CISM) + Knowledge of the Incident Response Life Cycle, MITRE ATT&CK Framework, and Cyber Kill Chain + Understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, NetFlow), Cloud Infrastructure (AWS, Azure, GCP), and Security Technologies (Anti-Virus, Intrusion Prevention, Web Application Firewalls) + Experience with Security Monitoring applications such as SIEM (e.g., QRadar, Splunk), EDR (e.g., CrowdStrike Falcon, Microsoft Defender) + Experience with SOAR technologies such as Palo Alto XSOAR and Google SecOps (Chronicle) + Security analysis and architecture knowledge using tools including Defender for Cloud, Wiz.io, GuardDuty, CloudTrail, or CloudWatch. + Record of improving the way work is performed, originating action and ideas to lead enhancements to existing processes. + Abvailable to work outside of normal work hours to respond to cybersecurity incidents Benefits/Perks: + Great compensation package and bonus plan + Core benefits including medical, dental, vision, and matching 401K + Flexible work environment, ability to work remote, hybrid or in-office + Flexible time off including volunteer time off, vacation, sick and 12-paid holidays + Explore all our exciting benefits here: ************************************************ At Experian, our people and culture set us apart. We're deeply committed to creating an environment where everyone feels they belong and can excel. From inclusion and authenticity to work/life balance, development, wellness, collaboration, and recognition, we focus on what truly matters. Our people-first approach has earned us global recognition: World's Best Workplaces 2024 (Fortune Top 25), Great Place To Work 2025 in 26 countries, and Glassdoor Best Places to Work 2024, among others. Want to see what life at Experian is really like? Explore Experian Life on social or visit our Careers Site. Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above. Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience, and education. You will be also eligible for a variable pay opportunity. Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity. #LI-Remote

We are in the business of creativity... making some of the most beloved film and television of all time for every platform in the world. As the most creative and proudly independent studio, our future is boundless. Sony Pictures Entertainment (SPE) is a division of Sony Corporation, a creative entertainment company built on a foundation of technology. Along with our sister companies, we make movies, television, music and games that engage billions of people, connecting creators and audiences around the globe. We are looking for innovators to join us as we forge the future of entertainment! Role Summary: The Manager, Security Engineer Training & Behavior plays a key role in building the foundation for Sony Pictures Entertainment's security culture by designing and deploying systems that embed secure behaviors directly into employee workflows. This hands-on role focuses on creating automation, nudging, and workflow mechanisms that make secure actions seamless, intuitive, and habit-forming. Over time, these foundations will enable gamification, microlearning, and emerging technologies to reinforce secure decisions in real time. Success requires a strong mix of technical skill, behavioral insight, and systems thinking to deliver scalable, user-centered solutions that drive measurable change. Collaboration, clarity, and an ability to translate complex security concepts into accessible content are essential. Key Responsibilities: Working closely with the Director of Information Security Awareness & Training, this role drives the technical execution of initiatives that embed secure behaviors into employee workflows through automation, gamification, and smart system design, reducing friction across IT and security tools and making secure choices the intuitive default. + System Design & Hands-On Implementation + Design and implement automations, integrations, and systems that embed secure behaviors into workflows + Use scripting and APIs to deliver adaptive security nudges and alerts + Create nudging infrastructure using low/no-code tools + Develop in-product guidance (extensions, add-ins, notifications) for real-time reinforcement + Identify and fix usability gaps in security controls to reduce friction across platforms (SharePoint, Outlook, Teams, LMS) + Scenario-Based Learning & Behavior Experimentation + Design experiential simulations across data protection, access control, social engineering, and collaboration + Move beyond static phishing tests toward adaptive, trust-building learning experiences + Conduct tabletop exercises and integrate insights into culture and behavior initiatives + Gamification & Microlearning Deployment + Apply gamification elements (challenges, leaderboards, streaks) + Help design role-based and microlearning moments integrated into our environments + Emerging Technology Implementation + Prototypes AI-based guidance tools (e.g., in-chat assistants, smart FAQs, real-time explainers) + Explores immersive learning pilots (e.g., interactive branching video, VR/AR prototypes) using available tec + Helps lead MVP testing of new technologies that could reduce friction and increase security enablement + Behavioral Data Architecture & Analytics + Support development of LRS/xAPI pipelines to capture behavioral data across systems + Shape dashboards and analytics models in Power BI, Tableau, etc. + Use telemetry to inform nudges and optimize campaigns over time Key Requirements: + Education + Bachelor's degree in Information Security, Behavioral Science, Computer Science, Human-Computer Interaction, Data Analytics, or a related field + Equivalent experience or relevant certifications (e.g., Power Automate, xAPI/LRS, Microsoft Graph, low-code platforms, cybersecurity fundamentals) may be considered in lieu of a formal degree + Experience + 5+ years of experience, particularly in areas such as cybersecurity, IT automation, behavioral engineering, or enterprise systems integration + Proven ability to build and implement behavior-change mechanisms, develop user-centric technical solutions as well as automation, nudging, and real-time learning interventions. + Experience with gamification, low-code tools, and collaboration with cross-functional teams is necessary + Skills & Certifications (Preferred) + Cybersecurity: Certified Information Systems Security Professional (CISSP), CompTIA Security+, or equivalent cybersecurity certifications + Automation & Workflow: Certificates in systems automation, workflow orchestration, or enterprise app development + Behavioral Design: Microsoft Power Platform certifications (e.g., Power Automate, Power Apps), and/or certifications in behavior design, UX design, or gamification strategy Key Emerging Trends Addressed in the Role + AI-generated phishing and deepfake detection + Context-aware, real-time nudging + Security UX; frictionless security enablement + Human risk scoring and behavioral segmentation + Adaptive, role-specific and data-informed microlearning experience + Zero-trust behavioral support and habit reinforcement + AI-supported engagement and automation Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics. To request an accommodation for purposes of participating in the hiring process, you may contact us at SPE_Accommodation_Assistance@spe.sony.com.

We are in the business of creativity… making some of the most beloved film and television of all time for every platform in the world. As the most creative and proudly independent studio, our future is boundless. Sony Pictures Entertainment (SPE) is a division of Sony Corporation, a creative entertainment company built on a foundation of technology. Along with our sister companies, we make movies, television, music and games that engage billions of people, connecting creators and audiences around the globe. We are looking for innovators to join us as we forge the future of entertainment! Role Summary: The Manager, Security Engineer Training & Behavior plays a key role in building the foundation for Sony Pictures Entertainment's security culture by designing and deploying systems that embed secure behaviors directly into employee workflows. This hands-on role focuses on creating automation, nudging, and workflow mechanisms that make secure actions seamless, intuitive, and habit-forming. Over time, these foundations will enable gamification, microlearning, and emerging technologies to reinforce secure decisions in real time. Success requires a strong mix of technical skill, behavioral insight, and systems thinking to deliver scalable, user-centered solutions that drive measurable change. Collaboration, clarity, and an ability to translate complex security concepts into accessible content are essential. Key Responsibilities: Working closely with the Director of Information Security Awareness & Training, this role drives the technical execution of initiatives that embed secure behaviors into employee workflows through automation, gamification, and smart system design, reducing friction across IT and security tools and making secure choices the intuitive default. System Design & Hands-On Implementation Design and implement automations, integrations, and systems that embed secure behaviors into workflows Use scripting and APIs to deliver adaptive security nudges and alerts Create nudging infrastructure using low/no-code tools Develop in-product guidance (extensions, add-ins, notifications) for real-time reinforcement Identify and fix usability gaps in security controls to reduce friction across platforms (SharePoint, Outlook, Teams, LMS) Scenario-Based Learning & Behavior Experimentation Design experiential simulations across data protection, access control, social engineering, and collaboration Move beyond static phishing tests toward adaptive, trust-building learning experiences Conduct tabletop exercises and integrate insights into culture and behavior initiatives Gamification & Microlearning Deployment Apply gamification elements (challenges, leaderboards, streaks) Help design role-based and microlearning moments integrated into our environments Emerging Technology Implementation Prototypes AI-based guidance tools (e.g., in-chat assistants, smart FAQs, real-time explainers) Explores immersive learning pilots (e.g., interactive branching video, VR/AR prototypes) using available tec Helps lead MVP testing of new technologies that could reduce friction and increase security enablement Behavioral Data Architecture & Analytics Support development of LRS/xAPI pipelines to capture behavioral data across systems Shape dashboards and analytics models in Power BI, Tableau, etc. Use telemetry to inform nudges and optimize campaigns over time Key Requirements: Education Bachelor's degree in Information Security, Behavioral Science, Computer Science, Human-Computer Interaction, Data Analytics, or a related field Equivalent experience or relevant certifications (e.g., Power Automate, xAPI/LRS, Microsoft Graph, low-code platforms, cybersecurity fundamentals) may be considered in lieu of a formal degree Experience 5+ years of experience, particularly in areas such as cybersecurity, IT automation, behavioral engineering, or enterprise systems integration Proven ability to build and implement behavior-change mechanisms, develop user-centric technical solutions as well as automation, nudging, and real-time learning interventions. Experience with gamification, low-code tools, and collaboration with cross-functional teams is necessary Skills & Certifications (Preferred) Cybersecurity: Certified Information Systems Security Professional (CISSP), CompTIA Security+, or equivalent cybersecurity certifications Automation & Workflow: Certificates in systems automation, workflow orchestration, or enterprise app development Behavioral Design: Microsoft Power Platform certifications (e.g., Power Automate, Power Apps), and/or certifications in behavior design, UX design, or gamification strategy Key Emerging Trends Addressed in the Role AI-generated phishing and deepfake detection Context-aware, real-time nudging Security UX; frictionless security enablement Human risk scoring and behavioral segmentation Adaptive, role-specific and data-informed microlearning experience Zero-trust behavioral support and habit reinforcement AI-supported engagement and automation The anticipated base salary for this position is $115,000-$150,000. This role may also qualify for annual incentive and/or comprehensive benefits. The actual base salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location of the position. Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics. SPE will consider qualified applicants with arrest or conviction records in accordance with applicable law. To request an accommodation for purposes of participating in the hiring process, you may contact us at SPE_Accommodation_Assistance@spe.sony.com.

Systems Security Engineer Dahlgren, VA Active Secret Clearance @Orchard is supporting a growing Federal contract with proven capabilities in cybersecurity. We are seeking a skilled Systems Security Engineer to be proposed for a new project supporting the Navy. This role will be based out of Dahlgren, VA and will be responsible for supporting the creation of hybrid software, web, and hardware products from initial specifications to final roll-out and maintenance, including sophisticated systems that run on the web. If awarded, this could be a fantastic opportunity to grow your career with a company that has built strong relationships within Defense and Intelligence. If selected, you will be asked to sign a letter of intent to join the team upon program award. As the Systems Security Engineer you will: Supporting A&A Cybersecurity policy and control evaluations. Preparing supporting RMF activities or current Government-approved processes for packages and artifacts. Obtaining approvals to operate. Implementation of security postures. Providing SME support in Information Assurance and Cybersecurity Life-Cycle management, coordination, and implementation as required by the applicable Authorizing Official. Provide RMF A&A ISSE support for all ashore and afloat packages. Responsible to integrate various network operating systems, application programs, and hardware devices. Manage development cycle associated with producing resilient software, hardware, and web application, including specification, design, coding, testing, and maintenance. Perform classified and unclassified tasks and actions to support A&A activities, A&A package reviews, scanning, reporting and remediation, and overall system security; consult with relevant A&A Validation teams in normal course of activities. Assist in development and execution of A&A plans for complex networks and IT systems; may include providing ISSO, Information Systems Security Engineer, and DIO support, and A&A analysis supporting documentation and artifacts in support of A&A, and compliant system administration across variety of environments supporting department offices, conference facilities, and land-based tactical equipment suites and laboratories. Provide IT Project and System Administrative support for accreditation including full authority to operate, interim authority to operate, authority to connect, Interim authority to test, Local authority to proceed and other required authorizations to support normal operations, special user events and requirements, and test events. Implement and maintain system security requirements, including STIGs, anti-virus software installations and updates, ESS installation and monitoring, responding to Cyber Directives, and other direction to ensure IT and Information Assurance controls are maintained. Perform and review vulnerability scans on all ISs using latest approved vulnerability scanning tools and signatures and ensure results properly mitigated, reviewed, documented, and reported. Support, test, monitor, and report any changes in ISs that may affect security posture and/or performance of IS. Monitor all system and audit logs and report potential security issues to ISSM; assist ISSM, Cybersecurity Branch Head, DIO, incident handling team, and law enforcement personnel in any investigations involving suspected security violations. Maintain accurate and up-to-date information in all required A&A applications. Provide subject matter expertise to perform cybersecurity operations for Corporate Operations IT and Technical Department IT. Collaborate with Government and other Contractor personnel to coordinate test and operation activities for Department IT. Develop, collect, maintain and submit A&A artifacts. Provide support for installing, managing, and troubleshooting any issues with vulnerability scanning software; perform scans on monthly and ad hoc basis for all Department IT and generate/consolidate scanning reports in centralized location; provide vulnerability scanning support for IT; responsible for opening trouble tickets with respective scanning software support for scanning and IA support. Responsible for creation, development, support, and lifecycle sustainment of all RMF A&A processes, including, but not limited to: Supporting A&A Cybersecurity policy and control evaluations. Preparing supporting RMF activities or current Government-approved processes for packages and artifacts. Obtaining approvals to operate. Implementation of security postures. Qualifications: Four (4) years professional experience IT security with DoD or Navy. Experience with vulnerability analysis, risk analysis, scanning for viruses and other detrimental software. Qualified experience in accreditation of systems and audits. Designated as IAT II level with T3. Bachelor's Degree in Engineering discipline desired but not required. Professional experience in systems engineering a plus.

Information Systems Security Analyst Dahlgren, VA Active Secret Clearance @Orchard is supporting a growing Federal contract with proven capabilities in cyber security. We are seeking a skilled Information Systems Security Analyst to be proposed for a new project supporting the Navy. This role will be based out of Dahlgren, VA and will be responsible for overseeing and managing information security program implementation within organization and other areas of responsibility. If selected, you will be asked to sign a letter of intent to join the team upon program award. As the Information Systems Security Analyst you will: Manages strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and/or other resources. Acquire and manage necessary resources, including leadership support, financial resources, and key security personnel, to support IT security goals, and reduce overall organizational risk. Advise and assist ISSM/ISSO in A&A process for command. Evaluate and support documentation, validation, and accreditation processes necessary to ensure that new IT systems meet NIST Special Publications Risk Management Framework (RMF) Cybersecurity requirements. Develop, review, and obtain Government approval of plans to assess security controls to include creating Security Assessment plan (SAP). Develop SAP and Rules of Engagement (ROE) for Government approval, outlining assessment scope, methodology, and resources. Conduct security control assessment, including activities such as Security Categorization Review, System Security Plan Analysis, and other assessments as defined in SAP; deliver comprehensive Security Assessment Report (SAR), documenting findings, vulnerabilities, and recommendations for remediation; include Vulnerability Assessment Report and Executive Briefing in report. Implement initial remediation actions based on SAR recommendations; deliver Issue Resolution Report and Remediation Status Report within timeline. Review, revise, develop, update, and maintain all RMF required artifacts associated with command's A&A program. Provide direct support for accreditation of systems/networks utilizing RMF process. Identify and recommend corrections for security deficiencies discovered during security and certification testing and continuous monitoring or identify risk acceptance for authorized representatives. Develop Plan of Actions (POAs) addressing outstanding security weaknesses identified in SAR, outlining remediation tasks and timelines; compile comprehensive Security Authorization Package, including SAR, POA, System Security Plan, and other relevant documents for Navy Authorizing Official review. Conduct comprehensive risk assessment, determining potential risks to organizational operations, assets, individuals, and organizations. Include Residual Risk Statement documenting remaining risks i; provide recommendation to NAO on residual risk acceptability, supported by Risk Acceptance Recommendation Report and briefing. Perform additional actions required to support electronic classroom deployment. Conduct Functional Area Needs Analyses and provide recommendations on Cybersecurity architecture, requirements, objectives, and policies. Provide research and analysis of new and emerging technologies in hardware, software, and applications and applicability to mission. Assess impacts of system modifications and technological advances; consult staff to gather and evaluate functional requirements, translate into technical solutions. Provide guidance on applicability of information systems to meet business needs. Guide, gather, and evaluate functional and security requirements. Translate requirements into guidance on applicability of information systems. Develop and document requirements, capabilities, and constraints for design procedures/processes; translate functional requirements into technical solutions. Integrate and align information security and IA policies to ensure system analyses meet security requirements. Specify power supply and heating, ventilation, and air conditioning (HVAC) requirements and configurations based on system performance expectations and design specifications. Qualifications: Four (4) years of experience in Cybersecurity. Bachelor's Degree or CNSSI 4012 certificate or ADQ GA7 desired but not required. May substitute successful completion of at least one of the following military training courses for desired education: NEC 2779 or 3372 or CIN W-3B-1500 or A-4C-1340 Requires a CompTIA Security+, Certified Authorization Professional (CAP), CompTIA Advanced Security Practitioner (CASP), or Project Management Professional (PMP) certification. Requires IAT Level II certification. Must maintain a Secret clearance / T3 investigation and be a U.S. citizen.

Full-time Description As a CAC/PKI Local Registration Authority (LRA) Information Security Specialist, you will provide services in support of the Army Network Enterprise Technology Command (NETCOM) on the Army Department of Defense Information Network (DoDIN-A) Cybersecurity and Network Operations Mission Support (ADCNOMS) contract. As a member of the CAC/PKI Registration Authority (LRA) operations team, you will provide token issuance, sustainment, maintenance, and revocation to the Army customer. Requirements Highlights of Responsibilities: Provide 24/7 On-Call and Emergency Response. Respond to emergency calls and arrive at the designated work site within two (2) hours after receiving the emergency call from the COR. Maintain an asset inventory list of all PKI daily operations equipment by location at all RA/LRA sites. Provide support for annual and semi-annual DoD Compliance Audits. Support the Army CIO/G6 Cyber Security Directorate and the NETCOM G3/5 in addressing audit findings to include mitigation and correction of findings in accordance with DoD PKI CPS and RPS. Develop and maintain On-the-Job Training packages. Support test events of the global management PKI system software and token versions to assess backwards compatibility and interoperability. Verify Subscriber's identity. Pre-register users with PKI. Validate NPE certificate requirements and forward revocation requests. Support issuance and renewal of SIPRNET tokens and/or NIPRNET Alternate Smart Card Logon. Support production of and delivery of an Issuance Report detailing number of tokens issued, revoked, renewed, and any issues encountered. Conduct duties as assigned through NSS/PKI RPS and DoD/PKI RA/LRA CPS. Complete General Officer / Senior Executive Service requests within 12 hours of receipt. Complete request for PIN reset, unlock code, revocation and re-issuance of a failed token CRI within 24 hours. Complete request for key recoveries within 48 hours. Complete new ASCL and NSS SIPRNET token request within 72 hours. Submit a monthly RA Activity Report. Submit a monthly Token Report of all tokens on hand to include returned and bad tokens. Provide the weekly RA Backlog Report of any activities that fall outside the response timelines identified in the sections titled Response Time. Prepare a monthly NSA Failed Token Report for HQDA to submit to NSA Program Manager Office. Qualifications Minimum Requirements: Secret Security Clearance with a completed Tier 5 (T5) background investigation Bachelor's degree 3+ years of experience Advanced operational expertise in Smart Tokens, PKI, Certificate Revocation, CAC Pin Reset, PKE, biometrics, logical and physical access, tactical PKI, and directory services. Have never been previously relieved of trusted role duties for reasons of negligence or nonperformance of duties. Have never been denied or had a security clearance revoked. Have never been convicted of a felony offense. Must complete RA/LRA training provided by DISA prior to receiving RA or LRA credentials. Preferred Qualifications: DoD Cyber Workforce Framework (DCWF 631) Information Systems Security Developer Intermediate qualified (BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science or CSC or GCLD or CASP+ or CCSP or Cloud+ or GSEC) or equivalent certification ITIL v4 Foundations certification Physical Requirements: Sitting for long periods Standing for long periods Ambulate throughout an office Ambulate between several buildings Stoop, kneel, crouch, or crawl as required Travel by land or air transportation 10% or less QBE is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender, gender-identity and/or expression, age, disability, Veteran status, genetic information, pregnancy (including childbirth, lactation, or other related medical conditions), marital-status, neurodivergence, ethnicity, ancestry, caste, military/uniformed service-member status, or any other characteristic protected by applicable federal, state, local, or international law.

As a CAC/PKI Local Registration Authority (LRA) Information Security Specialist, you will provide services in support of the Army Network Enterprise Technology Command (NETCOM) on the Army Department of Defense Information Network (DoDIN-A) Cybersecurity and Network Operations Mission Support (ADCNOMS) contract. As a member of the CAC/PKI Registration Authority (LRA) operations team, you will provide token issuance, sustainment, maintenance, and revocation to the Army customer. Requirements Highlights of Responsibilities: Provide 24/7 On-Call and Emergency Response Respond to emergency calls and arrive at the designated work site within two (2) hours after receiving the emergency call from the COR Provide leadership, supervision, and mentorship to the RA/LRA team, ensuring all responsibilities are executed in compliance with DoD PKI CPS and RPS requirements Provide RA support to the LRA personnel in creation of NIPRNET and SIPRNET PKI tokens Provide RA interface with the Trusted Agent (TA) for token request and distribution Maintain an asset inventory list of all PKI daily operations equipment by location at all RA/LRA sites Provide support for annual and semi-annual DoD Compliance Audits Support the Army CIO/G6 Cyber Security Directorate and the NETCOM G3/5 in addressing audit findings to include mitigation and correction of findings in accordance with DoD PKI CPS and RPS Develop and maintain On-the-Job Training packages Support test events of the global management PKI system software and token versions to assess backwards compatibility and interoperability Verify Subscriber's identity Pre-register users with PKI Validate NPE certificate requirements and forward revocation requests Support issuance and renewal of SIPRNET tokens and/or NIPRNET Alternate Smart Card Logon Support production of and delivery of an Issuance Report detailing number of tokens issued, revoked, renewed, and any issues encountered Conduct duties as assigned through NSS/PKI RPS and DoD/PKI RA/LRA CPS Complete General Officer / Senior Executive Service requests within 12 hours of receipt Complete request for PIN reset, unlock code, revocation and re-issuance of a failed token CRI within 24 hours Complete request for key recoveries within 48 hours Complete new ASCL and NSS SIPRNET token request within 72 hours Submit a monthly RA Activity Report Submit a monthly Token Report of all tokens on hand to include returned and bad tokens Provide the weekly RA Backlog Report of any activities that fall outside the response timelines identified in the sections titled Response Time Prepare a monthly NSA Failed Token Report for HQDA to submit to NSA Program Manager Office Minimum Requirements: Secret Security Clearance with a completed Tier 5 (T5) background investigation Bachelor's degree 5+ years of experience Advanced operational expertise in Smart Tokens, PKI, Certificate Revocation, CAC Pin Reset, PKE, biometrics, logical and physical access, tactical PKI, and directory services Have never been previously relieved of trusted role duties for reasons of negligence or nonperformance of duties Have never been denied or had a security clearance revoked Have never been convicted of a felony offense Must complete RA/LRA training provided by DISA prior to receiving RA or LRA credentials. Preferred Qualifications: DoD Cyber Workforce Framework (DCWF 631) Information Systems Security Developer Intermediate qualified (BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science or CSC or GCLD or CASP+ or CCSP or Cloud+ or GSEC) or equivalent certification ITIL v4 Foundations certification Physical Requirements: Sitting for long periods Standing for long periods Ambulate throughout an office Ambulate between several buildings Stoop, kneel, crouch, or crawl as required Travel by land or air transportation 10% or less QBE is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender, gender-identity and/or expression, age, disability, Veteran status, genetic information, pregnancy (including childbirth, lactation, or other related medical conditions), marital-status, neurodivergence, ethnicity, ancestry, caste, military/uniformed service-member status, or any other characteristic protected by applicable federal, state, local, or international law.