Senior Security Engineer jobs at The Walt Disney Company - 236 jobs

A leading cryptocurrency platform is seeking a Senior Platform Security Engineer in San Francisco. This role involves securing infrastructure through hardening services and enhancing cloud and non-cloud systems. Candidates should have 5+ years in Information Security, strong development skills in Python or Go, and experience with AWS and Kubernetes. The position requires in-person collaboration twice a week, and offers a competitive salary range of $140,000 - $200,000, alongside comprehensive benefits and a hybrid work model. #J-18808-Ljbffr

About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all - bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Platform Security The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure. The Role: Senior IAM Security Engineer The Platform Security team builds zero-trust identity and access management foundations so every Gemini team can authenticate and authorize securely. As a Senior IAM Security Engineer, you will contribute to building IAM services, authentication systems, and identity infrastructure that protect both our workforce and workloads. This is a hands-on engineering role where you'll write production code daily, not just configuration. You'll participate in the development and operation of IAM solutions from design through production. This role requires solid software development skills, strong understanding of authentication protocols, and hands‑on experience with PKI and secrets management. You'll collaborate with engineering teams to implement secure access patterns while maintaining usability. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office. Responsibilities Develop and maintain IAM services and authentication systems using Python or Go Implement workforce identity solutions with Okta and multi-IdP architectures Build and support PKI infrastructure and certificate lifecycle management for service authentication Contribute to secrets management platforms with automated rotation and zero‑knowledge patterns Implement authorization services, access control systems, and policy engines Collaborate with engineering teams on identity implementation and secure authentication patterns Participate in on‑call rotation for platform security incidents Minimum Qualifications Solid software development skills in Python or Go with experience building production services Strong understanding of identity protocols and standards including OAuth2, SAML, OpenID Connect, and WebAuthn Hands‑on experience with PKI systems, certificate management, and practical knowledge of cryptography Experience with HashiCorp Vault or similar secrets management platforms Working knowledgeof AWS IAM, STS, and cloud identity services Proficiency in Terraform for infrastructure-as-code Experience supporting high‑availability authentication services Preferred Qualifications Experience with Okta, Auth0, or similar enterprise IdP platforms Familiarity with SPIFFE/SPIRE and workload identity systems Understanding of zero‑trust architecture and BeyondCorp principles Experience with hardware security modules (HSM) and key management systems Interest in contributing to identity or cryptography open source projects It Pays to Work Here The compensation & benefits package for this role includes: Competitive starting salary A discretionary annual bonus Long-term incentive in the form of a new hire equity grant Comprehensive health plans 401K with company matching Paid Parental Leave Flexible time off Salary Range The base salary range for this role is between $140,000 - $200,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate's compensation, we consider a number of factors including skillset, experience, job scope, and current market data. In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce. At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know. #J-18808-Ljbffr

A leading cryptocurrency platform is seeking a Senior Platform Security Engineer in San Francisco. This role involves securing infrastructure through hardening services and enhancing cloud and non-cloud systems. Candidates should have 5+ years in Information Security, strong development skills in Python or Go, and experience with AWS and Kubernetes. The position requires in-person collaboration twice a week, and offers a competitive salary range of $140,000 - $200,000, alongside comprehensive benefits and a hybrid work model. #J-18808-Ljbffr

About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all - bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Security (Platform Security) The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure‑by‑default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non‑cloud infrastructure. The Role: Senior Platform Security Engineer The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. As a Senior Platform Security Engineer, you will build and maintain security controls across diverse environments-from hardening cloud and container orchestration systems to enhancing our non‑cloud infrastructure. This is a hands‑on engineering role where you'll write production code daily, not just configuration. You'll own security initiatives from design through production operations. This role requires strong software development skills, practical experience with AWS and Kubernetes security, and the ability to partner with engineering teams to enable secure delivery. You will also apply expertise in critical neighboring areas, including PKI, core cryptography, identity management, and network security, to ensure comprehensive protection across the stack. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office. Responsibilities: Build and maintain security controls for AWS and Kubernetes (EKS) environments, including guardrails, container security scanning, and infrastructure‑as‑code (Terraform) security Support IAM initiatives by helping to design and maintain access controls, role‑based access control (RBAC) models, and identity governance workflows Design, deploy, and maintain internal security services and platforms that other engineering teams rely on Act as a security partner to engineering teams, helping them make secure architecture decisions without blocking innovation Work across functions-partnering with AppSec, Threat Detection, and GRC-to identify and reduce risk across the entire stack Participate in on‑call rotation for platform security incidents Minimum Qualifications: 5+ years of experience in Information Security, SRE, or Systems Engineering Strong software development skills in Python or Go with experience building production services Solid experience with AWS (or similar cloud providers), including familiarity with IAM roles, VPCs, and native security controls Hands‑on experience with Kubernetes/EKS and containerization concepts, including pod security policies and container lifecycle Understanding of IAM principles, RBAC, and least‑privilege access models Proficiency in Terraform for infrastructure‑as‑code Ability to self‑scope and execute technical goals with minimal supervision Preferred Qualifications: Experience with identity providers (IdP) like Okta and standards like SAML/OIDC Experience writing Policy‑as‑Code (e.g., Open Policy Agent/Rego) Background in Linux systems engineering or network security Experience building and operating high‑availability critical systems It Pays to Work Here The compensation & benefits package for this role includes: Competitive starting pay A discretionary annual bonus Long‑term incentive in the form of a new hire equity grant Comprehensive health plans 401K with company matching Paid Parental Leave Flexible time off Salary Range: The base salary range for this role is between $140,000 - $200,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate's compensation, we consider a number of factors including skillset, experience, job scope, and current market data. In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in‑person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce. At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know. #LI-DS1 #J-18808-Ljbffr

A leading crypto platform is seeking a Senior IAM Security Engineer to secure identity and access management systems. The role involves developing IAM services, collaborating with engineering teams, and ensuring secure authentication patterns. Candidates should have solid software development skills in Python or Go, experience with PKI and secrets management, and a strong understanding of identity protocols. This position offers a competitive salary and a hybrid work approach, with office presence required twice a week in San Francisco or New York City. #J-18808-Ljbffr

Liftoff is a leading AI-powered performance marketing platform for the mobile app economy. Our end-to-end technology stack helps app marketers acquire and retain high-value users, while enabling publishers to maximize revenue across programmatic and direct demand. Liftoff's solutions, including Accelerate, Direct, Monetize, Intelligence, and Vungle Exchange, support over 6,600 mobile businesses across 74 countries in sectors such as gaming, social, finance, ecommerce, and entertainment. Founded in 2012 and headquartered in Redwood City, CA, Liftoff has a diverse, global presence. About Liftoff Security Team The Liftoff security team is dedicated to protecting Liftoff's customers, users, and employees. Our team architects Liftoff's security posture, designs and builds infrastructure and security improvements, consults with other teams as they develop and launch new products and features, and proactively plans for the unknown. Our work spans the entire company and technology stack, from infrastructure to web and mobile applications, as well as IT systems. We collaborate with key stakeholders to balance business needs while minimizing security risks. Our approach to security is deeply rooted in software engineering principles, emphasizing automation and the development of well-designed security tools. Responsibilities Establish secure software development standards and integrate security-minded thinking into the development process. Create frictionless paths for engineering teams to securely build and deploy software. Perform security assessments of systems and services to ensure compliance with security best practices. Partner with key stakeholders across the organization to build a culture of security-minded builders. Assess vendors to ensure their internal security controls meet Liftoff's security requirements and their products enable secure employee usage. Triage incoming threat events and vulnerabilities and ensure timely remediation and resolution of the issues. Conduct post-incident reviews, document findings, and implement necessary remediations. Develop tooling and automation to detect and mitigate active security threats within our systems. Requirements 5+ years of experience in security engineering or software engineering. Experience collaborating with cross-functional teams to deliver impactful security initiatives. Comfortable reading, writing, and maintaining code in multiple languages. Strong understanding of application security best practices. Ability to quickly understand complex engineering architectures and systems. Demonstrated ability to prioritize security efforts using a risk-based approach. Proficiency in Go, Python, Clojure, or JavaScript. Experience working on or collaborating with high-velocity, high-performing software engineering teams. Proven track record of scaling cloud infrastructure security. Excellent written and verbal communication skills. Working at Liftoff is fast-paced, fun, and challenging, and we thrive on innovation. Come join our team and help shape the future of the mobile app ecosystem. If this role sounds interesting to you, we would love to hear from you! Locations: This role is eligible for full-time remote work in one of our entities/states and Canada: CA, CO, ID, IL, FL, GA, MA, MI, MN, MO, NJ, NV, NY, OR, PA, TX, UT, and WA. We are a remote-first company with US hubs in Redwood City, Los Angeles, and New York City. Travel Expectations: We offer several opportunities for in-person team gatherings, including but not limited to project meetings, regional meetups, and company-wide events. We expect our employees to attend these gatherings at least once per quarter. These gatherings provide essential opportunities for collaboration, communication, and team building. Compensation: Liftoff offers all employees a full compensation package that includes equity and health/vision/dental benefits associated with your country of residence. Base compensation will vary based on the candidate's location and experience. The following are our base salary ranges for this role: SF Bay Area, Los Angeles/Orange County, NYC, Seattle: $220,000 - $240,000 All other California and Washington state locations, Austin, Boston, Denver, Portland: $202,400 - $220,800 All other cities and towns in our approved states: $189,200 - $206,400 #LI-EL1 We use Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process, we provide Covey with job requirements and candidate-submitted applications. We began using Covey Scout for Inbound on January 22, 2024. Please see the independent bias audit report covering our use of Covey here. Liftoff offers a fast-paced, collaborative, and innovative work environment where employees are empowered to grow and make an impact. We're shaping the future of the mobile app ecosystem-join us and help accelerate what's next. Liftoff's compensation strategy includes competitive salaries, equity, and benefits designed to support employee well-being and performance. We benchmark compensation based on role, level, and location to ensure fairness and market alignment. Benefits may include medical coverage, wellness stipends, and additional perks based on your country of residence. Liftoff is an equal opportunity employer. We are committed to creating an inclusive environment for all employees and applicants regardless of race, ethnicity, national origin, age, marital status, disability, sexual orientation, gender identity, religion, veteran status, or any other characteristic protected by applicable law. Agency and Third Party Recruiter Notice: Liftoff does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies in response to job postings. No fee will be paid to third parties who submit unsolicited candidates directly to our hiring managers or Recruiting Team. All candidates must be submitted via our Applicant Tracking System by approved Liftoff vendors who have been expressly requested to make a submission by our Recruiting Team for a specific job opening. No placement fees will be paid to any firm unless such a request has been made by the Liftoff Recruiting Team and such a candidate was submitted to the Liftoff Recruiting Team via our Applicant Tracking System.

Liftoff is a leading AI-powered performance marketing platform for the mobile app economy. Our end-to-end technology stack helps app marketers acquire and retain high-value users, while enabling publishers to maximize revenue across programmatic and direct demand. Liftoff's solutions, including Accelerate, Direct, Monetize, Intelligence, and Vungle Exchange, support over 6,600 mobile businesses across 74 countries in sectors such as gaming, social, finance, ecommerce, and entertainment. Founded in 2012 and headquartered in Redwood City, CA, Liftoff has a diverse, global presence. About Liftoff Security Team The Liftoff security team is dedicated to protecting Liftoff's customers, users, and employees. Our team architects Liftoff's security posture, designs and builds infrastructure and security improvements, consults with other teams as they develop and launch new products and features, and proactively plans for the unknown. Our work spans the entire company and technology stack, from infrastructure to web and mobile applications, as well as IT systems. We collaborate with key stakeholders to balance business needs while minimizing security risks. Our approach to security is deeply rooted in software engineering principles, emphasizing automation and the development of well-designed security tools. Responsibilities Establish secure software development standards and integrate security-minded thinking into the development process. Create frictionless paths for engineering teams to securely build and deploy software. Perform security assessments of systems and services to ensure compliance with security best practices. Partner with key stakeholders across the organization to build a culture of security-minded builders. Assess vendors to ensure their internal security controls meet Liftoff's security requirements and their products enable secure employee usage. Triage incoming threat events and vulnerabilities and ensure timely remediation and resolution of the issues. Conduct post-incident reviews, document findings, and implement necessary remediations. Develop tooling and automation to detect and mitigate active security threats within our systems. Requirements 5+ years of experience in security engineering or software engineering. Experience collaborating with cross-functional teams to deliver impactful security initiatives. Comfortable reading, writing, and maintaining code in multiple languages. Strong understanding of application security best practices. Ability to quickly understand complex engineering architectures and systems. Demonstrated ability to prioritize security efforts using a risk-based approach. Proficiency in Go, Python, Clojure, or JavaScript. Experience working on or collaborating with high-velocity, high-performing software engineering teams. Proven track record of scaling cloud infrastructure security. Excellent written and verbal communication skills. Working at Liftoff is fast-paced, fun, and challenging, and we thrive on innovation. Come join our team and help shape the future of the mobile app ecosystem. If this role sounds interesting to you, we would love to hear from you! Locations: This role is eligible for full-time remote work in one of our entities/states and Canada: CA, CO, ID, IL, FL, GA, MA, MI, MN, MO, NJ, NV, NY, OR, PA, TX, UT, and WA. We are a remote-first company with US hubs in Redwood City, Los Angeles, and New York City. Travel Expectations: We offer several opportunities for in-person team gatherings, including but not limited to project meetings, regional meetups, and company-wide events. We expect our employees to attend these gatherings at least once per quarter. These gatherings provide essential opportunities for collaboration, communication, and team building. Compensation: Liftoff offers all employees a full compensation package that includes equity and health/vision/dental benefits associated with your country of residence. Base compensation will vary based on the candidate's location and experience. The following are our base salary ranges for this role: SF Bay Area, Los Angeles/Orange County, NYC, Seattle: $220,000 - $240,000 All other California and Washington state locations, Austin, Boston, Denver, Portland: $202,400 - $220,800 All other cities and towns in our approved states: $189,200 - $206,400 #LI-EL1 We use Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process, we provide Covey with job requirements and candidate-submitted applications. We began using Covey Scout for Inbound on January 22, 2024. Please see the independent bias audit report covering our use of Covey here. Liftoff offers a fast-paced, collaborative, and innovative work environment where employees are empowered to grow and make an impact. We're shaping the future of the mobile app ecosystem-join us and help accelerate what's next. Liftoff's compensation strategy includes competitive salaries, equity, and benefits designed to support employee well-being and performance. We benchmark compensation based on role, level, and location to ensure fairness and market alignment. Benefits may include medical coverage, wellness stipends, and additional perks based on your country of residence. Liftoff is an equal opportunity employer. We are committed to creating an inclusive environment for all employees and applicants regardless of race, ethnicity, national origin, age, marital status, disability, sexual orientation, gender identity, religion, veteran status, or any other characteristic protected by applicable law. Agency and Third Party Recruiter Notice: Liftoff does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies in response to job postings. No fee will be paid to third parties who submit unsolicited candidates directly to our hiring managers or Recruiting Team. All candidates must be submitted via our Applicant Tracking System by approved Liftoff vendors who have been expressly requested to make a submission by our Recruiting Team for a specific job opening. No placement fees will be paid to any firm unless such a request has been made by the Liftoff Recruiting Team and such a candidate was submitted to the Liftoff Recruiting Team via our Applicant Tracking System.

About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all - bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Security (Threat Detection & Response) In the emerging industry of digital assets, there is nothing more important than trust (which is why Gemini's very first hires were Security experts). The Gemini Security team forms the backbone of all that we do and is as diverse as the number of challenges we tackle in the crypto space. From security architecture and engineering to maintenance of cold storage systems and data centers to cybersecurity and litigation support, our team ensures that our customers, clients, and employees are safe, secure, and supported. The Role: Senior Security Engineer In this role, you will be part of the team responsible for designing, building, and automating detection, response and intelligence gathering solutions, developing unique and creative detection mechanisms, monitoring security events, and leading responses to any security incidents. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office. Responsibilities: Own individual security solutions throughout their lifecycle, including design, development, and deployment, in order to continuously improve Gemini's ability to detect and respond to advanced, targeted threats Develop and improve processes and tools that supports the team rapidly iterating and responding to threats Gemini faces Engage in incident response and investigation efforts Analyze technical threat data to extract TTPs, malware techniques, and adversary methods Create and enhance countermeasures and detections for malware, attacker techniques, threat actor methodology, and suspicious events associated with intelligence obtained by the Gemini Team Produce well documented, resilient and manageable code that supports the streamlining and automation of the above Provide mentorship and guidance to junior engineers on the team in their growth and implementation of the above Minimum Qualifications: Significant DFIR/Threat Detection and Response experience Scripting proficiency in a common programming language (e.g. Python, Go) Hands-on familiarity with CI/CD, infrastructure as code, and microservices Aptitude in the use of containerization technologies (eg. Docker) Experience in the design and implementation of detection signatures spanning multiple security log sources (Splunk, EDR, etc.) Able to troubleshoot and debug issues, and demonstrate a methodical approach to root cause analysis Excellent oral and written communication skills, including the ability to interact effectively with leadership, engineers, vendors and peers Preferred Qualifications: Familiarity in the use of container orchestration systems (e.g. Kubernetes) Experience applying CI/CD concepts to the development and deployment of security detection mechanisms and tools Experience in host and memory forensics (including live response) for Windows, OSX, and / or Linux Experience with the analysis of new log and data sources and methodically incorporating them into a detection pipeline Practical experience applying analysis frameworks (e.g Kill Chain, ATT&CK, etc) Experience in automating any of the above using existing APIs and tools It Pays to Work Here The compensation & benefits package for this role includes: Competitive starting pay A discretionary annual bonus Long-term incentive in the form of a new hire equity grant Comprehensive health plans 401K with company matching Paid Parental Leave Flexible time off Salary Range: The base salary range for this role is between $140,000 - $200,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate's compensation, we consider a number of factors including skillset, experience, job scope, and current market data. In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce. At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know. #LI-DS1

About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all - bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Platform Security The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure. The Role: Senior IAM Security Engineer The Platform Security team builds zero-trust identity and access management foundations so every Gemini team can authenticate and authorize securely. As a Senior IAM Security Engineer, you will contribute to building IAM services, authentication systems, and identity infrastructure that protect both our workforce and workloads. This is a hands-on engineering role where you'll write production code daily, not just configuration. You'll participate in the development and operation of IAM solutions from design through production. This role requires solid software development skills, strong understanding of authentication protocols, and hands-on experience with PKI and secrets management. You'll collaborate with engineering teams to implement secure access patterns while maintaining usability. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office. Responsibilities: Develop and maintain IAM services and authentication systems using Python or Go Implement workforce identity solutions with Okta and multi-IdP architectures Build and support PKI infrastructure and certificate lifecycle management for service authentication Contribute to secrets management platforms with automated rotation and zero-knowledge patterns Implement authorization services, access control systems, and policy engines Collaborate with engineering teams on identity implementation and secure authentication patterns Participate in on-call rotation for platform security incidents Minimum Qualifications: Solid software development skills in Python or Go with experience building production services Strong understanding of identity protocols and standards including OAuth2, SAML, OpenID Connect, and WebAuthn Hands-on experience with PKI systems, certificate management, and practical knowledge of cryptography Experience with HashiCorp Vault or similar secrets management platforms Working knowledge of AWS IAM, STS, and cloud identity services Proficiency in Terraform for infrastructure-as-code Experience supporting high-availability authentication services Preferred Qualifications: Experience with Okta, Auth0, or similar enterprise IdP platforms Familiarity with SPIFFE/SPIRE and workload identity systems Understanding of zero-trust architecture and BeyondCorp principles Experience with hardware security modules (HSM) and key management systems Interest in contributing to identity or cryptography open source projects It Pays to Work Here The compensation & benefits package for this role includes: Competitive starting salary A discretionary annual bonus Long-term incentive in the form of a new hire equity grant Comprehensive health plans 401K with company matching Paid Parental Leave Flexible time off Salary Range: The base salary range for this role is between $140,000 - $200,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate's compensation, we consider a number of factors including skillset, experience, job scope, and current market data. In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce. At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know. #LI-ES1

About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all - bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Security (Platform Security) The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure. The Role: Senior Platform Security Engineer The Platform Security team secures Gemini's infrastructure through service hardening and by developing and supporting a suite of foundational tools. As a Senior Platform Security Engineer, you will build and maintain security controls across diverse environments-from hardening cloud and container orchestration systems to enhancing our non-cloud infrastructure. This is a hands-on engineering role where you'll write production code daily, not just configuration. You'll own security initiatives from design through production operations. This role requires strong software development skills, practical experience with AWS and Kubernetes security, and the ability to partner with engineering teams to enable secure delivery. You will also apply expertise in critical neighboring areas, including PKI, core cryptography, identity management, and network security, to ensure comprehensive protection across the stack. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office. Responsibilities: Build and maintain security controls for AWS and Kubernetes (EKS) environments, including guardrails, container security scanning, and infrastructure-as-code (Terraform) security Support IAM initiatives by helping to design and maintain access controls, role-based access control (RBAC) models, and identity governance workflows Design, deploy, and maintain internal security services and platforms that other engineering teams rely on Act as a security partner to engineering teams, helping them make secure architecture decisions without blocking innovation Work across functions-partnering with AppSec, Threat Detection, and GRC-to identify and reduce risk across the entire stack Participate in on-call rotation for platform security incidents Minimum Qualifications: 5+ years of experience in Information Security, SRE, or Systems Engineering Strong software development skills in Python or Go with experience building production services Solid experience with AWS (or similar cloud providers), including familiarity with IAM roles, VPCs, and native security controls Hands-on experience with Kubernetes/EKS and containerization concepts, including pod security policies and container lifecycle Understanding of IAM principles, RBAC, and least-privilege access models Proficiency in Terraform for infrastructure-as-code Ability to self-scope and execute technical goals with minimal supervision Preferred Qualifications: Experience with identity providers (IdP) like Okta and standards like SAML/OIDC Experience writing Policy-as-Code (e.g., Open Policy Agent/Rego) Background in Linux systems engineering or network security Experience building and operating high-availability critical systems It Pays to Work Here The compensation & benefits package for this role includes: Competitive starting pay A discretionary annual bonus Long-term incentive in the form of a new hire equity grant Comprehensive health plans 401K with company matching Paid Parental Leave Flexible time off Salary Range: The base salary range for this role is between $140,000 - $200,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate's compensation, we consider a number of factors including skillset, experience, job scope, and current market data. In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce. At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know. #LI-DS1

Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments. This contract Enterprise Security Logging Lead role supports a large federal agency in safeguarding digital identities and network assets within a large-scale IT environment. The lead will design, implement, and operate enterprise logging initiatives, utilizing tools such as Splunk and Qmulos. The role requires seasoned IT security expertise, hands-on technical skills, and strong communication and planning abilities. It's a high-impact opportunity to shape security logging and monitoring within a major federal agency. This is a multi-year contract position involving a large US federal agency. Candidates with previous federal contracting experience are preferred. U.S. Citizenship or Permanent Residency required. If hired, all work related to this role must be performed within the continental U.S. Responsibilities: Guide enterprise-scale logging initiatives and ensure compliance. Collaborate with IT and security stakeholders to meet logging and monitoring requirements. Implement and maintain the enterprise logging compliance platform. Enable the ability to monitor, detect, and respond to security events. Generate content, user guides, and reports for operational and compliance needs. Lead coordination of installations, updates, and maintenance of ELM and SIEM systems. Develop and maintain documentation for SIEM and ELM systems. Ensure log onboarding, reporting, and compliance requirements are met. Apply knowledge of threat detection and compliance auditing procedures. Utilize security controls automation and guidance documentation. Seven (7)+ years' experience with enterprise logging platforms (Splunk, Qmulos, or similar). Advanced degree in a technical/cyber-related field or equivalent experience/certifications. Ability to lead coordination of ELM and SIEM systems and software. Deep understanding of log onboarding, reporting, and compliance requirements. Experience developing and maintaining documentation for SIEM and ELM systems. Knowledge of change control processes and documentation. Familiarity with threat detection and compliance auditing procedures. Strong analytical and documentation skills. Excellent communication and coordination skills. Ability to work collaboratively with IT and security stakeholders. Proficiency in developing user guides and operational reports. Expertise in security controls automation. Strong problem-solving and critical-thinking abilities. Insurance - health, dental, and vision Paid Time Off (PTO) and 11 Federal Holidays 401(k) employer match

Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments. The Senior Endpoint Security Engineer supports a large U.S. federal agency by owning the reliability, configuration, and operational effectiveness of enterprise endpoint security platforms, with a primary focus on CrowdStrike Falcon. This role is responsible for ensuring continuous operation, secure configuration, integration, and incident responsiveness of endpoint detection and response (EDR) capabilities across a complex enterprise environment. The position is deeply hands-on, focused on platform administration, production support, and operational resilience rather than automation architecture or SOC analysis. This is a multi-year federal contract, fully remote (CONUS only). U.S. Citizenship or Permanent Residency required. Responsibilities: Ensure continuous operation and stability of enterprise endpoint security platforms Administer and maintain CrowdStrike Falcon, including EDR, Identity Protection, Forensics, and related modules Configure endpoint security policies in alignment with federal security guidelines and best practices Perform production testing, validation, and change support for EDR components Integrate EDR capabilities with other security systems and services Troubleshoot complex endpoint security issues in collaboration with security, infrastructure, and operations teams Respond to and support endpoint-related security incidents to ensure operational resilience Develop and maintain security baselines, configurations, and operational documentation Adapt platform configurations to evolving threats, tools, and mission requirements Contribute to continuous improvement of endpoint security posture across the enterprise Seven (7) years or more of direct experience administering EDR platforms (CrowdStrike preferred). Experience in development and production testing of EDR platform components. Ability to integrate EDR system components with other security systems. Familiarity with the CrowdStrike Falcon Platform. Ability to configure EDR solutions according to Federal Guidelines. Excellent problem-solving abilities and team collaboration skills. Relevant certifications such as ISC2 Certified Cloud Security Professional (CCSP) or ISC2 Certified Information Systems Security Professional (CISSP). Strong technical skills in EDR platform management. Proficient in troubleshooting and resolving complex security issues. Excellent communication and collaboration skills. Ability to adapt to evolving threat landscapes. Knowledge of Federal Guidelines and industry best practices. Experience in developing security baselines and documentation. Strong analytical and problem-solving skills. Ability to work effectively in a team environment. Insurance - health, dental, and vision Paid Time Off (PTO) and 11 Federal Holidays 401(k) employer match

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to accomplish their financial goals and help them save time and money. We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments. We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com. Job Description As a Cyber Defense Lead, you will join Experian's Cyber Fusion Center, performing in-depth analysis, evaluation and response to security threats. The team provides global 24x7 security operations and monitoring for cybersecurity events affecting Experian. It is the first line of defense in Experian's broader incident response and incident management responsibilities. The team receives and triages cybersecurity alerts, including being the dedicated contact for potential security incidents reported by users (e.g., Experian employees). You will report into the Sr. Manager of SecOps and Threat Detection. You'll have opportunity to: Monitor the daily operations of the team, being the primary liaison between analysts and leadership Provide advanced support and act as a designated contact for the Cyber Defense Analysts (e.g., consulting on investigation / analysis) Oversee response activities for security events and alerts associated with cyber threats, intrusions, or compromises Use investigative experience and technical skills to analyze events using security tooling and logging (e.g., SIEM, EDR) and assess potential risk Monitor for anomalous changes in metrics, notable open incidents, quality concerns, or observed risks Complete assigned caseload throughout the incident response lifecycle, including analysis, containment, eradication, recovery, and lessons learned Ensure incident updates are performed, documented and that case hand-off processes are completed Be a mentor to Cyber Defense Analysts, providing feedback on the quality of work to analyst(s) and management Lead the development of relevant Standard Operating Procedures (SOPs), and training materials Collaborate with the Cyber Threat Intelligence (CTI) and content development teams (Threat Detection Engineering) on use case developments Qualifications 5+ years of information security experience working within a Security Operations Center or Cyber Security Incident Response Teams; at least 1 of which ideally includes experience as a team lead Bachelor's Degree in Computer Science, Computer Engineering, Information Systems, Information Security, or a related field. History of interpreting device and application logs from a variety of sources (e.g., Firewalls, Proxies, System Logs, Splunk) to identify cause 1+ professional certifications related to Digital Forensics, Incident Response, or Ethical Hacking(e.g., GCIH, GMON, GSOC, CEH, GCFA, ENCE) Information security management certifications (CISSP, CISM) Knowledge of the Incident Response Life Cycle, MITRE ATT&CK Framework, and Cyber Kill Chain Understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, NetFlow), Cloud Infrastructure (AWS, Azure, GCP), and Security Technologies (Anti-Virus, Intrusion Prevention, Web Application Firewalls) Experience with Security Monitoring applications such as SIEM (e.g., QRadar, Splunk), EDR (e.g., CrowdStrike Falcon, Microsoft Defender) Experience with SOAR technologies such as Palo Alto XSOAR and Google SecOps (Chronicle) Security analysis and architecture knowledge using tools including Defender for Cloud, Wiz.io, GuardDuty, CloudTrail, or CloudWatch. Record of improving the way work is performed, originating action and ideas to lead enhancements to existing processes. Abvailable to work outside of normal work hours to respond to cybersecurity incidents Additional Information Benefits/Perks: Great compensation package and bonus plan Core benefits including medical, dental, vision, and matching 401K Flexible work environment, ability to work remote, hybrid or in-office Flexible time off including volunteer time off, vacation, sick and 12-paid holidays Explore all our exciting benefits here: ************************************************ At Experian, our people and culture set us apart. We're deeply committed to creating an environment where everyone feels they belong and can excel. From inclusion and authenticity to work/life balance, development, wellness, collaboration, and recognition, we focus on what truly matters. Our people-first approach has earned us global recognition: World's Best Workplaces™ 2024 (Fortune Top 25), Great Place To Work™ 2025 in 26 countries, and Glassdoor Best Places to Work 2024, among others. Want to see what life at Experian is really like? Explore Experian Life on social or visit our Careers Site. Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above. Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience, and education. You will be also eligible for a variable pay opportunity. Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity. #LI-Remote

Prelude Security is building the category leader in Runtime Memory Protection - an endpoint product that detects and blocks in-memory execution, memory zero-day exploitation, and ransomware execution entirely from user mode. We are a small team of security researchers and software developers working to reinvent the way we protect endpoints in a world where threats are complex, emergent, and accelerating. Backed by Sequoia Capital, Insight Partners, and other leading investors, we are building an advanced security solution to detect in-memory attacks on endpoints, which is written in Rust and runs exclusively in user mode. It leverages advances in modern edge computing architecture, hardware-level telemetry, and a graph-based understanding of the Windows operating system to catch adversaries the moment that they compromise an endpoint. Rather than endlessly attempting to predict what an adversary might do, trapping adversaries at this universal and unavoidable chokepoint that lies at the center of their operations allows us to focus all of our efforts on what they must do, regardless of their sophistication or how much creativity (or AI) they apply to their tactics. Our goal is simple: to detect out-of-context execution in a way that remains entirely outside the adversary's control. Out-of-context execution occurs when an attacker coerces an application to run code paths that were not intended by the original application. This includes in-memory execution techniques such as local and remote injection, exploitation that results in the execution of dynamic code, and fileless malware Role Prelude is seeking a Principal Security Researcher to conduct in-depth technical analysis of modern and adaptive adversary tactics, Windows internals, and operating system telemetry sources, enabling the development of relevant tests and effective detections within Prelude's endpoint protection platform. As a subject matter expert, you will specialize in one or more areas crucial to Prelude's research, such as operating system internals, reverse engineering, malware development, offensive security, program analysis, performance profiling or detection engineering. Success in this role hinges on delivering high-quality research, driving innovation, adapting swiftly, and fostering collaboration across teams and business units. Given the confidential nature of our work, we require an NDA to be signed after an introductory call if there is mutual interest in moving forward. Responsibilities Conduct in-depth research on operating system internals to pinpoint sources of defensive telemetry crucial for detecting adversary tactics, specifically targeting code execution Analyze modern adversary tradecraft, deciphering technique relevance, inner workings, and detectability Translate and implement research findings into actionable improvements for Prelude's endpoint protection platform Produce high-quality, public-facing security research content, including blog posts and conference talks Stay abreast of cutting-edge offensive and defensive security techniques through continuous self-study and research Serve as the subject matter expert in adversary tradecraft and security operations, supporting other business units on their projects as needed Support other Researchers on the team with their research and actively engage in team-driven initiatives Skills and Experience Deep knowledge of Windows operating system internals and static/dynamic reverse engineering Our most commonly used tools: IDA Pro, Binary Ninja, Ghidra, and WinDbg 5+ years of experience in one or more of the following areas: Offensive security, specifically red team operations or purple teaming Detection engineering, specifically, writing robust, production-scale queries in any major EDR Systems programming, ideally using Rust or C/C++ Program analysis and performance profiling Strong understanding of how modern EDRs/XDRs work internally Ability to explain complex technical concepts and research outputs to both executive-level and highly technical consumers Aptitude for working in a fast-paced, adaptive startup environment Nice to Haves Prior experience in enterprise software development using Rust Prior vulnerability research and exploit development experience Working at Prelude Prelude is a fully remote team across the US & Canada, built on trust, autonomy, and excellence. We empower our team to take ownership, move with purpose, and continuously improve. Our culture values top performers who align with our mission and embrace high standards. We offer generous healthcare, flexible PTO, and home-office support, ensuring our team has the freedom and resources to thrive. While we move fast, we prioritize quality, collaboration, and remain committed to building impactful security solutions with precision.

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to accomplish their financial goals and help them save time and money. We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments. We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com. As a Cyber Defense Lead, you will join Experian's Cyber Fusion Center, performing in-depth analysis, evaluation and response to security threats. The team provides global 24x7 security operations and monitoring for cybersecurity events affecting Experian. It is the first line of defense in Experian's broader incident response and incident management responsibilities. The team receives and triages cybersecurity alerts, including being the dedicated contact for potential security incidents reported by users (e.g., Experian employees). You will report into the Sr. Manager of SecOps and Threat Detection. You'll have opportunity to: + Monitor the daily operations of the team, being the primary liaison between analysts and leadership + Provide advanced support and act as a designated contact for the Cyber Defense Analysts (e.g., consulting on investigation / analysis) + Oversee response activities for security events and alerts associated with cyber threats, intrusions, or compromises + Use investigative experience and technical skills to analyze events using security tooling and logging (e.g., SIEM, EDR) and assess potential risk + Monitor for anomalous changes in metrics, notable open incidents, quality concerns, or observed risks + Complete assigned caseload throughout the incident response lifecycle, including analysis, containment, eradication, recovery, and lessons learned + Ensure incident updates are performed, documented and that case hand-off processes are completed + Be a mentor to Cyber Defense Analysts, providing feedback on the quality of work to analyst(s) and management + Lead the development of relevant Standard Operating Procedures (SOPs), and training materials + Collaborate with the Cyber Threat Intelligence (CTI) and content development teams (Threat Detection Engineering) on use case developments + 5+ years of information security experience working within a Security Operations Center or Cyber Security Incident Response Teams; at least 1 of which ideally includes experience as a team lead + Bachelor's Degree in Computer Science, Computer Engineering, Information Systems, Information Security, or a related field. + History of interpreting device and application logs from a variety of sources (e.g., Firewalls, Proxies, System Logs, Splunk) to identify cause + 1+ professional certifications related to Digital Forensics, Incident Response, or Ethical Hacking(e.g., GCIH, GMON, GSOC, CEH, GCFA, ENCE) + Information security management certifications (CISSP, CISM) + Knowledge of the Incident Response Life Cycle, MITRE ATT&CK Framework, and Cyber Kill Chain + Understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, NetFlow), Cloud Infrastructure (AWS, Azure, GCP), and Security Technologies (Anti-Virus, Intrusion Prevention, Web Application Firewalls) + Experience with Security Monitoring applications such as SIEM (e.g., QRadar, Splunk), EDR (e.g., CrowdStrike Falcon, Microsoft Defender) + Experience with SOAR technologies such as Palo Alto XSOAR and Google SecOps (Chronicle) + Security analysis and architecture knowledge using tools including Defender for Cloud, Wiz.io, GuardDuty, CloudTrail, or CloudWatch. + Record of improving the way work is performed, originating action and ideas to lead enhancements to existing processes. + Abvailable to work outside of normal work hours to respond to cybersecurity incidents Benefits/Perks: + Great compensation package and bonus plan + Core benefits including medical, dental, vision, and matching 401K + Flexible work environment, ability to work remote, hybrid or in-office + Flexible time off including volunteer time off, vacation, sick and 12-paid holidays + Explore all our exciting benefits here: ************************************************ At Experian, our people and culture set us apart. We're deeply committed to creating an environment where everyone feels they belong and can excel. From inclusion and authenticity to work/life balance, development, wellness, collaboration, and recognition, we focus on what truly matters. Our people-first approach has earned us global recognition: World's Best Workplaces 2024 (Fortune Top 25), Great Place To Work 2025 in 26 countries, and Glassdoor Best Places to Work 2024, among others. Want to see what life at Experian is really like? Explore Experian Life on social or visit our Careers Site. Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above. Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience, and education. You will be also eligible for a variable pay opportunity. Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity. #LI-Remote

Teads is the omnichannel outcomes platform for the open internet, driving full-funnel results for marketers across premium media. With a focus on meaningful business outcomes for branding and performance objectives, the combined company ensures value is driven with every media dollar by leveraging predictive AI technology to connect quality media, beautiful brand creative, and context-driven addressability and measurement. One of the most scaled advertising platforms on the open internet, Teads is directly partnered with more than 10,000 publishers and 20,000 advertisers globally. The company is headquartered in New York, with a global team of nearly 1,800 people in 30+ countries. For more information, visit ************** We're hiring a Senior Security Engineer to help shift security left across product and platform teams, while also supporting internal corporate security needs. You'll drive impact through enablement, automation, and practical risk reduction. Why this role matters You'll secure both what we build and how we work. That means embedding security into our products and CI/CD, and also supporting internal teams. Security here is not a gate; it's a force multiplier. You'll help engineering teams move faster safely, and ensure our colleagues have a secure foundation to do their best work. Success means faster, safer releases and fewer reactive security escalations. What will you do? As a Senior Security Engineer, your mission will be to: * Partner with developers to embed security into design, build, and deploy stages * Automate vulnerability triage and mitigation flows * Secure CI/CD pipelines (GitHub, Jenkins) and execution environments (Kubernetes, Docker) * Tune WAFs, manage cloud security (AWS, GCP, Azure), and evolve Terraform practices * Support internal teams with secure production accesses, endpoint hardening, and access policies * Lead security reviews across app, infra, and corporate environments * Advocate for security standards with clarity and empathy You might be a fit if you: * See security as an enabler of speed, not an obstacle * Are comfortable in cloud and on-prem worlds * Value autonomy, and naturally take ownership from idea to execution * Can zoom out to prioritize risks and zoom in to fix root causes * Communicate clearly with devs, ops, and business teams alike * Eager to work in a technically challenging environment You'll grow by working with: * Terraform, Docker, Kubernetes * Modern security tools * GitHub Actions, Jenkins * AWS, Azure, GCP * Teams building external-facing services (web apps, APIs) and internal platforms (CI/CD, admin tooling) to embed security by design. * Supporting a public company environment with compliance requirements across multiple standards, including SOC 2 and ISO 27001 Skills that help (we'll support your growth): * Application Security: code review, threat modeling, WAF * CloudSec: IAM, policy-as-code, workload hardening * On-Prem/Corporate: endpoint protection, monitoring and production access control * Communication: making risk visible and actionable The Team Environment You'll join a cross-cultural, globally distributed security team that thrives on collaboration, curiosity, and continuous learning. We bring together a wide range of experiences and backgrounds to solve meaningful problems. We support each other through knowledge sharing sessions, workshops, and async collaboration. You'll have the chance to attend industry conferences, participate in internal guilds, and continuously sharpen your skills using our dedicated security training platform. How we work: * Autonomy with alignment: own your work, stay connected to purpose * Bias for action: ship, learn, improve * Enablement mindset: security exists to empower teams, not slow them down * Simple and pragmatic: perfect is the enemy of shipped Life at Teads At Teads, we don't just offer new roles - we blend creativity, technology, and data to shape the future of media. You'll work with smart humans, meaningful brands, and cool tools, all while helping redefine how advertising works in a world that demands more transparency, better insights, and smarter strategies. As a Teadster, you'll play a critical role in shaping our future success in the region. Here's why Teads stands out: * We've merged two open internet category leaders-Outbrain and Teads-to create the 'new' Teads, a unified omnichannel platform that drives results from branding to performance across all screens, including CTV, mobile, and web. * As part of our team, you'll thrive in a collaborative and forward-thinking environment that fosters innovation, creative problem-solving, and continuous learning. * Teads is committed to your success, offering the support, tools, and development opportunities you need to excel in your role. Our company culture is welcoming, dynamic, diverse, global, and built on top performance. Teads is an equal employment opportunity employer and committed to diversity and inclusion at all stages of recruitment and employment. Our team is made up of individuals who are approachable, resourceful, passionate, and proactive. We foster a sense of belonging through our Employee Resource Groups - employee-led groups in which we debate topics and drive change: environmental, women empowerment, charitable initiatives to diversity, equity, and inclusion, you'll be able to share your passions with likeminded people.

Systems Security Engineer Dahlgren, VA Active Secret Clearance @Orchard is supporting a growing Federal contract with proven capabilities in cybersecurity. We are seeking a skilled Systems Security Engineer to be proposed for a new project supporting the Navy. This role will be based out of Dahlgren, VA and will be responsible for supporting the creation of hybrid software, web, and hardware products from initial specifications to final roll-out and maintenance, including sophisticated systems that run on the web. If awarded, this could be a fantastic opportunity to grow your career with a company that has built strong relationships within Defense and Intelligence. If selected, you will be asked to sign a letter of intent to join the team upon program award. As the Systems Security Engineer you will: Supporting A&A Cybersecurity policy and control evaluations. Preparing supporting RMF activities or current Government-approved processes for packages and artifacts. Obtaining approvals to operate. Implementation of security postures. Providing SME support in Information Assurance and Cybersecurity Life-Cycle management, coordination, and implementation as required by the applicable Authorizing Official. Provide RMF A&A ISSE support for all ashore and afloat packages. Responsible to integrate various network operating systems, application programs, and hardware devices. Manage development cycle associated with producing resilient software, hardware, and web application, including specification, design, coding, testing, and maintenance. Perform classified and unclassified tasks and actions to support A&A activities, A&A package reviews, scanning, reporting and remediation, and overall system security; consult with relevant A&A Validation teams in normal course of activities. Assist in development and execution of A&A plans for complex networks and IT systems; may include providing ISSO, Information Systems Security Engineer, and DIO support, and A&A analysis supporting documentation and artifacts in support of A&A, and compliant system administration across variety of environments supporting department offices, conference facilities, and land-based tactical equipment suites and laboratories. Provide IT Project and System Administrative support for accreditation including full authority to operate, interim authority to operate, authority to connect, Interim authority to test, Local authority to proceed and other required authorizations to support normal operations, special user events and requirements, and test events. Implement and maintain system security requirements, including STIGs, anti-virus software installations and updates, ESS installation and monitoring, responding to Cyber Directives, and other direction to ensure IT and Information Assurance controls are maintained. Perform and review vulnerability scans on all ISs using latest approved vulnerability scanning tools and signatures and ensure results properly mitigated, reviewed, documented, and reported. Support, test, monitor, and report any changes in ISs that may affect security posture and/or performance of IS. Monitor all system and audit logs and report potential security issues to ISSM; assist ISSM, Cybersecurity Branch Head, DIO, incident handling team, and law enforcement personnel in any investigations involving suspected security violations. Maintain accurate and up-to-date information in all required A&A applications. Provide subject matter expertise to perform cybersecurity operations for Corporate Operations IT and Technical Department IT. Collaborate with Government and other Contractor personnel to coordinate test and operation activities for Department IT. Develop, collect, maintain and submit A&A artifacts. Provide support for installing, managing, and troubleshooting any issues with vulnerability scanning software; perform scans on monthly and ad hoc basis for all Department IT and generate/consolidate scanning reports in centralized location; provide vulnerability scanning support for IT; responsible for opening trouble tickets with respective scanning software support for scanning and IA support. Responsible for creation, development, support, and lifecycle sustainment of all RMF A&A processes, including, but not limited to: Supporting A&A Cybersecurity policy and control evaluations. Preparing supporting RMF activities or current Government-approved processes for packages and artifacts. Obtaining approvals to operate. Implementation of security postures. Qualifications: Four (4) years professional experience IT security with DoD or Navy. Experience with vulnerability analysis, risk analysis, scanning for viruses and other detrimental software. Qualified experience in accreditation of systems and audits. Designated as IAT II level with T3. Bachelor's Degree in Engineering discipline desired but not required. Professional experience in systems engineering a plus.

The Information Security organization at Sony Pictures Entertainment is responsible for protecting our content, systems, and data from being stolen, damaged, or destroyed. To do so, we are continuously improving our tools, capabilities, and processes to stay ahead of evolving threats. The Manager, Information Security Productions is accountable for operationalizing the Information Security Productions program across all SPE U.S. productions. This includes driving consistent implementation of approved security standards, tools, and controls; ensuring data-driven visibility into production security risk; and supporting compliance and readiness reporting to leadership. Success in this role requires strong cross-functional collaboration across Information Security, IT, S3, and production teams to embed security into creative workflows without friction, while ensuring protection of SPE's most valuable assets-our stories and intellectual property. This role will also ensure program consistency with regional and global counterparts, contribute to automation and standardization of key controls, and support ongoing improvement of information security for productions practices across the production lifecycle. Key indicators of success in this role will be: + Business leaders have near real-time visibility into production information security risk using meaningful, actionable metrics that drive timely and effective decision-making. + Consistent application of approved tools, workflows, and controls across productions, ensuring compliance and readiness reporting aligns with studio KPIs. + Production teams trust SPE to provide a secure, highly available, and easy-to-use digital production environment that safeguards our content and data. + Information Security, Physical Security, and IT operate as unified partners to protect SPE productions from concept to archive. Within this organization, we value learning, agility, and collaboration. The Manager, Information Security Productions (CC, US) will be a key contributor to Sony Pictures Entertainment's goal of being the most trusted studio in the industry. Responsibilities Provide visibility and actionable insight into Information Security risk across active U.S. productions. + Monitor, analyze, and report on production security posture and key control performance metrics for each production. + Partner with global InfoSec, Risk, Threat Intelligence, Incident Response, Training, and Governance teams to align production needs with enterprise programs. + Prepare and present dashboards and reports on security trends, compliance status, and improvement opportunities. + Support the development of production-specific metrics and KPIs to measure control effectiveness. + With IT and Physical Security, maintain security controls in place for productions to most effectively meet our business goals. Operationalize the Production Information Security Program across U.S. productions. + Ensure consistent implementation of approved security tools, policies, and workflows within productions. + Coordinate adoption of automated controls with productions, such as provisioning, watermarking, and access telemetry. + Support the standardization and scalability of production security practices across production titles and business units. Ensure and track production security culture, awareness, and response readiness. + Amplify the reach of security training and awareness initiatives by coordinating rollout to productions, ensuring consistent messaging and participation tracking. + Gather feedback from productions to help refine information security for productions training and awareness efforts. + Partner with Incident Response to ensure clear communications, timely follow-up, and closure of corrective actions. + Track cultural and operational readiness indicators (e.g., onboarding rates, reporting engagement, post-incident improvements) to measure program maturity and continuous improvement. Qualifications + 5+ Years of experience in Information Security, Information Technology or a related field + 5+ Years of experience in an organization directly involved in movie, television and/or other entertainment production, or equivalent educational experience. + Bachelor's degree preferred + Strong understanding of the technologies, tools and processes used in production of movies and/or television. + Knowledge of Information Security frameworks, standards and best practices and their relevance to business success + Specific knowledge of processes, tools and practices used to maintain confidentiality in the context of movie and television productions. + Ability to develop and maintain meaningful metrics to track program and process effectiveness. + Strong planning and analytical skills + Strong communications skills Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics. To request an accommodation for purposes of participating in the hiring process, you may contact us at SPE_Accommodation_Assistance@spe.sony.com.

The Information Security organization at Sony Pictures Entertainment is responsible for protecting our content, systems, and data from being stolen, damaged, or destroyed. To do so, we are continuously improving our tools, capabilities, and processes to stay ahead of evolving threats. The Manager, Information Security Productions is accountable for operationalizing the Information Security Productions program across all SPE U.S. productions. This includes driving consistent implementation of approved security standards, tools, and controls; ensuring data-driven visibility into production security risk; and supporting compliance and readiness reporting to leadership. Success in this role requires strong cross-functional collaboration across Information Security, IT, S3, and production teams to embed security into creative workflows without friction, while ensuring protection of SPE's most valuable assets-our stories and intellectual property. This role will also ensure program consistency with regional and global counterparts, contribute to automation and standardization of key controls, and support ongoing improvement of information security for productions practices across the production lifecycle. Key indicators of success in this role will be: Business leaders have near real-time visibility into production information security risk using meaningful, actionable metrics that drive timely and effective decision-making. Consistent application of approved tools, workflows, and controls across productions, ensuring compliance and readiness reporting aligns with studio KPIs. Production teams trust SPE to provide a secure, highly available, and easy-to-use digital production environment that safeguards our content and data. Information Security, Physical Security, and IT operate as unified partners to protect SPE productions from concept to archive. Within this organization, we value learning, agility, and collaboration. The Manager, Information Security Productions (CC, US) will be a key contributor to Sony Pictures Entertainment's goal of being the most trusted studio in the industry. Responsibilities Provide visibility and actionable insight into Information Security risk across active U.S. productions. Monitor, analyze, and report on production security posture and key control performance metrics for each production. Partner with global InfoSec, Risk, Threat Intelligence, Incident Response, Training, and Governance teams to align production needs with enterprise programs. Prepare and present dashboards and reports on security trends, compliance status, and improvement opportunities. Support the development of production-specific metrics and KPIs to measure control effectiveness. With IT and Physical Security, maintain security controls in place for productions to most effectively meet our business goals. Operationalize the Production Information Security Program across U.S. productions. Ensure consistent implementation of approved security tools, policies, and workflows within productions. Coordinate adoption of automated controls with productions, such as provisioning, watermarking, and access telemetry. Support the standardization and scalability of production security practices across production titles and business units. Ensure and track production security culture, awareness, and response readiness. Amplify the reach of security training and awareness initiatives by coordinating rollout to productions, ensuring consistent messaging and participation tracking. Gather feedback from productions to help refine information security for productions training and awareness efforts. Partner with Incident Response to ensure clear communications, timely follow-up, and closure of corrective actions. Track cultural and operational readiness indicators (e.g., onboarding rates, reporting engagement, post-incident improvements) to measure program maturity and continuous improvement. Qualifications 5+ Years of experience in Information Security, Information Technology or a related field 5+ Years of experience in an organization directly involved in movie, television and/or other entertainment production, or equivalent educational experience. Bachelor's degree preferred Strong understanding of the technologies, tools and processes used in production of movies and/or television. Knowledge of Information Security frameworks, standards and best practices and their relevance to business success Specific knowledge of processes, tools and practices used to maintain confidentiality in the context of movie and television productions. Ability to develop and maintain meaningful metrics to track program and process effectiveness. Strong planning and analytical skills Strong communications skills The anticipated base salary for this position is $115,000-$150,000. This role may also qualify for annual incentive and/or comprehensive benefits. The actual base salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location of the position. Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics. SPE will consider qualified applicants with arrest or conviction records in accordance with applicable law. To request an accommodation for purposes of participating in the hiring process, you may contact us at SPE_Accommodation_Assistance@spe.sony.com.