Cyber Security Analyst Jobs in Kentucky

****Candidate must be able to work in the PST timezones. ***** This position will execute the Information and Cybersecurity Risk Management programs, concentrating on internal and third-party risk assessments and audits. Assessment and compliance activities include validating controls in the IT department, managing risk findings, and verifying their remediation. Must have excellent written and verbal communication skills and a strong understanding of IT risks, cloud security, application systems security, and third-party security. Must be results-oriented with the ability to collaborate with multiple process owners and stakeholders simultaneously. **ESSENTIAL FUNCTIONS** **Duties and Responsibilities** + Lead, plan, and conduct periodic cyber and information security risk assessments and audits of third parties enterprise-wide. + Identify, assess, and document cybersecurity risks for Molina and its suppliers. + Partner with internal and external auditors to facilitate compliance audits and mitigate findings. + Manage documentation (e.g., requesting, reviewing, preparing) for regulatory and compliance audits & assessments. + Ensure compliance with applicable regulations (e.g., HIPAA, NYS DFS) and industry standards (e.g., NIST). + Develop and maintain security policies, plans, charters, standards, and procedures. + Promote security awareness through communication, training, and documentation. + Develop and maintain dashboards to manage and communicate risk to relevant stakeholders. + Develop and monitor metrics and prepare reports for senior management. + Monitor the inventory for vendors and suppliers. + Identify risks and recommend process improvements in the third-party risk management and supply chain program. + Build strong partnerships and collaborate with cross-functional teams. + Lead and execute third-party risk mitigation strategies and corrective action plans. + Monitor and manage third-party risks using GRC and security tools. + Stay current on developments in the industry and within the company. **Qualifications** + Bachelor's degree in Information Systems/Security, Computer Science, Cybersecurity, or related field. + Minimum 5 years relevant experience in cybersecurity with a focus on governance, risk and compliance. + Professional certification(s) such as Certified Information Systems Auditor (CISA), Certified Information Systems + Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC) required. + Adaptable to fast-changing environments and comfortable with ambiguity. + Excellent verbal, written, and interpersonal skills. + Big 4 or consulting experience. + Strong proficiency in regulations and industry frameworks (e.g., HIPAA, NIST, HITRUST) + Experience with GRC and security performance monitoring tools (e.g., Lockpath, ServiceNow, Prevalent, BitSight). + Ability to travel approximately 10% To all current Molina employees: If you are interested in applying for this position, please apply through the intranet job listing. Molina Healthcare offers a competitive benefits and compensation package. Molina Healthcare is an Equal Opportunity Employer (EOE) M/F/D/V. Pay Range: $77,969 - $137,000 / ANNUAL *Actual compensation may vary from posting based on geographic location, work experience, education and/or skill level.

IT Cyber Security Specialist- Battery Manufacturing Introduction to BlueOval SK At BlueOval SK, we will lead the transformation of the electric vehicle (EV) battery business through partnership (Joint Venture formed by Ford and SK On) to provide products and processes to increase our customers' experience. As the future of BlueOval SK, you will help lead the battery revolution by working alongside our teams as we build the batteries required for electric vehicle business excellence. Ford and SK On are investing billions in Kentucky and Tennessee including building three state-of-the art battery manufacturing facilities between the two campuses at BlueOval City in Tennessee and Blue Oval SK Battery Park in Kentucky. These brand-new advanced manufacturing facilities will use Ford's 100-years of automobile manufacturing expertise and SK On's 30+ years of electric vehicle battery expertise to become the world's best battery manufacturer. The IT Cyber Security Specialist at Blue Oval SK - Battery Partk in Glendale, Kentucky will work as a part of a team to protect important information assets from cyber-attacks and maintain sensitive and confidential information. Key Areas of Responsibility: Safeguards information system assets by identifying and solving potential and actual security problems. Protects system by defining access privileges, control structures, and resources. Recognizes problems by identifying abnormalities; reporting violations. Implements security improvements by assessing current situation; evaluating trends; anticipating requirements. Determines security violations and inefficiencies by conducting period audits. Upgrades system by implementing and maintaining security controls. Keeps users informed by preparing performance reports; community system status. Maintains quality service by following organization standards. Maintains technical knowledge by attending educational workshops; reviewing publications. Contributes to team effort by accomplishing related results as needed. Security systems operation/management Security systems trouble shooting Test new security IT system. Install security system. Maintain security IT system Basic knowledge of cyber security Knowledge of networking fundamentals (TCP/IP, Network Layers, etc.) Knowledge of windows and Linux command skill Minimum Requirements Bachelor's degree in computer science or closely related field 3 + years direct hands-on experience with incident management and response Proficiency in problem-solving, analytical thinking, and penetration testing methodologies Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and / or SIEM - specific training and certification. Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements. Hands-on experience analyzing high volumes of logs, network data (e.g. netflow, FPC), and other attack artifacts in support of incident investigations Experience with vulnerability scanning solutions Proficiency with any of the following; Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics, and RSA Security. In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk). Experience developing and deploying signatures (e.g. YARA, Snort, Suricata, HIPS) Understanding of mobile technology and OS (i.e. Android, iOS, Windows), VMware technology, and Unix and basic Unix commands. Experience in IT security solution operation Experience in IT Network operation Experience in operating endpoint security solutions. Preferred Qualifications Bachelor's degree in Computer Science or cybersecurity related field. Master's degree in cybersecurity, or related field is a plus. Holds certifications such as: CISSP, CISA, ISO 27001 Up to date on current cybersecurity trends, threat landscape and security solutions. About BlueOval SK At BlueOval SK, we will lead the transformation of the electric vehicle (EV) battery business through partnership (Joint Venture formed by Ford and SK On) to provide products and processes to increase our customers' experience. As the future of BlueOval SK, you will help lead the battery revolution by working alongside our teams as we build the batteries required for electric vehicle business excellence. We have a wide variety of opportunities for you to accelerate your career. The Opportunity Ford and SK On are investing billions in Kentucky and Tennessee including building three state-of-the art battery manufacturing facilities between the two campuses at BlueOval City in Tennessee and BlueOval SK Battery Park in Kentucky. These brand-new advanced manufacturing facilities will use Ford's 100-years of automobile manufacturing expertise and SK On's 30+ years of electric vehicle battery expertise to become the world's best battery manufacturer. For more information about BlueOval SK plans, please Follow this link. What you'll receive in return: As part of the BlueOval SK family, you'll enjoy excellent compensation and a comprehensive benefits package that includes generous paid time off (PTO), retirement contributions, incentive compensation and much more. You'll also experience exciting opportunities for professional and personal growth and recognition. If you have what it takes to help us lead the transformation of the EV battery business, we'd love to have you join us. Benefits Include: 401k plan with retirement planning services 401k company matching after completing three months of service Medical and prescription drug coverage Dental and vision coverage Preventative Care Eligibility for great ancillary benefits including: Flexible Spending Accounts (FSAs), Short-Term Disability (STD) and Long-Term Disability (LTD), Employee Basic Life and Accidental Death Dismemberment (AD&D) insurance, and Employee Supplemental Life Insurance Access to Paid Time Off (PTO) after completing probationary period and Emergency PTO Parental Leave Access to Ford Vehicle Discount Program Climate-controlled working environment For a full list of benefits, visit our website: ************************************ Candidates for positions with BlueOval SK must be legally authorized to work in the United States. BlueOval SK does not sponsor employment VISAs for candidates at this time. Verification of employment eligibility will be required at the time of hire. We are an Equal Opportunity Employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status.

IT Cyber Security Specialist- Battery Manufacturing Introduction to BlueOval SK At BlueOval SK, we will lead the transformation of the electric vehicle (EV) battery business through partnership (Joint Venture formed by Ford and SK On) to provide products and processes to increase our customers' experience. As the future of BlueOval SK, you will help lead the battery revolution by working alongside our teams as we build the batteries required for electric vehicle business excellence. Ford and SK On are investing billions in Kentucky and Tennessee including building three state-of-the art battery manufacturing facilities between the two campuses at BlueOval City in Tennessee and Blue Oval SK Battery Park in Kentucky. These brand-new advanced manufacturing facilities will use Ford's 100-years of automobile manufacturing expertise and SK On's 30+ years of electric vehicle battery expertise to become the world's best battery manufacturer. The IT Cyber Security Specialist at Blue Oval SK - Battery Partk in Glendale, Kentucky will work as a part of a team to protect important information assets from cyber-attacks and maintain sensitive and confidential information. Key Areas of Responsibility: * Safeguards information system assets by identifying and solving potential and actual security problems. * Protects system by defining access privileges, control structures, and resources. * Recognizes problems by identifying abnormalities; reporting violations. * Implements security improvements by assessing current situation; evaluating trends; anticipating requirements. * Determines security violations and inefficiencies by conducting period audits. * Upgrades system by implementing and maintaining security controls. * Keeps users informed by preparing performance reports; community system status. * Maintains quality service by following organization standards. * Maintains technical knowledge by attending educational workshops; reviewing publications. * Contributes to team effort by accomplishing related results as needed. * Security systems operation/management * Security systems trouble shooting * Test new security IT system. * Install security system. * Maintain security IT system * Basic knowledge of cyber security * Knowledge of networking fundamentals (TCP/IP, Network Layers, etc.) * Knowledge of windows and Linux command skill Minimum Requirements * Bachelor's degree in computer science or closely related field * 3 + years direct hands-on experience with incident management and response * Proficiency in problem-solving, analytical thinking, and penetration testing methodologies * Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and / or SIEM - specific training and certification. * Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements. * Hands-on experience analyzing high volumes of logs, network data (e.g. netflow, FPC), and other attack artifacts in support of incident investigations * Experience with vulnerability scanning solutions * Proficiency with any of the following; Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics, and RSA Security. * In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk). * Experience developing and deploying signatures (e.g. YARA, Snort, Suricata, HIPS) * Understanding of mobile technology and OS (i.e. Android, iOS, Windows), VMware technology, and Unix and basic Unix commands. * Experience in IT security solution operation * Experience in IT Network operation * Experience in operating endpoint security solutions. Preferred Qualifications * Bachelor's degree in Computer Science or cybersecurity related field. * Master's degree in cybersecurity, or related field is a plus. * Holds certifications such as: CISSP, CISA, ISO 27001 * Up to date on current cybersecurity trends, threat landscape and security solutions. About BlueOval SK At BlueOval SK, we will lead the transformation of the electric vehicle (EV) battery business through partnership (Joint Venture formed by Ford and SK On) to provide products and processes to increase our customers' experience. As the future of BlueOval SK, you will help lead the battery revolution by working alongside our teams as we build the batteries required for electric vehicle business excellence. We have a wide variety of opportunities for you to accelerate your career. The Opportunity Ford and SK On are investing billions in Kentucky and Tennessee including building three state-of-the art battery manufacturing facilities between the two campuses at BlueOval City in Tennessee and BlueOval SK Battery Park in Kentucky. These brand-new advanced manufacturing facilities will use Ford's 100-years of automobile manufacturing expertise and SK On's 30+ years of electric vehicle battery expertise to become the world's best battery manufacturer. For more information about BlueOval SK plans, please Follow this link. What you'll receive in return: As part of the BlueOval SK family, you'll enjoy excellent compensation and a comprehensive benefits package that includes generous paid time off (PTO), retirement contributions, incentive compensation and much more. You'll also experience exciting opportunities for professional and personal growth and recognition. If you have what it takes to help us lead the transformation of the EV battery business, we'd love to have you join us. Benefits Include: * 401k plan with retirement planning services * 401k company matching after completing three months of service * Medical and prescription drug coverage * Dental and vision coverage * Preventative Care * Eligibility for great ancillary benefits including: Flexible Spending Accounts (FSAs), Short-Term Disability (STD) and Long-Term Disability (LTD), Employee Basic Life and Accidental Death Dismemberment (AD&D) insurance, and Employee Supplemental Life Insurance * Access to Paid Time Off (PTO) after completing probationary period and Emergency PTO * Parental Leave * Access to Ford Vehicle Discount Program * Climate-controlled working environment * For a full list of benefits, visit our website: * ************************************ Candidates for positions with BlueOval SK must be legally authorized to work in the United States. BlueOval SK does not sponsor employment VISAs for candidates at this time. Verification of employment eligibility will be required at the time of hire. We are an Equal Opportunity Employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status.

Meta is seeking a highly skilled Security Engineer to join our Infrastructure Data Center (IDC) team as an individual contributor (IC). As a key member of our team, you will play a critical role in managing security risk to our global and rapidly scaling Data Center infrastructure footprint and innovative operational processes and services. This role will specifically focus on defining, operationalizing, and maturing a clear mid-to-long term security strategy for IDC's subsea infrastructure and operations. **Required Skills:** IDC Security Analyst Responsibilities: 1. Establish and mature a risk-informed baseline strategies and programs to secure a diverse global portfolio of mission-critical infrastructure and operations. 2. Serve as a comprehensive security expert accountable for security risk management across multiple logical and physical security domains (e.g., Data Security, Physical Security, Security Systems Architecture and Design, Governance Risk and Compliance, Incident Response, Threat Modeling, and/or Security Risk Management). 3. Assess security risk and communicate information about security threats and vulnerabilities to inform business decisions and drive strategy. 4. Assess and report on effectiveness of security controls to inform security strategy, manage security risk, and enable business operations. 5. Develop technical security guidance (e.g., standards, guidelines, playbooks) that aligns corporate policy, industry best practices, and regulatory requirements for securing IDC infrastructure. 6. Collaborate with network, software, and production engineering teams to develop security solutions that address physical and cyber/logical threats at scale. 7. Influence and align work to the overarching team and organizational vision and strategy. 8. Coach, mentor, support and care for the team to enable long-term career development, happiness, and success at scale. **Minimum Qualifications:** Minimum Qualifications: 9. Bachelors degree in Cyber Security or Computer Science or related technical field or equivalent relevant experience in information security. 10. 10+ years combined experience in physical security, logical/cyber security, risk management, compliance, and/or mission-critical infrastructure design, construction and operations 11. Technical experience across multiple security disciplines 12. Experience establishing, scaling, and maturing security services and programs 13. Experience managing, executing, and successfully delivering multiple complex projects and programs simultaneously 14. Experience identifying and communicating security roadmaps, risks, and requirements to inform leadership and drive execution-focused partners 15. Basic understanding and awareness of prevailing industry standards and guidelines **Preferred Qualifications:** Preferred Qualifications: 16. Master's degree in a related field 17. Experience securing large scale and globally dispersed mission-critical infrastructure (e.g., hyperscaler data centers, subsea and terrestrial cable, nuclear, major utilities, etc.) 18. Experience working on or managing projects that have enterprise-wide impact and/or multi-organization cross functional stakeholders 19. Experience in data analysis, visualization, and automation to streamline processes and measure security efficiency and effectiveness. 20. Experience securing physical and logical network infrastructure and operations **Public Compensation:** $167,000/year to $233,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Cyber Security Engineer (Job Number: 532276) Description ScionHealth is recruiting for a Cyber Security Engineer to join our team! Remote candidates will be considered for this role. The Cyber Security Engineer will investigate security incidents through log analysis, interviewing, evidence collection and preservation. Perform security analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, and Linux systems. Candidates will be expected to have familiarity with security systems and principles and be able to function interchangeably within a team of security engineers to support a cross functional approach within a highly complex and interconnected networked environment. A well-qualified candidate will be responsible for the analysis of and response to 2nd level security events. This will require knowledge for working information security alerts through the use of an Endpoint Detection and Response (EDR) System and Security Information and Event Manager (SIEM) to triage, mitigate, and escalate issues as needed while capturing essential details and artifacts. On-call responsibilities will be required. The candidate will need to demonstrate proficiency with the tools and processes mentioned below. Essential Functions Acts as liaison with solution owners and IT groups to ensure understanding of security principles. Collaborate with team members of the ScionHealth Security teams, application owners, software architects, and administrators. Ability to keep the Director of Cyber Security informed of security incidents and answer security related questions/concerns in a clear, concise, understandable manner. Ability to work independently as needed. Stay informed on attacks and vulnerabilities on all types of systems, including all Microsoft Windows systems, Linux, Unix, Cisco IOS, PAN-OS, and known threats. Make recommendations for changes to the environment that can help in the removal of vulnerabilities and a reduction in the risk of exploitation that may result in potential incidents. Initiate and produce custom scripts needed to make logging and alerting requirements easy and effective. Analyze and recommend security controls and procedures in business processes related to the use of information systems and assets, and monitors for compliance. Monitor information systems for security incidents and vulnerabilities; develop monitoring and visibility capabilities; report on incidents, vulnerabilities, and trends. Respond to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interact and coordinate with third-party incident responders, including attorneys and law enforcement, if needed. Analyze and develop information security procedures, standards, baselines and guidelines with respect to information security. Assess, plan, and enact security measures to help protect our organization from security breaches and attacks on its computer network and systems. Oversee vulnerability scans to identify vulnerabilities and consult with technical teams on remediation of identified vulnerabilities. Assist with the coordination of penetration testing, and work with technical teams on remediation efforts of pen testing results. Qualifications Education Bachelor's degree in Computer Science, Information Systems, Cyber Security or a related field. Relevant experience may be substituted in some cases. Licenses/Certifications (Desired) Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP) Certified Incident Handler (GCIH) Certified Ethical Hacker (CEH) Experience 3+ years of experience in Network Security or a Cyber Security discipline. Experience working security events and/or working security audit items in a team environment. Familiarity of network controls such as firewall rules, IDS Systems, Network logging, DLP, and Network segmentation. Ability to consult with IT stakeholders as needed. Knowledge/Skills/Abilities Healthcare experience is preferred. Previous Cyber Security, Network Security or SOC experience preferred. Working with Vulnerability Management Tools a plus. Working with SIEM platforms a plus. Strong analytical, collaborative, problem-solving, organizational and planning skills. Excellent written and verbal and interpersonal skills. Possess a high level of technical knowledge of security platforms including: Palo Alto Firewalls/IDS/IPS Proofpoint email protection Mimecast email protection CrowdStrike EDR Google Chronicle SIEM Microsoft Sentinel SIEM Microsoft Purview DLP Depending on a candidate's qualifications, this role may be filled at a different level. Job: Information TechnologyPrimary Location: KY-Louisville-Corp Personnel Area 6Organization: 7008 - Corp Personnel Area 6Shift: Day

We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we're all a part of something bigger than ourselves. Are you ready to change the way the world moves? The In-Vehicle Cybersecurity Engineer will act as a technical lead designing security into our vehicles. Engineers will evaluate, critique, and drive secure designs from concept to implementation. In-Vehicle Cybersecurity Engineers identify new methods of securing our technologies from drafting specifications to executing testing. Engineers need to be able to understand and evaluate risk for in-vehicle systems. Recognizing and accommodating the limitations of embedded in-vehicle systems is essential. Engineers are expected to take ownership of assignments including developing in-depth understanding of the technologies under review, working to close security gaps and mitigate identified vulnerabilities, and report out to security management. Over time, Engineers will grow to become subject matter experts acting to develop and mature security controls and features in the vehicle. **What you'll do...** + Own ECU and Vehicle level cyber security design and process integration + Interface with cross-functional teams on technical issues related to cyber security + Perform risk analysis (i.e. TARA) so that appropriate countermeasures can be developed + Develop and maintain security requirements and design validation methodologies (DVM) + Develop and maintain technical documentation as required + Provide training and consulting to internal Ford function teams + Support major product programs/new features with security needs + Collaborate on Advanced Engineering projects with internal and external partners + Research technologies and security benchmarking data gathering + Some traveling may be required (conferences, regional team meetings, government/academia visits, etc.) **You'll have...** + Bachelor's Degree in Electrical Engineering, Computer Engineering, Software Engineering or Computer Science OR a combination of education and experience + 5+ years of experience with embedded, IoT and/or automotive systems cyber security + Experience with security system engineering, development, and testing + Experience with networking and communication protocols (e.g. firewall config, TLS, MACsec, etc.) + Experience designing cyber security controls such as secure communication/networking, secure gateway, IDS, IPS, secure boot, etc. + Experience developing and maintaining engineering documentation including requirements, specifications, test plans, etc. + Self-starter with ability to work independently and collaboratively + Strong communication and analytical skills **Even better, you may have...** + Master's Degree in Cyber Security, Electrical Engineering, Computer Engineering, Software Engineering or Computer Science is a plus + 7+ years of experience with embedded, IoT and/or automotive systems cyber security + Experience with in-vehicle network architecture, modules, and protocols (Automotive Ethernet, CAN/CAN-FD, J1939, USB, SPI, UART, JTAG, etc.) + Experience with symmetric and asymmetric cryptography, digital signature, hash, message authentication, encryption, key exchange + Experience with HSM, SHE, TEE, SELinux, hypervisor, etc. + Experience with SecOC, AUTOSAR + Understanding of embedded RTOS and Linux based operating systems + Understanding of system level architecture, development, design principals + Experience with at least one modern software programming language (C, C++, C#, Python, Java, etc.) + CISSP, GSEC, etc. are a plus This description outlines the general nature and scope of work typically performed in this job. It is not intended to be an exhaustive list of all duties, responsibilities, knowledge, skills, work requirements, etc. It may vary slightly based on business or geographic needs and is subject to being reviewed and updated periodically. You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply! As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder...or all of the above? No matter what you choose, we offer a work life that works for you, including: - Immediate medical, dental, vision and prescription drug coverage - Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more - Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more - Vehicle discount program for employees and family members and management leases - Tuition assistance - Established and active employee resource groups - Paid time off for individual and team community service - A generous schedule of paid holidays, including the week between Christmas and New Year's Day - Paid time off and the option to purchase additional vacation time. For a detailed look at our benefits, click here: ******************************* (**************************************************************************************************************************************************************************** This position is a range of salary grades **7-8.** Visa sponsorship is not available for this position. SOUTHEAST MI RESIDENTS: Please note, this job is posted as remote unless the selected candidate lives within 50 miles of Dearborn, MI. In this case we request the candidate to be on-site 1-2 days a week. Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. We are an Equal Opportunity Employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. In the United States, if you need a reasonable accommodation for the online application process due to a disability, please call **************. \#LI-Remote **Requisition ID** : 41638

Cyber Applications/Information Assurance Engineer Required Clearance: SECRET Required Certification(s): DoD 8570.01-M IAT II Required Education: Bachelor's degree in Information Technology, Computer Science, or related field. Substantial experience in lieu of degree may be considered. Required Experience: 2+ years of related experience Position Description: Exeter is seeking a Cybersecurity Application Security Analyst to support the U.S. Army at Fort Knox, Kentucky. Paid relocation to Fort Knox is not available; candidates must be local or willing to relocate at their own expense. Primary Responsibilities: Support the Cybersecurity Division (CSD) Cyber Weapons and Interdiction (CWIB) branch. Perform web application scanning & application security assessments. Perform manual application testing to identify vulnerabilities or deviations from software standards. Provide timely and detailed reports, with proofs of findings and analysis of risk. Assist with integration of static & dynamic web application assessments into secure SLDC lifecycles Use SharePoint and other collaboration tools to collect, monitor, and manipulate C&A documentation through the collection, review, approval, and final distribution processes. Support Cybersecurity IT internal and external inspection teams. Supports the Cybersecurity Division (CSD), staff, and senior management in areas of Risk Management Framework (RMF) for DoD IT, DoD/Army Regulations, Incident Response, Software Assurance, and related Cyber disciplines. Work closely with representatives from other divisions and branches (IT, Networking, etc.) to request information, provide clarification, and validate findings, evidence, and POA&M statements. Maintain and meet deliverable schedules. Must be proactive in obtaining information from multiple internal and external teams to complete requirements on schedule. Additional details of positions will be provided to qualified applicants. Required Skills: Development background is required. Microsoft .NET or Java development experience required. Microsoft .NET is preferred. Knowledge of SDLC methodologies. Intermediate to advanced knowledge of secure code development practices and OWASP Top 10 web application security issues. Web services development and design with integrated security engineering experience. Requires excellent English verbal and writing skills including report generation, presentations, and technical writing. Highly organized with the ability to independently maintain schedules and meet deadlines. Desired Skills: Experience with supporting assessment of IT systems compliance with Federal IT Security standards. (NIST 800-53, FISMA, etc.) 3-7 years of web application development related work experience. Experience performing manual and automated code review and penetration tests for complex applications. Experience with static code scanning tools (Fortify, AppScan, etc.) Experience with dynamic analysis tools (Burp, Zaprozy, SQLMap, BeEF, DAVtest, dirb, fierce, curl, hping, etc.) Technical understanding of database, web server, and operating system security. Knowledge of security systems and controls, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc. Understanding of data handling privacy standards to include PII and PHI. Familiarity with DISA application security related Security Technical Implementation Guides (STIGs). Veterans with prior Army/DoD Cybersecurity experience highly desired. Required Qualifications: Minimum 2 years' relevant experience. Bachelor's degree in Information Technology, Computer Science, or related field. Substantial experience in lieu of degree may be considered. Current DoD 8570.01-M Information Assurance Technical IAT Level II (IAT II) baseline certification, such as Security+ CE. Uncertified candidates cannot be considered. U.S. citizen with active DoD SECRET level security clearance. Uncleared candidates cannot be considered. Desired Qualifications: Certified Application Security Engineer (CASE), Certified Secure Software Lifecycle Professional (CSSLP), or similar certification. Higher level DoD 8570 IAT-III/IAM certifications (i.e. CISSP, CASP, etc.) Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. #clearancejobs

Team: The Security Evaluations team is responsible for the independent (formal) global security evaluations of Oracle products (mostly FIPS 140 and Common Criteria), including their use in Oracle cloud services, an important aspect of Oracle's commitment to security. The team is part of Oracle's Global Product Security group, under the management of the Chief Security Officer. This group is responsible for managing cross-product security activities and the security assurance for Oracle products and cloud services. The Security Evaluations team (SecEval) are experts in government security evaluations and assurance standards. We are looking for someone to join the team that brings a similar level of "expertise" as the rest of the team. Qualifications: + Three to Five years' experience in a FIPS lab: + performing validations of FIPS 140 OR + the equivalent amount of time managing validations as a vendor. + Solid understanding of FIPS validation methodologies and processes + Comfortable preparing some technical evidence as needed and/or repeating of developer tests to support evaluations and validations. + The ideal candidate will have the ability to translate security certification jargon to development teams and interpret consultants/labs advice. + Knowledge of operating systems, particularly Linux, preferred. + Solid knowledge of cryptography preferred. + Experience with Common Criteria a plus + A working knowledge of any of the following technologies are advantages to the candidate: relational databases (particularly Oracle DBMS), identity and access management products, and cloud service technologies. Knowledge of OpenSSL and other cryptographic modules is also helpful. + The successful candidate should possess excellent time management and organizational skills as well as demonstrable verbal and written communication expertise. + Strong knowledge of Procurement Management processes are key skills for the candidate. PMP or PRINCE2 a plus. + CSSLP, CISM or CISSP a plus. + Education Requirements: + US/Canada: BS (essential) or MS (preferred) degree or equivalent experience relevant to functional area Must be willing to travel up to 10% in US, Canada and worldwide. Career Level - IC4 **Responsibilities** As a Principal Security Analyst in the Security Evaluations team, you will be mainly responsible for managing security evaluations and validations for Oracle. Duties in support of these responsibilities and other duties include: + Track progress of approved security evaluation and validation projects against budget and schedule, performing continuous risk analysis. + Finance and resource budget preparation, maintenance, and reporting + Collaborate with Legal and Procurement departments on activity with all third parties including contracts and Statements of Work + Participate in international evaluation communities and technical working groups, and other appropriate external working groups as assigned. The ability and willingness to influence a community of external participants is critical in this role. + Some testing or evidence development (authoring of FIPS specialized documentation) and/or editing/reviewing of this evidence may be required. Disclaimer: **Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.** **Range and benefit information provided in this posting are specific to the stated locations only** CA: Hiring Range in CAD from: $76,700 to $167,600 per annum. US: Hiring Range in USD from: $96,800 to $223,400 per annum. May be eligible for bonus and equity. Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle's differing products, industries and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. Oracle US offers a comprehensive benefits package which includes the following: 1. Medical, dental, and vision insurance, including expert medical opinion 2. Short term disability and long term disability 3. Life insurance and AD&D 4. Supplemental life insurance (Employee/Spouse/Child) 5. Health care and dependent care Flexible Spending Accounts 6. Pre-tax commuter and parking benefits 7. 401(k) Savings and Investment Plan with company match 8. Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation. 9. 11 paid holidays 10. Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours. 11. Paid parental leave 12. Adoption assistance 13. Employee Stock Purchase Plan 14. Financial planning and group legal 15. Voluntary benefits including auto, homeowner and pet insurance The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted. This job requires proficiency in the English language. Oracle is a global company with operations in dozens of countries around the world and our teams, including the team this position is part of, are comprised of individuals located in various jurisdictions. As is required of employees in all jobs at Oracle in North America, candidates for this position are required to understand, and communicate, in English so that in the course of performing their work, they can interact with teammates in other locations who are not fluent in the French language. For applicants located in the Province of Quebec, a basic proficiency of the French language is required. **About Us** As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's challenges. We've partnered with industry-leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity. We know that true innovation starts when everyone is empowered to contribute. That's why we're committed to growing an inclusive workforce that promotes opportunities for all. Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs. We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_************* or by calling *************** in the United States. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

Cyber Security Engineer (Job Number: 532276) Description ScionHealth is recruiting for a Cyber Security Engineer to join our team! Remote candidates will be considered for this role. The Cyber Security Engineer will investigate security incidents through log analysis, interviewing, evidence collection and preservation. Perform security analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, and Linux systems. Candidates will be expected to have familiarity with security systems and principles and be able to function interchangeably within a team of security engineers to support a cross functional approach within a highly complex and interconnected networked environment. A well-qualified candidate will be responsible for the analysis of and response to 2nd level security events. This will require knowledge for working information security alerts through the use of an Endpoint Detection and Response (EDR) System and Security Information and Event Manager (SIEM) to triage, mitigate, and escalate issues as needed while capturing essential details and artifacts. On-call responsibilities will be required. The candidate will need to demonstrate proficiency with the tools and processes mentioned below. Essential Functions Acts as liaison with solution owners and IT groups to ensure understanding of security principles. Collaborate with team members of the ScionHealth Security teams, application owners, software architects, and administrators. Ability to keep the Director of Cyber Security informed of security incidents and answer security related questions/concerns in a clear, concise, understandable manner. Ability to work independently as needed. Stay informed on attacks and vulnerabilities on all types of systems, including all Microsoft Windows systems, Linux, Unix, Cisco IOS, PAN-OS, and known threats. Make recommendations for changes to the environment that can help in the removal of vulnerabilities and a reduction in the risk of exploitation that may result in potential incidents. Initiate and produce custom scripts needed to make logging and alerting requirements easy and effective. Analyze and recommend security controls and procedures in business processes related to the use of information systems and assets, and monitors for compliance. Monitor information systems for security incidents and vulnerabilities; develop monitoring and visibility capabilities; report on incidents, vulnerabilities, and trends. Respond to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interact and coordinate with third-party incident responders, including attorneys and law enforcement, if needed. Analyze and develop information security procedures, standards, baselines and guidelines with respect to information security. Assess, plan, and enact security measures to help protect our organization from security breaches and attacks on its computer network and systems. Oversee vulnerability scans to identify vulnerabilities and consult with technical teams on remediation of identified vulnerabilities. Assist with the coordination of penetration testing, and work with technical teams on remediation efforts of pen testing results. Qualifications Education Bachelor's degree in Computer Science, Information Systems, Cyber Security or a related field. Relevant experience may be substituted in some cases. Licenses/Certifications (Desired) Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP) Certified Incident Handler (GCIH) Certified Ethical Hacker (CEH) Experience 3+ years of experience in Network Security or a Cyber Security discipline. Experience working security events and/or working security audit items in a team environment. Familiarity of network controls such as firewall rules, IDS Systems, Network logging, DLP, and Network segmentation. Ability to consult with IT stakeholders as needed. Knowledge/Skills/Abilities Healthcare experience is preferred. Previous Cyber Security, Network Security or SOC experience preferred. Working with Vulnerability Management Tools a plus. Working with SIEM platforms a plus. Strong analytical, collaborative, problem-solving, organizational and planning skills. Excellent written and verbal and interpersonal skills. Possess a high level of technical knowledge of security platforms including: Palo Alto Firewalls/IDS/IPS Proofpoint email protection Mimecast email protection CrowdStrike EDR Google Chronicle SIEM Microsoft Sentinel SIEM Microsoft Purview DLP Depending on a candidate's qualifications, this role may be filled at a different level. Job: Information TechnologyPrimary Location: KY-Louisville-Corp Personnel Area 6Organization: 7008 - Corp Personnel Area 6Shift: Day

ScionHealth is recruiting for a Cyber Security Engineer to join our team! Remote candidates will be considered for this role. The Cyber Security Engineer will investigate security incidents through log analysis, interviewing, evidence collection and preservation. Perform security analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, and Linux systems. Candidates will be expected to have familiarity with security systems and principles and be able to function interchangeably within a team of security engineers to support a cross functional approach within a highly complex and interconnected networked environment. A well-qualified candidate will be responsible for the analysis of and response to 2nd level security events. This will require knowledge for working information security alerts through the use of an Endpoint Detection and Response (EDR) System and Security Information and Event Manager (SIEM) to triage, mitigate, and escalate issues as needed while capturing essential details and artifacts. On-call responsibilities will be required. The candidate will need to demonstrate proficiency with the tools and processes mentioned below. Essential Functions * Acts as liaison with solution owners and IT groups to ensure understanding of security principles. * Collaborate with team members of the ScionHealth Security teams, application owners, software architects, and administrators. * Ability to keep the Director of Cyber Security informed of security incidents and answer security related questions/concerns in a clear, concise, understandable manner. * Ability to work independently as needed. * Stay informed on attacks and vulnerabilities on all types of systems, including all Microsoft Windows systems, Linux, Unix, Cisco IOS, PAN-OS, and known threats. * Make recommendations for changes to the environment that can help in the removal of vulnerabilities and a reduction in the risk of exploitation that may result in potential incidents. * Initiate and produce custom scripts needed to make logging and alerting requirements easy and effective. * Analyze and recommend security controls and procedures in business processes related to the use of information systems and assets, and monitors for compliance. * Monitor information systems for security incidents and vulnerabilities; develop monitoring and visibility capabilities; report on incidents, vulnerabilities, and trends. * Respond to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interact and coordinate with third-party incident responders, including attorneys and law enforcement, if needed. * Analyze and develop information security procedures, standards, baselines and guidelines with respect to information security. * Assess, plan, and enact security measures to help protect our organization from security breaches and attacks on its computer network and systems. * Oversee vulnerability scans to identify vulnerabilities and consult with technical teams on remediation of identified vulnerabilities. * Assist with the coordination of penetration testing, and work with technical teams on remediation efforts of pen testing results. Qualifications Education * Bachelor's degree in Computer Science, Information Systems, Cyber Security or a related field. Relevant experience may be substituted in some cases. Licenses/Certifications (Desired) * Certified Information Systems Security Professional (CISSP) * Certified Cloud Security Professional (CCSP) * Certified Incident Handler (GCIH) * Certified Ethical Hacker (CEH) Experience * 3+ years of experience in Network Security or a Cyber Security discipline. * Experience working security events and/or working security audit items in a team environment. * Familiarity of network controls such as firewall rules, IDS Systems, Network logging, DLP, and Network segmentation. * Ability to consult with IT stakeholders as needed. Knowledge/Skills/Abilities * Healthcare experience is preferred. * Previous Cyber Security, Network Security or SOC experience preferred. * Working with Vulnerability Management Tools a plus. * Working with SIEM platforms a plus. * Strong analytical, collaborative, problem-solving, organizational and planning skills. * Excellent written and verbal and interpersonal skills. * Possess a high level of technical knowledge of security platforms including: * Palo Alto Firewalls/IDS/IPS * Proofpoint email protection * Mimecast email protection * CrowdStrike EDR * Google Chronicle SIEM * Microsoft Sentinel SIEM * Microsoft Purview DLP Depending on a candidate's qualifications, this role may be filled at a different level.

**Our Mission** As the world's number 1 job site*, our mission is to help people get jobs. We strive to cultivate an inclusive and accessible workplace where all people feel comfortable being themselves. We're looking to grow our teams with more people who share our enthusiasm for innovation and creating the best experience for job seekers. **Day to Day** As an Application Security Engineer, your role involves close collaboration with software development teams to ensure the safety of our customers during the development of innovative services. On any given day, your tasks may include code inspections to identify security issues, the development of new frameworks to enhance the speed and security of software development, and fine-tuning service designs in collaboration with software developers. As an Application Security Engineer, you'll apply your skills towards our mission of helping people find jobs and secure our global cloud-native environment which serves 200M unique visitors per month. **Responsibilities** + Creating, updating, and maintaining threat models for a wide variety of software projects + Executing Manual and Automated Secure Coding Reviews, primarily in Java, Python and Javascript + Assist in development of security processes and automated tooling that prevent classes of security issues. + Developing security training and guidance for internal development teams + Work closely with software developers to advise on secure coding practices and to establish a proactive security posture. + Partnering with engineering teams to incrementally improve their security processes, priorities, and choices on a continual basis + Support and consult with product and development teams in the area of application security, including threat modeling and AppSec reviews + Assist teams in reproducing, triaging, and addressing application security vulnerabilities. **Skills/Competencies** + Bachelor's Degree in Computer Science, Engineering, Computer Security, Information Systems, or related field + You demonstrate excellent judgment in assessing and prioritizing technical risk + You have knowledge of security best practices and standards such as OWASP Top 10 and SANS Top 25 with a focus on scalable solutions + You have excellent communication skills with the ability to articulate complex security issues to technical and non-technical collaborators, with an inclusive mindset + You work to identify and remove bottlenecks for your teammates, both in process and technology + You have familiarity with a wide variety of security tools, technologies, and methodologies. + You have some level of scripting/development experience (e.g. Python, Java, Ruby, etc.) **Education Requirement** : Bachelor's Degree in Computer Science, Engineering, Computer Security, Information Systems, or related field **Salary Range Transparency** Austin, Metro Area 110,000- 154,000 USD per year New York City, Metro Area 118,000 - 172,000 USD per year Seattle, Metro Area 134,000 - 188,000 USD per year San Francisco, Bay Area 143,000 - 200,000 USD per year Remote, US 110,000- 154,000 USD per year **Salary Range Disclaimer** The base salary range represents the low and high end of the Indeed salary range for this position in the given work location. Actual salaries will vary depending on factors including but not limited to location, experience, and performance. The range(s) listed is just one component of Indeed's total compensation package for employees. Other rewards may include quarterly bonuses, Restricted Stock Units (RSUs), a Paid Time Off policy, and many region-specific benefits. **Benefits - Health, Work/Life Harmony, & Wellbeing** We care about what you care about. We have a multitude of benefits to support Indeedians, as well as their pets, kids, and partners including medical, dental, vision, disability and life insurance. Indeedians are able to enroll in our company's 401k plan, as well as an equity-based incentive program. Indeedians will also receive open paid time off, 12 paid holidays a year and up to 26 weeks of paid parental leave. For more information, select your country and learn more about our employee benefits, program, & perks at **************************** ! **Equal Opportunities and Accommodations Statement** Indeed is deeply committed to building a workplace and global community where inclusion is not only valued, but prioritized. We're proud to be an Equal Employment and Affirmative Action employer seeking to create a welcoming and diverse environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity or expression, family status, marital status, sexual orientation, religious creed, national origin, genetics, neuro-diversity, disability, age, status as a protected veteran, or any other non-merit based or legally protected grounds. Indeed is dedicated to providing reasonable accommodations to qualified individuals with known disabilities to participate in the employment application process. To request an accommodation, an applicant should contact Talent Attraction Accommodations at **************, or by email at accommodations@indeed.com. In the request for an accommodation, please inform us of the nature of your request and your contact information. If you are requesting accommodation for an interview, please reach out at least one week in advance of your interview. For more information about our commitment to Equal Employment Opportunity and Affirmative Action, please review our Equal Employment Opportunity and Affirmative Action Statement of Policy (************************************************************************ **Inclusion & Belonging** Inclusion and belonging are fundamental to our hiring practices and company culture, forming an integral part of our vision for a better world of work. At Indeed, we're committed to the wellbeing of our employees and on a mission to make this the best place to work and thrive. We believe that fostering a diverse and inclusive environment where every employee feels respected and accepted benefits everyone, fueling innovation and creativity. We value diverse experiences, including those who have had prior contact with the criminal legal system. We are committed to providing individuals with criminal records, including formerly incarcerated individuals, a fair chance at employment. Those with military experience are encouraged to apply. Equivalent expertise demonstrated through a combination of work experience, training, military experience, or education is welcome. **Indeed's Employee Recruiting Privacy Policy** **Fair Chance Hiring** We value diverse experiences, including those who have had prior contact with the criminal legal system. We are committed to providing individuals with criminal records, including formerly incarcerated individuals, a fair chance at employment. **Indeed's Employee Recruiting Privacy Policy** Like other employers Indeed uses our own technologies to help us find and attract top talent from around the world. In addition to our site's user and privacy policy found at ***************************** we also want to make you aware of our recruitment specific privacy policy found at ***************************************** **Req ID:** **45401** **This position accepts applications on an ongoing basis, and there is no deadline to apply.** Reference ID: 45401

Information Security Specialist - Associate Fort Knox KY or Remote Active Secret Clearance Required @Orchard is supporting a growing Federal contractor with a need for an Information Security Specialist. The individual in this position will assist in developing and maintaining knowledgebase on changing regulatory, threat, and technology landscapes to continually develop or maintain security policies and standards and ensure compliance throughout the organization. As the Information Security Specialist you will: Conducts and supports Traditional Security Reviews (assessments, evaluations, audits) as required and determined by Cybersecurity. Identifies and makes on-the-spot corrections to deficiencies and educates the user on current security standards/requirements IAW current cyber guidelines and DoD compliance standards. Provides surge support, technical guidance, and expertise in the areas of Cybersecurity to support Customer, Mission Partners, IMOs, ISSOs, IS Owners, Software Developers, Network System, and Database Administrators IAW all related cyber regulations and directives; provide results in reports, briefs, and deliverables as required to the appropriate Government representative. Provide Cybersecurity surge support in the event of real world or additional requirements in support of RMF compliance checks and documentation review across authorization boundaries, including, but not limited to: Perform security review preparation for all security controls associated with RMF applicable to an assigned authorization boundary based upon the Confidentiality, Integrity, or Availability designation. Perform on site or off-site reviews of all information systems to audit and validate compliance with associated security controls. Perform as reviewers of audit teams during inspections, assessments, evaluations, audits, etc. Provide reports to the assigned Government representative as required. Provide reviews, validation, and deliverable efforts in support of compliance or non-compliance IAW CCI, STIGs and SRGs for each finding or vulnerability IAW RMF. Provide embedded Cybersecurity support across Customer or other supported organizations as required. Requirements: Active Secret clearance Relevant experience with information security. BA/BS preferred IAT Level I (Security+, CND, CCNA-Security, OR SSCP recommended) Established in 2010, @Orchard has an exceptional reputation, providing staffing solutions to time-sensitive, talent scarcity issues to deliver better talent management ROI. Our specialty lies in the critical area of program talent acquisition and resource management, not in one narrow skillset, but across many areas of technical and functional delivery. To learn more about our other exciting opportunities, visit our Jobs Page at ***************** .

Network Firewall Engineer Recruiting for this role ends on May 31, 2025 Work you'll do Provides engineering, security compliance and administration of the firewalls. The position works closely with other Deloitte groups and vendors to provide exceptional customer support. Including the Deloitte Cyber organization for any requests about security compliance from the different agencies and to mitigate any gaps. Creates configurations and scripts for enterprise deployment of solutions that align business and DT - US strategies. Responsible for providing second level incident support, defining, and updating standards, ensuring compliance on all internal and external projects, enforcing consistent policies and processes. Contributes to the transition of new technologies between Architecture and Engineering and confirms all appropriate documents and processes are developed. Responsibilities: + Manages the day-to-day activities of design, analysis, planning, and implementation. + Oversees the development and evaluation of network performance criteria and measurement methods for short-team and long-term needs including capacity. + Evaluates network architecture design, in addition to feasibility and cost studies + Monitors performance and health, ensures capacity planning is performed, and assesses and makes recommendations for improvement. + Provide skilled expertise for the compliance, engineering, administration and 24x7 operations of the firewalls serving the Deloitte Federal practice. + Perform routine assessments of system hardening in accordance with DOD security technical implementation guides (STIGs). + Ensure the maximum information assurance (IA) compliance of DODIN-N systems + Lead service request fulfilment for firewall policy and other security extension changes (VPN, IPS, URL Filtering, Application Control, etc.). + Provide visibility and insight to assist customers with firewall activity and usage information. + For the Federal firewalls, first responder to monitored alerts, incidents, and issues. + Lead the follow through with firm and vendor resources to close out availability, performance, and security incidents that involve firewalls. + Accountable for executing tasks according to established standards, procedures, and processes. Assist to develop new standards, procedures and processes. + Performs other job-related duties as assigned. + Ability to manage support cases with external technology vendors. The team Deloitte Technology US (DT - US) helps power Deloitte's success, which serves many of the world's largest, most respected organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence. The ~3,000 professionals in DT - US deliver services including: + Cyber Security + Technology Support + Technology & Infrastructure + Applications + Relationship Management + Strategy & Communications + Project Management + Financials Technology & Infrastructure The Technology and Infrastructure Organization works together to transform how DT - US deploys technologies and services to meet the dynamic needs of Deloitte professionals and help increase their productivity. Required Qualifications: + 8+ years in supporting infrastructure environments but not limited to security/firewall, networks, systems + 3+ years of experience in related experience in firewall environments performing engineering (hardware and software) and operations. + Bachelor's degree in Computer Science, Computer Engineering, Business Administration or similar and/or additional relevant professional experience. + Ability to travel 0-10%, on average, based on the work you do and the clients and industries/sectors you serve + Must be a US Citizen (GPS initiatives) Preferred Qualifications: + Expert level knowledge of Checkpoint or Palo Alto. + Advanced level skill in firewall policy management. + Knowledge of monitoring tools and commands to ensure quick resolution to issues. + Hands-on experience with security policy and automation tools such as Firemon, Tufin. Algosec... + Knowledge on Scripting language. + Knowledge of LAN/WAN and network protocols. + Experience in security assessments and audits, ensuring compliance with industry standards and best practices, and addressing vulnerabilities proactively. + Knowledge of applying DoD STIGs to network equipment + Knowledge of information assurance (IA) compliance of DODIN-N systems Information for applicants with a need for accommodation: ************************************************************************************************************ The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $88,600 to $181,900. You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance. EA_ExpHire #LH-1 All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

iHeartMedia Current employees and contingent workers click here to apply and search by the Job Posting Title. The audio revolution is here - and iHeart is leading it! iHeartMedia, the number one audio company in America, reaches 90% of Americans every month -- a monthly audience that's twice the size of any other audio company - almost three times the size of the largest TV network - and almost 4 times the size of the largest ad-supported music streaming service. In fact, we have: * More #1 rated markets than the next two largest radio companies combined; * We're the largest podcast publisher, with more monthly downloads than the second- and third-largest podcast publishers combined. Podcasting, the fastest-growing new media, today has more monthly users than streaming music services or Netflix; * iHeart is the home of many of the country's most popular and trusted on-air personalities and podcast influencers, who build important connections with hundreds of communities across America; * We create and produce some of the most popular and well-known branded live music events in America, including the iHeartRadio Music Festival, the iHeartRadio Music Awards, the iHeartCountry Festival, iHeartRadio Fiesta Latina and the iHeartRadio Jingle Ball Tour; * iHeartRadio is the #1 streaming radio digital service in America; * Our social media footprint is 7 times larger than the next largest audio service; and * We have the only complete audio ad technology stack in the industry for all forms of audio, from on demand to broadcast radio, digital streaming radio and podcasting, which bring data, targeting and attribution to all forms of audio at an unparalleled scale. As a result, we're able to combine our strong leadership position in audience reach, usage and ad tech with powerful tools and insights for our sales organizations to help them build success for their clients at a more efficient cost than any other option. Because we reach almost every community in America, we're committed to providing a range of programming that reflects the diversity of the many communities we serve - and our company reflects that same kind of diversity. Our company values stress collaboration, curiosity, welcoming dissent, accepting mistakes in the pursuit of new ideas, and respect for everyone. Only one company in America has the #1 position in everything audio: iHeartMedia! If you're excited about this role but don't feel your experience aligns perfectly with the job description, we encourage you to apply anyway. At iHeartMedia we are dedicated to building a diverse, inclusive, and authentic workplace and are looking for teammates passionate about what we do! What We Need: iHeartMedia seeks candidates for the position of Senior Cloud Security Engineer. This role is responsible for reviewing cloud architectures and leading the efforts to secure and ensure compliance enforcement through automation, environment assessments, and policy shaping. What You'll Do: * Provide guidance to product and IT teams for all public cloud related matters in AWS, GCP, and Azure * Act as highly technical cloud security Subject Matter Expert (SME) for the InfoSec team. * Research, innovate, and design cloud and hybrid security solutions. * Create design artifacts to enable members of the operations or infrastructure teams to implement solutions. * Identify opportunities to reduce cloud security risk for iHeartMedia. * Collaborate with senior management and department leaders to assess near and long-term cloud security needs. * Review cloud architectures and advise development teams on strong security design principles. * Provide advanced level IAM policy guidance to enable product teams to shape least privilege access. * Create and maintain documentation as it relates to cloud security designs/configurations, processes, standards, and recommendations. * Stay current with the latest cloud threat mitigation tools and techniques. * Provide guidance for security remediation to business and IT partners by demonstrating real, practical risk and valuer. * Provides vulnerability assessment of cloud assets, deliver remediation recommendations, and provides knowledgeable assistance in resolving identified vulnerabilities. * Provides input to the overall architecture and governance model. What You'll Need: * Minimum of 6+ years of experience in a Cyber Security Administrator, Analyst or Engineer role with a focus on cloud-based security. * Broad understanding of information security and compliance risks, and how those apply to public cloud. * Keen interest in learning about modern cloud security and information security threats, mitigation strategies, and control frameworks. * Strong understanding of cloud-based and hybrid infrastructure components with specific understanding of the security risks presented in a centralized or decentralized and hybrid environment. * Strong understanding of security operations and compliance environment with experience in managing multiple tasks, reporting to management, and driving security initiatives within the InfoSec group. * Experience with SIEMs, including Azure Sentinel, and custom log sources. * Proficiency in EDR/MDR incident investigation and threat management. * Strong understanding of cloud native and third-party security related tools. * Strong understanding of Multiple Public Cloud security and compliance features and configuration. * Knowledge of network infrastructure security (physical and virtual) technologies and solutions. * Knowledge of identify providers and identity management security. * Demonstrated critical thinking and analytical ability. * Demonstrated willingness and ability to learn new and emerging technologies. What You'll Bring: * Respect for others and a strong belief that others should do this in return * Demonstrated initiative and achievement-oriented leadership * Ability to manage several projects at a time * Growth mindset and desire for continued knowledge sharing and learning * Understanding of impact of your own decisions and decisions of your team * Strong business insights that contribute to resolving complex problems * Catalyst for new and innovative ideas * Ability to identify and support new opportunities for continued improvement across business * Ability to interact with individuals of all levels and maintain professional relationships * Strong relationships with other leaders with the ability to manage external business partners where appropriate Compensation: Salary to be determined by multiple factors including but not limited to relevant experience, knowledge, skills, other job-related qualifications, and alignment with market data. $136,000 - $170,000 Location: Orlando, FL: 3024 East Amelia Street, 32803 Position Type: Regular Time Type: Full time Pay Type: Salaried Benefits: iHeartMedia's benefits offering is flexible and offers a variety of choices to meet the diverse needs of our changing workforce, including the following: * Employer sponsored medical, dental and vision with a variety of coverage options * Company provided and supplemental life insurance * Paid vacation and sick time * Paid company holidays, including a floating holiday that enable our employees to celebrate the holiday of their choosing * A Spirit day to encourage and allow our employees to more easily volunteer in their community * A 401K plan * Employee Assistance Program (EAP) at no cost - services include telephonic counseling sessions, consultation on legal and financial matters, emotional well-being, family and caregiving * A range of additional voluntary programs, such as spending accounts, student loan refinancing, accident insurance and more! We are accepting applications for this role on an ongoing basis. The Company is an equal opportunity employer and will not tolerate discrimination in employment on the basis of race, color, age, sex, sexual orientation, gender identity or expression, religion, disability, ethnicity, national origin, marital status, protected veteran status, genetic information, or any other legally protected classification or status. Non-Compete will be required for certain positions and as allowed by law. Our organization participates in E-Verify. Click here to learn about E-Verify.

Description & Requirements Reporting to the Sr. Manager for the Program Security Services team (US Services), the Lead Security Analyst-ISSO is responsible for managing the overall security posture of their assigned projects. Acting as an independent contributor, the Lead Analyst-ISSO will document and validate security compliance requirements, as defined in client contracts and established regulatory frameworks (NIST 800-53, HIPAA, IRS 1075, CMS MARS-E/ARC-AMPE, PCI-DSS). This position requires broad knowledge of Information Technology, including cloud providers such as Azure and AWS. This role will also manage stakeholder relationships with both internal and external customers. US citizenship is required per contract/client, at least one of the following certifications is required: CISSP (preferred), CISA or CISM. Experience with NIST 800-53 and the ability to travel up to 10% is required. Essential Duties and Responsibilities: - Responsible for ensuring information security for an assigned area of Business/Project focusing on key areas of risk, as outlined in the Information Security policy, under the direction of the Information Security management team. - Conduct Information Security risk assessments and compliance evaluations for infrastructure and application assets within required timeframes and to industry standards and regulatory specifications. - Ensure controls are properly and fully implemented to address identified Information Security risks for assigned area of responsibility. - Define, create and maintain the documentation for certification and accreditation of each information system in accordance with regulatory requirements. - Lead and support audits and client reviews of security posture; coordinate the collection, review and submission of Information Security deliverables and track the remediation of audit findings and exceptions. - Manage expectations with multiple stakeholders on projects and programs in conjunction with the Information Security team. - Promotion of Information Security awareness through various communication channels within the organization. - Collaborate with the Information Security team members on process improvements, secure design and recertification of MAXIMUS assets. Identify potential security control gaps by reviewing evidence provided by stakeholders, system generated reports and/or control implementation statements. Perform risk assessments using vulnerability management and application security testing reports. Initiate formal security exception process, when required. Develop Plan of Action and Milestones (POA&M) as necessary. Minimum Requirements - Please refer to the additional information section of the job requisition for this opening to determine clearance eligibility required. - Bachelor's degree and 7+ years of relevant professional experience required, or equivalent combination of education and experience. US Citizenship is REQUIRED per contract/client. At least one of the following certifications is REQUIRED: CISSP (preferred), CISA or CISM Experience with NIST 800-53 is REQUIRED Ability to travel nationally up to 10% is REQUIRED HIPAA experience is preferred Experience with Cloud providers, such as Azure and AWS Knowledge of any of the following security frameworks is preferred: IRS 1075, CMS MARS-E/ARC-AMPE, PCI-DS Demonstrates excellent interpersonal, presentation and verbal/written communication skills Demonstrates strong customer service skills Ability to communicate technical information to non-technical staff Ability to work collaboratively with a broad range of staff (including analysts, engineers and leadership) Proficiency with Microsoft Office SmartSheet experience is a plus Ability to perform comfortably in a fast-paced, deadline-oriented work environment Ability to organize and execute complex tasks Ability to work as a team member as well as independently #LI-JH1 #maxcorp #LeadSecurityAnalyst #InformationSystemSecurityOfficer #HotJobs0311LI #HotJobs0311FB #HotJobs0311X #HotJobs0311TH #TrendingJobs EEO Statement Active military service members, their spouses, and veteran candidates often embody the core competencies Maximus deems essential, and bring a resiliency and dependability that greatly enhances our workforce. We recognize your unique skills and experiences, and want to provide you with a career path that allows you to continue making a difference for our country. We're proud of our connections to organizations dedicated to serving veterans and their families. If you are transitioning from military to civilian life, have prior service, are a retired veteran or a member of the National Guard or Reserves, or a spouse of an active military service member, we have challenging and rewarding career opportunities available for you. A committed and diverse workforce is our most important resource. Maximus is an Affirmative Action/Equal Opportunity Employer. Maximus provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disabled status. Pay Transparency Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances. Minimum Salary $ 111,605.00 Maximum Salary $ 145,000.00

Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company, providing customized solutions for hospitals, health systems, pharmacies, ambulatory surgery centers, clinical laboratories and physician offices worldwide. The company provides clinically-proven medical products and pharmaceuticals and cost-effective solutions that enhance supply chain efficiency from hospital to home. Cardinal Health connects patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with approximately 50,000 employees in 46 countries, Cardinal Health ranks among the top 20 on the Fortune 500. We currently have a full-time career opening within Information Security to support the growth of our Navista Application Suite and the Integrated Oncology Network (IoN). **Department overview** The Information Security department at Cardinal Health enables Cardinal Health to securely deliver healthcare products and solutions that improve the lives of people every day by ensuring security practices and controls are embedded into Cardinal Health's people, process and technology. We are a remote-first team and are excited to offer full-time remote opportunities. **Functional Overview** The Senior Information Security & Risk Engineer is a new capability for Cardinal Health and will be executed by the Product Security team. The primary goal of this position is to ensure delivery of best-in-class cybersecurity, risk management, and compliance for Navista, an oncology Managed Service Offering hosted by Cardinal Health. **Job Overview** The Information Security & Risk Engineer will be responsible for day-to-day activities in implementing the corporate information security and compliance program. The individual will be a front-line partner to technical teams and work across the organization to deliver security and compliance initiatives aligning to corporate policies, standards, procedures and audit activities. Success in the role will be measured by the effectiveness of the implementation of information security, risk management and compliance directives. This role will work with various IT and business teams to drive both information security and compliance initiatives. The individual will assist with internal and external security compliance monitoring activities, review client audits, IT control audits, architecture reviews, threat modeling and security risk assessments. Good interpersonal and relationship building skills are essential for success. **Job Responsibilities Include:** + Maintain governance program that ensures that the security policies, standards and process are in place + Serve as liaison to other Cardinal Health teams to ensure knowledge share and best practices + Partner with the engineering, architecture and operations teams to ensure delivery of infrastructure design and threat models which prove security requirements + Monitor security trends and drive security best practices throughout the organization via threat models and risk analysis + Evaluate, design, test, and recommend new or improved controls + Work with third party firms and consultants to conduct independent security audits, vulnerability scans, and penetration tests + Partner with developers to mentor and advise on secure coding and SDLC practices, define test cases and ensure appropriate testing, remediations, and mitigations + Investigate, drive resolution and document security incidents + Travel to various Integrated Oncology Network (IoN) sites may be required **Qualifications** + Bachelors Degree in related field, or equivalent work experience leading cybersecurity or information security initiatives + Have 5+ years information security related work experience, preferably within the healthcare industry + Extensive experience with network and infrastructure design and security, ideally within the Azure cloud + Experience in vulnerability management programs, vulnerability assessments and advanced understanding of risk management + Familiarity with at least one common programming language, software development pipelines, and system lifecycles + Familiarity with standards such as HIPAA/HITECH, ISO, ITIL, NIST, PCI DSS, & SOX, CCPA, OWASP + Professional security certification (CISSP or CISM preferred) + Experience advising and mentoring diverse teams where you do not have direct authority + Strong written and verbal communication skills **Anticipated salary range:** $121,600 - $182,385 **Bonus eligible:** Yes **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 4/7/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

Established in 1991, Collabera has been a leader in IT staffing for over 22 years and is one of the largest diversity IT staffing firms in the industry. As a half a billion dollar IT company, with more than 9,000 professionals across 30+ offices, Collabera offers comprehensive, cost-effective IT staffing & IT Services. We provide services to Fortune 500 and mid-size companies to meet their talent needs with high quality IT resources through Staff Augmentation, Global Talent Management, Value Added Services through CLASS (Competency Leveraged Advanced Staffing & Solutions) Permanent Placement Services and Vendor Management Programs. Collabera recognizes true potential of human capital and provides people the right opportunities for growth and professional excellence. Collabera offers a full range of benefits to its employees including paid vacations, holidays, personal days, Medical, Dental and Vision insurance, 401K retirement savings plan, Life Insurance, Disability Insurance. Job Description Title: ArcSight Security Engineer Duration: 6 months (Possibility to Hire) Location: Fort Knox, KY Description: • Assist the customer and required to provide technical leadership on major tasks or technology assignments. • The ideal candidate will have a wide range of technical knowledge in Applicant should posses an in -depth understanding of ArcSight ESM, and be able to perform the functions of a Senior Analyst, Advanced Content Author, and Security Solutions Architect. • Applicant should be able to provide a practical solutions-based approach for design and implementation of a complete enterprise SIEM deployment, and understand methodologies, terms, concepts, and best practices within the context of the HP ArcSight product line. Duties & Responsibilities: • Assist in the Information Assurance Office activities to support with the installation, configuration, troubleshooting, customization and optimization of the ArcSight product suite and its dependencies. • This position requires strong knowledge in network security operations and familiarity with a variety of endpoint security products. • The candidate will develop ArcSight specific content including reports, filters, trends and dashboard content. The candidate must be experienced with ArcSight in order to provide optimization, tuning, and flex agent development. The successful candidate should be very experienced in IT networks, security systems design, and deployment and troubleshooting. • Duties will include the ability to lead the installation, configuration, optimization and customization of ArcSight software and appliances. • Required to translate customer requirements into use cases, design and implement as ArcSight content. The ability to perform system administration for ArcSight components and create customized dashboards for ArcSight ESM and Logger to elevate high threat items to incident responders. DOD 8570 CNDSP Infrastructure certification is desired. Qualifications • Expert level knowledge in defining an organization's ArcSight ESM Network Model • Extensive experience implementing the ArcSight suite of software and appliances in an Enterprise Environment • Experience developing ArcSight FlexConnectors • Proficient in Unix scripting • Ability to develop an ArcSight training program to be used to train our Systems Administrators, Network Administrators, Security Engineers, and Security Analysts in the efficient use of the ArcSight Suite • A Bachelor's degree from an accredited institution or equivalent in Computer Science, Information Systems, Engineering, or related technical discipline is required. • Significant experience may substitute for minimum educational requirements. • Must possess at least 8 years of hands on technical experience with a minimum of 5 year of experience in ArcSight ESM. • Ability to Create Advanced ESM content for Security Use Cases in order to find, track and remediate security incidents, including: Using variables and correlation activities, Customizing report templates to use dynamic content and Customizing notification templates to send the appropriate notification based upon specific attributes of an event Required Qualifications: • ArcSight Certified Analyst (ACSA) and or ArcSight Certified Integrator Administrator (ACIA) • Familiarity with network defense technologies including IDS/IPS, Firewalls, VPN • Determine appropriate Logger/ESM architecture to address specific log management requirements • Integrate Logger/ESM in peering and hierarchical deployments • Optimize ArcSight SmartConnector configurations for a Logger/ESM integrated environment • Identify types of criteria used to define system requirements • Present a thorough compilation of the various architectures and the pros and cons of each • Identify integration capabilities and best practices for each product • Identify data sources and ESM resources required to fulfill the objectives of the use case • Present multiple real-world scenarios that will be the basis of a complete implementation exercise • Must possess a CompTIA Security+ certification (baseline certification - day 1 requirement) • Minimum Certification as a DoD 8570 IAM II, must possess or able to obtain from hire date, within 6 months IAT Level II certification related to Release Management field • Must hold an active Department of Defense Security Clearance (interim Secret minimum - day 1 requirement). • Knowledge of DoD directives 8500.2, 8530.2, CJCSI 6510, and DISA STIGS- specifically requirements pertaining to the access and retention of network device logs. • Strong customer service, organizational skills, knowledge of applicable DoD/Government policies and procedures. • Demonstrated exceptional ability to troubleshoot complex systems required. • Solid understanding of industry standard availability and security practices required. Additional Information To discuss on this, please contact: Himanshu Prajapat Call on: ************ **********************************

This role is remote or office hybrid and based in Louisville, Kentucky. What the Role Is The Security Architect will be the lead information security technologist for Heaven Hill. This position will be responsible for the assessment of information security risks and threats, security technology architecture, development and execution of roadmaps to reduce risks to acceptable levels and close gaps to desired maturity states, lead cyber incident response and recovery, and drive continuous improvement of security operations. This position will be responsible for leading the information security team and will report to the Director of Technology Services, who will be the overall owner of the information security function. How You Will Spend Your Time? Develop and implement security capabilities, technology, and process roadmaps for both Enterprise and OT security to achieve short-term and long-term objectives Develop and enhance security policies and standards, based on sound security and architecture practices Lead an appropriate and effective response and restoration process in the case of any security event Ensure capability of business restoration to required objectives in the case of a breach or intrusion and resulting loss of data or access to systems and data Consult, advise, and oversee the secure design of key IT system and infrastructure projects to ensure alignment with enterprise security architecture in collaboration with other business and IT stakeholders Identify, establish, and monitor appropriate metrics and leading and lagging indicators of security performance and capabilities Lead vulnerability and security maturity assessments, gap closure plans, and execution Coordinate, review, and implement actions to maintain compliance with regulatory, insurance, and security requirements Identify unacceptable 3 rd and 4 th party risks and exposures and define and implement actions necessary; monitor ongoing performance to reduce these risks to acceptable levels Maintain a thorough understanding of security threats and attacks to identify potential vulnerabilities along with their appropriate remediations Monitor the environment (e.g., network, systems, endpoints) for security breaches, malware, and loss of data Conduct regular system tests and ensure continuous monitoring of network security Who You Are… Bachelor's degree in computer science, information systems, engineering, or related degree; Advanced degree preferred Minimum 5 years of experience in the following areas: Information Security Architecture and Engineering, Risk Management, Endpoint Security, Network Security, Identity and Access Management, Security Assessment and Testing and Security Operations required Robust experience in Information Security domains, including experience within security functions of a global enterprise-level entity required. Current information security certifications, such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) Knowledgeable in security concepts and practices (e.g., IAM, Mesh architecture, zero trust, NIST CSF, MITRE Att&ck) Experience with common industry enterprise-class products and services for information security Experience with networking (e.g., DNS, routing, PKI, certificate management, IDS, IPS, scanning, firewalls, segmentation, and microsegmentation) Experience and understanding of standard IT management frameworks Experience with NIST 800-53, CSF, HIPAA, PII, PHI, NY-DFS, PCI Practical experience with database security, content filtering, vulnerability scanning and anti-malware Experience developing and leading incident response plans Demonstrated leadership and problem-solving skills Physical Requirements While performing duties of job, employee is occasionally required to stand; walk; use hands and fingers to handle, or feel objects, and use of computer; reach with hands and arms. Employee must occasionally lift and/or move up to 10 pounds. Benefits Paid Vacation 11 Paid Holidays Health, Dental & Vision eligibility from day one FSA/HSA 401K match EAP Maternity/Paternity Leave Heaven Hill and its affiliates are committed to fostering a diverse workforce as an Equal Employment Opportunity company. We invite applications from candidates of all backgrounds, without regard to race, religion, color, sex, sexual orientation, natural origin, gender identity or expression, age, disability, veteran status or any other legally protected characteristic.

PagerDuty, Inc. (NYSE:PD) is a global leader in digital operations management. Half of the Fortune 500 and nearly 70% of the Fortune 100 trust PagerDuty as essential infrastructure. Join us. (******************************* At PagerDuty, you'll tackle complex problems, collaborate with kind and ambitious people, and help build a more equitable world-all in a flexible, award-winning workplace. PagerDuty is seeking a **Senior Security Engineer (Infrastructure & Identity Security)** to join our diverse, customer-focused team! As a Senior Security Engineer, you will be a key technical leader driving security initiatives across PagerDuty's SaaS offerings, with deep expertise in Identity and Access Management. While you'll spearhead our IAM modernization efforts and implement robust authentication patterns, you'll also be instrumental in maintaining our overall security posture through architecture reviews, threat modeling, and automated security solutions. We're looking for a security generalist who excels in IAM - someone who can tackle diverse security challenges across our infrastructure while bringing specialized knowledge in identity and access patterns. Since we own and operate what we build, you'll collaborate with 30+ engineering teams to implement secure, scalable solutions that enhance security while maintaining developer productivity. This is an exciting opportunity to not only revolutionize our IAM strategy but also contribute to the broader security landscape of our SaaS platform. **KEY RESPONSIBILITIES** + Lead and implement comprehensive IAM strategy across cloud infrastructure + Work closely with Product Engineering teams and conduct architecture reviews and threat modeling sessions focusing on but not limited to identity and access patterns + Design and implement modern service-to-service authentication patterns using technologies such as IRSA (IAM Roles for Service Accounts) and pod identity + Develop and maintain a robust secrets management framework and strategy + Drive adoption of principle of least privilege across all services and applications + Design and implement automated workflows for access reviews and certification + Design and implement security controls for AWS cloud infrastructure and containerized environments + Develop metrics and monitoring for IAM-related security events and access patterns + Monitor and maintain security tooling supporting infrastructure security controls + Design and implement security automations and tool integrations + Develop automated vulnerability management workflows to drive timely remediation + Implement automated incident response playbooks **Additional Responsibilities:** + Mentor and guide team members on security best practices and implementation approaches + Participate in our team's on-call rotation, triaging and addressing security issues as they arise. + Contribute to roadmap and annual planning discussions **BASIC QUALIFICATIONS** + 5+ years of experience as a full-stack Security Engineer in an AWS native, micro-service SaaS environment with focus on IAM. + Deep expertise in cloud security, particularly AWS services including but not limited to: + GuardDuty, CloudTrail, Config + IAM family, Secrets Manager, KMS + EKS, Service Mesh architectures + Strong expertise and experience implementing and managing identity providers, specifically Okta and/or Microsoft Entra at scale (1000+ users). + Strong understanding of zero trust principles and modern authentication patterns + Experience working with multiple development teams and technology stacks + 5+ years experience leading technical security initiatives, with proven ability to scope ambiguous projects, break down complex work into actionable items, and successfully delegate responsibilities while maintaining project momentum + Proficiency with security tools: + Vulnerability Management & EDR: Wiz, Snyk, Qualys/Nessus, Crowdstrike + SIEM: SumoLogic or Splunk + Experience with Infrastructure as Code and CI/CD: + Terraform, Helm, Chef, Ansible, Buildkite, Jenkins, ArgoCD + 4+ years of experience and proficiency in at least one programming language and framework (Python, Java, or similar) + Strong understanding of Threat Modeling principles + Experience with Security Incident Response & Risk Management + High appetite for challenging problems with a high degree of ownership. **PREFERRED QUALIFICATIONS** + Hands-on experience implementing IAM solutions at scale + Experience working at a SaaS company larger than 1000 employees and 100M in revenue + Current or past experience with obtaining and maintaining FedRAMP authorization and other compliance frameworks (SOC 2, ISO 27001) + Strong problem-solving abilities with effective change management skills + Possesses a strong sense of ownership and a keen discernment for excellence in security systems within a SaaS environment, demonstrating the ability to distinguish what constitutes a truly robust and effective safeguarding infrastructure. + Demonstrated history of mentoring and coaching + Strong written and verbal communication skills + Working knowledge and experience with PagerDuty Incident Management and Process Automation products. + Familiarity with Corporate security needs and solutions, and ability to provide oversight and mentorship to the Corporate Security team to ensure alignment with CISO strategic initiatives and mandates. The base salary range for this position is 176,000 - 281,000 USD. This role may also be eligible for bonus, commission, equity, and/or benefits. Our base salary ranges are determined by role, level, and location. The range, which is subject to change based on primary work location, reflects the minimum and maximum base salary we expect to pay newly hired employees for the position. Within the range, we determine pay for an individual based on a number of factors including market location, job-related knowledge, skills/competencies and experience. Your recruiter can share more about the specific offerings for this role, as well as the salary range for your primary work location during the hiring process. The successful applicant will be performing work in FedRAMP environments, and therefore, must be a U.S. Person (i.e. U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee). **This position may also perform work that the U.S. government has specified can only be performed by a U.S. citizen on U.S. soil.** **Hesitant to apply?** We encourage you to submit your resume even if you don't meet every requirement. We value potential and consider each candidate's full professional story. Whether you're exploring a career change or taking your next step, we look forward to reviewing your application. If this just isn't the right role or time - sign up for job alerts (**************************************** ! **Where we work** PagerDuty currently has offices (**************************************** in Atlanta, Lisbon, London, San Francisco, Santiago, Sydney, Tokyo, and Toronto. We offer a hybrid, flexible environment. We also provide ample opportunities for connection, like team offsites and volunteering events. **How we work** Our values (************************************** guide how we support customers, collaborate with colleagues, develop products, and foster a culture of belonging. They define not just our actions, but what it means to be Dutonian. **What we offer** As a global organization, our total rewards approach is competitive with industry standards and aligned with local laws and regulations. Learn more, including country-specific offerings, on our benefits site (********************************************** . **Your package may include:** - Competitive salary - Comprehensive benefits package from day one - Flexible work arrangements - Company equity* - ESPP (Employee Stock Purchase Program)* - Retirement or pension plan* - Generous paid vacation time - Paid holidays and sick leave - Dutonian Wellness Days & HibernationDuty - companywide paid days off in addition to PTO - Paid parental leave: 22 weeks for pregnant parent, 12 weeks for non-pregnant parent (some countries have longer leave standards and we comply with local laws)* - Paid volunteer time off: 20 hours per year - Company-wide hack weeks - Mental wellness programs *Eligibility may vary by role, region, and tenure **About PagerDuty** PagerDuty, Inc. (NYSE:PD) is a global leader in digital operations management, enabling customers to achieve operational efficiency at scale with the PagerDuty Operations Cloud. The PagerDuty Operations Cloud combines AIOps, Automation, Customer Service Operations and Incident Management with a powerful generative AI assistant to create a flexible, resilient and scalable platform to increase innovation velocity, grow revenue, reduce cost, and mitigate the risk of operational failure. Half of the Fortune 500 and nearly 70% of the Fortune 100 rely on PagerDuty as essential infrastructure for the modern enterprise. PagerDuty is Great Place to Work-certified, a Fortune Best Workplace for Millennials, a Fortune Best Medium Workplace, a Fortune Best Workplace in Technology, and a top rated product on TrustRadius and G2. Go behind-the-scenes on our careers site (*********************************** and @pagerduty on Instagram. **Additional Information** PagerDuty is committed to creating a diverse environment and is an equal opportunity employer. PagerDuty does not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, parental status, veteran status, or disability status. PagerDuty is committed to providing reasonable accommodations for qualified individuals with disabilities in our job application process. Should you require accommodation, please email accommodation@pagerduty.com and we will work with you to meet your accessibility needs. PagerDuty uses the E-Verify employment verification program.