Security Engineer Jobs in Millbury, MA

Corporate Services Security (CPSS) is the Amazon security team aligned with Finance & Global Business Services (FGBS), People eXperience & Technology (PXT), Legal, and Global Communications and Community Impact (GCCI) business units. Our Mission is to protect and safeguard Amazon's corporate services, systems, and data. Through proactive engagement with the development teams, we understand the dynamic business processes that run Amazon, and enable our stakeholders to innovate, build, and scale securely. The Product Security Team within CPSS supports a large number of applications built using AWS Services. Apart from work, we provide opportunities for our engineers to pursue projects they are passionate about while maintaining work life harmony. Key job responsibilities Creating, updating, and maintaining threat models for a wide variety of software projects Manual and Automated Secure Code Review, primarily in Java, Python and Javascript Development of security automation tools Adversarial security analysis using tools to augment manual effort Provide Security training and outreach for internal development teams Provide Security architecture and design guidance to application development teams Independently solve systemic, complex security problems that require novel methods or approaches Influence your team's and partners' process, priorities, and choices by using data to improve security outcomes Provide technical and strategic guidance to senior leaders and stakeholders through effective oral and written communications A day in the life As a Senior Security Engineer, you will collaborate with SW development teams to ensure we keep our customers safe while developing novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service. The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security specialist with one or more areas of deep expertise within application security. They will clearly articulate risks to technical and non-technical audiences alike. Successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions. They will shape the strategy of the Product Security Team and influence systemic security improvements across our service organizations. BASIC QUALIFICATIONS BS in Computer Science or related field, or equivalent work experience Minimum of 7 years of experience with at least two of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, penetration testing, cloud security, mobile security, and network security Intimate knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security Experience reading and writing in at least one programming language PREFERRED QUALIFICATIONS Demonstrated ability of judgement in assessing and prioritizing technical risk Strong application security background with a focus on scalable solutions Experience building and securing complex AWS architecture Proven experience identifying and removing bottlenecks for your teammates, both in process and technology Experience securing Finance applications Proven experience shaping the strategy of a Product Security Team Demonstrated experience influencing systemic security improvements across organization Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. #J-18808-Ljbffr

Senior Security Engineer, Infrastructure IT & Security As a Senior Security Engineer on the Infrastructure Security team, you will play a critical role in securing Klaviyo's IT infrastructure, with a particular emphasis on Google Cloud Platform (GCP) security. You'll be deeply involved in implementing and managing security measures across our network, cloud environments, servers, and databases, ensuring our GCP infrastructure is robust and resilient against threats. Your expertise will help us align with industry best practices and maintain a strong security posture. Engineers come to Klaviyo with experience in a variety of disciplines. All engineers are expected to become proficient in the technologies we use (not exhaustive). You will be responsible for guiding best practices in deployment, configuration, and maintenance to reduce overall security risk and champion secure-by-default design patterns: GCP Security: Google Cloud IAM, Cloud Security Command Center, Cloud Key Management Service, Organization Policies, Chronicle Security Analytics Cloud Infrastructure Security: Managing security configurations in GCP environments Server and Database Hardening: Securing servers and databases hosted on GCP Cloud Endpoint Protection: Implementing endpoint security solutions within GCP How You Will Make a Difference: Secure Klaviyo's IT infrastructure by implementing and managing network security measures, with a focus on GCP services Configure and maintain GCP security features like Cloud Security Command Center, Organization Policies, and Chronicle Security Analytics to protect against threats Manage and audit security configurations in GCP to ensure compliance with best practices and regulatory requirements Harden servers and databases hosted on GCP to safeguard against unauthorized access and vulnerabilities Deploy and manage cloud endpoint protection solutions within the GCP environment Collaborate with cross-functional teams to integrate GCP security practices into all aspects of infrastructure development and deployment Continuously monitor, assess, and improve security measures in GCP to adapt to emerging threats and technologies Who You Are: Have 5+ years of experience in infrastructure security engineering or related fields, with significant experience in GCP security Strong understanding of GCP security principles and technologies Experience with GCP services such as Google Cloud IAM, Cloud Security Command Center, Cloud Key Management Service, Organization Policies, and Chronicle Security Analytics Proficient in server and database hardening techniques within GCP environments Familiarity with GCP-specific endpoint protection tools and strategies Certifications such as Google Cloud Certified - Professional Cloud Security Engineer or relevant cloud security certifications are a plus Excellent problem-solving skills and attention to detail Strong communication skills with the ability to work collaboratively across teams Passionate about staying up-to-date with the latest security threats and GCP technologies Base Pay Range For US Locations: $152,000 - $228,000 USD Get to Know Klaviyo: We're Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we're developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators-ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you're ready to do the best work of your career, where you'll be welcomed as your whole self from day one and supported with generous benefits, we hope you'll join us. Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law. IMPORTANT NOTICE: Our company takes the security and privacy of job applicants very seriously. We will never ask for payment, bank details, or personal financial information as part of the application process. All our legitimate job postings can be found on our official career site. Please be cautious of job offers that come from non-company email addresses (@klaviyo.com), instant messaging platforms, or unsolicited calls. You can find our Job Applicant Privacy Notice here. #J-18808-Ljbffr

We are seeking a Senior Security Engineer to join our team, focusing on defining security workflows and incident response (IR) strategies. You will design and implement advanced security use-cases, build and automate simulations of complex attacks and environments, and research incidents to help improve our AI agents. Responsibilities: Define and refine security workflows and incident response strategies. Design and implement advanced security use-cases. Build and automate simulations of complex attack scenarios and environments. Research security incidents and provide insights to enhance our AI agents. Collaborate with cross-functional teams to integrate security solutions into our platform. Requirements: 4+ years of experience in security, including SOC, Blue Team, or IR roles. Experience with Security Orchestration, Automation, and Response (SOAR) platforms. Experience with automation and coding experience with Python or related languages. Ideal but not required: Cloud security experience. Well-rounded knowledge and passion for security across various domains. Strong problem-solving and communication skills. About Seven AI: We are seeking professionals of all levels who are eager to make a substantial impact and excel in a high-growth, dynamic environment. As AI is advancing at a pace never seen before, you'll join us at a pivotal stage, where your expertise can shape the future of cybersecurity. You'll have the opportunity to work on the bleeding edge of technology and drive true innovations, all while collaborating closely with industry veterans who are dedicated to defending the market from the new wave of AI-driven attacks. Our culture is centered around respect, collaboration, and proactiveness, and a shared commitment to delivering exceptional value to our customers. If you're passionate about building something extraordinary and thrive in an environment where your contributions truly matter, we'd love to connect with you. #J-18808-Ljbffr

Our Mission At Palo Alto Networks everything starts and ends with our mission: Being the cybersecurity partner of choice, protecting our digital way of life. Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we're looking for innovators who are as committed to shaping the future of cybersecurity as we are. Who We Are We take our mission of protecting the digital way of life seriously. We are relentless in protecting our customers and we believe that the unique ideas of every member of our team contributes to our collective success. Our values were crowdsourced by employees and are brought to life through each of us everyday - from disruptive innovation and collaboration, to execution. From showing up for each other with integrity to creating an environment where we all feel included. As a member of our team, you will be shaping the future of cybersecurity. We work fast, value ongoing learning, and we respect each employee as a unique individual. Knowing we all have different needs, our development and personal wellbeing programs are designed to give you choice in how you are supported. This includes our FLEXBenefits wellbeing spending account with over 1,000 eligible items selected by employees, our mental and financial health resources, and our personalized learning opportunities - just to name a few! Job Description Your Career As a Palo Alto Networks GSI Systems Engineer for the Americas, you will be responsible for helping to drive go-to-market (GTM) development and outcomes with Palo Alto Networks' most strategic and impactful GSI partners (e.g. Wipro, Accenture, IBM). Your Impact As a member of our Global Palo Alto Networks GSI team, our SE will develop a localized technical partner plan that sets the table for how we will interlock our global and regional partner plan priorities and partner enablement objectives You will align with the Palo Alto Network regional Alliance Business Managers, SE's and Account Sales teams to drive partner awareness and enablement around joint solution offerings, sales plays and GTM campaigns where technical evangelism is required The SE will be part of the wider Palo Alto Networks SE community, providing support and access to deep technical training and enablement programs This role will encompass a wide range of activities including, establishing technical relationships, building partner awareness, preference and competency for Palo Alto Networks across technical partner personas In this role, you will help drive Palo Alto Networks Next Generation security platform & technology solutions adoption, deliver ad-hoc training, replicate best practices and demonstrate Palo Alto Networks products to partner technical personas and augment technical account team leads as and when it will help us establish a beach-head win for the Alliance In this role, you will deliver and promote enablement pathways to the partner that will ultimately enable them to establish Palo Alto Networks product, sales and implementation competencies You will also be expected to coordinate within the regional Channel SE organization, our Partner Program and Enablement Teams to resource specific regional partner meetings or activities, where local resources are required The ideal candidate will have prior experience of working across security domains, including network infrastructure, end point and cloud, within a large, strategic partner community Qualifications Your Experience BS CS or equivalent or equivalent military experience and 8+ years of experience as an SE, Channel SE or solutions architecture Experience selling, demonstrating, installing and troubleshooting network infrastructure security products Self-motivated, able to work alone and maintain focus but also work as part of a team Strong communication (written and verbal) and presentation skills, both internally and externally Strong problem-solving skills, ability to analyze complex problems and use a systematic approach to gain quick resolution, often under time demands Ability to understand business outcomes and lead technical discussions Superb organizational skills "Whatever it takes" attitude and motivation Experience of service based offering development, potentially as part of a Global Systems Integrator (SI/GSI), Managed Security Service partner (MSSP) or Consulting firm Experience working with Channel partners and understanding of a channel centric go to market approach Experience from companies in the enterprise networking security industry Additional Information The Team Our Palo Alto Networks Systems Integrator GTM Partner team is a group of hand-selected individuals that are focused on driving our technical relationship across GSIs. This focused and experienced team works directly with the GSIs, as well as internally and externally key stakeholders and constituents to operationalize and achieve our desired business plan outcomes. This role will be critical to ensuring we execute on time and on plan. Compensation Disclosure The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/commissioned roles) is expected to be between $198,000/yr to $273,000/yr. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found here. Our Commitment We're problem solvers that take risks and challenge cybersecurity's status quo. It's simple: we can't accomplish our mission without diverse teams innovating, together. We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at accommodations@paloaltonetworks.com. Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics. All your information will be kept confidential according to EEO guidelines. Is role eligible for Immigration Sponsorship? No. Please note that we will not sponsor applicants for work visas for this position.

Job Title: Systems Engineer Duration: 36 months contract on W2 (possible extension) Candidates should have an active Secret Clearance Required Minimum Bachelors of Computer Science or relevant technical field of study Experience providing support for RHEL & Ubuntu workstation and server Experience utilizing Ansible Automation Platform to support Linux systems Experience utilizing Satellite and Landscape to support Linux systems Experience with bash/shell, Python or Perl scripting Understanding of Linux troubleshooting to include the boot process, Kickstart building, systemd, monitoring of system resources, kernel tuning, system performance troubleshooting, system calls and tracing Experience configuring storage for Linux systems (LVM, file systems, RAID, storage encryption, SAN, NAS and NFS) Package development and deployment (rpm, yum, dnf, apt) Strong overall network skills (package captures, NIC latency tuning, route tables and tracing, subnetting, firewall/iptable, TCP/UDP/IP protocols) Ability to work independently toward delivery of goals as well as collaborate in team efforts Excellent customer service skills Excellent presentation, verbal and written communication skills Demonstrate the ability to learn new technologies and disciplines quickly Preferred Experience supporting DevSecOps environments (with Github, Jfrog, Jenkins, GitLab, Fortify, Docker, Kubernetes, or SonarQube) Experience supporting software deployment on Linux Experience supporting AWS cloud infrastructure. Clearance: Candidates should have an active clearance (secret/top secret, etc.) in order to be considered for this position due to the nature of the work being done. Do not submit candidates if they do not meet this requirement. Work schedule: This position is VIRTUAL. The candidate can work remotely but they MUST live within 100 miles of Lexington so that they can come into the Lab if necessary for the needs of the program. The onsite work will not be regular.

3+ Year Contract that comes with full benefits. requires obtaining a Department of Defense Secret Clearance. US Citizenship required W2 only and must be able to work on site 4 days a week The selected candidate will work on a team performing systems engineering activities for a large program. Responsibilities include developing, flowing down and tracking requirements, architecting systems, developing an MBSE model of the systems and their interfaces, planning and leading verification and validation activities, and identifying risks and defining risk mitigation strategies. The successful candidate should have: • A Bachelors Degree in Physics, Mechanical, Electrical, Aero/Astro, Software Engineering, or related fields and at least 5 years of relevant experience with systems engineering for space or airborne systems. A MS degree or PhD can be substituted for years of experience. • The ability to support a full range of systems engineering activities for multiple programs • The ability to use a systems perspective to identify needed technology development efforts • Excellent written and verbal communication skills, including the ability to produce and present professional written reports and presentations • Experience with SysML Model-Based Systems Engineering (MBSE) tools is required. Preferred: • Experience with MagicDraw. • Experience with integration of hardware and software is helpful

The selected candidate will work on a team performing systems engineering activities for a large program. Responsibilities include developing, flowing down and tracking requirements, architecting systems, developing an MBSE model of the systems and their interfaces, planning and leading verification and validation activities, and identifying risks and defining risk mitigation strategies. The successful candidate should have: A bachelor's degree in physics, Mechanical, Electrical, Aero/Astro, Software Engineering, or related fields and at least 5 years of relevant experience with systems engineering for space or airborne systems. A MS degree or PhD can be substituted for years of experience. The ability to support a full range of systems engineering activities for multiple programs. The ability to use a systems perspective to identify needed technology development efforts. Demonstrated experience leading multi-disciplinary teams. Excellent written and verbal communication skills, including the ability to produce and present professional written reports and presentations. Experience with SysML Model-Based Systems Engineering (MBSE) tools is required. Preferred: Experience with Magic Draw. Experience with the integration of hardware and software is helpful Skill Matrix: Qualification Assessment Must Have Degree Level Bachelor's Degree Yes Engineering Systems Engineering 5 years Systems Model based systems engineering 5 years SysML experience 2 years Nice to Have Systems Hardware and Software Integration 0 years Magic draw 0 years Systems Analysis 0 years Systems Integration 0 years ** 3rd party and subcontract staffing agencies are not eligible for partnership on this position. 3rd party subcontractors need not apply. This position requires candidates to be eligible to work in the United States, directly for an employer, without sponsorship now or anytime in the future. This client is a US Federal Government contractor and is legally required to hire US Citizens. US Citizens will only be considered for this role. Due to the nature of the work, a United States Government Clearance is required to be eligible for the position. **

We're ALTEN Technology USA, an engineering company that provides solutions for engineering, technology, and product development projects. For decades, we've been helping our clients develop products that are changing the world, whether that's by shaping the future of space exploration, saving lives with medical devices that set a new standard of care, or creating the fully autonomous electric taxi of tomorrow. Our team of more than 600 people works across industries including aerospace, medical devices and life sciences, unmanned systems and robotics, automotive OEM and tier 1 suppliers, commercial vehicle, electric vehicles, rail, and more. Our offices across the US have different industry focuses and engage with our clients in different ways, ranging from working on-site at client facilities to performing product development at our delivery centers. ALTEN Group, our parent company, has been a leader in engineering and information technology for more than 30 years. ALTEN Group operates in 30 countries across Europe, North America, Asia, Africa and the Middle East and employs more than 36,000 people, 88% of whom are engineers. The company covers the whole development cycle and offers a choice of service levels, from technology consulting to complete project outsourcing. When you join ALTEN Technology USA, you join a group of people passionate about collaborating to solve some of the world's most technical engineering challenges. Our success is tied to taking care of our employees by building relationships and providing opportunities for mentorship and career growth. We offer comprehensive benefits for all full-time employees, including medical, dental, and vision insurance; a 401(k) plan with employer matching; paid time off (PTO); paid parental leave; and mentorship to help you take your career to the next level. You don't have to take our word for it that we are a great place to work-we were named on the 2023 Top Workplaces list thanks to feedback from our proud employees. As a Systems Engineer you will be responsible for: Concept of Operations Use Cases Behavior Diagrams Requirement decomposition and flow down Interface Control Documents Testing and integration Systems engineering documentation and modeling may be done with both basic documentation tools (Visio, Word, Excel, SharePoint, etc.) or Models Based Systems Engineering (MBSE) Software (CAMEO, JAMA) Education and Experience Minimum of a Bachelor's degree (B.S.), from a technical college or university in an Engineering field. 4+ years of engineering/product development experience, most of which including demonstrated proficiency in systems engineering. Qualifications: Systems engineering and electro-mechanical device experience (or strong product development knowledge). Experience tailoring system engineering processes to balance level of SE effort to product/system needs. Ability to work in fast-paced, agile environment. Ability to work autonomously. Preferred experience within the robotics industry. Location: Hybrid in North Boston area preferred Salary Range: $110,000 - $160,000 The actual salary offered is dependent on various factors including, but not limited to, location, the candidate's combination of job-related knowledge, qualifications, skills, education, training, and experience

Our client is a fast-growing, VC-backed startup from MIT, dedicated to redefining the future of air conditioning with cutting-edge, sustainable solutions. They are tackling one of the planet's most pressing challenges: making cooling more efficient, affordable, and environmentally friendly. As a Department of Energy grant recipient and a proud finalist in the prestigious Global Cooling Prize, our team is at the forefront of groundbreaking innovation. Their high-efficiency air conditioning systems are designed to transform how the world stays cool while reducing environmental impact. What You'll Do As a Thermal Systems Engineer, you will play a key role in the design, development, and optimization of novel refrigerant and heat pump systems. You will contribute to the full lifecycle of thermal system development, from conceptual design to prototype testing and system optimization. This role demands a deep understanding of heat transfer, fluid dynamics, HVAC systems, and refrigerant loops, alongside the ability to lead a small team in a fast-paced, startup environment. Key Responsibilities: Refrigerant System Design: Lead the design and development of refrigerant systems for novel heat pump technologies, including tube sizing, routing, insulation, and component selection. Heat Exchanger Design: Design and optimize heat exchangers, specifically evaporators and condensers, with a focus on refrigerant circuiting and thermal optimization for both refrigerant and air circuits. Thermal Modeling: Develop and implement first-principles-based thermal models for heat and mass transfer in desiccant-enabled systems. Leverage tools like MATLAB, Python, and spreadsheets for first-order models and detailed design analysis. Prototype Testing: Define and execute prototype builds and testing to validate thermal designs, ensuring that performance and efficiency targets are met. System Architecture and Trade-offs: Analyze and communicate system architecture trade-offs, particularly with respect to thermal considerations, to ensure optimal performance and efficiency. Collaboration & Communication: Present formal technical reviews internally and externally with customers. Track technical status, risks, and provide inputs to program planning. Cross-functional Collaboration: Support the engineering team's development efforts by providing key thermal inputs for integration with other systems. Team Leadership: Mentor junior engineers and lead a small team to effectively collaborate and execute on complex thermal system designs. What You'll Bring We recognize that there are many paths to success. While we list desired skills and qualifications below, we encourage you to apply if you meet most of them or have transferable experiences. Required Skills and Experience: 4-6 years of experience in thermal system design, with a strong background in HVAC systems, air conditioners, refrigerant loops, or similar fields. Deep knowledge of heat transfer principles, fluid dynamics, and HVAC systems. Practical experience in the design and optimization of thermal systems, including refrigerant loops, heat exchangers, and thermal management solutions. Strong proficiency in thermal modeling, including experience with hand calculations, spreadsheets, and software such as MATLAB or Python for system modeling and analysis. Skills: Strong problem-solving skills and the ability to work autonomously in a fast-paced, results-driven environment. Excellent communication skills to present technical data and collaborate with internal and external teams. Proficiency in prototyping and testing to verify design assumptions and ensure performance standards are met. Ability to lead a team, provide mentorship, and foster a collaborative engineering culture.

Basic Qualifications Requires a Bachelor's degree in Systems Engineering, or a related Science, Engineering or Mathematics field. Also requires 2+ years of job-related experience or a Master's degree. Agile experience preferred. CLEARANCE REQUIREMENTS: Department of Defense Secret security clearance is required at time of hire. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information. Due to the nature of work performed within our facilities, U.S. citizenship is required. Responsibilities for this Position We are seeking a Systems Security Engineer who has experience in the design and development of NSA-certified Cybersecurity devices. Key Responsibilities: Design and develop specifications for mission-critical NSA-certified Cybersecurity devices Collaborate with software and validation engineering teams to deliver high-speed data solutions Develop real-time multi-threaded Embedded System architecture using Model-based Systems Engineering (MBSE) tools and techniques Analyze and maintain system security requirements throughout product development lifecycle Conduct trade studies, perform functional analysis, and design system security. Preferred Skills and Experiences: NSA approved Cryptography/Encryption Security requirements analysis Real-Time multi-threaded Embedded System architecture and development Model-based Systems Engineering (MBSE) CISSP certification or similar INCOSE ASEP, CSEP, or ESEP certification We value candidates who possess: Drive to expand knowledge and experience in designing complex systems Ability to define project scope, schedule, and expected results Initiative to complete assignments and ability to engage in technical direction and leadership Our Commitment to You: An exciting career path with opportunities for continuous learning and development Research-oriented work with award-winning teams Competitive benefits package #CJ3 Salary Note This estimate represents the typical salary range for this position based on experience and other factors (geographic location, etc.). Actual pay may vary. This job posting will remain open until the position is filled. Combined Salary Range USD $107,529.00 - USD $114,000.00 /Yr. Company Overview General Dynamics Mission Systems (GDMS) engineers a diverse portfolio of high technology solutions, products and services that enable customers to successfully execute missions across all domains of operation. With a global team of 12,000+ top professionals, we partner with the best in industry to expand the bounds of innovation in the defense and scientific arenas. Given the nature of our work and who we are, we value trust, honesty, alignment and transparency. We offer highly competitive benefits and pride ourselves in being a great place to work with a shared sense of purpose. You will also enjoy a flexible work environment where contributions are recognized and rewarded. If who we are and what we do resonates with you, we invite you to join our high-performance team! Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

IGT (NYSE:IGT) is a global leader in gaming. We deliver entertaining and responsible gaming experiences for players across all channels and regulated segments, from Lotteries and Gaming Machines to Sports Betting and Digital. Leveraging a wealth of compelling content, substantial investment in innovation, player insights, operational expertise, and leading-edge technology, our solutions deliver unrivaled gaming experiences that engage players and drive growth. We have a well-established local presence and relationships with governments and regulators in more than 100 countries around the world, and create value by adhering to the highest standards of service, integrity, and responsibility. IGT has approximately 10,500 employees. For more information, please visit ************ Responsibilities We are looking for a Security Analyst - Data with strong expertise in Data Security Posture Management (DSPM), encryption, and data classification. The ideal candidate has experience implementing data security policies, securing structured and unstructured data, and integrating Data Loss Prevention (DLP) solutions across the organization. In this role, you will: * Implement data security controls to protect sensitive and regulated data across cloud platforms. * Deploy and manage Data Security Posture Management (DSPM) tools to monitor and enforce data security policies. * Develop and enforce data classification frameworks, ensuring sensitive data is tagged and protected. * Implement data encryption (in transit, at rest, and in use) and key management best practices. * Configure and manage Data Loss Prevention (DLP) solutions across endpoints, cloud applications, and databases. * Establish data access controls and least privilege policies for structured and unstructured data. * Monitor data security risks and ensure compliance with GDPR, CCPA, HIPAA, and other regulations. * Collaborate with cloud, application, and IAM teams to enforce data security policies at all layers. Qualifications * 3+ years of hands-on data security experience, with expertise in DSPM, data encryption, and DLP. * Strong knowledge of data classification, tagging, and governance frameworks. * Experience with encryption key management and securing data across multi-cloud environments. * Hands-on experience implementing DLP solutions (e.g., Microsoft Purview, Forcepoint, Symantec DLP). * Deep understanding of data access control models (e.g., ABAC, RBAC, PBAC). * Security certifications (e.g., CCSP, CISSP, or data security-related certs) are a plus. #LI-KM1 #LI-HYBRID Keys to Success * Building collaborative relationships * Decision making * Drive results * Foster innovation * Personal energy * Self-leadership IGT is committed to sustaining a workforce that reflects the diversity of the global customers and communities we serve, creating a fair and inclusive culture that enables all our employees to feel valued, respected and engaged. IGT is an equal opportunity employer. We provide equal opportunities without regard to sex, race, color, religion, age, national origin or ancestry, disability, veteran status, sexual orientation, genetic information, gender identity or expression, and any other personal attributes protected by federal, state, or other laws. We thank all applicants for applying; however, only those selected to interview will be contacted. At IGT, we consider a wide range of factors in determining compensation, including background, skills, experience, and work location. These factors can cause your compensation to vary. The estimated starting compensation range is $59,795 - $122,400. The actual pay offered may end up being higher or lower. The Company will comply with all local pay requirements and collective bargaining agreements, where applicable. Base pay is only one part of our Total Rewards program. Sales roles may be eligible for commission payments, while other roles are eligible for discretionary bonuses . In addition, we offer employees a 401(k) Savings Plan with Company contributions, health, dental, and vision insurance, life, accident, and disability insurance, tuition reimbursement, paid time off, wellness programs, and identity theft insurance. Note: programs are subject to eligibility requirements. All IGT employees have a role in information security. Annual training will be assigned and required as appropriate. IGT (NYSE: IGT) is the global leader in gaming. For more information, please visit ************

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! Job Description: Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the vulnerability of the bank's applications to malicious hacking activity. This intermediate technical role is responsible for performing application security assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include performing research, understanding the bank's security policies, working with the appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. Key Responsibilities in order of importance: * Perform assigned analysis of internal and external threats on information systems and predict future threat behavior * Incorporate threat actors' tactics, techniques, and procedures into offensive security testing * Perform assessments of the security, effectiveness, and practicality of multiple technology systems * Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. * Prepare and present detailed technical information for various media including documents, reports, and notifications * Provide clear and practical advice regarding managed risks * Learn and develop advanced technical and leadership skills, Mentor Junior assessors in technical tradecraft and soft skills Required Skills: * Minimum of 4 years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment * Detailed technical knowledge in at least 3 of the following areas: security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services * SQL injection/XSS attack without the use of tools * Experience performing manual code reviews for security relevant issues * Experience working with SAST tools to identify vulnerabilities * Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings * Experience performing manual web application assessments i.e., must be able to simulate a * Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) * Experience with vulnerability assessment tools and penetration testing techniques * Solid programming/debugging skills * Experience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL Map * Threat Analysis * Innovative Thinking * Technology Systems Assessment * Technical Documentation * Advisory Desired: * CISSP, CEH, OSCP, OSWE, GPEN, PenTest+ or similar * Strong programming/scripting skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. Shift: 1st shift (United States of America) Hours Per Week: 40

Experienced in Performing user access reviews and maintain user roles and profiles in SAP systems Experienced in Designing and implement SAP security solutions to protect critical business data and systems is must Provide guidance and support to SAP users on security-related issues (Must have) Develop and maintain SAP security policies and procedures based on industry best practices Experienced in Collaborating with cross-functional teams to develop and implement security controls and techniques Conduct security audits and compliance assessments of SAP systems and applications Perform vulnerability and risk assessments for SAP systems and applications At least 5 to 10yrs years of experience in SAP security consulting Expert knowledge of SAP security architecture. Knowledge of SAP GRC, SAP IDM, and other security-related SAP tools is must Must have experience in security audits, risk assessments, and compliance assessments Excellent communication skills Ability to work independently and Must be a team player Base Salary Range: $110,000 / Annum - $150,000 / Annum #LI-SV2

At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. WHOOP is seeking an Information Security Analyst to join our growing team, reporting to our Information Security Manager. As an Information Security Analyst, you will help protect our members' data and ensure trust in our products by identifying security risks, coordinating remediation efforts, and supporting day-to-day security operations. Success in this role requires continuous learning and adaptation to guard against ever-evolving security threats. This is an excellent opportunity for a recent graduate, an early career cybersecurity professional, or someone with IT experience looking to advance their career in cybersecurity. This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office. RESPONSIBILITIES: Collaborate with Information Technology, GRC, and other teams to reduce risk across the organization. Identify security gaps in systems, applications, and processes. Communicate findings and recommendations to system owners and track remediation efforts. Assist in documenting risks, exceptions, and compensating controls. Ensure proper device inventory tracking and compliance with security policies. Support Okta SSO and SCIM integrations as well as user lifecycle management activities. Investigate phishing attempts and triage security alerts from SIEM, EDR, and other security tools. Participate in incident response efforts, including investigation, remediation, and documentation of security incidents. Contribute to a culture of security awareness and best practices. Stay abreast of emerging security trends, technologies, and regulatory requirements to ensure our security posture remains robust and compliant. Continuously evaluate and improve security tools and processes to address evolving security needs. Participate in an on-call rotation to provide 24/7 support for critical security incidents. QUALIFICATIONS: Bachelor's degree in Computer Science, Information Security, or a related field, or comparable industry certifications such as CompTIA Security+, SSCP, or GSEC. Relevant professional experience in a technology or security-related role, such as IT support or system administration, may be considered in place of formal education. Excellent problem-solving skills and the ability to work effectively under pressure. Ability to manage and prioritize multiple tasks and projects effectively. Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders. Strong documentation skills with a proven ability to track work in ticket systems such as Jira or similar platforms. Interested in the role, but don't meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply. WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 2,000+ employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit *************** Summary: The High Availability Architecture Group within the Systems Engineering directorate is seeking a Distinguished System Security Engineer to guide and facilitate concept development, mission-system analysis, and requirement definition & compliance for critical, yet novel & disruptive cyber resilient technologies. This handpicked candidate must possess a unified System Security, Cybersecurity, and Cryptography expertise that can expand Draper's insight to address national security threats which remain prevalent throughout critical enterprises, infrastructure, systems, and operations. A successful candidate will be equipped to propose modern solutions embedded with security awareness, that adhere to NIST, NSA, and DoD standards, to proactively mitigate unacceptable loss and unrecoverable downtime throughout their lifecycle. The multidisciplinary proficiencies supporting this initiative are System Security Concepts & Design Principles, Resilient Architecture, Anomaly & Contingency Management, and Cryptography & Key Management. : Duties/Responsibilities • Manage and control priorities, scope, schedule, and cost to baselines by proactively monitoring program/task performance across major programs. Demonstrated leadership of complex tasks (multi-disciplinary, high risk, changing requirements, high visibility). develops and executes mitigation strategies for them. • Independently derive system-level requirements based on mission requirements and customer priorities. • Capable of helping customers shape their needs and develop requirements for programs that solve their most challenging technical problems. • Subject Matter Expert (SME) able to develop and implement novel security approaches through a program lifecycle. • Advance State of the Art solutions and techniques in their field. • Able to analyze Draper strategy and work with management to build capability in key areas to help sustain business growth Skills/Abilities • Curiosity-driven approach to solving complex, industry and customer-driven problems as part of a multi-disciplinary team. • Collaborate and communicate effectively and openly with multi-disciplinary program team members. program leadership, and non-technical personnel • Team player able to work in a fast-paced environment. • Ability to balance multiple competing tasks and demands. Education Requires a bachelor's degree in Electrical Engineering, Computer Engineering, Mechanical Engineering, Systems Engineering, Applied Physics, or related field. Master's degree preferred. Experience Requires 10-15 years' of experience working on System Security Engineer or other relevant position. Additional Job Description: Proficiency applying System Theoretic Process Analysis for Security (STPA-Sec) to industry challenge problems Proficiency with Model-based System Engineering toolkits, such as Cameo/MagicDraw, DOORs/DoorsNG, Jama Connect for the purposes of attack surface modeling and rapid impact & gap analysis for validation An astute understanding of the applications of cryptography for complex weapon and space systems, cryptographic key management, Public Key Infrastructure (PKI) and the NSA's Key Management Infrastructure Experience documenting compliance towards parent specifications and standards (i.e.: NIST SP 800.160, NIST Cybersecurity Framework (CSF) 2.0, DoD Cyber Tabletop Guide, NIST SP 800-57, NIST 800.53 & Risk Management Framework (RMF), MITRE Attack Framework, and DoD Instruction 3150.02) Proficiency in requirement derivation, definition, and analysis for System Security, Network Security, and Data Security needs Experience integrating vulnerability remediation, risk mitigation, and incident response within the Systems Engineering process. Experience drafting innovative R&D proposals to commercial government sponsors Applicants selected for this position will be required to obtain and maintain a government security Government security clearance. Connect With Draper for Future Opportunities! If you don't find the right posting in our Career Opportunities, you may submit your resume for future consideration. Job Location - City: Cambridge Job Location - State: Massachusetts Job Location - Postal Code: 02139-3563 Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now *********************** Draper is committed to creating an inclusive environment. We understand the value of inclusivity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, national origin, veteran status, or genetic information. Draper is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact *************.

Insight Global is seeking an experienced Security Applications Engineer role at a large Energy Management company. This resource will be in the field travelling to different sites in the Greater Boston Area. They will be building security and electronic control systems with a focus on everything and anything software focused. This position is responsible for providing high quality security design and programming per specifications, standards, budgets and schedules. This resource will also be participating on a team to design, install and service building security management systems. This employee typically works under daily supervision of a Project Manager and must have strong experience with Genetec. The Salary range is $100,000-$110,000 with bonus based on performance along with a company car. We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to ******************** . To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: *************************************************** . Skills and Requirements 2 + years of relevant hands on experience with installation, configuration, and maintenance of IT systems software and hardware for multi-user server computers and/or personal computing devices. Experience with security software like Genetec, Lebel, AMAG or Bosh Working knowledge of Building Management Systems SQL Experience Working knowledge of IP configurations required to stand up communication networks, ability to configure controllers, cameras, routers, switches, firewalls for secure connectivity during construction. Cybersecurity: Competency of cybersecurity paradigms (security passwords, configuration) and hardware/software (SSL,VPN, firewalls). Great Customer service skills and ability to work in a cross functional environment Ability to drive to various sites when needed - Proficient in SQL. - Genetec certification null We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to ********************.

Site: Mass General Brigham Incorporated At Mass General Brigham, we know it takes a surprising range of talented professionals to advance our mission-from doctors, nurses, business people and tech experts, to dedicated researchers and systems analysts. As a not-for-profit organization, Mass General Brigham is committed to supporting patient care, research, teaching, and service to the community. We place great value on being a diverse, equitable and inclusive organization as we aim to reflect the diversity of the patients we serve. At Mass General Brigham, we believe a diverse set of backgrounds and lived experiences makes us stronger by challenging our assumptions with new perspectives that can drive revolutionary discoveries in medical innovations in research and patient care. Therefore, we invite and welcome applicants from traditionally underrepresented groups in healthcare - people of color, people with disabilities, LGBTQ community, and/or gender expansive, first and second-generation immigrants, veterans, and people from different socioeconomic backgrounds - to apply. Job Summary The Opportunity The Information Security Analyst II will support the cybersecurity program management team with operations, including process improvement, resource management, and performance tracking. The role will focus on building ongoing collaboration and standardization across Digital Information Security (DIS) to help assure that the program matures and improves from year to year. Focused areas of support will include overall program goals tracking against Digital's goals, strategic planning and performance measurement. The Information Security Analyst II independently operates existing processes to operate security controls within their domain. They will identify improvements in these processes, and may be tasked with executing those improvements. The Information Security Analyst II works across multiple teams within MGB Digital, and participates in broader projects to drive improvements in the MGB information security posture. They leverage critical thinking and problem-solving skills in their day to day work, and may mentor more junior team members. Essential Functions Independently operates existing processes and proactively identifies and optimizes improvement in existing processes. May individually drive improvements in these processes. * May mentor junior team members, sharing knowledge and best practices. * Works across multiple teams to drive security improvements for MGB. * Participates in project-level efforts to improve cybersecurity capabilities. * Works independently to stay abreast of changes in domain, suggesting relevant improvements to MGB cybersecurity posture. Qualifications * Associate's Degree Related Field of Study required or Bachelor's Degree Related Field of Study required * MGB can accept experience in lieu of a degree * Relevant experience 2-3 years required Knowledge, Skills and Abilities * Support cybersecurity program operations, including process improvement, resource management, and performance tracking. * Collaborate with DIS teams to align cybersecurity initiatives with organizational goals and objectives. * Establish performance metrics by identifying, collecting, analyzing, and summarizing information obtained from multiple data sources into executive reporting dashboards. * Maintain and organize cybersecurity documentation, ensure repositories are up-to-date, and implement version control. * Support internal and external audit activities. * Support cybersecurity awareness program. * Strong understanding of cybersecurity concepts within their domain. * High proficiency with the tools and solutions supported by the team. * Solid understanding of technology and design principles. * Strong problem-solving skills and analytical thinking to identify solutions to complex problems, and to optimize existing solutions. * An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one's network within an organization. * Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part. * Excellent communication and teamwork skills to share knowledge, present ideas, and lead discussions. Additional Job Details (if applicable) M-F Eastern business hours and onsite weekly at AR Hybrid Flexible required working model for department and business needs can vary at AR and Local MGB sites. Remote working days require stable, secure, compliant, quiet working area. Remote Type Hybrid Work Location 399 Revolution Drive Scheduled Weekly Hours 40 Employee Type Regular Work Shift Day (United States of America) EEO Statement: Mass General Brigham Incorporated is an Equal Opportunity Employer. By embracing diverse skills, perspectives and ideas, we choose to lead. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law. We will ensure that all individuals with a disability are provided a reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Mass General Brigham Competency Framework At Mass General Brigham, our competency framework defines what effective leadership "looks like" by specifying which behaviors are most critical for successful performance at each job level. The framework is comprised of ten competencies (half People-Focused, half Performance-Focused) and are defined by observable and measurable skills and behaviors that contribute to workplace effectiveness and career success. These competencies are used to evaluate performance, make hiring decisions, identify development needs, mobilize employees across our system, and establish a strong talent pipeline.

Corporate Services Security (CPSS) is the Amazon security team aligned with Finance & Global Business Services (FGBS), People eXperience & Technology (PXT), Legal, and Global Communications and Community Impact (GCCI) business units. Our Mission is to protect and safeguard Amazon's corporate services, systems, and data. Through proactive engagement with the development teams, we understand the dynamic business processes that run Amazon, and enable our stakeholders to innovate, build, and scale securely. The Product Security Team within CPSS supports a large number of applications built using AWS Services. Apart from work, we provide opportunities for our engineers to pursue projects they are passionate about while maintaining work life harmony. Key job responsibilities Creating, updating, and maintaining threat models for a wide variety of software projects Manual and Automated Secure Code Review, primarily in Java, Python and Javascript Development of security automation tools Adversarial security analysis using tools to augment manual effort Provide Security training and outreach for internal development teams Provide Security architecture and design guidance to application development teams Independently solve systemic, complex security problems that require novel methods or approaches Influence your team's and partners' process, priorities, and choices by using data to improve security outcomes Provide technical and strategic guidance to senior leaders and stakeholders through effective oral and written communications A day in the life As a Senior Security Engineer, you will collaborate with SW development teams to ensure we keep our customers safe while developing novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service. The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security specialist with one or more areas of deep expertise within application security. They will clearly articulate risks to technical and non-technical audiences alike. Successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions. They will shape the strategy of the Product Security Team and influence systemic security improvements across our service organizations. About the team Diverse Experiences Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying. Why Amazon Security? At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores. Inclusive Team Culture In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices. Training & Career Growth We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional. Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.BASIC QUALIFICATIONS - BS in Computer Science or related field, or equivalent work experience - Minimum of 7 years of experience with at least two of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, penetration testing, cloud security, mobile security, and network security - Intimate knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security - Experience reading and writing in at least one programming language PREFERRED QUALIFICATIONS - Demonstrated ability of judgement in assessing and prioritizing technical risk - Strong application security background with a focus on scalable solutions - Experience building and securing complex AWS architecture - Proven experience identifying and removing bottlenecks for your teammates, both in process and technology - Experience securing Finance applications - Proven experience shaping the strategy of a Product Security Team - Demonstrated experience influencing systemic security improvements across organization Posted: October 21, 2024 (Updated 2 days ago) Posted: December 13, 2024 (Updated 2 days ago) Posted: December 13, 2024 (Updated 2 days ago) Posted: December 13, 2024 (Updated 2 days ago) Posted: October 4, 2024 (Updated 3 days ago) #J-18808-Ljbffr

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! Job Description: Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the security resilience of the bank's applications to malicious hacking activity. This senior technical role is responsible performing and leading ethical hacking assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include leading and performing research, understanding the bank's security policies, working with appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. These individuals are expected to perform application security-oriented dynamic and static assessments across a multitude of technologies including web UI, web APIs, mobile and cloud, including associated source code. Key Responsibilities in order of importance: * Perform assigned analysis of internal and external threats on information systems and predict future threat behavior. * Incorporate threat actors' tactics, techniques, and procedures into offensive security testing to identify high-value vulnerabilities/chained attacks. * Developing Proof-of-concepts for exploitation. * Perform assessments of the security, effectiveness, and practicality of multiple technology systems. * Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. * Prepare and present detailed technical information for various media including documents, reports, and notifications. * Provide clear and practical advice regarding managing risks. * Learn and develop advanced technical and leadership skills, mentor Junior and Intermediate assessors in technical tradecraft and soft skills. * Respond to security incidents and provide technical assistance to leadership across the Information Security organization. Required Skills: * Minimum of 5+ years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment * Detailed technical knowledge in at least 5 of the following areas: * security engineering * application architecture * authentication and security protocols * application session management * applied cryptography * common communication protocols * mobile frameworks * single sign-on technologies * exploit automation platforms * Web APIs * Cloud environments * LLM security * Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings * Experience performing manual web application assessments i.e., must be able to simulate a OWASP Top 10 vulnerabilities without the use of tools * Experience performing manual code reviews for security relevant issues * Experience working with DAST and SAST tools to identify vulnerabilities * Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) * Experience with vulnerability assessment tools and penetration testing techniques. * Solid programming/debugging skills, development frameworks, CVE and CWE research/reproduction * Threat Analysis, threat modelling and SBOM analysis * Innovative thinking, threat actor simulation * Technology Systems Assessment * Technical Documentation * Advisory Desired: * CEH, OSCP/OSCE/OSWE/GXPN/GPEN/GWAPT/GMOB/All Practitioner Certs [Port Swigger BSP Academy]/Cloud Cert(s)/ eWPT; eWPTX; eMAPT [INE Pentester Academy] * Strong programming/scripting skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. Shift: 1st shift (United States of America) Hours Per Week: 40