Reporting to the Chief Information Officer (CIO), the Head of Information Security focuses on cybersecurity (not physical security) and serves as the organization’s top advisor on information protection and compliance matters. Key priorities for the coming year include strengthening security compliance (e.g. SOX, PCI-DSS), enhancing Governance, Risk, and Compliance (GRC) processes, improving intrusion detection and incident response capabilities, and advancing business continuity and disaster recovery readiness. Regulatory Compliance & Risk Management: Lead the enterprise GRC program, ensuring security controls and processes meet all relevant regulatory and industry standards (such as PCI-DSS for payment security and SOX for financial controls). Experience: Extensive professional experience in information security and IT risk management, including demonstrated success in leading cybersecurity teams or programs at the enterprise level.. Technical Expertise: Demonstrated expertise in key security domains and technologies – including risk assessment, incident response, security operations (SIEM/SOC monitoring, intrusion detection systems), identity and access management, and cloud security controls.
The Head of Cyber Risk Management is a senior leadership role responsible for establishing, maintaining, and overseeing the organization's comprehensive Cyber Risk Management framework including core components of Governance, Risk, and Compliance.. Own, maintain, and mature the organization's Cyber Risk Management Framework (CRMF), ensuring alignment with industry standards (e.g., NIST CSF, CRI, FFIEC) and specific regulatory frameworks applicable to our industry.. Integrate the Cyber Risk Management program with the overall Enterprise Risk Management (ERM) framework.. Analyze threat intelligence, vulnerability data, and control effectiveness to provide a clear picture of the cyber risk posture.. In-depth understanding of cybersecurity domains: network security, application security, cloud security, data protection, identity and access management, incident response, vulnerability management, third-party risk.
Network Security Analyst Attractivate Consulting Solutions Location: Remote/Hybrid. Position Overview: We're seeking an experienced Network Security Analyst to join our cybersecurity team.. Conduct vulnerability assessments and penetration testing. Firewall and IDS/IPS management. Cloud security expertise (AWS, Azure)
This Cyber Security Engineer involves tasks like monitoring networks, responding to security incidents, analyzing threats and STIG/Imaging efforts.. Ensure resilience against cyber warfare tactics (e.g., jamming, spoofing, malware injection). Perform penetration testing on avionics and weapon systems.. Proficiency with security tools such as firewalls, intrusion detection/prevention systems (IDS/IPS), and SIEM platforms.. Certifications such as CISSP, CEH, or CISM are highly desirable.
Set up firewalls, intrusion detection/prevention systems (IDS/IPS), and antivirus solutions.. Perform penetration testing to evaluate system defenses.. Conduct regular disaster recovery and business continuity testing.. Professional certifications such as CISSP, CISM, CEH, or CompTIA Security is a plus. Hands-on experience with SIEM tools, firewalls, endpoint protection, and encryption technologies.
Builds, supports and maintains the protection of company data and systems through the use of security solutions, backups, redundancy and disaster recovery solutions.. CompTIA Security+ is required/. CompTIA Network+ and/or CCNP certification preferred.. Advanced experience in analysis and design of voice networks, LAN and WAN data networks, wireless networks, and/or network management systems to support voice and data services.. Excellent technical knowledge of network, security and storage infrastructure including: local area networks, wide area networks, wireless networking, VPN, firewalls, routers, switches, load balancers, WAN optimizers, endpoint security and encryption, proxy servers, digital certificates, data center management and cabling standards.
ManTech seeks a motivated, career and customer-oriented Senior Computer and Information Research Scientist to join our team in DC, Maryland, and Virginia (DMV) area.. Conduct research in computer science areas relevant to NOSC operations, such as network security, intrusion detection, threat intelligence, and security automation.. Experience with network security, intrusion detection/prevention, malware analysis, threat intelligence, security information and event management (SIEM ), or security automation.. Knowledge of specific application domains, such as incident response, digital forensics, or threat hunting.. ManTech International Corporation considers all qualified applicants for employment without regard to disability or veteran status or any other status protected under any federal, state, or local law or regulation.
Oversee compliance efforts, including PCI DSS, GDPR, and other applicable regulations.. Develop and implement third-party risk management processes to assess and mitigate risks from vendors and partners.. Relevant certifications such as CISSP, CISM, CCSP, Azure Security Engineer Associate, or equivalent are highly preferred.. Hands-on experience managing compliance with relevant standards and regulations, such as PCI DSS (especially relevant for QSR/retail), GDPR, SOX, or HIPAA. Experience working within Agile or DevSecOps environments to integrate security into continuous development and operations processes.. Relevant security certifications are highly preferred, including but not limited to: CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CCSP (Certified Cloud Security Professional) Microsoft Certified: Azure Security Engineer Associate CompTIA Security+ or equivalent A personal passion for health, wellness, or fitness is a plus and supports the Smoothie King mission.
Intersecting cybersecurity and blockchain, CertiK’s security offerings include security consulting, security reviews, security auditing of smart contracts and blockchains, verification of smart contracts, penetration testing, and more.. Experienced in threat and vulnerability management, penetration testing, and SecOps (intrusion detection, security logging, malware analysis, and forensics).. Experience in programming languages such as Rust, Golang, Solidity.. Passionate with Cryptocurrency/DeFi/Blockchain is a plus.. One of the fastest-growing and most trusted companies in blockchain security, CertiK is a true market leader.
Oversee IAM strategies, network protection, incident response, and system monitoring.. Manage security incidents and post-event analysis to improve resilience.. Drive role-based access controls and disaster recovery procedures.. Strong knowledge of cloud security (AWS preferred), IAM, and regulatory standards.. Bonus: CEH, CISA, CCSK, SANS/GIAC certifications
Support includes monitoring activities, developing cyber threat analysis, identifying mitigation and / or remediation courses of action, sharing actionable cyber threat intelligence used in organizational IT asset protection, trending strategic cyber threats, and situational awareness.. Analyze unclassified and classified sources of information and cyber threat intelligence on foreign and / or domestic cyber threats, including recommended mitigation and / or remediation actions.. Prioritizing cyber threat actor tactics, techniques, and procedures (TTPs), based on recent and relevant threat intelligence reporting.. Possess a strong cyber security background with experience in host-based and network based forensics related to the identification of advanced cyber threat activities, intrusion detection, incident response, malware analysis, and security content development (e.g., signatures, rules, etc.. Certifications: Certified Ethical Hacker (CEH) preferred
Lead the configuration, maintenance, and monitoring of network security devices (e.g., firewalls, IDS/IPS, NAC systems, proxies). Configure security for cloud & hybrid network security platforms (AWS, Azure, GCP, VMX). Relevant certificates (e.g., CCNA, CCSP, CompTIA Network+ m CompTIA Security+) are highly desirable.. CompTIA Security+ - General cybersecurity & network security fundamentals. Palo Alto Networks Certified Network Security Engineer (PCNSE) - Palo Alto firewall deployment, configuration, & security platform usage
190 Admiral Cochrane Drive, Suite 130. Switch, router, and firewall setup and configuration. Experience with penetration testing and vulnerability assessment and remediation. Microsoft 365 (InTune, Entra/Azure, Exchange, Defender for EndPoint, SharePoint, Office 365). Our innovative 401(k) plan allows you to manage your choice of investments through a Fidelity brokerage account.
Experience with Cloud Identity and Access Management, network security, data security, regulatory compliance frameworks, and creating security architectures.. Experience in understanding attacks and mitigation methods, in two or more of the following: network protocols and secure network design; web application security, security assessments and pen testing, authentication and access control, applied cryptography and security protocols, security monitoring and intrusion detection, Incident response and forensics, development of security tools, automation or frameworks.. About the job As a Security Consultant, you will provide excellent technical guidance to customers adopting Google Cloud Platform (GCP) services.. You will provide prescriptive guidance in ensuring customers receive the best of what GCP can offer and will ensure that customers have the best experience in migrating, building, modernizing, and maintaining applications on GCP. Additionally, you will work closely with Product Management and Product Engineering to drive excellence in Google Cloud products and features.. Provide domain expertise in SecOps Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR), cloud security, compliance, and enterprise security best practices.
Industry-recognized certifications such as CompTIA Security+, Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) are strongly preferred.. In-depth understanding of network protocols such as TCP/IP, UDP, DNS, HTTP/HTTPS, and VPN. Proficiency in managing and configuring firewalls (e.g., Palo Alto, Fortinet, Cisco ASA), intrusion detection/prevention systems (IDS/IPS), and load balancers.. Experience with endpoint protection platforms such as CrowdStrike, Symantec, or Microsoft Defender for Endpoint.. Familiarity with cloud-native security tools like AWS GuardDuty, Azure Security Center, or Google Cloud Security Command Center.. Familiarity with infrastructure-as-code (IaC) tools like Terraform or Ansible is a plus.
Conduct penetration testing to simulate cyberattacks, using tools like Metasploit, Burp Suite, and Nmap to assess network security resilience and exploit weaknesses.. Hands-on experience with firewalls (e.g., Palo Alto, Cisco ASA, Fortinet) and advanced security appliances.. Expertise in performing vulnerability assessments and penetration testing using tools like Nessus, Burp Suite, Metasploit, and Nmap.. Familiarity with cloud security concepts, including securing cloud infrastructures on AWS, Azure, or GCP.. Relevant certifications like CISSP, CEH, CCNP Security, CompTIA Security+, or GIAC are highly preferred.
Collaborate closely with IT infrastructure, application development, DevSecOps, and business teams to embed security principles throughout technology development and deployment phases.. Deep understanding of defense-in-depth strategies, zero-trust models, identity and access management (IAM), threat modeling, key management techniques, vulnerability assessment techniques, and secure coding practices.. Excellent knowledge of WAF, NG Firewalls, intrusion detection/prevention systems (IDS/IPS), network segmentation, VPNs, network access control (NAC), DMZ design, and DDoS mitigation.. Proficient in cloud security models (IaaS, PaaS, SaaS), cloud-native security tools, encryption and key management, privileged access management (PAM), security posture and compliance within cloud environments.. Our People First Culture celebrates diversity, equity, and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success.
The cybersecurity threat intelligence analyst is an advanced and highly trusted role supporting the credit union’s information security program. Applicable knowledge of adversary tactics, techniques and procedures (TTPs), MITRE ATT&ACK framework, CVSS, open source intelligence (OSINT) and deception techniques. Proficient in SIEM, intrusion detection and prevention systems (IDS/IPS), threat intelligence platforms and security orchestration, automation and response (SOAR) solutions to centralize and manage incident and remediation workflow. penetration test, threat testing, monitoring, threat intelligence, Purple Team. - CISSP, GCTI, GCFE,GCIH, GREM, OSCP preferred, but not required.
Oversee Security Operations Center (SOC), incident response, vulnerability management, threat intelligence, and endpoint protection.. Drive the maturity of identity and access management (IAM), data loss prevention (DLP), zero trust architecture, and secure DevOps initiatives.. Strong technical foundation in network security, cloud security (GCP, AWS, Azure, OCI), security engineering, and incident response.. Relevant certifications (CISSP, CISM, CISA, CCSP, etc.. Mattel offers competitive total pay programs, comprehensive benefits, and resources to help empower a culture where every employee can reach their full potential.
Centurion Consulting Group is currently seeking a Network Security Engineer in Annapolis, MD. This is a hybrid role with a combination of onsite and remote work each week.. Palo Alto Networks Certified Network Security Engineer (PCNSE). Prisma Certified Cloud Security Engineer (PCCSE) – Palo Alto Networks. Palo Alto Networks NGFW services, Intrusion Detection/Prevention, VPNs, Content Filtering, TLS/SSL Inspection, Data Loss Prevention.. Vulnerability management: Nessus, NMAP, Linux/Windows/Unix OS.