Key responsibilities include: Implementing, designing, and managing security architecture for Azure Government and Commercial deployments. Configuring and optimising Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Defender for Endpoint, and related services for threat detection, vulnerability management, and automated response. Designing and enforcing identity & access management using Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policies, RBAC, and just-in-time access. Securing network architectures with Azure Firewall, Network Security Groups (NSGs), DDoS Protection, Web Application Firewall (WAF), Network Watcher, and private endpoints. Protecting data at rest and in transit via Azure Key Vault, encryption strategies, data classification, and information protection controls. Developing and maintaining security policies, initiatives, and blueprints using Azure Policy and Microsoft Purview for compliance (NIST, FedRAMP, CMMC, STIGs, etc.). Performing threat hunting, incident response, and forensics using Sentinel playbooks, Log Analytics, and KQL queries. Conducting security reviews of Infrastructure as Code (IaC), containers, Kubernetes (AKS), and serverless workloads. Collaborating with developers and architects to implement DevSecOps practices, including secure CI/CD pipelines, code scanning, and secure defaults. Monitoring and remediating security findings, reducing attack surface, and improving overall security posture per the Microsoft Cloud Security Benchmark (MCSB). Deploying configurations and compliance policies to Azure AVD endpoints using Intune and other Azure native services.

Basic qualifications include: Active U.S. security clearance (e.g., Secret, Top Secret) or eligibility to obtain one. 3+ years of experience in cloud security, cybersecurity engineering, or related roles (with strong Azure focus). Deep hands-on expertise with core Azure security services: Microsoft Defender suite, Sentinel, Intune, Entra ID, Key Vault, Azure Policy, Firewall, Network Watcher, and Purview. Strong understanding of DLP implementation both in cloud and on endpoints utilising Purview and other Microsoft native controls. Experience implementing security in hybrid/multi-cloud environments. Proficiency in scripting/automation (PowerShell, Azure CLI, Bicep/ARM templates, Terraform). Strong understanding of identity federation, zero-trust principles, encryption, network security, and vulnerability management. Familiarity with compliance frameworks (NIST, FedRAMP, CMMC, STIGs, etc.) and regulatory requirements. Excellent problem-solving, analytical, and communication skills. Strong verbal and written communication skills and the ability to stay composed under pressure.

Preferred skills and experience include: Microsoft Certified: Azure Security Engineer Associate (AZ-500), Microsoft Cybersecurity Architect (SC-100). Additional relevant certifications (e.g., CISSP, CCSP, Microsoft Certified: Azure Administrator, AWS Security Specialty, SANS GCPS, SANS GCAD). Deep experience with detection and response engineering and SOC operations. Knowledge of container security (Docker, AKS), secure DevOps, or AI/ML workload protection. Prior experience in government regulations frameworks such as FedRAMP and CMMC.

XML job scraping automation by YubHub

This executive leadership role is responsible for the design, implementation, and governance of a secure, resilient, and high-performing infrastructure that includes enterprise networking, global security services, identity and access management, telephony and unified communications, and contact center platforms.

Spanning on-premise data centers, multi-cloud environments, and global corporate offices, you will establish comprehensive security frameworks, policies, and standards required to protect our corporate assets and data.

The ideal candidate is a transformational leader who can protect the enterprise from evolving cyber threats while delivering a robust technology foundation that enables business innovation and agility.

Key Responsibilities

Strategic & Architectural Leadership:

• Develop and own the enterprise architecture vision, strategy, and multi-year roadmap for the network and security portfolio, ensuring tight alignment with business goals and digital transformation initiatives.

• Lead the creation, governance, and promotion of architectural standards, patterns, and best practices for all covered services, including Zero Trust (ZTNA) and Secure Access Service Edge (SASE) frameworks.

• Drive modernization initiatives across the portfolio, guiding the transition from traditional architectures to modern, automated, and cloud-native solutions to enhance security and eliminate legacy technical debt.

• Champion a culture of innovation by evaluating emerging technologies and providing architectural direction for their adoption to solve complex business problems.

• Serve as the primary architectural authority for the enterprise across network, telephony, and security domains, providing expert guidance to executive leadership, business stakeholders, and technology teams.

Domain-Specific Architectural Oversight: Lead and mentor a team of architects, ensuring architectural integrity and strategic alignment across the following key domains:

• Global Network Architecture: Oversee the architecture for all network infrastructure, including SD-WAN, LAN/WAN, Wi-Fi, DNS/DHCP/IPAM, and data center networking.

• Global Security Architecture: Define the strategy for enterprise-wide security services, including next-generation firewalls (NGFW), IDS/IPS, WAF, CASB, and data loss prevention (DLP).

• Identity & Access Management (IAM): Lead the architectural vision for all IAM services, including authentication, authorization, single sign-on (SSO), multi-factor authentication (MFA), and privileged access management (PAM).

• Platform Security: Drive the security architecture for underlying infrastructure platforms, including operating systems, virtualization, and container platforms (Kubernetes).

• Telephony & Contact Center: Direct the architectural strategy for unified communications (UCaaS/VoIP) and contact center (CCaaS) platforms, ensuring they are secure, resilient, and integrated with enterprise systems.

Executive Leadership & Stakeholder Engagement:

• Lead, mentor, and cultivate a high-performing team of principal and senior architects, fostering a collaborative environment of technical excellence and strong business acumen.

• Build and maintain strong, trust-based relationships with C-level executives, business unit leaders, and engineering teams to ensure architectural solutions meet enterprise-wide objectives.

• Act as a key influencer and communicator, articulating complex architectural concepts and their business value to diverse audiences, from technical experts to non-technical executives.

• Partner closely with the CISO organization and IT operations to ensure that architectural designs are effectively implemented, monitored, and compliant with regulatory requirements.

Requirements

• Education: Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field required. Master’s degree preferred.

• Experience: Minimum of 15 years of experience in information technology, with at least 10 years in an architecture role spanning network, security, or infrastructure. Minimum of 5 years in a formal leadership capacity, with proven experience managing, mentoring, and developing senior architects and technical staff.

• Technical Skills:

• Security Architecture: Deep expertise in security frameworks and technologies, including Zero Trust, SASE, NGFW, IDS/IPS, SIEM, WAF, CASB, DLP, and endpoint security.

• Identity & Access Management: Expert knowledge of IAM principles and protocols (SAML, OAuth, OIDC), and experience with IGA, MFA, and PAM solutions.

• Network Architecture: Expert knowledge of modern networking principles and technologies, including SD-WAN, BGP, MPLS, VPN, DNS, DHCP, and data center networking.

• Cloud Security: Expert knowledge of cloud networking and security architecture in AWS, Azure, and/or GCP (e.g., VPCs/VNETs, Security Groups, IAM, Cloud WAFs).

• Communications Technology: Strong understanding of Unified Communications (UCaaS) and Contact Center (CCaaS) technologies (e.g., Genesys, NICE, Five9) and underlying protocols (VoIP, SIP).

• Platform Security: Familiarity with securing operating systems, virtualization, and container orchestration platforms like Kubernetes.

• Frameworks & Compliance: Strong understanding of industry standards and frameworks such as NIST, ISO 27001, CIS, and SOC2.

• Automation: Solid understanding of Infrastructure as Code (IaC) principles and tools (e.g., Terraform, Ansible) and their role in a DevSecOps model.

Soft Skills & Leadership Qualities:

• Executive Presence: Confident and articulate communicator with the ability to present to and influence senior executives and board-level stakeholders.

• Strategic Vision: Ability to think long-term and create a compelling, business-aligned vision for the future state of the technology landscape.

• Collaborative Leadership: Proven ability to lead through influence, build consensus across diverse teams, and foster strong cross-functional partnerships.

• Business Acumen: Strong ability to understand business drivers and translate them into technical requirements and architectural solutions that deliver tangible value.

Preferred Qualifications

• Professional certifications such as CISSP, CISM, CCIE, TOGAF (at least one required).

• Expert-level cloud architecture or security certifications (e.g., AWS Certified Security - Specialty, Azure Security Engineer Expert) highly preferred.

• Experience managing departmental budgets and participating in financial planning.

• Experience leading a group of at least 5 enterprise architects.

Benefits

This position comes with competitive compensation and benefits package:

1. Competitive salary and performance-based bonuses

1. Comprehensive benefits package

1. Career development and training opportunities

1. Flexible work arrangements (remote and/or office-based)

1. Dynamic and inclusive work culture within a globally renowned group

1. Private Health Insurance

1. Pension Plan

1. Paid Time Off

1. Training & Development

XML job scraping automation by YubHub

You are a passionate and skilled engineer with a strong foundation in embedded systems and low-level programming. You thrive in environments where innovation and security intersect, and you bring hands-on experience in hardware design and cybersecurity. Whether analyzing vulnerabilities or designing robust solutions, your technical acumen is matched by your commitment to excellence and integrity.

You are naturally curious, eager to stay ahead of emerging threats and technologies, and enjoy contributing to a forward-thinking team. You value diversity, inclusivity, and continuous learning, adapting quickly to new methodologies and tools. Your attention to detail and analytical mindset empower you to identify and resolve complex security challenges. You are proactive, collaborative, and driven to foster a culture of innovation, making a meaningful impact on both product and process.

Responsibilities:

• Analyze reported vulnerabilities in software and hardware products, ensuring timely and thorough investigation.
• Serve as a key member of the IP Security Incident Response Team, responding to and mitigating security incidents.
• Conduct research into new classes of vulnerabilities, attacks, and security threats to maintain a proactive security posture.
• Review and assess vulnerabilities within products, recommending actionable improvements and fixes.
• Develop and contribute to automation ideas and tools to enhance vulnerability analysis and incident response workflows.
• Collaborate with cross-functional teams to implement security best practices and drive improvements across products.

Impact:

• Elevate the security and reliability of Synopsys' IP products, protecting end-users and businesses worldwide.
• Strengthen the safety and integrity of global technological infrastructures through robust security measures.
• Advance innovative security methodologies and tools that push the boundaries of industry standards.
• Safeguard products against emerging threats and vulnerabilities, ensuring resilience and trust.
• Promote a culture of security awareness and proactive risk management within the organization.
• Collaborate with a diverse team of experts to drive continuous improvement and set new benchmarks in security excellence.

Requirements:

• Bachelor’s degree and a minimum of 5 years of related experience, or Master's degree accompanied by at least 3 years of relevant experience in Engineering, Computer Science, or a related field.
• Solid hands-on experience in low-level software, embedded systems, or hardware security.
• Proficiency in English, both spoken and written, for effective cross-team communication.
• Familiarity with semiconductor IP products is a distinct advantage.
• Relevant security-specific training and certifications (e.g., CISSP, CEH, OSCP) are highly valued.

Team:

Our team is at the forefront of ensuring the security and reliability of Synopsys' IP products. We collaborate across different regions, bringing together a diverse group of experts to drive innovation and excellence. By joining us, you will work with state-of-the-art technologies and contribute to the development and protection of products used globally.

Rewards and Benefits:

We offer a comprehensive range of health, wellness, and financial benefits to cater to your needs. Our total rewards include both monetary and non-monetary offerings. Your recruiter will provide more details about the salary range and benefits during the hiring process.

XML job scraping automation by YubHub

Key responsibilities include:

• Establishing, recruiting, and leading a high-performing team of IT risk professionals
• Partnering with First Line of Defense (1LOD) IT teams to identify key IT risks and pinpoint critical controls
• Leading comprehensive IT risk assessments using established methodologies
• Developing and implementing a robust methodology for 2LOD IT control testing
• Analyzing results, identifying control deficiencies, and providing clear feedback to 1LOD teams
• Ensuring IT controls are thoroughly documented and accurately reflect operational practices

As a seasoned leader, you'll have a strong background in risk management or audit, combined with IT knowledge. You'll be able to translate technical details into business risks and communicate effectively with stakeholders.

If you're passionate about IT risk management and leadership, we encourage you to apply!

XML job scraping automation by YubHub

Enterprise Technology plays a critical part in shaping the future of mobility. If you're looking for the chance to leverage advanced technology to redefine the transportation landscape, enhance the customer experience and improve people's lives, this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to help create vehicles that are as smart as you are.

This role is responsible for designing, implementing, automating, and maintaining security platforms that support enterprise cybersecurity operations. The role focuses on integrating security agents/tools, improving detection capabilities, ensuring platform reliability, and enabling security teams through scalable infrastructure and automation.

Responsibilities

• Design, implement, maintain, and improve security platforms and tools that protect the organization's IT infrastructure.
• Optimize security technologies to detect, prevent, and respond to security threats in real time.
• Collaborate with engineering, IT, and security operations teams to deploy and support enterprise cybersecurity platforms and solutions.
• Secure in-house and public AI and ML/DL systems against cyber threats, adversarial attacks, and data breaches across the solution lifecycle.
• Design and implement robust security platforms supporting enterprise security needs (e.g., unified telemetry pipeline like BindPlane, SIEM like QRadar, SecOps, and AI security).
• Define and maintain guidelines and controls to secure AI systems, including data protection, model security, and compliance requirements.
• Apply established frameworks as references/baselines (e.g., Google Secure AI Framework (SAIF), NIST AI Risk Management Framework, Framework for AI Cybersecurity Practices (FAICP)).
• Identify, assess, and mitigate AI-specific security risks (adversarial attacks, data poisoning, model inversion, unauthorized access).
• Conduct vulnerability assessments and penetration testing on AI models and data pipelines.
• Ensure AI data is encrypted, anonymized, and securely stored.
• Implement access controls for sensitive AI data and models (RBAC, ABAC, Zero Trust).
• Protect AI models from tampering, theft, and adversarial manipulation during training and deployment.
• Monitor and log AI system activity for anomalies and security incidents.
• Develop and enforce policies to align AI systems with industry regulations, ethical standards, and organizational governance requirements.
• Develop automated workflows and scripts to enhance security platform functionality and scalability, improving operational efficiency.
• Manage timely patching and upgrades to security tools and systems to reduce downtime and minimize vulnerabilities.
• Configure alerting systems for security threats and enable real-time monitoring for observability.
• Partner with incident response teams to identify, contain, and mitigate security incidents.
• Support root cause analysis to improve security posture and prevent repeat breaches.
• Optimize security tools and platforms for performance and effectiveness while meeting compliance and organizational requirements.
• Maintain documentation for platform configurations, AI services and capabilities, troubleshooting guides, and operational procedures.

Qualifications

• Bachelor's degree in Computer Science, Information Security, or related field OR a combination of education and experience
• 5+ years of experience in security engineering, platform engineering, and AI/ML, including experience in large, complex environments
• Experience in managing security platforms and tools in enterprise environments
• Experience in telemetry pipeline platforms (e.g., BindPlane), SIEM (e.g., Splunk, QRadar), and vulnerability management tools
• Experience in scripting and automation (Python, PowerShell, and/or Bash)
• Experience in infrastructure as Code (Terraform, Ansible)
• Experience in cloud security tools and platforms (GCP, AWS, Azure)
• Experience in container security (Docker, Kubernetes)
• Experience in networking protocols, firewalls, and network security best practices
• Experience in AI/ML concepts, architectures, and AI security challenges
• Experience in AI threat areas (adversarial attacks, data poisoning, model inversion, unauthorized access)
• Experience in vulnerability assessment and penetration testing on AI models and data pipelines
• Experience in data protection techniques (encryption, anonymization, secure storage) and secure access management (RBAC, ABAC, Zero Trust)
• Experience in incident response, monitoring tools, and threat intelligence platforms
• Experience in security frameworks and compliance references (SAIF, NIST, FAICP)
• Experience in ITSM processes and tools (ServiceNow) and delivery practices/tools (Agile, JIRA)
• Master's degree in Computer Science, Information Security, or related field
• Understanding of cloud AI/ML services and deployment pipelines
• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Professional)
• Preferred certifications such as CAISF, AICERTs, AI for Cybersecurity Specialization, or equivalent
• GCP cloud certification or equivalent in AWS or Azure (preferred)
• Additional cybersecurity certificates (preferred)
• Excellent communication and documentation skills for policy development and stakeholder engagement

XML job scraping automation by YubHub

Millennium SOC is looking for an experienced Threat Detection Engineer to drive our best-in-class posture.

This is a highly technical role, and successful candidates will have demonstrable knowledge and experience across a range of business and security technologies within a fast-paced organisation.

Principal Responsibilities

• Identify modern evolving threats and develop new detection and response approaches
• Create and operate high-fidelity detections mechanisms that drive efficient, effective and repeatable response
• Own, operate and automate detection and response workflows, that enable the team to focus on strategic objectives
• Lead Information Security response activities for the firm
• Work across business and technology teams to deliver positive outcomes across the firm
• Explain complex technology and information security related concepts to a wide range of stakeholders
• Enforce security policies and procedures by administering and monitoring appropriate systems, events and answering stakeholder queries
• Monitor new and emerging security and privacy related technologies, trends, issues, and solutions and assess their applicability to Millennium key business initiatives and business strategies
• Ensure Millennium Information Security capabilities remain fit for purpose and evolve to meet the changing threat landscape

Qualifications/Skills Required

• Bachelor or master’s degree in computer science or cyber security with strong IT background or equivalent demonstrable experience
• 3 years’ experience working in a security engineering role, financial industry experience preferred
• Experience in creating detections in modern query languages (KQL, SQL, SPL)
• Possesses security certifications (Security+, OSCP, CISSP, CEH, GCIA, GCIH)
• Experience with modern security tooling across security domains; network, endpoint, data, identity and cloud
• Experience in standard enterprise technology stack, Active Directory, Entra, Group Policy, Intune, DNS, TCP/IP, PKI, Microsoft 365, Windows, Linux, MacOS, etc.
• Ability to handle sensitive and/or confidential materials with appropriate discretion
• Required scripting, development and automation skills using PowerShell or Python and proficient development tools
• Experience in OSINT, Threat hunting and analysing malicious emails
• Able to prioritise in a fast moving, high pressure, constantly changing environment

XML job scraping automation by YubHub

As a Sr. Cyber Security GRC Specialist, you will partner with Cyber Security, IT, compliance, and business stakeholders to help measure adherence to Bayer policies and procedures aligned to industry standards; assess the effectiveness of security and compliance processes; track key IT security deliverables; and contribute to audit readiness.

Your tasks and responsibilities will include:

• Supporting Cyber Security risk management activities to identify, assess, and help mitigate risks, including contributing to the operation and continuous improvement of the Cyber Security framework;
• Developing and maintaining key performance indicators (KPIs), dashboards, and metrics to measure the effectiveness of initiatives;
• Collaborating with cross-functional teams to help integrate Cyber Security assurance principles into business processes and systems;
• Providing guidance and day-to-day support across the organisation on Cyber Security assurance topics, following established standards and practices;
• Monitoring regulatory changes and industry trends and summarising impacts to policies, controls, and risk posture;
• Coordinating evidence collection and responding to auditor inquiries in partnership with control owners and subject matter experts;
• Contributing to strategic initiatives by supporting planning, tracking milestones, and producing high-quality deliverables;
• Supporting continuous improvement of the data classification framework that categorises data based on sensitivity and risk;
• Partnering with stakeholders at all levels of the organisation to help ensure appropriate classification of data assets across the organisation;
• Assisting with periodic reviews and updates to classification policies to align with regulatory changes and business needs;
• Supporting identification and management of the organisation's critical data assets ('crown jewels');
• Helping implement and maintain security requirements and protection measures for high-value data assets in partnership with relevant teams;
• Participating in assessments and control reviews related to crown jewel data to support compliance with security standards;
• Supporting data discovery and inventory activities to improve visibility of data assets across the organisation;
• Utilising data discovery tools and techniques to help identify sensitive data and its locations;
• Maintaining an up-to-date inventory of data assets, including classification and documented protection measures;
• Working closely with IT, compliance, and legal teams to help ensure alignment on data protection requirements and implementation plans;
• Serving as a point of contact for data security inquiries by triaging requests and connecting teams with the right standards, processes, and subject matter experts;
• Promoting strong collaboration and alignment with broader GRC capabilities and ways of working.

The primary location for this role will be Creve Coeur, MO (St. Louis, MO metro area).

If you're interested in this opportunity, please submit your application.

XML job scraping automation by YubHub

You will design and ship high-precision detections across cloud services and enterprise SaaS, develop automation that shortens response timelines, and mature the telemetry pipelines that make it all possible. Your ability to write production-quality code is just as important as your ability to triage an alert.

Responsibilities:

• Engineer, test, and deploy detection logic across cloud and enterprise environments, treating detections as software with version control, peer review, and measurable performance.

• Build and maintain incident response automation, runbooks, and tooling that reduce containment timelines without sacrificing developer velocity.

• Mature telemetry pipelines through improved schema design, normalization, enrichment, and quality checks that reduce false positives and increase signal fidelity.

• Perform digital incident investigations to identify and contain potential security breaches.

• Conduct digital forensics and malware analysis to understand attack vectors and adversary methodologies.

• Integrate alerting with messaging and ticketing systems to enable fast, traceable response workflows.

• Partner cross-functionally with IT, security, and engineering teams to harden identity and access patterns, close logging and forensics gaps, and implement maintainable guardrails that scale with the organisation.

• Utilize threat intelligence platforms to improve hunting, detection, and response workflows.

• Clearly explain the significance and impact of incidents, providing actionable recommendations to both technical and non-technical stakeholders.

Ideal Candidate:

• 5+ years of experience in Detection Engineering, Incident Response, or Security Operations, with a strong emphasis on building and shipping security tooling and automation.

• Proficiency in at least one programming language (e.g., Python, Go) and comfort writing production-grade code , not just scripts.

• Hands-on experience designing or improving detection pipelines, SIEM content, and alerting workflows in cloud-native environments.

• Practical experience with SIEM, EDR, and SOAR tools, with a preference for candidates who have built integrations or extended these platforms programmatically.

• Strong understanding of modern cyber threats, common attack techniques, and adversary TTPs.

• Familiarity with digital forensics tools and malware analysis techniques.

• Experience with cloud-native environments (e.g., AWS, GCP, Azure) and the security telemetry those environments generate.

• Exposure to threat intelligence platforms and integrating intel into detection and investigation workflows.

• Strong communication skills, with the ability to translate complex security findings into clear business impact.

• Relevant security certifications (e.g., GCIH, GCFA, GCIA, CISSP, GDSA) are a plus.

Compensation packages at Scale for eligible roles include base salary, equity, and benefits. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position, determined by work location and additional factors, including job-related skills, experience, interview performance, and relevant education or training. Scale employees in eligible roles are also granted equity based compensation, subject to Board of Director approval. Your recruiter can share more about the specific salary range for your preferred location during the hiring process, and confirm whether the hired role will be eligible for equity grant. You’ll also receive benefits including, but not limited to: Comprehensive health, dental and vision coverage, retirement benefits, a learning and development stipend, and generous PTO. Additionally, this role may be eligible for additional benefits such as a commuter stipend.

XML job scraping automation by YubHub

At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world's largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies.

We protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks.

Key Responsibilities

Public Sector & Compliance Governance

• Serve as the Subject Matter Expert (SME) on NIST 800-53 control families and FedRAMP requirements.
• Manage Cloudflare's continuous monitoring program, inclusive of annual assessments and significant change requests.
• Collect, validate, and organize FedRAMP evidence and artifacts to present to auditors, FedRAMP customers, and the FedRAMP PMO.
• Help guide our overall security policy and governance architecture to ensure alignment with evolving government regulations.

Audit Lifecycle Management

• Orchestrate end-to-end audit activities for standards such as PCI, SOC2, ISO, NIST, and FedRAMP.
• Coordinate with auditors to manage data center access, compliance certificate collection, and evidence defense.
• Work cross-functionally with Engineering, Legal, Product, and Operational teams to maintain management and technical controls.
• Support compliance and regulatory projects, including implementation of new legislation / regulation.

Identity & Access Management (IAM) Operations

• Execute monthly Periodic Access Reviews (PARs): Compare portal user lists against ACLs to ensure least-privilege access is maintained across all data centers.
• Manage the lifecycle of portal access: Auditing access, provisioning/deprovisioning users, and maintaining accurate documentation.
• Oversee physical access requests to data centers and ensure strict adherence to security policies.
• Drive the resolution of daily DCSC Jira tickets for portal access, physical access, audits, and site decommissioning.
• Automate and streamline access review processes where possible, utilizing standard communication templates to site managers.

Partner Relations & Reporting

• Own, influence, and orchestrate relationships within the partner Offering teams that can help drive Cloudflare offerings and strategic positioning.
• Monitor and implement changes to individual accountability regime requirements (such as UK, Ireland, Singapore and Australia).
• Maintain centralized documentation, databases, dashboards, and reporting mechanisms to track compliance health.

Requirements

• 3-6 years working in Security Compliance, Information Security, or Risk Management.
• Deep familiarity with all NIST 800-53 control families and FedRAMP requirements.
• Ability to work closely with auditors and articulate technical concepts.
• Experience in auditing of network, operating system, and application security.
• Proven experience managing an audit throughout the full audit lifecycle (from readiness to final report).
• Familiarity with additional security standards and frameworks such as ISO 27000, SOC 2, PCI DSS, ISMAP and IRAP.
• Ability to work cross-functionally with internal stakeholders and strong communications skills.
• High tolerance for ambiguity and ability to work efficiently and independently in a fast-paced, high-volume environment.
• Some travel may be required to engage with regulators and auditors.
• Certifications: CISSP, CIPP, CIPM, CIPT, CISA, or CRISC.
• A relevant professional experience working with technology partners, alliances, or third-party vendors, ideally in the following disciplines: Data center Security Compliance, Access Management, audit administration at a leading high-tech company; offering management.
• Technical skills including the ability to understand (1) product roadmaps; (2) market trends and factors; and (3) complex partner requirements.
• Strong technical proficiency with spreadsheet software (Excel/Google Sheets) including pivot tables and VLOOKUPs for data reconciliation.
• Organized & Disciplined, with a strong focus on driving outcomes.

Preferred

• Prior experience with Data Centre Security Compliance disciplines and audit programs and past history working at a hyperscaler or high-growth tech company.
• Superb organizational skills and demonstrated history managing complex processes including audit cycles, Facts gathering and analytical skills.

XML job scraping automation by YubHub

At Coinbase, our mission is to increase economic freedom in the world.

We’re seeking a very specific candidate who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system.

As an Internal Audit IT Manager, you will own end-to-end delivery of complex IT and security audits across our cloud infrastructure, security operations, and crypto-native systems.

Key responsibilities include:

• Owning end-to-end delivery of IT and security audits, from risk assessment and scoping through planning, fieldwork, testing, reporting, and issue validation,covering cloud infrastructure (AWS, GCP), security operations, identity and access management, data protection, IT asset management, vendor/third-party risk, and key in-scope products and services including blockchain infrastructure, centralized and self-hosted wallets, and cold storage.

• Driving AI-enabled audit execution, designing and implementing data analytics, automation, and Generative AI solutions to modernize how we audit (e.g., continuous monitoring, anomaly detection, automated evidence retrieval, AI-assisted workpaper drafting),while maintaining rigorous human-in-the-loop validation to ensure accuracy and audit-quality conclusions.

• Executing audits aligned with the multi-year IT and security audit roadmap, coordinating coverage with co-sourced partners and cross-functional risk initiatives while ensuring alignment with Coinbase's enterprise risk profile, technology strategy, and regulatory expectations across regions (US, EMEA, APAC).

• Driving high-quality, risk-based findings and executive-level reporting, distilling key themes, emerging risks, and root causes into clear, concise materials for senior management and the Chief Audit Executive,ensuring findings are appropriately documented and supported by evidence.

• Partnering with technology and security leadership across Engineering, Security, Infrastructure, Product, and Operations to build trusted relationships, challenge control design, and advise on pragmatic, risk-based, scalable remediation while maintaining third-line independence.

• Driving disciplined issue management, ensuring timely, risk-based remediation by management, high-quality root cause analysis, and validation of remediation activities,escalating delays or thematic concerns to senior leadership as needed.

• Evaluating and developing talent, assessing candidates and helping build a high-performing, technically credible audit team.

Requirements include:

• 7+ years of experience in IT/security internal audit, technology risk, or first-line security/engineering roles with significant controls exposure.

• Experience working in a fast-paced, cloud-native, or engineering-driven environment where technology and security practices evolve rapidly.

• Hands-on audit experience with cloud platforms (AWS, GCP), including IAM policies, security configurations, logging/monitoring, and CI/CD pipelines.

• AI-forward mindset with demonstrated experience applying Python, SQL, or AI tools to audit or security work, building workflows rather than just prompting.

• Relevant professional certifications (e.g., CISA, CISSP, CIA, CISM) required; CPA or CFE a plus.

• Working knowledge of key frameworks such as NIST CSF, COBIT, SOC 2, and ITIL.

• High EQ and collaborative style.

• Proven ability to translate complex technical findings into clear, executive-ready narratives for both technical and non-technical audiences.

• Ability to manage multiple audits and initiatives across time zones (EMEA, APAC) with minimal oversight.

• Demonstrated leadership and team-development experience, including mentoring, coaching, and managing direct reports.

• Demonstrates the ability to responsibly use generative AI tools and copilots (e.g., LibreChat, Gemini, Glean) in daily workflows, continuously learn as tools evolve, and apply human-in-the-loop practices to deliver business-ready outputs and drive measurable improvements in efficiency, cost, and quality.

Nice to have:

• Experience auditing or building blockchain infrastructure, crypto custody, or wallet systems (hot/cold storage).

• Background in a high-growth or rapidly scaling environment with complex, evolving technology stacks.

• Experience with GRC platforms (Workiva, Archer, AuditBoard) or building custom audit automation tooling.

• Familiarity with DORA, MiCA, or crypto-specific regulatory frameworks.

XML job scraping automation by YubHub

We are looking for a Senior Product Manager, IT SOX Compliance to join our team. This is not a traditional audit-support role. As the Product Manager, IT SOX Compliance, you will translate SOX compliance requirements into structured programs, drive accountability across IT process owners, and build the systems and workflows that make compliance scalable.

Key responsibilities include:

• Owning the end-to-end IT SOX compliance program within the CIO organisation, maintaining the IT control inventory spanning ITGCs, IT-dependent controls, and automated application controls
• Owning the control design and documentation, including narratives and risk and control matrices (RCMs), ensuring controls are clearly defined and audit-ready
• Partnering with IT, Accounting (where needed), and the SOX team to ensure new systems and modules are implemented with appropriate SDLC controls in place prior to go-live; reviewing control designs to identify and mitigate SOX risks
• On an ongoing basis, partnering with IT process owners and control operators to ensure controls are executed in a timely manner
• Reviewing control evidence for quality and completeness before submission to auditors
• Managing the full deficiency lifecycle , from root cause analysis through remediation planning, retesting, and escalation , reporting control health to IT leadership and the SOX team
• Leading root cause analysis for control failures and incidents, tracking and resolving systemic gaps, and implementing and validating remediation plans to prevent recurrence

You will work closely with the SOX team and IT process owners to ensure controls are designed, reviewed, and evidenced effectively.

The ideal candidate will have 8+ years of experience in IT audit, IT risk, IT compliance, or a related field, with hands-on IT SOX experience in either a practitioner or oversight capacity. You will have deep familiarity with IT General Controls (ITGCs) , access management, change management, SDLC, and computer operations , and how they map to financial reporting risk.

In addition to a competitive salary declaration, we offer a variety of benefits to support your needs, including medical, dental, and vision insurance, company-paid life insurance, voluntary supplemental life insurance, short and long-term disability insurance, flexible spending account, health savings account, tuition reimbursement, ability to participate in employee stock purchase program (ESPP), mental wellness benefits through Spring Health, family-forming support provided by Carrot, paid parental leave, flexible, full-service childcare support with Kinside, 401(k) with a generous employer match, flexible PTO, catered lunch each day in our office and data center locations, a casual work environment, and a work culture focused on innovative disruption.

Why CoreWeave?

At CoreWeave, we work hard, have fun, and move fast! We're in an exciting stage of hyper-growth that you will not want to miss out on. We're not afraid of a little chaos, and we're constantly learning. Our team cares deeply about how we build our product and how we work together, which is represented through our core values: Be Curious at Your Core, Act Like an Owner, Empower Employees, Deliver Best-in-Class Client Experiences, Achieve More Together.

We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and enables the development of innovative solutions to complex problems. As we get set for takeoff, the organisation's growth opportunities are constantly expanding. You will be surrounded by some of the best talent in the industry, who will want to learn from you, too.

XML job scraping automation by YubHub

Okta secures AI by building the trusted, neutral infrastructure that enables organisations to safely embrace this new era. This work requires a relentless drive to solve complex challenges with real-world stakes.

We are looking for builders and owners who operate with speed and urgency and execute with excellence. This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.

As a Senior Technical Account Manager, you will focus exclusively on Workforce Identity, serving as a trusted technical advisor and advocate for some of our largest customers. You will focus on strategic account alignment and broad deployment strategies to drive lasting success through elevated technical maturity.

Key Workforce Identity Solutions You Will Support: The Okta Platform secures employees, contractors, and partners across every part of the Identity lifecycle, including governance, access, and privileged controls. Products include:

• Identity & Access Management (IAM): Single Sign-On (SSO), Adaptive MFA, Device Access, API Access Management, Secure Partner Access, Access Gateway, and Universal Directory.
• Identity Governance & Administration (IGA): Lifecycle Management and Identity Governance.
• Privileged Access Management (PAM): Privileged Access.
• Identity Threat Detection & Response (ITDR): Identity Security Posture Management and Identity Threat Protection.

What You'll Be Doing

Strategic Customer Partnership & Influence:

• Build deep, long-lasting relationships with customers as their go-to technical advisor.
• Earn Okta trusted advisor status with customer identity owners and technical leadership, known as the primary point of contact for technical leaders.
• Possess and masterfully apply comprehensive technical expertise to solve complex problems, design sophisticated solutions, and influence customer strategies.
• Collaborate with customers to design identity strategies aligned with their business objectives.
• Leverage tailored technical plans for success with a portfolio of customers of increasing size and complexity.
• Help find ways to build upon and expand customers' adoption of the Okta footprint through additional use cases and increasing security posture.
• Use knowledge of how Okta's product differentiators lead to positive outcomes for customers, securing the Okta footprint against competitive displacement.

Complex Problem Resolution & Advocacy:

• Demonstrate advanced problem-solving skills, capable of dissecting complex, multi-faceted problems and orchestrating effective solutions.
• Proactively identify risks and create mitigation plans, establishing actions, ownership, and driving resolutions.
• Able to handle most customer technical escalations independently, or collaboratively with the Customer Success Manager (CSM).
• Manage competing priorities with little impact on delivery, ensuring follow through on all activity.
• Demonstrate a strong ability to represent and advocate for the customer with cross-functional teams (including engineering and support), while supporting policies and decisions that are in the best interests of the company.
• Facilitate difficult discussions with senior stakeholders.

Thought Leadership & Team Enablement:

• Serve as a thought leader, providing best practices, workshops, and training.
• Generate specific vertical/use case insights and thought leadership, demonstrating an advanced level of Okta platform and identity domain knowledge, with a focus on enhancing customers' security posture.
• Generate higher value for customers and deeper TAM engagement through repeatable asset and strategy creation for the team.
• Mentor peers and colleagues, upskilling capability with a focus on technical development.
• Contribute to the development of adoption and retention strategies, sharing knowledge of customer patterns, and leading execution.
• Lead project tasks or initiatives aimed at improvement of TAM processes and knowledge.

What You'll Bring to the Role

• Requires 8+ years of related experience in a professional role, or equivalent experience (e.g., 6+ years with a Master’s degree).
• 3+ years of experience as a Technical Account Manager (TAM) or a comparable role such as Technical Consultant, Product Management, or Solution Architect.
• 3+ years in identity and access management, including SSO, MFA, lifecycle management, or security best practices.
• Education: BA/BS/MS in Computer Science, Information Technology or related discipline, or equivalent work experience required.
• Certifications: Okta Certified, CISSP, or equivalent.
• Technical Mastery (Workforce Identity Focus):
• Extensive proficiency utilizing Okta feature sets and platforms to portray a design, or architecture, that satisfies well-known customer use cases to a customer technical persona including architect.
• Able to modify existing quickstart or code samples to adapt them to the customer's requirements.
• Confident in assisting TAM peers on technical challenges, or on behalf of other TAMs customers.
• Solid understanding of one or more of the following key areas:
• Technologies and protocols to support identity federation and robust access control models (e.g., SAML 2.0, WS-Federation, OAuth, OpenID Connect).
• Experience dealing with legacy applications in a hybrid IT environment with non-standard applications (i.e., those that do not support modern identity federation protocols).
• SaaS deployment such as Salesforce, Box, Office 365, Workday, and HR as master for identities.
• Lifecycle management scenarios to 3rd party systems and applications (Workflows, HR-driven provisioning, MSFT integrations, SCIM, etc).
• Enterprise applications in the ecosystem to provide identity and attributes to applications or to harness an external application to help drive business processes (ITSM, HR, etc).
• Security and performance monitoring and 3rd party signals integrations (SEIM, MDM, WAF, etc).
• Awareness of augmentation of identity protocols and flows, capable of identifying augmentation that requires additional review.
• Communication and Leadership Skills:
• Excellent communication skills, capable of translating complex technical topics into actionable insights.
• Convey complex ideas in a compelling and easily understandable manner.
• Ability to set expectations and communicate goals and objectives with customers at various levels, up to CxO.
• Skilled in setting and enforcing appropriate boundaries with both internal and external stakeholders.
• Ability to track and influence customer behavior.

XML job scraping automation by YubHub

At Cloudflare, we're on a mission to help build a better Internet. We protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code.

As a Senior Security AI Engineer, you will be the technical architect for our Agentic AI roadmap. Your mission is to move beyond simple automation scripts and build a fleet of 'AI Team Members',intelligent helper agents that execute complex security algorithms, process flows, and assessment logic.

Responsibilities

• Agent Architecture: Design and deploy multi-agent systems that follow complex security algorithms and assessment flows to automate manual SOC and Assurance tasks.

• Skill Engineering: Standardize agent capabilities by creating and maintaining skills.md files and specialized Markdown documentation that define agentic personas and execution boundaries.

• Workflow Training: Train and fine-tune LLMs to function as 'helper agents' capable of executing autonomous AI workflows as integral members of the Security Engineering team.

• Infrastructure as Agents: Utilize Cloudflare Workers, Vectorize, and AI Gateway to build serverless, low-latency agentic architectures for real-time traffic analysis and remediation.

• Autonomous Assessment: Build and scale the engine for autonomous vendor security reviews and M&A assessments, transforming qualitative data into quantitative risk insights.

Requirements

• Experience: 4+ years in Information Security or Software Engineering, with at least 1+ years focused on AI Engineering, Agentic AI, or Advanced Automation using Opencode

• AI Expertise: Deep understanding of LLM orchestration, prompt engineering, and building agentic loops (e.g., LangChain, AutoGen, or custom frameworks).

• Agent Development: Proven ability to create agents from structured definitions (skills.md) and automate tasks that follow strict process/algorithmic flows.

• Cloudflare Ecosystem: Expert knowledge of Cloudflare Workers, KV, Durable Objects, and R2. Experience with Cloudflare AI tools is a significant plus.

• Languages: Mastery of Windsurf, Opencode or Rust.

• Security Domain: Strong grasp of Cyber Security fundamentals, including SIEM/SOAR logic, UEBA, and risk assessment frameworks.

Preferred Qualifications

• Experience building custom Agentic AI solutions that have replaced enterprise-grade 3rd party security software.

• Background in M&A Security Due Diligence or Vendor Risk Management automation.

• Prior experience building edge-based security products or AI-driven log-push integrations.

• Certifications: CISSP or specialized AI/Machine Learning certifications.

XML job scraping automation by YubHub

The Security team's goal is to identify, measure, manage, mitigate, and report risk associated with products to keep our customer's funds and data safe. You will collaborate with program sponsors and cross-functional Security partners to identify, document, and objectively assess opportunities, challenges, and risks across traditional and novel Security domains using qualitative and quantitative factors, including KRIs and KPIs.

You will serve as the Directly Responsible Individual (DRI) for key security initiatives or workstreams when required, owning outcomes and driving decision-making to keep programs moving forward. You will create program strategies and artifacts, including proposals, prioritization frameworks, roadmaps, dependency maps, and risk registers, to drive initiatives that incrementally increase program maturity over time.

You will partner with Product, Engineering, and Security teams to influence adoption of critical initiatives, navigate technical dependencies, and support the Software Development Lifecycle (SDLC) as part of product and feature launches. You will concurrently manage multiple critical projects end-to-end: establishing milestones and timelines, managing cross-functional workstreams and dependencies, holding teams accountable for deliverable quality, and clearly communicating the impact of delays on project timelines and security risk posture.

You will provide program status to Security leadership while ensuring transparency on key metrics, program effectiveness, strategic direction, and changes. You will conduct regular data analysis on security control performance to identify trends, anomalies, and areas for improvement, leveraging BI tools to drive data-informed decisions.

You will drive process improvement and scaling initiatives within security programs by leveraging AI tools, automation, and retrospectives to optimize workflows, reduce manual toil, and achieve outcomes efficiently. You will author Objectives and Key Results (OKRs) to focus teams on the right short-term and long-term goals, and manage change across complex multi-quarter programs.

You will rapidly identify and escalate risks to enable proactive collaboration and timely resolution.

We're looking for a Technical Program Manager II with a strong understanding and proven experience of formal program management methodologies, working knowledge of and experience in cyber/security domain, fluency in leveraging AI in daily workflows to enhance efficiency, drive process improvements, and deliver high-quality, business-ready outputs.

You should have exceptional skills in time management, facilitation, communication, and organization, ability to translate complex concepts simply for varied audiences, experience managing cross-functional teams and stakeholders, and comfortable navigating ambiguity and operating in environments where processes and paved roads may not yet exist.

Nice to haves include professional certification such as PMP, CISSP and CISA, working knowledge of and experience in the technology and/or financial technology industry, experience working across all the three lines of defense (3LOD), and advanced understanding of Generative AI, Google Workspace, JIRA, Linear, Superset, Looker and SQL.

XML job scraping automation by YubHub

You will be at the forefront of our efforts to build and scale an industry-leading AI assurance program. While your initial focus will be on leveraging agentic AI to transform SOX testing, you'll have opportunities to impact cross-functional areas including security, platform regulatory risks and non-financial metrics.

Key responsibilities include:

• Architect and scale our SOX compliance program by designing, developing, and maintaining AI-driven testing that enhances accuracy, provides real-time insights, and reduces manual overhead.
• Spearhead the testing of internal controls using agentic AI systems to identify and mitigate potential threats.
• Partner closely with Engineering, IT, and business teams to integrate our AI automation with internal systems, enabling end-to-end automated assurance workflows.
• Serve as a subject matter expert and champion for the use of AI and automation in risk management.
• Contribute to a culture of innovation and excellence within the Risk Advisory and Assurance team.

Requirements include:

• 2 to 4 years of experience in a Big 4 accounting firm, internal audit, and/or compliance function with a demonstrated passion for technology and automation.
• Subject matter expertise in SOX and/or security compliance testing in the technology industry, preferably platform companies.
• Self-motivated, results-oriented technology-first thinker with a proactive and creative approach to problem-solving.
• Collaborator with a strong work ethic and enthusiasm for learning, who thrives in a fast-paced, dynamic environment.

Preferred qualifications include:

• Professional certifications such as CISA, CPA, CIA, and/or CISSP.
• Hands-on experience leveraging AI tools and prompting.
• Familiarity with programming languages such as SQL and Python.

XML job scraping automation by YubHub

As a Senior Technical Account Manager, you will play a critical role in securing every identity, from AI to human identity. You will focus on strategic account alignment and broad deployment strategies to drive lasting success through elevated technical maturity.

Key Workforce Identity Solutions You Will Support: The Okta Platform secures employees, contractors, and partners across every part of the Identity lifecycle, including governance, access, and privileged controls. Products include:

• Identity & Access Management (IAM): Single Sign-On (SSO), Adaptive MFA, Device Access, API Access Management, Secure Partner Access, Access Gateway, and Universal Directory.
• Identity Governance & Administration (IGA): Lifecycle Management and Identity Governance.
• Privileged Access Management (PAM): Privileged Access.
• Identity Threat Detection & Response (ITDR): Identity Security Posture Management and Identity Threat Protection.

Strategic Customer Partnership & Influence:

• Build deep, long-lasting relationships with customers as their go-to technical advisor.
• Earn Okta trusted advisor status with customer identity owners and technical leadership, known as the primary point of contact for technical leaders.
• Possess and masterfully apply comprehensive technical expertise to solve complex problems, design sophisticated solutions, and influence customer strategies.
• Collaborate with customers to design identity strategies aligned with their business objectives.
• Leverage tailored technical plans for success with a portfolio of customers of increasing size and complexity.
• Help find ways to build upon and expand customers' adoption of the Okta footprint through additional use cases and increasing security posture.
• Use knowledge of how Okta's product differentiators lead to positive outcomes for customers, securing the Okta footprint against competitive displacement.

Complex Problem Resolution & Advocacy:

• Demonstrate advanced problem-solving skills, capable of dissecting complex, multi-faceted problems and orchestrating effective solutions.
• Proactively identify risks and create mitigation plans, establishing actions, ownership, and driving resolutions.
• Able to handle most customer technical escalations independently, or collaboratively with the Customer Success Manager (CSM).
• Manage competing priorities with little impact on delivery, ensuring follow through on all activity.
• Demonstrate a strong ability to represent and advocate for the customer with cross-functional teams (including engineering and support), while supporting policies and decisions that are in the best interests of the company.
• Facilitate difficult discussions with senior stakeholders.

Thought Leadership & Team Enablement:

• Serve as a thought leader, providing best practices, workshops, and training.
• Generate specific vertical/use case insights and thought leadership, demonstrating an advanced level of Okta platform and identity domain knowledge, with a focus on enhancing customers' security posture.
• Generate higher value for customers and deeper TAM engagement through repeatable asset and strategy creation for the team.
• Mentor peers and colleagues, upskilling capability with a focus on technical development.
• Contribute to the development of adoption and retention strategies, sharing knowledge of customer patterns, and leading execution.
• Lead project tasks or initiatives aimed at improvement of TAM processes and knowledge.

What You'll Bring to the Role

• Requires 8+ years of related experience in a professional role, or equivalent experience (e.g., 6+ years with a Master’s degree).
• 3+ years of experience as a Technical Account Manager (TAM) or a comparable role such as Technical Consultant, Product Management, or Solution Architect.
• 3+ years in identity and access management, including SSO, MFA, lifecycle management, or security best practices.
• Education: BA/BS/MS in Computer Science, Information Technology or related discipline, or equivalent work experience required.
• Certifications: Okta Certified, CISSP, or equivalent

Technical Mastery (Workforce Identity Focus):

• Extensive proficiency utilizing Okta feature sets and platforms to portray a design, or architecture, that satisfies well-known customer use cases to a customer technical persona including architect.
• Able to modify existing quickstart or code samples to adapt them to the customer's requirements.
• Confident in assisting TAM peers on technical challenges, or on behalf of other TAMs customers.
• Solid understanding of one or more of the following key areas:
• Technologies and protocols to support identity federation and robust access control models (e.g., SAML 2.0, WS-Federation, OAuth, OpenID Connect).
• Experience dealing with legacy applications in a hybrid IT environment with non-standard applications (i.e., those that do not support modern identity federation protocols).
• SaaS deployment such as Salesforce, Box, Office 365, Workday, and HR as master for identities.
• Lifecycle management scenarios to 3rd party systems and applications (Workflows, HR-driven provisioning, MSFT integrations, SCIM, etc).
• Enterprise applications in the ecosystem to provide identity and attributes to applications or to harness an external application to help drive business processes (ITSM, HR, etc).
• Security and performance monitoring and 3rd party signals integrations (SEIM, MDM, WAF, etc).
• Awareness of augmentation of identity protocols and flows, capable of identifying augmentation that requires additional review.

Communication and Leadership Skills:

• Excellent communication skills, capable of translating complex technical to

XML job scraping automation by YubHub

Support creation of services estimates to implement the proposed solution. Review services estimates to ensure project scope can be successfully delivered as outlined - technical risk is appropriately mitigated and timelines follow staffing guidelines. Develop co-delivery proposals by identifying and engaging appropriate partners. Drive New Product Introduction (NPI) across PS by training Engagement Managers and developing associated assets such as scope modules, SKUs, success stories and enablement toolkits.

Minimum REQUIRED Knowledge, Skills, and Abilities:

• 5+ years of overall IT / software development experience, solution design and technical architecture experience
• 2+ years of Okta implementation experience
• 3+ years of consulting experience
• 3+ years driving application architecture design
• 3+ years of experience with (IAM) architectures
• Experience with employee and customer identity use cases: HR driven identity, Active Directory, SSO, SaaS application integrations.
• Experience with Identity Governance and Privileged Access Management use cases.
• Demonstrated ability to work and interact with high-level customer executives and technical resources.
• Experience in supporting discovery workshops to derive customer requirements and specifications.
• Experience in developing functional specifications and system design specifications for customer engagements.
• Strong knowledge of Security Architecture, Design and Operations, LDAP, Active Directory, SSO, SAML, OIDC, RBAC, OAuth, JSON, REST.
• Experience integrating with a multitude of On-Prem and SaaS based products.
• Exhibits confidence and a deep understanding of emerging industry practices when solving business problems.
• Identifies critical issues with ease.
• Effectively communicates technical information to non-technical audiences.
• Manages customer expectations effectively.
• Application design experience.
• Clear and Dynamic Communication.
• Ability to travel up to 50%

Highly Desirable Knowledge, Skills, and Abilities:

• Knowledge of software development security and cryptography.
• Familiarity with IAM solution providers.
• Experience with API Gateways, CASB, and Reverse Proxies (NGINX)
• Proficiency with various open-source software and development tools
• Proficiency in one or more of the following: .Net, Ruby, Java, Python or Perl

Education and Certification:

• A Bachelor’s degree (or equivalent) in Computer Science, Information Technology or related discipline required.
• Okta Certified Technical Architect or a combination of Okta Certified Consultant and Okta Certified Developer is a plus.
• CISSP certification is a plus.
• TOGAF certification is a plus.

OTE range for this position for candidates located in the San Francisco Bay area is between $176,000-$242,000 USD. Below is the annual On Target Compensation (OTE) range for candidates located in California (excluding San Francisco Bay Area), Colorado, Illinois, New York and Washington. Your actual OTE, which is inclusive of base salary and incentive compensation, will depend on factors such as your skills, qualifications, experience, and work location. In addition, Okta offers equity (where applicable) and benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.

XML job scraping automation by YubHub

The responsibilities listed below represent the core functions of this role:

• Strategic Audit Leadership: Lead end-to-end FedRAMP and DoD audits, serving as the primary point of contact for external 3PAOs and government agencies.
• Continuous Monitoring Strategy: Oversee and evolve the continuous monitoring (ConMon) program. Design sophisticated reporting mechanisms for vulnerability management and risk posture for executive leadership.
• Engineering Advisory: Act as a senior consultant to Engineering and Product teams, translating complex NIST 800-53 requirements into actionable technical specifications for cloud-native environments.
• Impact Assessment & Risk Management: Lead the assessment of high-impact changes to federal systems. Ensure that system evolutions maintain a rigorous security posture without sacrificing innovation.
• Cross-Functional Alignment: Drive synchronization between GRC, Security, Marketing, Sales, Engineering, and Product to ensure federal requirements are integrated into the broader corporate roadmap.
• Programmatic Gap Analysis: Proactively identify and lead initiatives to close gaps between current capabilities and future regulatory requirements (e.g., emerging NIST standards, new DoD mandates, or IL6 requirements).
• Evidence Automation & FedRAMP 20x Readiness: Drive the build-out and support of automated evidence collection and control validation. Lead the transition toward "FedRAMP 2.0" standards (including OSCAL integration), defining and monitoring Key Security Indicators (KSIs) to provide real-time compliance visibility.

Minimum Required Knowledge, Skills, and Abilities:

• Education: Bachelor’s degree in Computer Science, MIS, Cybersecurity, or a related technical field.
• Experience: 7+ years of experience in security compliance, with at least 4-5 years specifically focused on the FedRAMP/NIST 800-53 framework.
• Automation & Compliance Engineering: Demonstrated experience with automation tools or scripting (e.g., Python, Go, or SQL) for automated evidence collection. Familiarity with API-based control validation and OSCAL-based tooling (e.g., Trestle, LULA, or similar GRC automation frameworks).
• Technical Depth: Deep understanding of cloud-native infrastructure (IaaS, PaaS, SaaS) and how infrastructure components (networking, OS, databases) support a distributed cloud application.
• Framework Mastery: Expert-level knowledge of NIST SP 800-53, FedRAMP High/Moderate, and DoD SRG (IL4, IL5, and familiarity with IL6).
• Operational Knowledge: Proven experience with access management, CI/CD pipelines, disaster recovery, and encryption/key management in a cloud context.
• Analytical Leadership: Ability to analyze complex "edge-case" security scenarios and provide remediation paths that align with both business goals and regulatory requirements.
• Communication: Exceptional presentation skills with the ability to explain technical compliance risks to non-technical executive stakeholders.

Preferred Certifications & Skills:

• Advanced Certifications: CISSP (highly preferred), CISA, or CCSK.
• Cloud Expertise: AWS Certified Solutions Architect or Cloud Practitioner.
• Tooling: Expert-level proficiency with JIRA, ServiceNow, and Okta.
• Technical Background: Prior experience in a DevOps, Security Engineering, or Systems Administration role is a significant plus.

Additional requirements:

• This position requires the ability to access federal environments and/or have access to protected federal data. As a condition of employment for this position, the successful candidate must be able to submit documentation establishing U.S. Person status (e.g. a U.S. Citizen, National, Lawful Permanent Resident, Refugee, or Asylee. 22 CFR 120.15) upon hire.

XML job scraping automation by YubHub

Your expertise will be crucial in building proactive security strategies that align with our business goals and protect the company from an ever-evolving threat landscape. This position demands deep expertise in security principles and a comprehensive understanding of the entire infrastructure stack and IAM systems to design robust, future-ready security solutions.

You will be instrumental in safeguarding our systems' resilience and integrity against ever-evolving cyber threats. You will play a critical role in shaping our security strategy for modern platforms across AWS, Azure, GCP, network infrastructure, storage, and SaaS solutions, help establish a strong least privilege (PoLP) model, providing specialized IAM expertise, and securely supporting SaaS with sensitive information (NHI).

You will also be a key contributor in building our internal strategy for secure AI development. Additionally, you will support the secure integration of SaaS platforms such as Google Workspace, collaboration tools, and GTM systems, maintaining alignment with enterprise security standards.

Close collaboration with cross-functional teams is essential to embed security throughout the technology stack.

The impact you will have:

• Design and implement secure, scalable reference architectures for the Databricks IT across Cloud Infra (Compute, DBs, Network, Storage), SaaS, Custom Built Applications, Data & AI systems.
• Establish and enforce security controls for: Core Security Areas: - Databricks Workspace Management: Workspace isolation, Unity Catalog for data governance.
• Secure Networking: VPC configs, PrivateLink, IP Allow Lists.
• Identity and Access Management (IAM): SSO, SCIM user provisioning, RBAC via Un, Strong MFA best practices for enterprise identities and customers.
• Data Encryption: At rest and in transit, customer-managed keys for critical assets.
• Data Exfiltration Prevention: Admin console settings, VPC endpoint controls.
• Cluster Security: User isolation, compliance with enhanced security monitoring/Compliance Security Profiles (HIPAA, PCI-DSS, FedRAMP).
• Offensive Security: Test and challenge the effectiveness of the organization’s security defenses by mimicking the tactics, techniques, and procedures used by actual attackers.
• Specialized Security Functions: - Non-human Identity Management: Design and implement secure authentication and authorization for automated systems (service accounts, API keys, machine identities), focusing on automation and integration with existing identity management systems.
• IAM Best Practices: Develop and document comprehensive Identity and Access Management policies, including user provisioning, de-provisioning, access reviews, privileged access management, and multi-factor authentication, ensuring security and compliance.
• Data Loss Prevention (DLP): Implement DLP solutions to identify, monitor, and protect sensitive data across endpoints, networks, and cloud environments, preventing unauthorized access, use, or transmission.
• SaaS Proxy Design and Implementation: Design and implement cloud-based proxies for SaaS applications (SASE solutions) to provide secure access, enforce security policies, monitor user activity, and protect against threats.
• Cloud Infrastructure Best Practices: Establish and document best practices for VPC configurations, cloud networking, and infrastructure as code using Terraform, ensuring secure network segmentation, routing, firewalls, and VPNs for consistent, automated, and secure deployments.
• Least Privilege Access for Data Security: Design and implement data security controls based on the principle of least privilege, ensuring users and systems have only the minimum necessary access through fine-grained controls, data classification, and regular access reviews.
• Guide internal IT on Databricks’ security and compliance certifications (SOC 2, ISO 27001/27017/27018, HIPAA, PCI-DSS, FedRAMP), and support security reviews/audits.
• Support incident response, vulnerability management, threat modeling, and red teaming using audit logs, cluster policies, and enhanced monitoring.
• Stay current on industry trends and emerging threats in GenAI, AI Agentic flow, MCPs to enhance security posture.
• Advise executive leadership on security architecture, risks, and mitigation.
• Mentor security engineers and developers on secure design and best practices.

What we look for:

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field
• Master’s degree in Computer Science specifically in Information Security or a related discipline is strongly preferred
• Minimum 12 years in cybersecurity, with 5+ in security architecture or senior technical roles.
• Experience in FedRAMP High systems/ GovCloud preferred.
• Must have direct experience designing and securing enterprise platforms in complex multi-cloud environments, deep knowledge of enterprise architecture and security features (control plane/data plane separation, network infra, workspace hardening, network segmentation/ isolation), and hands-on experience automating security controls with Terraform and scripting.
• Proven expertise securing data analytics pipelines, SaaS integrations, and workload isolation in enterprise ecosystems.
• Experience with Enterprise Security Analysis Tools and monitoring/security policy optimization.
• Deep experience in threat modeling, design, PoC, and implementing large-scale enterprise solutions.
• Extensive hands-on experience in AWS cloud security, network security, with knowledge of Zero Trust, Data Protection, and Appsec.
• Strong understanding of enterprise IAM systems (Okta, SailPoint, VDI, Entra ID) and Data Protection.
• Expert experience with SIEM platforms, XDR, and cloud-native threat detection tools.
• Expert in web application security, OWASP, API security, and secure design and testing.
• Hands-on experience with security automation is required, with proficiency in AI-assisted development, Python, Cursor, Lambda, Terraform, or comparable scripting/IaC tools for operational efficiency.
• Industry certifications like CISSP, CCSP, CEH, AWS Certified Security – Specialty, AWS Certified Solutions Architect – Professional, or AWS Certified Advanced Networking – Specialty (or equivalent) are preferred.
• Ability to influence stakeholders and drive alignment.
• Strategic thinker with a passion for security innovation, continuous improvement, and building scalable defenses.

Pay Range Transparency

Databricks is committed to fair and equitable compensation practices. The pay range(s) for this role is listed below and represents the expected salary range for non-commissionable roles or on-target earnings for commissionable roles. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to job-related skills, depth of experience, relevant certifications and training, and specific work location. Based on the factors above, Databricks anticipates utilizing the full width of the range. The total compensation package for this position may also include eligibility for annual performance bonus, equity, and the benefits listed above.

XML job scraping automation by YubHub

You are technical, a strong operator, and strategic thinker, looking to build, improve, and scale reliable security processes whenever possible. Your leadership of the information security program at Waymark will include all facets of cybersecurity, and the associated user experience of our remote teams, and community-based care workers. You will be responsible for security policy and implementation and operation of technical and administrative safeguards to support those policies. You will use your experience to inform sound judgement to achieve the appropriate management of security risks in a manner consistent with the company’s values. You will use your in-depth knowledge of security in a modern cloud based organization, to identify and address risks to the company, through a combination of hands-on technical contributions and directing and overseeing staff with security responsibilities. You will interact with the broader executive leadership team to communicate evolving needs, matching the security strategy to the size and stage of growth of the company and the information we safeguard.

This is a remote friendly position that can be located anywhere in the United States.

Key Responsibilities & Duties

• Oversee the internal cybersecurity program, road map, and strategy, which includes developing and implementing procedures and policies designed to protect Waymark communications, systems, and assets from internal and external threats and that safeguards health information.
• Oversee and manage Waymark’s MSSP and outsourced IT vendor, including responsibility for security and IT budgets, and IT tools used by Waymark.
• Partner with Product, Engineering, Legal, and Compliance leadership to determine risks and deploy risk management processes, supporting Waymark’s secure software development lifecycle and ensuring that our internally developed products and services meet the expectations of our patients, customers and regulators
• Own, define and oversee the necessary security operational functions such as Identity Management, Vulnerability Management, Incident Response, Security Awareness, and Vendor Risk Management
• Serve as Waymark’s HIPAA Security Officer, ensuring compliance with the HIPAA Security Rule, working closely with the legal team to document, review, maintain, and implement standards, policies, and procedures within security disciplines.
• Lead the strategy, implementation, and maintenance of industry-standard security certifications, including SOC2 Type II.
• Conduct research, analysis, and correlation across a wide variety of source data to identify and prevent compromise of our networks, host systems, and data.
• Track and report on network security to the Waymark executive leadership team

XML job scraping automation by YubHub

As a Principal IT Security Architect, you will develop and maintain the organization's enterprise IAM architecture, encompassing identity lifecycle management, access control models, and integrations with both cloud and on-premises applications. You will also lead the design and implementation of Synopsys' governance and enforcement layer for AI agents.

You will collaborate closely with IT, security, and business stakeholders to integrate IAM solutions with enterprise systems and support access needs. You will also support incident response activities related to identity and access, including investigation and remediation of security incidents.

The ideal candidate will have a strong analytical, communication, and leadership skills. You will be a strategic thinker with the ability to see the big picture while paying close attention to detail. You will also be an innovative problem solver who thrives on tackling complex security challenges.

In return, you will have the opportunity to work with a high-impact, collaborative IAM and security engineering team at the forefront of Synopsys' digital transformation. You will also have access to a comprehensive range of health, wellness, and financial benefits to cater to your needs.

XML job scraping automation by YubHub

We are looking for a highly skilled Cyber GRC (Governance, Risk, and Compliance) Senior Consultant to help organizations strengthen their cybersecurity posture, manage cyber risks, and ensure regulatory compliance. The ideal candidate will have deep expertise in cybersecurity frameworks, risk management, regulatory compliance, and security governance.

As a Cyber GRC Senior Consultant, you will collaborate with client security, IT, and compliance teams to direct and oversee the development and implementation of cybersecurity policies, conduct risk assessments, and ensure adherence to global security standards and regulations.

Key Responsibilities:

Work on global projects with a truly global team, with the support of over 330,000 technical staff from our parent organization.

Contribute to the development of consulting go to market offerings and innovative solutions targeted at the C-Suite executive community that help them to understand and mitigate their cyber risks.

Direct and lead NIST CSF risk assessments

Oversee the design of innovative new services to lead the market incorporating AI and ML where it brings value.

Support presales, sales, and account management pursuits from a subject matter expert perspective.

Requirements

You will have already achieved strong career progression to date, and experience working with recognized consulting brands and large commercial sector clients. You will have a passion for cyber security and a genuine interest in staying updated with the latest industry trends and developments.

Your security experience must include:

A relevant undergrad or post grad degree (Infosec, Cyber Security, IT Security)

1-5 years+ in the field of cyber security/infosec.

A broad business skill set including stakeholder management, problem-solving, and resilience

Experience in gathering, validating, synthesizing, documenting, and communicating data and information for a range of audiences

Excellent interpersonal skills and strong written and verbal communication skills in country’s official language(s) (C2 proficiency) and English (C2 proficiency), project-related mobility/willingness to travel

Your diverse Security experience should include one or some of below:

A good understanding of NIST CSF

A post graduate degree in cyber /information security

Cyber Due Diligence Assessments

Third- Party & Supply chain Cyber Risk Management

Incident Response Plan review

Supporting bids, RFP responses and proposals

Crisis Management Exercises (CMX)

Accreditation such as CISSP, CISM, CISA, GSLC, GSTRT, GCPM,

Helped design Target Operating Models (TOMs) and RACI Matrices

Helping the design of Cyber Security Roadmaps

Supporting Post Incident Reviews

Reading and summarising Cyber Threat Intelligence reports

Cyber Security Risk Assessments or Maturity Assessments

Design and/deliver awareness training.

Worked on Identity and Access Management projects.

Worked on Privileged access management projects

Our ideal candidate may have some of the following skills:

Have a broad business skill set including stakeholder management, problem-solving, and resilience

Have experience in gathering, validating, synthesizing, documenting, and communicating data and information for a range of audiences

Have excellent interpersonal skills and strong written and verbal communication skills in country’s official language(s) (C2 proficiency) and English (C2 proficiency), project-related mobility/willingness to travel

Enjoy working with different clients from different industries.

Have some experience in balancing technical and commercial considerations to develop practical advice or solutions for clients.

Be able to build strong and effective business relationships at all levels

Be able to support and oversee staff with less experience in their tasks

Be able to explain complex cyber methodologies using accessible non-technical language (both written and verbal)

_Given that this is just a short snapshot of the role we encourage you to apply even if you don't meet all the requirements listed above. We are looking for team members who strive to make an impact and are eager to learn. If this sounds like you and you feel you have the skills and experience required, then please apply now._

About your team

At the Tech Transformation practice, we help CIOs overcome their biggest challenges such as geopolitical and macroeconomic uncertainty, cybersecurity, digital transformation, and budget constraints; enabling them to leverage technology to deliver value to their business. We have a team of business analysts, enterprise architects and cybersecurity specialists with business, operational, strategic, analytical and innovation skills. that come together to drive business IT alignment, Transform IT governance, IT Cost containment, operating efficiency improvements, Innovation enablement and cybersecurity risk, governance, and compliance.

About Infosys Consulting

Be part of a globally renowned management consulting firm on the front-line of industry disruption and at the cutting edge of technology. We work with market leading brands across sectors. Our culture is inclusive and entrepreneurial. Being a mid-size consultancy within the scale of Infosys gives us the global reach to partner with our clients throughout their transformation journey.

Our core values, IC-LIFE, form a common code that helps us move forward. IC-LIFE stands for Inclusion, Equity and Diversity, Client, Leadership, Integrity, Fairness, and Excellence. To learn more about Infosys Consulting and our values, please visit our careers page.

Within Europe, we are recognized as one of the UK’s top firms by the Financial Times and Forbes due to our client innovations, our cultural diversity and dedicated training and career paths. Infosys is on the Germany’s top employers list for 2023. Management Consulting Magazine named us on their list of Best Firms to Work for. Furthermore, Infosys has been recognized by the Top Employers Institute, a global certification company, for its exceptional standards in employee conditions across Europe for five years in a row.

We offer industry-leading compensation and benefits, along with top training and development opportunities so that you can grow your career and achieve your personal goals. Curious to learn more? We’d love to hear from you.... Apply today!

XML job scraping automation by YubHub

We are seeking an experienced Principal Third Party Risk Management (TPRM) Consultant to lead and shape our Third Party Risk and GRC services within the cyber security consultancy. This is a senior leadership role responsible for driving strategy, managing complex client engagements, and delivering enterprise-scale TPRM and GRC programmes across multiple industries. As a subject matter expert in Third Party Risk Management, Governance, Risk & Compliance (GRC) and vendor risk frameworks, you will design, implement, and operate robust third-party risk management frameworks that align with regulatory, security, and business requirements. You will act as a trusted advisor to clients, lead large transformation initiatives, manage teams, and ensure high-quality delivery of risk, compliance, and assurance services.

Key Responsibilities:

·       TPRM Proposals & Strategy: Lead the development of TPRM and GRC proposals, defining scope, delivery models, governance structures, and operating models and design enterprise-level Third Party Risk Management strategies aligned with regulatory, operational, and cyber risk requirements.

·       Client Engagement Leadership: Lead and manage complex client engagements in Third Party Risk Management, vendor risk, and GRC and act as engagement lead and trusted advisor for executive stakeholders (CISO, CRO, Risk, Compliance, Procurement, Legal). In addition to that ensure successful delivery of TPRM services including assessments, frameworks, tooling, and operationalisation.

·       Security Assessment & Audit Leadership: Lead third-party security assessments, audits, and assurance activities and define assessment methodologies, risk scoring models, control frameworks, and reporting structures as well as oversee supplier due diligence, onboarding risk processes, and continuous monitoring programmes.

·       Technical & Methodological Authority: Serve as subject matter expert for TPRM, GRC platforms, and vendor risk methodologies and provide leadership in the use of GRC and TPRM tooling (e.g. OneTrust, Archer, ServiceNow GRC, similar platforms).

·       Project, Delivery & Programme Leadership: Act as Project Manager, Delivery Lead, and Programme Lead for large-scale TPRM initiatives and manage multi-stream delivery, dependencies, risks, and stakeholder alignment.

·       Team Leadership & Management: Lead, mentor, and develop a team of consultants (up to 5 direct reports) and build high-performing delivery teams and ensure capability development in TPRM and GRC.

·       Risk & Compliance Management: Identify, assess, and manage third-party risks across cyber, operational, regulatory, and reputational domains and advise clients on risk treatment strategies, remediation plans, and control improvements.

·       Continuous Improvement & Innovation: Drive continuous improvement in TPRM methodologies, delivery models, and service offerings and stay current with regulatory developments, emerging risks, and industry best practices in third-party risk and supply chain security.

Requirements

Essential Skills and Experience:

·       Extensive experience in Third Party Risk Management (TPRM) and Governance, Risk & Compliance (GRC) at enterprise level.

·       Strong background as Security Assessor, Auditor, and Risk Consultant.

·       Proven experience leading TPRM, vendor risk, and supplier assurance programmes.

·       Experience acting as Project Manager, Delivery Lead, and Programme Lead for complex engagements.

·       Hands-on experience with GRC / TPRM platforms, ideally including OneTrust.

·       Ability to design and implement third-party risk frameworks, policies, and governance models.

·       Strong stakeholder management skills at executive and board level.

·       Proven people management experience, including team leadership and mentoring.

·       Ability to balance security, risk, compliance, and business enablement.

Qualifications:

·       Minimum 10 years of experience in cyber security, risk management, GRC, audit, or related domains.

·       CISA (Certified Information Systems Auditor) strongly preferred.

·       Lead Auditor certification (e.g. ISO 27001 Lead Auditor) highly desirable.

·       Additional certifications such as CISM, CRISC, CISSP are an advantage.

·       Experience working across multiple industries (e.g. Financial Services, Healthcare, Critical Infrastructure, Government, Technology).

·       Experience with regulatory-driven environments and compliance-led transformation programmes.

_Given that this is just a short snapshot of the role we encourage you to apply even if you don't meet all the requirements listed above. We are looking for team members who strive to make an impact and are eager to learn. If this sounds like you and you feel you have the skills and experience required, then please_ _apply now._

Benefits

About Infosys Consulting

Be part of a globally renowned management consulting firm on the front-line of industry disruption and at the cutting edge of technology.  We work with market leading brands across sectors. Our culture is inclusive and entrepreneurial. Being a mid-size consultancy within the scale of Infosys gives us the global reach to partner with our clients throughout their transformation journey.

Our core values, IC-LIFE, form a common code that helps us move forward. IC-LIFE stands for Inclusion, Equity and Diversity, Client, Leadership, Integrity, Fairness, and Excellence. To learn more about Infosys Consulting and our values, please visit our careers page.

Within Europe, we are recognized as one of the UK’s top firms by the Financial Times and Forbes due to our client innovations, our cultural diversity and dedicated training and career paths. Infosys is on the Germany’s top employers list for 2023. Management Consulting Magazine named us on their list of Best Firms to Work for. Furthermore, Infosys has been recognized by the Top Employers Institute, a global certification company, for its exceptional standards in employee conditions across Europe for five years in a row.

We offer industry-leading compensation and benefits, along with top training and development opportunities so that you can grow your career and achieve your personal ambitions. Curious to learn more? We’d love to hear from you.... Apply today!

XML job scraping automation by YubHub

As a collaborative problem-solver, you are comfortable working across teams—from executives to engineers—to ensure robust security controls and compliance. You excel at conducting security investigations, analyzing complex events and alerts, and developing actionable metrics. Your familiarity with modern security frameworks, such as MITRE ATT&CK and Cyber Kill Chain, empowers you to identify and mitigate threats proactively. You are detail-oriented, organized, and adept at multitasking, thriving in environments that require prioritization and agility.

You are committed to ongoing learning, staying current with emerging security technologies and frameworks. Your experience spans cloud security (AWS, GCP, Azure), offensive security, and incident response. You enjoy participating in audits and assessments, contributing to a culture of continuous improvement. With strong communication skills and an inclusive mindset, you foster trust and collaboration across diverse teams. If you’re ready to make an impact at the forefront of cybersecurity innovation, Synopsys is the place for you.

Design, deploy, and manage enterprise-grade security solutions including CASB, SSPM, WAF, firewalls, and email protection across global environments. Integrate and implement network security solutions, ensuring seamless operation and compliance with Zero Trust security principles. Enforce CMMC regulations, technical data controls, and export authorization rules, including U.S. person-only access restrictions for controlled systems and datasets. Conduct and support external audits, internal reviews, and compliance assessments related to CMMC and other regulatory frameworks. Research, evaluate, pilot, and implement new security solutions at a global enterprise scale, collaborating with vendors and stakeholders. Investigate security events and alerts from multiple log sources, performing end-to-end security investigations, and reporting actionable findings. Develop and manage the collection, reporting, and analysis of security events and metrics to drive continuous improvement. Participate in incident response processes and supporting light on-call pager duty rotations for critical issues.

Strengthen Synopsys’ global security posture by implementing advanced security controls and best practices. Ensure compliance with CMMC and other regulatory frameworks, enabling secure operations for critical projects. Protect sensitive data, intellectual property, and infrastructure against emerging cyber threats. Drive continuous improvement in security operations through data-driven analysis and proactive risk management. Enhance cross-functional collaboration between engineering, compliance, and executive teams to foster a culture of security awareness. Support innovation by enabling secure cloud implementations and supporting offensive security initiatives.

Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related field required. 5+ years of hands-on experience with enterprise-grade security solutions (CASB, SSPM, WAF, firewalls, email security). 2+ years of experience installing, integrating, and deploying network security solutions. Solid understanding of Zero Trust security principles and architectures. Deep knowledge of CMMC regulations, technical data controls, and export authorization rules. Experience enforcing U.S. person-only access restrictions for controlled systems and datasets. Experience with external audits, internal reviews, and compliance assessments. Broad experience securing cloud implementations (AWS, GCP, Azure) and offensive security domains. Hands-on experience with Zscaler, Palo Alto Networks, ProofPoint, and other leading security platforms. Relevant certifications (CEH, CISSP, GIAC, OSCP, AWS Certified Advanced Networking, Security+) preferred. US citizenship or Green Card required.

XML job scraping automation by YubHub

At Synopsys, we drive the innovations that shape the way we live and connect. Our technology is central to the Era of Pervasive Intelligence, from self-driving cars to learning machines. We lead in chip design, verification, and IP integration, empowering the creation of high-performance silicon chips and software content.

Job Description

We are seeking a motivated and detail-oriented audit professional with a strong interest in technology, information security, and risk management. You will be responsible for planning and executing IT and/or Information Security audits in accordance with the annual audit plan. You will also perform IT risk assessments to identify key risks and support the development and refinement of the annual IT audit plan.

Responsibilities

• Planning and executing IT and/or Information Security audits in accordance with the annual audit plan.
• Performing IT risk assessments to identify key risks and support the development and refinement of the annual IT audit plan.
• Evaluating the design and operating effectiveness of IT General Controls (ITGCs) and, where applicable, IT Application Controls.
• Supporting SOX compliance activities, including walkthroughs, control testing, issue identification, and remediation follow-up.
• Conducting audits over key systems and platforms, including ERP and cloud-based applications (e.g., SAP and/or Salesforce).
• Collaborating with business, IT, and Information Security stakeholders to understand processes, risks, and controls.
• Preparing clear, concise audit documentation, reports, and presentations that communicate findings, risks, and recommendations.
• Tracking and validating remediation of audit findings and control deficiencies.
• Staying current on emerging technology risks, regulatory expectations, and industry best practices related to IT and cybersecurity.

Benefits

At Synopsys, innovation is driven by our incredible team around the world. We feel honored to work alongside such talented and passionate individuals who choose to make a difference here every day. We're proud to provide the comprehensive benefits and rewards that our team truly deserves.

• Health & Wellness: Comprehensive medical and healthcare plans that work for you and your family.
• Time Away: In addition to company holidays, we have ETO and FTO Programs.
• Family Support: Maternity and paternity leave, parenting resources, adoption and surrogacy assistance, and more.
• ESPP: Purchase Synopsys common stock at a 15% discount, with a 24 month look-back.
• Retirement Plans: Save for your future with our retirement plans that vary by region and country.
• Compensation: Competitive salaries.

Team

You will join a collaborative and forward-thinking Internal Audit team that partners closely with the business and technology functions. The team values quality, integrity, and open communication, and provides opportunities to work across a broad range of systems, processes, and risks. You'll gain exposure to senior stakeholders, develop your technical and audit expertise, and play a meaningful role in strengthening the organization's control environment.

XML job scraping automation by YubHub

At Valvoline Global Operations, we're proud to be The Original Motor Oil, but we've never rested on being first. Founded in 1866, we introduced the world's first branded motor oil, staking our claim as a pioneer in the automotive and industrial solutions industry. Today, as an affiliate of Aramco, one of the world's largest integrated energy and chemicals companies, we are driven by innovation and committed to creating sustainable solutions for a better future.

With a global presence, we develop future-ready products and provide best-in-class services for our partners around the world. For us, originality isn't just about where we began; it's about where we're headed and how we'll lead the way. We are originality in motion.

Our corporate values—Care, Integrity, Passion, Unity, and Excellence—are at the heart of everything we do. These values define how we operate, how we treat one another, and how we engage with our partners, customers, and the communities we serve. At Valvoline Global, we are united in our commitment to:

• Treating everyone with care.
• Acting with unwavering integrity.
• Striving for excellence in all endeavors.
• Delivering on our commitments with passion.
• Collaborating as one unified team.

Job Purpose

The Senior Information Security Engineer leads the design, implementation, and continuous refinement of the organization's cybersecurity capabilities. This advanced role requires a deep technical expertise in security technologies and a strategic approach to protecting the organization's information assets. The Senior Engineer is pivotal in conducting complex security assessments, identifying vulnerabilities, and developing robust solutions to enhance the security posture of the organization.

With a strong focus on technical leadership, this individual collaborates closely with the IT department and cybersecurity team to develop secure systems, networks, and applications. Additionally, the Senior Information Security Engineer works hand-in-hand with the IT Governance, Risk Management, and Compliance (GRC) teams to ensure cybersecurity strategies align with organizational policies and regulatory requirements. This involves a strategic partnership to assess risks, manage cybersecurity compliance across systems, and integrate security best practices into GRC frameworks.

The Senior Information Security Engineer is also responsible for researching and integrating new security technologies and best practices into the existing infrastructure to address evolving threats. This role involves critical thinking, problem-solving, and a proactive attitude towards cybersecurity challenges.

How You Make an Impact (Job Accountabilities)

1. Work alongside project leads and IT teams to facilitate a smooth integration of new solutions into the organization's cyber security framework. Provide support during the implementation phase of cyber security tools, ensuring that deployment tasks are completed timely.
2. Actively mentor Information Security Engineering team members, sharing insights on best practices and the latest trends in cyber security tool deployment and management. Foster a culture of continuous improvement and innovation within the cyber security team, encouraging the adoption of emerging technologies and methodologies to enhance the organization’s cyber security posture.
3. Lead the initial configuration of newly implemented tools, applying in-depth knowledge of security standards and operational procedures to create a robust foundation for tool effectiveness. Collaborate with cyber security and IT teams to adjust settings and configurations based on operational feedback and evolving security threats, enhancing the organization's cyber security posture.
4. Provide strategic oversight for the monitoring and management of cyber security tools and systems, ensuring they operate at peak efficiency and are fully aligned with the organization’s cyber security strategies.
5. Act as an escalation point for operational issues in cyber security tools and systems, providing specialized knowledge to resolve more complex problems. Leverage external support resources and serve as the primary point of contact for troubleshooting issues.
6. Participate in the assessment of new cyber security tools, focusing on evaluating their potential operational impact and alignment with the organization’s security needs. Aid in the selection process by contributing insights on tool effectiveness and compatibility with existing systems.

What You Bring to the Role (Job Qualifications / Education / Skills / Requirements / Capabilities)

Education

• Bachelor's degree in information systems, engineering, management, or related field, or equivalent work experience.

Work Experience

• 5+ years of experience in information technology or information security
• Industry certifications such as CISSP, CISM, CCSP, GIAC (GSEC, GCED, GCIA, etc.)
• Vendor-specific certifications (Netskope, Palo Alto, Zscaler, Microsoft purview, Code42 etc.)

Competencies Desired

• Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
• Technical proficiency with security-related systems and applications.
• Experience in developing, documenting and maintaining security procedures.
• Strong knowledge of TCP/IP and network administration/protocols, zero trust principles.
• Hands-on experience with AWS/Azure/GCP security controls
• Proficient knowledge in scripting (Like Python, PowerShell)
• Experience performing security reviews for new systems
• Strong analytical and problem-solving skills to enable effective security incident and problem resolution.
• Excellent documentation skills.
• Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously.
• Ability to work well under minimal supervision.
• Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT-business personnel.
• Strong written and verbal communication skills.
• Strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience and build long-term relationships.

XML job scraping automation by YubHub