The team fosters a collaborative environment and is building a best-in-class program to partner with the business to protect the Firm's information and computer systems.

Principal Responsibilities:

• Provide a high level of security consultancy and engineering support for Windows/Active Directory/Azure security solutions including analysis and development of Windows security solutions.
• Strong understanding of modern authentication protocols, e.g., OIDC / OAUTH 2.
• Contribute to the vision, strategy, and drive design and implementation for authentication platforms both on premises and in the cloud.
• Provide security consultancy and engineering support for SAML, OIDC and Kerberos authentication across different Identity providers, including analysis and development of SSO, PKI, and other authentication solutions.
• Able to demonstrate clear understanding of current risks and threats related to Identity Management at technical and managerial levels.
• Actively monitor new and emerging security and privacy related technologies, trends, issues, and solutions and assess their applicability to key business initiatives and strategies.
• Participate in Information Security Incident Response activities for the Firm's environment.
• Liaison with key stakeholders to create and enforce policy including Technology organization, Trading units, Legal, Internal Audit, and Compliance.
• Provide support to Security and other technical operations staff to ensure smooth turnover from Engineering to Production - and provide mentoring to junior level security professionals.
• Develop and maintain documentation of all Security products including specific tools, technologies, and processes.

Qualifications/Skills Required:

• Bachelor's degree in computer science or engineering preferred.
• 7 + years' experience working in a technical role with a minimum of 2 + years' experience focusing on information security in the financial industry (preferred).
• Excellent understanding and experience of engineering Microsoft security solutions – including desktop and server operating systems, EntraID, Active Directory, Group Policy, Desired Configuration State, DNS, Messaging.
• Ability to understand code in C#/.NET and / or Python and strong scripting experience in PowerShell.
• Experience managing IaaS, SaaS solutions and services using CI/CD pipelines. Jenkins, Terraform experience is a strong plus.
• Solid understanding of SAML, OIDC and Kerberos authentication and related technology controls and best practices.
• Experience with Office 365 security controls including usage of Azure Active Directory, Conditional Access, o365 logging APIs, Microsoft CAS, and Microsoft Authenticator.
• Understanding and experience with implementing Data Loss Prevention (DLP) solutions, policies, and technologies.
• Understanding of Azure Information Protection (AIP) and its components, including labeling, classification, and encryption.
• Ability to develop and implement strategies to ensure compliance with data protection regulations, such as GDPR or HIPAA, utilizing DLP and AIP solutions.
• Strong knowledge and experience in a variety of security technologies including: EDR, SIEM, Vulnerability Management is a plus.
• Relevant security certification (CISSP, GCIA, CISM, etc.) and/or product certifications (PingFederate, Azure, Windows, AD etc.) a plus.

The estimated base salary range for this position is $175,000 to $250,000, which is specific to New York and may change in the future. Millennium pays a total compensation package which includes a base salary, discretionary performance bonus, and a comprehensive benefits package.

XML job scraping automation by YubHub

Identity is the key to unlocking the potential of AI. As an AEM DevSecOps Engineer at Okta, you will oversee and automate our AEM infrastructure with a primary focus on security, reliability, and automated compliance.

Key Responsibilities:

• Identity & Access Management: Configure and manage Auth0 integrations for AEM, including token validation, OIDC/SAML configurations, and custom login modules to ensure secure user authentication.

• Headless Security: Oversee the security of AEM Headless deployments, including protecting GraphQL endpoints, managing CORS policies, and ensuring secure communication for decoupled front-end frameworks (React/Angular).

• Edge & CDN Protection: Manage and configure CDN (e.g., Cloudflare, Akamai, or Adobe-managed CDN) to optimize performance and implement DDoS mitigation strategies.

• Traffic Filtering: Implement and maintain Traffic Filter Rules and Web Application Firewall (WAF) configurations at the CDN level to block malicious spikes and sophisticated application-layer attacks.

• Automated Security Scanning: Integrate security tools (SAST/DAST) and secrets detection into CI/CD pipelines (Jenkins, GitLab) to identify vulnerabilities early in the development cycle.

• Environment Hardening: Install and manage AEM author, publish, and dispatcher instances with a focus on Dispatcher security hardening, SSL certificate automation, and ModSecurity configurations.

• Observability & Incident Response: Monitor system performance and security logs using tools like Splunk or New Relic to proactively address threats and performance bottlenecks.

• Compliance Auditing: Regularly audit the platform and its integrations (Adobe Analytics, Target) to ensure alignment with corporate security policies and industry standards.

Required Skills & Experience:

• Experience: 5+ years in administering and securing AEM environments.

• Identity Services: Proven experience integrating Auth0 or similar Identity Providers (IdP) for enterprise-scale authentication.

• Architectural Knowledge: Strong understanding of Headless CMS security best practices, including API key management and JWT authentication.

• Network Security: Expertise in managing CDNs and implementing DDoS mitigation and WAF rules.

• Technical Stack: Proficiency in Apache Sling, JCR, OSGi, and web servers like Nginx or Apache.

• Automation: Hands-on experience with scripting (Python) and CI/CD tools (Jenkins, CircleCI) to automate security and deployment workflows.

• Cloud Experience: Experience with cloud-based AEM implementations, such as AEM as a Cloud Service (AEMaaCS) or AWS/Azure.

• Diagnostic Skills: Proficiency in analyzing log files, thread dumps, and heap dumps to resolve security incidents or performance outages.

The Okta Experience

• Supporting Your Well-Being

• Driving Social Impact

• Developing Talent and Fostering Connection + Community

We are intentional about connection. Our global community, spanning over 20 offices worldwide, is united by a drive to innovate. Your journey begins with an immersive, in-person onboarding experience designed to accelerate your impact and connect you to our mission and team from day one.

XML job scraping automation by YubHub

We are seeking a GRC Automation Lead to join our GRC organisation and build the technical foundation for how we scale our risk and compliance programs. In this role, you will lead the team that designs and implements automated workflows, data pipelines, and integrations that transform manual compliance processes into scalable engineering systems.

This is a greenfield opportunity to establish the team, architecture, and integrations that will define how we approach governance, risk, and compliance at Anthropic. The core challenge is a data problem: compliance information lives across dozens of systems—cloud infrastructure, identity providers, HR platforms, ticketing tools, code repositories—and your job is to design systems that bring it together, normalise it, and make it actionable.

At Anthropic, you'll also have a unique advantage: the ability to design AI-powered workflows where Claude acts as an extension of your team, handling tasks that would traditionally require additional headcount or manual effort. You'll need ingenuity to identify where agentic AI can accelerate evidence collection, interpret unstructured data, triage compliance gaps, and augment human judgment in risk assessments.

Working closely with Security, IT, and Engineering teams, you'll translate compliance and regulatory requirements into solutions that support audit programs including SOC 2, ISO, HIPAA, and FedRAMP, building systems that combine traditional automation with AI capabilities to achieve scale that wouldn't otherwise be possible.

Responsibilities:

• Lead the team that establishes foundational GRC processes and architecture. Design and build automated workflows for risk management and compliance, creating scalable systems that enable continuous monitoring as Anthropic grows.

• Build data pipelines that aggregate risk, control, and asset information from across our technology stack. This means solving hard data integration problems: mapping disparate schemas, handling inconsistent data quality, and creating unified views of compliance posture through dashboards and reporting tools.

• Inform GRC platform strategy and implementation: in partnership with other programs, evaluate, select, and deploy tooling that meets our compliance requirements.

• Translate written policies and compliance requirements into policy-as-code—working with Engineering and Security teams to express requirements as enforceable rules, automated checks, and continuous validation rather than static documents.

• Establish feedback loops between policy and implementation: surface where technical controls diverge from written requirements, identify where policies need to evolve based on infrastructure realities, and ensure that compliance requirements are expressed in terms engineers can act on.

• Design and deploy agentic AI workflows that extend team capacity, using Claude to automate evidence analysis, monitor control effectiveness, draft audit responses, interpret policy documents, and handle other tasks that require reasoning over unstructured information.

• Design and maintain integrations connecting GRC tooling with cloud infrastructure, identity management systems, HRIS platforms, ticketing systems, version control, and CI/CD pipelines—working with engineers to implement integrations that enable automated evidence collection and continuous compliance validation.

• Build and lead the GRC Automation function as we scale: hiring team members, establishing practices, and defining the technical roadmap for governance and compliance automation at Anthropic.

You may be a good fit if you:

• Have 3-4+ years of experience managing technical individual contributors or systems-focused teams, with a proven track record of building or scaling small teams (2-5 people) in security, compliance, automation, or operations functions.

• Are a systems thinker first. You understand how complex environments work: how data flows between systems, where integration points exist, what breaks when systems don't talk to each other. Your strength is designing the right architecture and environment for security monitoring, not necessarily implementing it yourself.

• Have 5+ years of experience designing automated workflows, data pipelines, or system integrations, whether through traditional development, low-code platforms, GRC tools, or process automation. We care about your ability to solve integration problems, not your programming language proficiency.

• Proficiency to write production level code in at least one programming language (e.g., Python, Rust, Go)

• Have a relentless focus on data integration: you understand how to pull data from multiple sources, normalise it, join it meaningfully, and surface insights. You're comfortable reasoning about messy, inconsistent data and designing systems that handle edge cases gracefully.

• Understand APIs and integration patterns conceptually: REST APIs, webhooks, authentication flows, polling vs. push architectures, and can evaluate systems based on how well they expose data and support automation, even if you're not writing the integration code yourself.

• Can work independently with minimal guidance, taking ownership of complex problems from design through implementation while managing ambiguity inherent in early-stage programs.

• Have strong analytical and problem-solving skills, with the ability to break down complex problems into manageable parts and develop creative solutions.

• Are able to communicate complex technical ideas to both technical and non-technical stakeholders, with a strong focus on collaboration and teamwork.

• Are passionate about staying up-to-date with industry trends and emerging technologies, with a willingness to learn and adapt to new tools and techniques.

XML job scraping automation by YubHub