person looking for a Security Operations Remote Jobs

Get Remote Security Operations Jobs in your mailbox.

443 exciting remote jobs on file from 2500+ top remote companies.

  • Hot new jobs of this week
  • 443 active jobs from past weeks to consult
  • Segmented for USA, Europe or Worldwide.
  • Personally selected for you by our experienced remote hiring managers.


A selection of jobs from the previous newsleterrs.

Maania Consultancy Services is hiring a Remote Senior Application Security Engineer - Remote

Hi,

looking for a Senior Application Security Engineer, Remote. If you are interested please send me your updated resume and expected salary range.

Job Role: Senior Application Security Engineer.
Job Type: Full-time/Permanent.
Location:100% Remote.
Work Authorization: US Citizens.
Clearance:Public Trust Clearance.

Basic Qualifications:
- 3+ years of experience with one or more of the following programming languages: Java, Python, .NET, or C#
- 3+ years of experience with using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
- 3+ years of experience with supporting Veracode Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments
- Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio
- Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
- Knowledge of web protocols and a command-line tool
- Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
- Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues
- Ability to obtain a security clearance

See more jobs at Maania Consultancy Services

Apply for this job

DT Professional Services is hiring a Remote Cyber Security Analyst

Description:

DT Professional Services is seeking a Cybersecurity Analyst to assist our Cybersecurity team and our DoD customers. Cybersecurity Analyst shall assist the Cybersecurity Manager in working the task order-level Task Order Managers, Government management personnel and customer agency representatives. Cybersecurity Analyst will be responsible for developing RMF and other cybersecurity documents on DoD IT systems. Provide Cybersecurity systems administrator support to measure cybersecurity compliance of the operating system and support software; develop and implement security mitigations to reduce the risk of non-compliant controls.

As with any position, additional expectations exist. Some of these are, but are not limited to, adhering to normal working hours, meeting deadlines, following company policies as outlined by the Employee Handbook, communicating regularly with assigned supervisors, and staying focused on the assigned tasks.

Some travel may be required.

Responsibilities:

  • With the support of Technical SMEs, leads the development of all RMF related documents
  • Monitors the status of required updated and STIGS
  • Monitors the status of system vulnerabilities
  • Identifies likely threat vectors and assesses risk
  • Produces weekly reports identifying discrepancies, changes, and forecasts
  • Tracks milestones, scheduled completion dates, and resources required
  • Identifies compliance discrepancies and resource gaps

Requirements:

Basic Qualifications:

  • High School Diploma or GED equivalent and 2 years’ relatable experience
  • Security+ certification
  • 4+ years’ in network security
  • 5+ years’ of reporting vulnerability scan compliances
  • 2+ years’ of forecasting vulnerability probabilities
  • 1+ years’ of software or system vulnerability analysis reports (ACAS, STIG Viewer, and SCAP) 
  • Ability to obtain and maintain a DoD Secret Security Clearance

Preferred:

  • Navy Qualified Validator Level II
  • CompTia Security +
  • Bachelor's degree and 4+ years of prior relevant experience or Master's degree with 2+ years of prior relevant experience
  • Certified Information Systems Security Professional (CISSP) certification
  • Cybersecurity Workforce Level I, II, or II

See more jobs at DT Professional Services

Apply for this job

BlueVoyant is hiring a Remote Senior Security Content Engineer

Senior Security Content Engineer

Location: Full-Time Remote

BlueVoyant is looking for a Security Operations Center (SOC) Security Content Engineer to help our global customers manage their Splunk cloud security solutions. You will be part of a fast-paced team that helps customers to efficiently and effectively derive security insights through generating detection logic, automation and visualizations.

Key Responsibilities

  • Ideate and create client-facing detections to surface security and IT operations concerns
  • Collaborate with clients to design and implement visualizations to assist clients with understanding security posture, interesting events, and operations metrics
  • Assist clients with testing and tuning detection logic to minimize false positives, alert duplication, and whitelisting 
  • Identify opportunities for client-specific needs to become base content for all MSS, including rules, automations, and dashboards 
  • Assist integration teams in identifying opportunities for log content reduction and removal irrelevant events
  • Deliver functional value resulting from research in the form of queries, signatures, rules, and contextual information (knowledge base articles)
  • Serve as a Technical SOC SME in support to customers (customer facing) and support to sales and marketing
  • Supplemental in-depth research of exploits and vulnerabilities which have a high likelihood of occurring within BlueVoyant customer environments
  • Assist in the advancement of security policies, procedures, and automation
  • Serve as the technical escalation point and mentor for junior detection engineers and Sentinel support staff
  • Regularly communicate with customer IT teams to inform them of issues, help them remediate, and ensure that they continue to operate business as usual
  • Assist with advancing security standard operating procedures and incident response reporting.

Qualifications

  • Excellent teamwork skills
  • Previous signature writing / algorithm creation experience
  • Ability to analyze event logs and recognize signs of cyber intrusions/attacks
  • Hands-on experience with Microsoft Azure Sentinel, Defender ATP, O365 ATP, and other Microsoft security suites.
  • Hands-on experience with Splunk SPL.
  • Strong experience with scripting languages (Python, PowerShell, others)
  • Strong experience with digital forensic analysis (host, network, other) and blue team operations
  • Strong knowledge and understanding of network protocols and devices.
  • Ability to work directly with customers to understand requirements for and feedback on security services
  • Advanced written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
  • Strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team
  • Skilled in the creation of signatures for security tools
  • Familiarity with tools such as Wireshark, TCP Dump, Security Onion, and Splunk
  • Strong knowledge of the following:
    • SIEM
    • Packet Analysis
    • SSL Decryption
    • Malware Detection
    • HIDS/NIDS
    • Network Monitoring Tools
    • Case Management System
    • Knowledge Base
    • Web Security Gateway
    • Email Security
    • Data Loss Prevention
    • Anti-Virus
    • Network Access Control
    • Encryption
    • Vulnerability Identification

Preferred Qualifications

  • Experience in intrusion analysis, digital forensics, penetration testing, detection engineering or related areas
  • 7+ years of experience in information technology or information security, 4 of which were spent dealing directly with SIEM solutions and detection content creation
  • Microsoft 365 Certified: Security Administrator Associate and GCFA, GCFE, or OSCP preferred
  • Familiarity with Azure, .Net programming, Jupiter notebooks, and scripting / development using web APIs 

Education

  • Minimum bachelor’s degree in Information Security, Computer Science, or other IT-related field or equivalent experience

About BlueVoyant

At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability!

Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200 and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies.

Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest and Latin America.

All employees must be authorized to work in the United States. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.

See more jobs at BlueVoyant

Apply for this job

Agnos is hiring a Remote Director of IT & Security (USA)

This job opportunity is for an Agnos Healthcare Client who has served over 3.5 million patients to date and currently has over 3,500 active patients. They are a global leader in their healthcare specialization.

ABOUT US

Agnos is a healthcare-focused technology consultancy. We are building solutions that improve the lives of patients and their providers by making empathy central to our design and development. Our partnership with medical practices and other healthcare tech companies has helped raise the bar for product development and service delivery in an industry that is full of untapped opportunities.

One of the services that we provide our clients is Recruiting as a Service where we help our clients create job descriptions, find awesome candidates for these jobs, interview these candidates with our world-class Subject Matter Experts, and then help with hiring and onboarding of the new employees that we helped our client find. 

ABOUT OUR CLIENT

Our client is the nation's highest quality provider of home-based wound management services. As the country's fastest-growing wound care company, they provide comprehensive wound management services to Health Plans representing 25 million lives in Florida, California, Nevada, Puerto Rico, and Texas.

They have always strived to bring effective wound care to the patients who need it the most and provide evidenced based, wound management services to patients wherever they reside. This ensures improved access to care, time to care, and quality of care. As the leader in live-streaming telehealth, health informatics, and Sequential Assisted Logic (SAL), they ensure clinicians follow the latest evidence-based guidelines and track outcomes to increase transparency between all stakeholders.

 WHAT DOES THIS ROLE HOLD FOR YOU?

In this role with our client, you and your team will focus on transforming the healthcare experience using the wound care industry’s most modern, flexible, and powerful cloud-based platform to help the provider organizations maximize administrative efficiency and clinical effectiveness while connecting and collaborating directly with patients to ultimately achieve better patient outcomes.

  • Develop security policies, standards, and procedures for all endpoints, networks, servers, and application systems as well as maintain and update Information Services (IS) Standards & Procedures.
  • Interface with clients and vendors as necessary to consult on security matters.
  • Develop and lead incident response plans and efforts.
  • Proactively review corporate applications, servers, and the network for current and potential vulnerabilities, attempted intrusions, and take corrective action including hardware and software upgrades for security platforms.
  • Evaluate and respond to security threats and/or events by continually assessing real-time logs and performing packet analysis for the enterprise network, while measuring and documenting performance and threat/risk metrics.
  • Act as a member of the Technology Department leadership team, helping to drive the overall vision of the department.

WHAT YOU BRING

  • Professional experience in managing information security operations, analyzing and applying information security, risk management, and privacy practices.
  • Knowledge of national and international regulatory compliances and frameworks such as HIPAA and HITRUST.
  • Bachelor's degree in information technology, information security, computer science or related field, or equivalent years of experience.
  • 7+ years of relevant professional experience, including 3+ years experience in an IT leadership role.
  • Experience with modern cloud-based IT infrastructure across a range of corporate and business functions (marketing, HR, finance, operations, product, engineering).
  • Experience building and maintaining robust MDM solutions to support our remote-first workforce across all departments.
  • Strong knowledge of systems and networking software, hardware, and networking protocols.
  • Experience building and scaling an IT operations team and security program.
  • Excellent skills in collaborating with stakeholders inside and outside of your team.
  • Experience running IT in a fast-paced, high-growth company. Startup experience is a plus.
  • Experience in a remote-first IT environment.
  • Advanced IT security certifications are strongly preferred.
  • Experience in healthcare or similarly regulated industry is strongly preferred.
  • Experience in overseeing SOCII and HiTrust audit processes as well as all policies and controls to support.
  • Experience in managing cloud and endpoint hardening baselines to ensure consistent implementation company-wide.
  • Technical proficiency, knowledge, and understanding of the following:
    • Web and email content filtering rules, threats, and blocklists
    • Data networking concepts and LAN/WAN topologies
    • Azure Active Directory and Group Policy in our Windows Domain environment
    • Vulnerability Management, mitigation, and correction
  • Ability to train other areas of business on security concepts and best practices.
  • Strong problem-solving and analytical skills​​​​​.

BONUS POINTS

  • Prior experience working in the healthcare industry is an added advantage.

WHAT’S IN IT FOR YOU

  • An opportunity to bring a positive difference to people’s lives with your work, exercise, empathy, and the satisfaction of working with a purpose-driven team.
  • We like to pay the best compensation in the industry to our teammates as we are obsessed with the happiness of the people we work with as much as we are obsessed with everyone's success.
  • Ability to work from anywhere in the world from the comfort of your home. 
  • Work laptop.
  • Medical, Dental & Vision insurance.
  • Paid time off.
  • 401K plan.
  • Education/certification reimbursement.
  • Extensive Wound Care training.
  • Life & Disability insurance.
  • Additional Benefits.

See more jobs at Agnos

Apply for this job

Koombea Inc is hiring a Remote Cloud Security Engineer

Remote, Latam | Full Time | 5+ years experience | English (B2) | Competitive Salary

 

Why Apply to Koombea?

Did you know that Koombea is one of Latin America's fastest-growing software development companies? We help our clients all over the world build digital products that make users' lives better.

By joining our team, you will not only receive amazing benefits and become part of a flexible and innovative work culture. You will also get to share directly with some of the region's most talented and intelligent software developers.

 

The Job

As part of the Koombea GRC team the Cloud Security Engineer focuses on identifying and analyzing the requirements of and threats to cloud systems; recommending, implementing and testing security controls and services in cloud environments; performing security audits of cloud infrastructure, services and applications; and participating in Business Continuity and Incident Response activities.

The Cloud Security Engineer participates in enterprise architecture processes; collaborates with developers and DevOps engineers to deliver creative and effective solutions; automates security controls, data and processes to provide improved metrics and operational support; and creates, reviews and maintains documentation in accordance with policy and procedure. Must have the ability to qualitatively understand business processes, and have a strong familiarity with Linux and Windows operating systems and cloud provider ecosystems.

 

What You’ll Do

  • Identifying requirements, threats and risks to cloud systems
  • Designing, implementing and testing cloud security controls
  • Automating controls, data and processes
  • Perform security audits of cloud infrastructure and systems and provide remediation recommendations, prioritization, and support of remediation activities 
  • Providing consulting support on matters related to cloud security. 
  • Maintaining relevant documentation as needed (e.g., procedures, diagrams, design documents, implementation and troubleshooting guides).

 

What You Bring to the Team

  • 5+ years of proven experience l Must Have
  • Experience in public cloud platforms (Azure, AWS, GCP) l Must Have
  • Certification as a Cloud Security Professional (CCSP) or equivalent is a plus l Must Have
  • Skilled  in  Linux  operating  systems  (Debian, Ubuntu,  RHEL)  and  experience  with Linux containers l Must Have
  • Experience with penetration testing and forensics tools such as Kali Linux and FTK; testing best practices (OWASP and OSCP), and common methods and techniques of malicious actors (MITRE ATT&CK Framework) l Must Have
  • Demonstrated knowledge of cloud infrastructure security controls such as Identity & Access  Management  (Oauth,  AD) and network  security  (e.g.,  Application  Gateway, Web Application Firewalls) l Must Have
  • Experience with Software Composition Analysis, SAST and DAST l Must Have
  • Knowledge of OSINT techniques and sources, data analytics and Python l Must Have
  • Knowledge of ISO, NIST and other security frameworks l Must Have
  • Able to articulate cyber risks in a business context l Must Have
  • Passionate about the mission of protecting the company against cyber threats l Must Have
  • Experience developing automation to solve security problems at scale l Must Have
  • Organized  and  efficient;  able  to  focus  on  critical  tasks  and  meet  occasionally demanding deadlines l Must Have
  • Strong written and verbal communications skills (English B2) l Must Have

 

We Offer You

  • Flexible Working Schedule
  • Health Insurance
  • Remote Work
  • Competitive Compensation
  • Performance Bonuses
  • Surprise Goodies

+ Many Cool Benefits

 

About Koombea

Koombea is an international app development company founded in 2007. We've built hundreds of apps. Some of them have been acquired by companies like Google, Motorola Solutions, Demandforce, Facebook, and Skype.

 

Life at Koombea

If you are looking for a fun and international environment where you can interact with super-smart people, this is the right place for you. 

Join our company and enjoy a healthy work-life balance where flexibility is vital. You will be able to manage your schedule and your career so that you make the most out of your experience at Koombea.

 

Hiring Process

1. Apply

Send us your CV and our team of recruiters will evaluate it.

2. Interviews

Key team members will invite you to meetings to get to know you better.

3. Coding Test

You’ll get to show off your technical skills.

4. Decision

We will let you know if there is a strong fit.

 

Do you have any questions? 

We’d love to hear from you. 

Feel free to contact us at recruiting@koombea.com

Related Jobs

  1. Technical Product Owner
  2. Ruby On Rails Tech Lead

Not ready to apply? 

Follow us, join our community and stay in the loop.

 

Position Highlights

  • Full Time
  • English (B2)
  • Remote, Latam
  • 5+ years of experience

 

#Li-Remote

 

See more jobs at Koombea Inc

Apply for this job

Vodeno is hiring a Remote Application Security Engineer

What we do


Hi, we are Vodeno. We are aBanking-as-a-Service provider

Supported by a leading global equity firm and the ecosystem of nearly 90 partners, our Platform opens new opportunities to businesses across Europe to integrate financial products and services into their solutions.

Based on financial sector know-how and expertise in cloud technology, we provide a set-up of customer-facing and daily banking services which include: digital onboarding, accounts, cards, payments, and lending with a white-label mobile app channel access. 

As we enter the phase of accelerated growth, we are looking for an experiencedApplication Security Engineerto strengthen our team.

 

What you will be doing

  • Ensuring that every security step of the software development follows security best practices
  • Performing application security reviews and threat modelling, including code review and dynamic testing
  • Performing application security vulnerability management
  • Supporting and consult with product and development teams in the area of application security
  • Assisting in creation of security training for developers
  • Assisting in development of automated security testing to validate that secure coding best practices are being used.

 

Skills you should have 

  • Strong experience in security research, including understanding of application security attacks and vulnerabilities
  • Knowledge of at least one of the following programming languages: Java, GO, Python
  • Knowledge of web application security vulnerabilities
  • Experience in static code analysis 
  • Strong cryptography capabilities
  • Experience with automation of tasks to reduce manual security verification results
  • Familiarity with common security libraries, security controls, and common security flaws
  • Basic development or scripting experience and skills
  • Experience with OWASP, static/dynamic analysis, and common security tools

 

What we offer

You will have opportunities to grow, and we will provide you with aprofessional growth budget. As a Google Cloud Partner, we organizeVodeno Cloud Academyand you canget officially certified by Google

We offer aflexible form of contractandflexible work location: home/office —  according to your preference. 

You and your closest family will be covered withVIP level private medical care, so you do not have to wait for the doctor’s help in case you or your family ever need it. 

You will work on computer equipment that delivers the best user experience —Apple MacBook Pro. 

If you decide to work from the office there will beplenty of healthy food(and great coffee too!), which you are welcome to enjoy throughout the day. 

We are located in abeautiful office at Elektrownia Powiśle, which is not only walking distance from Bulwary Wiślane (for summer outings) but also allows a convenient commute across Warsaw (the nearest metro station is Centrum Nauki Kopernik). If you like cycling, we have bicycle parking for your machine!

 

Our process 

We keep our recruiting process simple. 

Step 1:Talk with one of our Recruiters about your to date experiences and ambitions

Step 2:Meet with your future colleagues for a technical interview 

 

Equal opportunity statement

At Vodeno we embrace diversity in all of its forms and nurture an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of opening new opportunities to businesses and people.

We're an equal opportunity employer. All applicants will be considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity status or disability status. 


Please read our privacy policybefore you submit your application.

See more jobs at Vodeno

Apply for this job

PrismHR is hiring a Remote Cybersecurity Engineer

Please note: This position can be remote/telecommute. We are currently accepting applications from those located in the Northeast, Midwest, and South. 

PrismHR is seeking a creative, and dynamic Security Engineer to join our new, growing, highly visible, security team focused on security at PrismHR. In this role, you will build innovative tools, perform application vulnerability assessments, conduct web application security scans, analyze the results, prioritize vulnerabilities, research, and propose remediation steps. You will be a part of our collaborative culture and engage cross-functional team members across the software and product development organization.

Responsibilities:

  • Coordinate with Cyber Defense resources, Infrastructure teams, and Application/Product leads to manage and administer the updating of rules and signatures for the various cybersecurity solutions
  • Perform system administration and management on specialized cyber defense applications and systems to include installation, configuration, maintenance, backup, and restoration.
  • Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources.
  • Assist in assessing the impact of implementing and sustaining cyber defense infrastructure.
  • Administer test bed(s), and test and evaluate applications, hardware infrastructure, rules/signatures, access controls, and configurations of platforms managed by service provider(s).
  • Identify potential conflicts with implementation of any cyber defense tools (e.g., tool and signature testing and optimization).

Qualifications:

  • 5 to 7 years of experience in securing IT systems with 3 years of direct cybersecurity experience
  • 2 years of experience securing or utilizing one of the major cloud platforms (Azure, AWS, and GCP) preferred

Knowledge and Experience:

  • Computer networking concepts, protocols, and network security methods, scripting and coding techniques (Python, json, apis, etc.), cyber threats and vulnerability management
  • Data backup and recovery to restore systems/platforms, email security filtering, cybersecurity and privacy principles, virtual private network (vpn) security
  • Web application filtering technologies, security architecture concepts and principles based on defense-in-depth, identity and access management concepts, processes, and integrations
  • System, network, and os hardening techniques, security logging for both on premise, bare-metal, and cloud-based platforms, Endpoint protection and management
  • Intrusion detection system (ids)/intrusion prevention system (ips), data loss prevention (dlp), cloud access security broker (casb), and secure web gateways (swg).

Certifications:

  • Certified Information Systems Security Professional (CISSP)
  • SANS/GIAC Certification (Various)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)

 

#LI-REMOTE

PrismHR is a fast-paced SaaS company which provides customers with a cloud-based payroll process software application. PrismHR also provides professional services including system implementation consulting, custom configurations, and training. Lastly, via the Company’s Marketplace platform customers and end users access other human resources and employee benefits applications from PrismHR’s Marketplace Partners.

DEI Statement

We are committed to building an inclusive, diverse community that celebrates and welcomes everyone regardless of race, color, religion, national origin, age, sex, sexual orientation or gender identity or any other legally protected characteristics, we consider everyone equally.

We’re proud to be an Equal Opportunity and Affirmative Action Employer, and we’d encourage you to join us whatever your background. We particularly welcome applicants from traditionally underrepresented groups.

If you require any adjustments or accommodations due to a disability, or any other reason that may help you in your interview process, please let us know.

#LI-ML1

See more jobs at PrismHR

Apply for this job

LTG is hiring a Remote Senior Network Security Engineer (PeopleFluent) UK, REMOTE

Senior Network Security Engineer will report directly to PeopleFluent’s Director of Hosting Services. An exemplary candidate will have experience managing security projects and has a strong technical background in both networking and security.

Responsibilities

  • Own the design, implementation, and maintenance of our network and security infrastructure.
  • Hammer out routine change requests on networking and firewall devices.
  • Continuously improve our security posture with advanced threat detection and recovery methodologies (SIEM).
  • Collaborate with our team, partners, and vendors to integrate best practice methodologies at all levels within the hosting network.
  • Serve as the technical leader for various network and security projects. Projects include MFA, rolling out OTP devices, and optimizing log analysis/alerting.
  • Participate in compliance and security audits and advocate for strong security discipline.
  • Work collaboratively with colleagues in Corporate IT and Product Development to facilitate best security practices related to user access, data transfer, and product deployment to minimize risks to our hosted environments.
  • Serve as a member of PeopleFluent’s 24/7 Response Team by participating in on-call rotations and off hours escalations to keep our systems up and running.

What you need to be successful in this role:

  • You communicate when you need help, don’t understand requirements, think there’s a better path forward, etc. Open communication is key to the success of our team.
  • You must be able to work in a fast paced environment and maintain your cool.
  • You must understand and be able to support high availability networks.
  • You have a deep understanding of security and networking best practices.
  • You are well versed in subnet masking, VLANs, NAT.
  • You are well versed in routing configurations (OSPF, static, etc).
  • You have hands-on experience with firewall technologies, WAFs, and IDS/IPS. The type of device matters less than a deep understanding of how these devices function and their best practices.
  • You can create and organize great documentation, usually without being prompted. We are huge fans of clear and concise documentation.
  • You are capable of performing network analysis and proactive monitoring.

Nice to haves:

  • You’ve been through ISO and SOC audits and understand the how and why of security practices and building solid audit trails.
  • Experience with point to point circuits, MPLS, VPNs, and tunneling in general.
  • Experience with Load balancers (such as F5s).
  • You have both public cloud and on premises infrastructure experience.
  • Automation of your daily activities is second nature.


About the company:

PeopleFluent provides flexible cloud solutions that put learning at the heart of talent strategy. As a market leader in integrated talent management and learning solutions, PeopleFluent helps companies hire, develop, and advance a skilled and motivated workforce. Deployed separately or as a suite, our Recruiting, Onboarding, Performance, Succession, Compensation, and Learning solutions deliver a superior user experience that guides managers and employees with contextual learning – right in the flow of work.

PeopleFluent Learning is part of Learning Technologies Group plc (LTG).

For more information, visit www.peoplefluent.com.


We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.



EOE, including disability/vets


See more jobs at LTG

Apply for this job

Shopify is hiring a Remote Director of Security Engineering (Remote, North America)

Company Description

At Shopify, we build products that help entrepreneurs around the world to start and grow their businesses. We’re the world’s fastest growing commerce platform and we have no plans of slowing down!

Job Description

We’re looking for an experienced security leaderto join Shopify’s Trust team and lead our Active Defence team. 

Shopify has grown rapidly over the last number of years. Through a series of safeguards, the Trust team has created a safe environment for employees to do their best work without risking our merchants' trust. The Active Defence team is always monitoring for risk and when bad behaviours are detected (internally and externally), the team jumps into action to remediate the situation. 

As the Director of Security Engineering for the Active Defence team, you’ll be responsible for defining and growing the security incident response and security operations strategy, roadmap and team. You’ll be expected to scale the incident response function using technology, automation and best practice.

This is a trailblazing team! You will have the creative freedom to make a real difference and the chance to work with the best talent. Sounds like the place for you? Read on, and we'd love to hear from you!


Responsibilities: 

Here’s what you can expect from the role - an opportunity to:

  • Lead engineering and operations teams to enhance our security incident response capability and perform scalable security alert management.

  • Build and establish the methodology and tooling to operate security incident response and alert management at scale. 

  • Use data to define and develop metrics to tell the security incident response story.

  • Organize and run regular game day and crisis scenarios exercises.

  • Be willing to roll up your sleeves and participate in critical security incident response and mitigation efforts. 

  • Provide direction, mentorship and support to a team of incident responders, security analysts, security engineers and security support specialists.

  • Grow the team through hiring and development. 

  • Champion the incident response craft, along with leaders from other Shopify teams.

  • Work with senior stakeholders and be a security advocate at Shopify. 

Qualifications

While we don’t need you to have specific experience with our technology stack, this is a leadership position that requires that you have: 

  • Demonstrated proficiency in building and operating security incident response and security operations programs in a technical environment. 

  • Experience being the lead technical responder or participating in large scale and complex security incident response in a cloud-based or zero trust environment, leveraging strong analytical and data literacy skills to find the needle in the haystack.

  • Proven management and leadership skills, allowing you to develop and mentor others.

  • Experience executing broader security strategies while building credibility with your team.

  • Familiarity working with senior stakeholders across the organization, both technical and non technical, to develop roadmaps, integrate with larger company initiatives and deliver business and security value. 

  • Experience working in a SaaS company.
     

It would be great if you had experience in some of the following:

  • Knowledge of and/or experience with technologies such as Google Cloud Platform, Kubernetes, Splunk, Okta, Google Workspace, GitHub, etc… .

  • Working with large datasets to gather insights and validate assumptions.

  • Participating in an on-call rotation.

  • Leveraging technology to automate manual work.

Additional Information

We know that applying to a new role takes a lot of work and we truly value your time. Marina is looking forward to reading your application!

This posting will close on Thursday, May 5, 2022 at 11:59PM EDT.

Shopify is now permanently remote, and we’re working towards a future that is digital by design. That location you see above? Consider it merely an example of hundreds of potential locations Shopify is hiring. Learn more here:https://www.shopify.com/careers/work-anywhere

Our belief is that a strong commitment to diversity & inclusion enables us to truly make commerce better for everyone. We encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities, and/or people with intersectional identities. Please take a look at our Sustainability Reports to learn more about Shopify’s commitments to our communities, and our planet.

At Shopify, we understand that experience comes in many forms. We’re dedicated to adding new perspectives to the team - so if your experience is this close to what we’re looking for, please consider applying.

See more jobs at Shopify

Apply for this job

Shopify is hiring a Remote Director of Security Engineering (Remote, Europe)

Company Description

At Shopify, we build products that help entrepreneurs around the world to start and grow their businesses. We’re the world’s fastest growing commerce platform and we have no plans of slowing down!

Job Description

We’re looking for an experienced security leader to join Shopify’s Trust team and lead our Active Defence team. 

Shopify has grown rapidly over the last number of years. Through a series of safeguards, the Trust team has created a safe environment for employees to do their best work without risking our merchants' trust. The Active Defence team is always monitoring for risk and when bad behaviours are detected (internally and externally), the team jumps into action to remediate the situation. 

As the Director of Security Engineering for the Active Defence team, you’ll be responsible for defining and growing the security incident response and security operations strategy, roadmap and team. You’ll be expected to scale the incident response function using technology, automation and best practice.

This is a trailblazing team! You will have the creative freedom to make a real difference and the chance to work with the best talent. Sounds like the place for you? Read on, and we'd love to hear from you!


Responsibilities: 

Here’s what you can expect from the role - an opportunity to:

  • Lead engineering and operations teams to enhance our security incident response capability and perform scalable security alert management.

  • Build and establish the methodology and tooling to operate security incident response and alert management at scale. 

  • Use data to define and develop metrics to tell the security incident response story.

  • Organize and run regular game day and crisis scenarios exercises.

  • Be willing to roll up your sleeves and participate in critical security incident response and mitigation efforts. 

  • Provide direction, mentorship and support to a team of incident responders, security analysts, security engineers and security support specialists.

  • Grow the team through hiring and development. 

  • Champion the incident response craft, along with leaders from other Shopify teams.

  • Work with senior stakeholders and be a security advocate at Shopify. 

Qualifications

While we don’t need you to have specific experience with our technology stack, this is a leadership position that requires that you have: 

  • Demonstrated proficiency in building and operating security incident response and security operations programs in a technical environment. 

  • Experience being the lead technical responder or participating in large scale and complex security incident response in a cloud-based or zero trust environment, leveraging strong analytical and data literacy skills to find the needle in the haystack.

  • Proven management and leadership skills, allowing you to develop and mentor others.

  • Experience executing broader security strategies while building credibility with your team.

  • Familiarity working with senior stakeholders across the organization, both technical and non technical, to develop roadmaps, integrate with larger company initiatives and deliver business and security value. 

  • Experience working in a SaaS company.
     

It would be great if you had experience in some of the following:

  • Knowledge of and/or experience with technologies such as Google Cloud Platform, Kubernetes, Splunk, Okta, Google Workspace, GitHub, etc… .

  • Working with large datasets to gather insights and validate assumptions.

  • Participating in an on-call rotation.

  • Leveraging technology to automate manual work.

Additional Information

We know that applying to a new role takes a lot of work and we truly value your time. Marina is looking forward to reading your application!

This posting will close on Thursday, May 5, 2022 at 11:59PM EDT.

Shopify is now permanently remote, and we’re working towards a future that is digital by design. That location you see above? Consider it merely an example of hundreds of potential locations Shopify is hiring. Learn more here:https://www.shopify.com/careers/work-anywhere

Our belief is that a strong commitment to diversity & inclusion enables us to truly make commerce better for everyone. We encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities, and/or people with intersectional identities. Please take a look at our Sustainability Reports to learn more about Shopify’s commitments to our communities, and our planet.

At Shopify, we understand that experience comes in many forms. We’re dedicated to adding new perspectives to the team - so if your experience is this close to what we’re looking for, please consider applying.

See more jobs at Shopify

Apply for this job

+30d

Cloud Security Engineer

DNAnexusMountain View, CA, USA, Remote

DNAnexus is hiring a Remote Cloud Security Engineer

Company Description

DNAnexus is the leading cloud-based SaaS company serving the global life science community. DNAnexus’ health informatics platform serves customers across a spectrum of industries — government, biopharmaceutical, clinical diagnostics, healthcare, and academic research in 33 countries with compliant protection of data, privacy, and intellectual property. The platform provides a secure and collaborative environment where genomics, multi-omics, and real world data can be combined with clinical data at scale, providing new insights that can lead to improved diagnostics, new targeted therapies and better patient care.

The Security Mission

Our customers depend on the secure and reliable operation of the DNAnexus platform to run their business.  From clinical research to large-scale multi-omics computation, our platform is essential to tackle some of the most exciting opportunities in human health.  With DNAnexus, organizations can stay a step ahead in leveraging genomics to achieve their goals.  DNAnexus brings it all together on a single secure, resilient, and  scalable platform.

Key Company Highlights

  • Founded in 2009 by leading Stanford genomic scientists, headquartered in Mountain View, CA, 140+ employees.
  • Generating significant revenue, global footprint, ramping rapidly; with Enterprise customers including Ancestry, Regeneron, Natera, Johns Hopkins, FDA, Myriad Genetics, St Jude among others.
  • FedRAMP Moderate ATO (“Authorized-To-Operate”) platform with current certifications in ISO27001, and HITRUST.
  • Engaged on a 5 year, $20M contract with the FDA to power the precisionFDA collaborative omics environment in the cloud.
  • Well funded by Tier-1 investors including Blackstone Group, Foresite Capital, Google Ventures, Perceptive Advisors, Northpond Ventures and TPG Capital, among others.
  • Massive, evolving market opportunity that hasn’t been adequately addressed yet.
  • Passionate and proven executive leadership team with deep genomics, big data/analytics, and cloud expertise.   

Job Description

Through close collaboration with DevOps, Site Reliability Engineering, and Software Engineering colleagues, you’ll design, recommend, and implement security controls that operate at the edge, cloud fabric, and workload container level.  You’ll leverage both open source and cloud-provider managed services to mature our existing controlset in a FedRAMP Moderate and GxP compliant environment.

You’ll have a key role in our incident response and business continuity plans and operate in a peer group with our Site Reliability and Release Engineering teams.  Together, you’ll build architectures that scale and define the next target state for life science and genomic analytics.  You’ll also partner with our Detection and Response team to provide instrumentation and control recommendations to prevent fraud and improve the resilience of our platform.

The problems you will solve:

  • You’ll design security and control systems that easily replicate across regions and cloud providers.
  • As our business scales, the controls you design also need to scale, efficiency, resilience, and maintainability will be driving considerations in everything that you do.
  • You’ll work with engineering and DevOps colleagues to adopt cloud-native architectures for new systems and the refresh of existing systems.
  • You’ll be an essential part of our collaboration and relationship with our cloud service providers (CSP), and will lead the company in leveraging new technologies and services that our CSPs make available.  You’ll also participate in voice-of-customer engagements to give direct feedback to our CSP partners.
  • While constantly evaluating opportunities for control improve how to add and mature security controls without impacting deployment speeds and platform stability
  • Most importantly, you’ll develop close, collaborative relationships with other technical experts in our  Engineering, SRE, DevOps, IT, and Detection & Response functions.

Qualifications

  • You’ll need to have a working proficiency with python and terraform, and be able to bring examples of how you’ve solved problems using these languages in the past.
  • Your goto method for defining infrastructure components is in code and you’re familiar with deploying infrastructure via a CI/CD pipeline.  You’ll also support modifications& enhancements for that deployment pipeline.
  • You’ve worked with cloud-native infrastructure in the past.  At a minimum, this includes experience with AWS.  We’re also interested in your Azure and Google Cloud experience and you’ll have opportunities to continue developing those skills with us.
  • Prior experience in a regulated environment (ISO27001, SOC2 Type II, FedRAMP Moderate) and within the Lifesciences will give you a solid foundation for success in this role.

Personal Attributes and Values:

  • You personally enjoy contributing to the security community and driving our industry to do better.
  • Complex problems intrigue you and you leverage creative problem solving skills as well as the ability to ignite the creativity of others to solve these problems.
  • Flexible, nimble, and scrappy; startup mentality and willingness/ability to change direction quickly if best for the business.  You understand and can navigate the tradeoffs that allow us to manage our technical debt load.
  • You drive for efficiency and low-effort supportability in the infrastructure you build.  
  • Core to your approach is continual learning and self-development.  You ask others to help with your learning and support them in their learning.
  • You can extract lessons from failure and look at each project you undertake as an opportunity to improve and a fresh opportunity for success.
  • A self starter that can work independently and collaboratively across multiple workstreams without technical program management support. You place a priority and substantial focus on personal relationships with the other experts that you work with.
  • Able to earn the respect of the team on the basis of crisp execution, technical depth, hands-on style, and strategic decision making ability.
  • Takes a data centric, objective approach to decision making and has the ability to put aside personal preferences, historical bias, peer pressure and political influences to arrive at decisions on a reasoned, objectively-defensible basis.
  • A positive, energetic, can-do attitude. High EQ, hungry to succeed, achievement orientation, self-motivation.  Highly confident, yet humble and self-aware.
  • Entrepreneurial DNA; not afraid to take calculated risks, brings a mentality of rapid innovation and the desire to attain big goals.
  • High integrity, principles, and ethics.

Additional Information

Based in Mountain View, California, DNAnexus is experiencing rapid growth and is searching for the best talent to join our team. We recently completed a $200 million financing round to advance our growth globally to further serve leading healthcare and life science organizations. Key investors include Blackstone Group, Google Ventures, Perceptive Advisors, Northpond Ventures, TPG Biotech, and Foresite Capital.

We look forward to meeting you and learning more about your career objectives - apply today!

See more jobs at DNAnexus

Apply for this job

+30d

Cyber Security Engineer

ErgomedOccam Court, Occam Rd, Guildford GU2 7HJ, UK, Remote

Ergomed is hiring a Remote Cyber Security Engineer

Company Description

Ergomed plc is a public company listed on the London Stock Exchange, with its Headquarters in Guildford, Surrey.  The company employs more than 1,400 people across 20 offices globally. 

It is a rapidly growing and successful company.  This success is due to the hard work of our highly skilled employees and our subsequent reputation for excellence with our clients.

Job Description

The Cyber Security Engineer will be responsible for working with a range of tools and technologies in order to maintain a secure cloud-first computing environment globally in 20 offices.

This is a varied position that will allow you to work across the technology stack in the business.

You will ensure our business assets are protected in line with the corporate information security program and that compliance is achieved against a variety of technology regulations and requirements present in the pharmaceutical industry.

You will identify, evaluate, manage, remediate and report on information security risks across servers, endpoints, identities, data stores and the network.  Reporting directly to the Senior Director of Information Security, you will be part of a new team with the opportunity to contribute to how the job should be done.

As part of the new security operations team, you will liaise closely with infrastructure and support teams to ensure availability of systems is maintained while carrying out your security work.

The opportunity will suit someone who has performed in a desktop support role with exposure to enterprise-wide security tasks such as anti-virus, patching and endpoint management who would now like to add experience with servers and network devices, plus pure cyber skills, such as malware analysis, firewall and intrusion management to their CV.

The position would also suit someone with experience of working in a SOC who would now like more variety and closer contact with the technology.  This role will see you working with any and all of the various security products across the company.

Key Responsibilities:

·       Day to day oversight of the desktop and server patch program to ensure rapid remediation of all published Microsoft vulnerabilities affecting our IT estate.

·       Day to day management of the vulnerability scan program to ensure full visibility of vulnerabilities across all devices and software.

·       End to end malware management, from analysis to creation of blocking rules.

·       Assessment of new threats as alerted by our threat intelligence feeds.

·       Response to suspicious activity as part of incident response and security event management.

·       Creation and management of rules across the various management consoles deployed to secure the enterprise.

·       System access reviews to ensure the principle of least privilege is adhered to.

·       Mobile device management using Microsoft Intune/Endpoint Manager.

·       Reviewing, managing and remediating security alerts across the Microsoft Defender suite.

·       Creation and management of rules in Azure AD, such as MFA and conditional access.

·       Management of remote access granted to our third-party partners.

·       Windows desktop and Windows server security hardening.

·       Firewall rule management to ensure the principle of least privilege is maintained.

·       All other cyber security related tasks that arise from protecting an enterprise.

 

Qualifications

Technical cyber security qualifications would be preferred, such as Security+, CYSA+, CEH.

Any of the Microsoft information protection, Office 365, identity and access, security engineer or security operations exams would be very welcomed.

Special Skills:

·       Strong analytical, problem-solving, critical thinking ability.

·       An eye for detail that will make you question what you see in an audit log.

·       An appetite and passion to always learn new technologies and push yourself to be a better engineer.

·       A security mindset, always thinking "what if an attacker tried this?"

·       Excellent people skills capable of working seamlessly with support teams in the IT department even when under pressure.

Additional Information

Full-time position
Competitive salary and benefits
Remote working with requirement to visit the office in Guildford usually just once per week.

 

See more jobs at Ergomed

Apply for this job

Mandiant is hiring a Remote Senior Security Analyst, Managed Defense

Company Description

Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.

Job Description

You are fanatical about security. No really, you will do whatever it takes to keep the bad guys out. You have a strong understanding of network and host based attacker methodologies. Analyzing forensic data, picking apart malware, and responding to security incidents excites you! You thrive and enjoy working in a fast paced environment, surrounded by brilliant and like-minded people. You walk into the office everyday with a passion to learn more. You derive great satisfaction from delighting customers, have strong attention to detail, exude excellence and have more drive than an exotic Italian sports car. 
  
As a  Senior Security Analyst you will be focused on host and network analysis, diving deep into host systems and packets hunting for attackers or remnants of their activity . Alongside your wicked smart team members, you’ll be entrusted to deliver high impact and value services to some of the most recognized brands in the world, protecting them from threats that actually matter to their business 24x7. 

 

Qualifications

What We Will Do For You

  • On a daily basis, you'll find the most malicious attacker activity the Internet has to offer
  • Let you scour systems and analyze tons of network traffic looking for attacker presence
  • Be Challenged to evolve how we detect and respond to attackers by authoring new and innovative Indicators of Compromise
  • Expose you to some of the most exciting and cutting edge techniques to find evil
  • Training and continuous coaching and mentoring to grow your technical and professional skills like no one else
  • Work with a team of brilliant people that you can learn from and build lasting relationships with
  • Develop an understanding of your aspirations and provide opportunities that we believe will get you there
  • Inspiration to stretch your performance by allowing you to tackle seemingly impossible problems
  • Encouragement challenge the status quo, think creatively, and innovate –make us better
  • An environment of trust and camaraderie, where you can speak freely about your ideas
  • A platform from which you can make a real impact against the bad guys
  • Develop an understanding of, and be flexible to, your needs

What You Can Do For Us 

  • Get your toolbox out and dive deep into systems to help us identify and eradicate attackers
  • Use your insanely keen network analysis skills to find evil on the wire
  • Define relationships between seemingly unrelated events through deductive reasoning
  • Come up with ways to do things faster, better and more effectively while maintaining a laser focus on quality
  • Be fanatical about delighting our customers
  • Be honest, transparent and genuine with our customers and your peers
  • Exude excellence
  • Make sure you have fun – lots of it
  • Help us protect the world
  • Work hard, but smart; balance your work and life

Qualifications

What You Can Bring With You 

  • The ability to analyze event and systems logs, perform forensic analysis, analyze malware, and other incident response related data, as needed.
  • Deep understanding of incident response best practices and processes
  • Familiarity with intrusion detection systems (e.g., snort) and tools (e.g., tcpdump, Wireshark).
  • Knowledge of attack vectors, threat tactics and attacker techniques. 
  • Familiarity with network architecture and security infrastructure placement. 
  • Understanding of Windows operating systems and command line tools.
  • A solid foundation in networking fundamentals, with a deep understanding of TCP/IP and other core protocols. 
  • Knowledge of network based services and client/server applications.
  • Your bachelors degree – or a very convincing argument.

 

    Additional Information

    Additional Qualifications:

    • Degree in computer science, or related discipline
    • Experience working on a mission critical security operations team, preferably 24x7.
    • Exemplary communication and interpersonal skill.
    • Ability to document and explain technical details clearly and concisely.
    • A willingness to be challenged and a strong desire to learn.
    • An open mind and an appetite for excellence

    Network

    • Wireshark
    • Understand a signature
    • Protocol - timing, data sizes, commands
    • Context - inbound vs outbound (webshells), DNS servers vs HTTP proxy
    • Components - C2 interaction vs beaconing vs profiling
    • Knowing the Internet - identifying something as legitimate vs malicious
    • Intel querying vs OSINT
    • Knowledge of protocols - SMB, HTTP Proxy, DNS, ICMP
    • Netflow Analysis
    • Perform queries to gain additional context
    • Understanding ports, sessions length, direction
    • DNS & HTTP
    • Collect and analyse DNS/HTTP logs for additional context
    • Signatures
    • Identify issues with signatures and propose improvements

    Endpoint

    • Hit Review
    • Understand a signature
    • IOCs intent - what it's looking for, what it hit on, caveats
    • Context - malware, decoy, side-loaded DLL (legit binary), tools, methodology
    • Triaging
    • Collecting forensic information to determine TP vs FP
    • Malware triaging - assessing MTA and performing dynamic analysis in VM
    • Signatures
    • Identify issues with signatures and propose improvements
    • Live Response
    • Build LR timelines under supervision
    • Threat Intel 
    • Understand how malware and tools are used by the threat actors 

    Additional Information

    At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

     

     

    See more jobs at Mandiant

    Apply for this job

    VetCentric is hiring a Remote Enterprise Risk Analyst (Cybersecurity Engineer)

    About Us:

    VetCentric is focused on delivering outstanding services to the federal government.  We have extensive experience in the fields of cyber security, supply chain & logistics management, strategy, business analytics, and IT services such as system design, continuous improvement, virtualization, and data center management.  VetCentric is an SBA certified HUBZone company and VA CVE certified Service-Disabled Veteran Owned Small Business (SDVOSB). We operate in 15 states with offices in Washington DC and Northern Virginia. ​

    Perks Working with Us:

    • Competitive compensation
    • Comprehensive health, vision, dental benefits
    • 15 days leave and 11 days of paid Federal Holidays  
    • 401(k) with matching plan
    • Annual training budget
    • Fantastic company culture

    Location(s): Anywhere, US. Candidates from HUBZones preferred.

    Employment Eligibility: Eligible to work for any employer in the United States without requiring sponsorship. Sponsorship is not available currently.

    Position Summary:

    The Enterprise Risk Analyst role executes the VA Enterprise Risk Analysis process using a custom ERA tool to identify key cyber security risk factors in network connected medical devices and Special Purpose Systems (e.g., building automation systems, physical security systems, operational technology). These risk factors are summarized, evaluated, and reported using quantitative and qualitative scores to provide a VA authorizing official with awareness of the residual cyber risk prior to connecting these devices to the VA network. The ERA Analyst must acquire, review and leverage system documentation and data gathered through questionnaires and interviews with customers in the field and vendor/manufacturer representatives to accurately document critical security posture elements in a common reporting format. These elements include hardware/software inventory, communications profile, system interconnections, data types and stores, and the presence or lack of security controls, settings and mechanisms for a given device type. The analyst works within the Specialized Device Security Division Risk Management team and is expected to collaborate with Federal and contractor team mates to achieve best outcomes for the ERA process.
    You Have:

    • Experience with Cybersecurity, risk management, or risk assessment for complex systems
    • Experience with NIST SP 800-53 and NIST SP 800-30
    • Experience with documenting and depicting network topology and network protocols
    • Ability to engage directly with clients, and third parties to facilitate enterprise risk analysis
    • BA or BS degree in CS, EE, Engineering, or Technology and 10 years' experience in a professional work environment or 18 years of experience in a professional work environment lieu of education

    Nice If You Have:

    • Experience with cybersecurity analysis of medical technology or Internet of Things (IoT)
    • Experience with Governance, Risk, and Compliance (GRC)
    • Experience with Assessment and Authorization (A&A) and eMASS
    • Experience with Excel and Visio
    • CompTIA Security+ or Certified Risk Management Professional (CRISC) or Certified in Risk and Information Systems Control (CRISC)
    • Public Trust clearance

    See more jobs at VetCentric

    Apply for this job

    Square is hiring a Remote Principal Linux Engineer - Security

    Company Description

    Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams — People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more — provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.

    Information Security culture is focused on enabling our engineering teams to build and ship secure products. We achieve this by designing, building, and deploying state-of-the-art security alongside our product and infrastructure teams.

    Job Description

    As a Principal Engineer at Block, you will be responsible for oversight and security hardening of our Linux environments used on-prem and in the cloud.

    Block is undergoing multiple exciting transformations. First is on-prem to the cloud (primarily AWS). Linux distro and kernel security is the basis of all higher-level cloud constructs. Secondly, Block is beginning to plan a migration off of Centos 7 on-prem. The successor distro has not been chosen, but we do know that it will not be Centos.

    This role is a combination of advisor, security architect, and hands-on implementer. You will be a bridge between Information Security and Production Infrastructure Engineering. You will represent InfoSec in critical decisions such as the successor to Centos. You will assist the infra team in implementing the successor securely: distro hardening, kernel hardening, patching automation and scanning, and so on.

    This is the first dedicated Linux Security Engineer hired by Block; you will be expected to work independently and with strong judgment. We’re looking for someone who is driven to improve security, who can prioritize their own work, and who is able to work cross-functionally with multiple infrastructure and security teams.

    This position is open to remote work anywhere in USA or Canada.

    You will:

    • Set the direction for Linux OS security for the entire company.

    • Implement Linux security features and projects, both solo and in conjunction with infrastructure teams.

    Qualifications

    You have:

    • 12+ years work experience in technology

    • 5+ years of work building, debugging, shipping, maintaining, or hardening Linux distros.

    • 5+ years of work performing security. This need not have been for an InfoSec team. For example, working on patching vulnerabilities while part of an infrastructure team would count.

    • As the first hire on this team, you will need an established ability to work independently.

    Even better:

    • Specific experience hardening an off-the-shelf distro for high-security requirements.

    • Familiarity with Kubernetes

    • Experience with docker and containers

    • Experience with AWS or GCP

    Additional Information

    We’re working to build a more inclusive economy where our customers have equal access to opportunity, and we strive to live by these same values in building our workplace. Block is a proud equal opportunity employer. We work hard to evaluate all employees and job applicants consistently, without regard to race, color, religion, gender, national origin, age, disability, pregnancy, gender expression or identity, sexual orientation, citizenship, or any other legally protected class. 

    We believe in being fair, and are committed to an inclusive interview experience, including providing reasonable accommodations to disabled applicants throughout the recruitment process. We encourage applicants to share any needed accommodations with their recruiter, who will treat these requests as confidentially as possible. Want to learn more about what we’re doing to build a workplace that is fair and square? Check out our I+D page

    Additionally, we consider qualified applicants with criminal histories for employment on our team, and always assess candidates on an individualized basis.

    Perks

    We want you to be well and thrive. Our global benefits package includes:

    • Healthcare coverage
    • Retirement Plans
    • Employee Stock Purchase Program
    • Wellness perks
    • Paid parental leave
    • Paid time off
    • Learning and Development resources

    Block, Inc. (NYSE: SQ) is a global technology company with a focus on financial services. Made up of Square, Cash App, Spiral, TIDAL, and TBD, we build tools to help more people access the economy. Square helps sellers run and grow their businesses with its integrated ecosystem of commerce solutions, business software, and banking services. With Cash App, anyone can easily send, spend, or invest their money in stocks or Bitcoin. Spiral (formerly Square Crypto) builds and funds free, open-source Bitcoin projects. Artists use TIDAL to help them succeed as entrepreneurs and connect more deeply with fans. TBD is building an open developer platform to make it easier to access Bitcoin and other blockchain technologies without having to go through an institution.

    See more jobs at Square

    Apply for this job

    +30d

    Fullstack Security Engineer

    TradeshiftAustin, TX, USA, Remote

    Tradeshift is hiring a Remote Fullstack Security Engineer

    Company Description

    About Tradeshift
    Tradeshift is a unicorn in the fintech industry. We are disrupting a typically stagnant environment by connecting companies of all sizes and providing them with the platform and network needed to create value from old processes like procurement, invoicing, payments, and workflow. We recognize that business is both messy and social - two revelations that have driven the development of Tradeshift, a platform for all your business interactions. We work hard and our teams have great freedom and responsibility to choose the best solutions, technologies and approaches to evolve the product to the next level.

    We believe that being a global, multicultural company is a tremendous strength and we have people working from 18 different countries with hubs in Bucharest, Copenhagen, Kuala Lumpur, and San Francisco. We believe that if we truly focus on how to work distributed and collaborate across locations and (home) offices, we will not only enjoy work more but also build better products for our customers, and ultimately be a better company.

    Job Description

    About The Role

    The product security team (or PROSE) is a part of Tradeshift’s Security Engineering organisation, owning, maintaining and developing security features within Tradeshift’s platform, such as authentication and authorisation, anti-virus scanning, our third-party app security model, and so on. The team spends most of their time on software development, and while previous exposure to security is helpful, it is not a requirement.

    What You’ll Be Doing

    You’ll be joining a small team constantly making platform-wide changes so we’re looking for a great human being who’s not too shy to talk to others, although public speech doesn’t have to be one of your hobbies.

    And last, but certainly not least, we expect you to be good! You’ll be working with Tradeshift’s sensitive bits, so we need you to be responsible, not be afraid of jumping into an unknown codebase to dissect it, and of course, to be just an awesome software engineer overall.

    Qualifications

    • Must be comfortable with Java & JavaScript 
    • Must think that security is at least 3/10 in terms of how interesting it is
    • Knowlegde about web applications, building APIs and working in a microservice universe
    • Eye for detail
    • Familiarity with highly available systems - including designing them

    ​​​​​​​Nice to Have's

    • Experience with Scala and/or Groovy
    • Knowing the Spring framework
    • Security knowledge, especially around authentication and authorisation
    • SSO knowledge: SAML, OIDC, OAuth, and more SAML
    • Familiarity with Docker, Kubernetes, AWS

    Additional Information

    We value diversity at our company. Tradeshift prohibits unlawful discrimination based on race, color, religious or religious creed, sex, sexual orientation, gender, age, marital status, veteran status, disability status or any other consideration made unlawful by applicable federal, state, or local laws. All your information will be kept confidential according to EEO and GDPR guidelines

    #LI-KC1 

    See more jobs at Tradeshift

    Apply for this job

    +30d

    Staff Network Security Engineer

    TwitterSeattle, WA, USA, Remote

    Twitter is hiring a Remote Staff Network Security Engineer

    Company Description

    Who We Are:

    Twitter's Network Security team enforces and protects a dynamic, reliable and secure global network, behind one of the few products in the world that touches over 1 billion people.

    Job Description

    What You’ll Do

    • Have an opportunity to bring a strong perspective that inspires change and motivates engineers to develop simple solutions to complex problems

    • Partner with technical leadership to define overall network technology, standards and strategy, including the 12 month roadmap achieved by reaching consensus with peers and customers

    • Be a mentor to other team members and lead through example by influencing the use of standards defined by the team and technical leadership

    • Identify and drive testing and certification of network hardware, software and features to ensure security and availability

     

    Qualifications

    Who You Are

    You are a highly proficient network security engineer with hands-on experience and in-depth skills in all aspects of network security and engineering. You are a motivated pragmatic thinker, eager to get the job done while finding a balance between pace and quality with:

    • Extensive experience in high demand, large scale production environments

    • Deep knowledge of network security methodologies

      • Risk assessment frameworks

      • DDoS mitigation strategies

      • Vulnerability management

      • Active threat monitoring

      • Audit and compliance

    • Experience with scripting in Python or equivalent to automate operational tasks

    • Experience with cloud deployments such as GCP and AWS

    • Experience with distributed system management via Puppet or Terraform

    • Experience with packet analysis and flow monitoring tools

    • Experience with stateless and stateful ACLs, IPSec, and Zero Trust deployments

    • Proficiency with multiple hardware platforms such as Juniper, Arista, and Cisco

    • Working knowledge of load balancing, anycast and traffic resiliency solutions

    • Understanding of transit relationships and global internet connectivity

    • Strong documentation and communication skills

    Additional Information

    Additional Information: A few other things we value:

    Challenge - We solve some of the industry’s hardest problems. Come to be challenged, learn, and thrive as an engineer.

    Diversity - Diversity makes us a better organization and team. We value diverse backgrounds, ideas, and experiences.

    Work, Life, Balance - We work hard, but we believe with hard work should come balance.

    We are committed to an inclusive and diverse Twitter. Twitter is an equal opportunity employer. We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran, genetic information, marital status or any other legally protected status.

    San Francisco applicants: Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records

    Notice (Colorado Equal Pay for Equal Work Act)

    The expected salary range for this role to be performed in Colorado is USD$167,000.00 - USD$234,000.00. Starting pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. This range may be modified in the future.

    This job is also eligible for participation in Twitter’s Performance Bonus Plan and Equity Incentive Plan subject to the terms of the applicable plans and policies.

    Twitter offers a wide range of benefits to U.S.-based employees, including medical, dental, and vision insurance, 401(k) program with employer match, generous time off for vacation, sick time, and parental leave. Twitter's benefits prioritize employee wellness and progressive support to our diverse workforce.

    See more jobs at Twitter

    Apply for this job

    +30d

    Network Security Engineer

    CityFibreMilton Keynes, UK, Remote

    CityFibre is hiring a Remote Network Security Engineer

    Company Description

    We’re changing it up

    We’re on a mission to build the UK’s finest digital infrastructure and unleash Britain’s potential. Together, we’re achieving incredible things. We may have big ambitions, but we never lose sight of what matters. That’s why we’ve created an open, inclusive environment where people can be themselves, where wellbeing and mental health come first, where we take a flexible approach to working, and where everyone has the chance to pursue their passions, keep learning and grow their careers. We’re changing up Britain and we’re changing up the workplace with better rewards, more opportunities to grow and the chance to make a difference to communities across the UK. 

    A rewarding career

    We’re passionate about our work and we’re passionate about our people too. With a salary of up to £67,500 depending on experience, when you join the CityFibre family you’ll also enjoy benefits like 25 days’ holiday, a day off on your birthday, a day off to support a charity or organisation of your choice, performance-related bonus scheme, and private healthcare.

    How can you change it up?

    You will be supporting the delivery of security solutions and improving City Fibre’s overall security posture. As a Network Security Engineer, you are responsible for the security of City Fibre’s Active Network, which will include both control and management. You will be utilising skills such as network security engineering, security system administration, some project management and, when required, troubleshooting and security analysis. Some of your key responsibilities will include: 

    • Supporting and working alongside the Architecture and senior engineer’s in conducting design feasibility
    • Assisting with the testing and rollout of innovative solutions into a full production environment, in line with the security strategy/roadmap
    • Identifying and augmenting existing solutions as required
    • Contributing towards vulnerability & risk management programs and enhancing our associated processes
    • Incrementally improving network monitoring and operational excellence – ensure regular continual improvement
    • Acting as a point of escalation for network issues from Tier2 NOC & support the development of a Tier3

    What will you bring to the role?

    We are looking for someone who has experience within a similar network security role, working on either LAN, MAN, or WAN environments of scale. Alongside this, you will also need experience with a variety of security technologies such as NextGen Firewalls, IDP, IDS, NDR etc. You must be able to demonstrate a solid understanding of layer 2 and 3 technologies, with a focus on Ethernet, MPLS, and TCP/IP. You will also need a strong working knowledge of network and infrastructure security controls across different technologies and mixed vendor environments.

    Our unique culture

    We are proud to be an equal opportunity employer; we celebrate diversity, we believe everyone has a voice and we’re committed to creating an inclusive environment for all. Even though we come from different backgrounds and do different jobs, we’re united by The CityFibre Way - our unique code of behaviours that inspires how we think, act and work. We back each other, think smart and act fast, and we’re passionate about giving it our best to build a legacy together.

    Ready to start changing it up? Join the CityFibre family today.

     #LI-KC1

    Additional Information

    CityFibre is committed to providing equal employment opportunities to individuals from all backgrounds, including ethnicity, gender, sexual orientation, gender identity, religion, age, family status and disability. We recognise that everyone is an individual with a wide range of experiences and perspectives and believe this diversity of thought is what makes CityFibre special.

    See more jobs at CityFibre

    Apply for this job

    +30d

    Senior Security Engineer

    AnitianBeaverton, OR, USA, Remote

    Anitian is hiring a Remote Senior Security Engineer

    Company Description

    At Anitian we believe security can be a force for good.  As such, we are on a mission to make security and compliance easy for all. We harness the power and scale of the cloud to empower developers with automated, accelerated, autonomous, and accommodating security technologies.

    Anitian is a place where smart people get to be smart. When you join our team, you will enjoy a workplace of creative problem solvers who cherish intelligence, compassion, and boldness.  You will also enjoy the immediate respect of industry peers, as Anitian is recognized as a thought leader in information security.

    Job Description

    We’re on a mission to continue industry disruption through rapid evolution of our SecureCloud Compliance Automation stack.  Our customers achieve FedRAMP certification quickly and predictably, and our SecOps team continuously maintains security and compliance levels.  A significant part of FedRAMP is providing continuous monitoring, threat and vulnerability detection, anomaly detection, and customer interaction.  We seek leaders that act as force multipliers, persistently planning and designing automation that scales with the growing customer base, using machines (and machine learning) to perform work that humans audit and improve.  The ideal candidate will be excited about working in an environment in which it is paramount to keep abreast with the ever-changing landscape of security vulnerabilities and threats. 

    The Senior SecOps Engineer is a key role – expected to fluidly interface directly with multiple stakeholders, including executives, staff, and adjacent department members, both internally and client-facing. The role requires agility to assist and triage issues ranging from sales/marketing questions, collaborating with Program Managers to ensure multi-tiered projects run smoothly, and direct Security Engineering assistance.  Most importantly, this role requires a sound technical strategy and persistent execution against long-term goals which are defined by you and leadership. 

    Requirements 

    • CS Degree or equivalent experience 
    • 3 + years of engineering experience in public cloud systems, network, and hardening complex security infrastructure. 
    • 3 years of experience working in public cloud environments, such as AWS or Azure. 
    • Proven ability to leverage automation to create tooling and utilities to help scale  
    • Proven ability to write clean, readable, maintainable software in Python or another object-oriented programming language 
    • Ability to break down work into small, digestible deliverables 
    • Ability to operate with high level requirements and drive tasks to completion 
    • Ability to quickly learn new security tools (by consuming documentation) and apply them in customer public clouds environments 

    Qualifications

    ​​​​​Desired Background 

    • You have working expertise in all common components of least one public cloud, preferably AWS or Azure 
    • You are independent, and identify “high leverage” automation work and execute against it without being asked  
    • You have operations experience running production software, operating a large cloud application and/or infrastructure deployment, and creating, tuning alert thresholds, and triaging alerts 
    • You work well with other people and actively coach junior members of the team, effectively interacting with your internal customers and stakeholders.  
    • You are curious, and you are not afraid to learn and embrace, or recommend new security technologies  
    • You have deep knowledge of what a clean-running SIEM looks like and can set the direction for the team to prune false positives and elevate actionable, customer-impacting alerts  
    • You work diligently with engineering teams and frequently log high value backlog items and champion the right priorities.   
    • Display effective time and ticket management and influence others through leading by example 

    Additionally, the perfect candidate will have: 

    • Extremely strong written and verbal communication skills 
    • Knowledge of Agile and/or other modern project management structures 
    • Ability to adapt to constantly changing technology landscape 
    • Effective ability to understand and implement complex systems 
    • Strong time management skills and ability to determine priorities 
    • Professional and positive attitude – understand the importance of mutual respect between teams 

    Additional Information

    Flexible Work Environment:  We offer our employees flexibility in their work location. Whether you prefer to work onsite at our Beaverton, OR, headquarters office, work fully remote from your home, or a hybrid solution, we have a place for you.

    Please note: All remote work must be performed within the United States.

    Benefits of this position include:

    • Competitive compensation package, including stock options.
    • Four weeks of PTO per year with additional PTO earned with years of service.
    • Eleven paid holidays.
    • We offer competitive health benefits including medical, dental, vision, FSA/HSA, EAP, life insurance and disability benefits.
    • 401K retirement plan, up to 4% matching.
    • Professional development reimbursement program.
    • Internet Subsidy

    More Information

    • For more information about working with Anitian, please visit our careers page.
    • Anitian participates in E-Verify. More information available here.

    See more jobs at Anitian

    Apply for this job

    +30d

    Product Security Engineer

    DNAnexusMountain View, CA, USA, Remote

    DNAnexus is hiring a Remote Product Security Engineer

    Company Description

    DNAnexus is the leading cloud-based SaaS company serving the global life science community. DNAnexus’ health informatics platform serves customers across a spectrum of industries — government, biopharmaceutical, clinical diagnostics, healthcare, and academic research in 33 countries with compliant protection of data, privacy, and intellectual property. The platform provides a secure and collaborative environment where genomics, multi-omics, and real world data can be combined with clinical data at scale, providing new insights that can lead to improved diagnostics, new targeted therapies and better patient care.

    The Security Mission

    Our customers depend on the secure and reliable operation of the DNAnexus platform to run their business.  From clinical research to large-scale multi-omics computation, our platform is essential to tackle some of the most exciting opportunities in human health.  With DNAnexus, organizations can stay a step ahead in leveraging genomics to achieve their goals.  DNAnexus brings it all together on a single secure, resilient, and  scalable platform.

    Key Company Highlights

    • Founded in 2009 by leading Stanford genomic scientists, headquartered in Mountain View, CA, 140+ employees.
    • Generating significant revenue, global footprint, ramping rapidly; with Enterprise customers including Ancestry, Regeneron, Natera, Johns Hopkins, FDA, Myriad Genetics, St Jude among others.
    • FedRAMP Moderate ATO (“Authorized-To-Operate”) platform with current certifications in ISO27001, and HITRUST.
    • Engaged on a 5 year, $20M contract with the FDA to power the precisionFDA collaborative omics environment in the cloud.
    • Well funded by Tier-1 investors including Blackstone Group, Foresite Capital, Google Ventures, Perceptive Advisors, Northpond Ventures and TPG Capital, among others.
    • Massive, evolving market opportunity that hasn’t been adequately addressed yet.
    • Passionate and proven executive leadership team with deep genomics, big data/analytics, and cloud expertise.   

    Job Description

    You will be an essential part of our Product Security team and a critical player within our larger Security & Technology organization.  Through close collaboration with Product Management and Engineering, you’ll develop pragmatic and elegant solutions to address the security concerns and risks that you identified in your initial threat modeling and evaluation of our product designs.  As a part of the product design team, your input and experience will make DNAnexus products more resilient, reliable and secure.   In order to be successful, a close understanding of how Software Engineering and empathy with your software engineering will be crucial.  As a security team, we strive to solve problems with an engineering mindset and with a strong understanding of the business context.

    The problems you will solve:

    • You will aid our Product Managers in developing secure and resilient product designs.
    • You’ll become a respected advisor to our software engineers and you’ll help them solve security & compliance problems without limiting product functionality or adding tech debt.
    • You will design, build, and introduce security tooling that improves assurance of code in our pipelines and accelerates time to deployment of code.
    • You’ll focus on training and education with your software engineering counterparts to improve velocity and security of our developed code.
    • You’ll conduct threat modeling exercises and work closely with product & engineering to address the risks that you’ve identified.
    • Your input as a security practitioner will be valuable for our Product Management team as we develop tooling to help our clients’ security and IT teams manage their use of our platforms.

    Qualifications

    The experience you will bring:

    • Bachelors of Science in a computer science, cyber security, electrical engineering or related field.
    • A firm understanding of software development (SDLC) & continuous integration/continuous deployment approaches, including commonly used IDE and git environments.
    • An ability to navigate a product specification and connect the business objectives with the security risks of a new product feature.
    • Prior threat modeling experience, in a software development context.
    • You have assisted your peers in a security detection & response capacity, specifically you’ve helped incident response / SOC team members understand how a software application operates.
    • Experience leveraging application security techniques to identify and validate the impact of application flaws.
    • A strong collaboration track-record with both technical (engineering) and non-technical stakeholders.
    • Prior exposure to regulated or life science environments.

    Personal Attributes and Values:

    • You personally enjoy contributing to the security community and driving our industry to do better.
    • Complex problems intrigue you and you leverage creative problem solving skills as well as the ability to ignite the creativity of others to solve these problems.
    • Flexible, nimble, and scrappy; startup mentality and willingness/ability to change direction quickly if best for the business.  You understand and can navigate the tradeoffs that allow us to manage our technical debt load.
    • A self starter that can work independently and collaboratively across multiple workstreams without technical program management support.
    • Able to earn the respect of the team on the basis of crisp execution, technical depth, hands-on style, and strategic decision making ability.
    • Takes a data centric, objective approach to decision making and has the ability to put aside personal preferences, historical bias, peer pressure and political influences to arrive at decisions on a reasoned, objectively-defensible basis.
    • Strong presence; good communicator and highly influential both externally as well as internally at the executive level and across the organization.
    • A highly collaborative, team player with a company-first mentality; ability to influence, prioritize, and get alignment cross-functionally.
    • A positive, energetic, can-do attitude. High EQ, hungry to succeed, achievement orientation, self-motivation.  Highly confident, yet humble and self-aware.
    • Entrepreneurial DNA; not afraid to take calculated risks, brings a mentality of rapid innovation and the desire to attain big goals.
    • High integrity, principles, and ethics.

    Additional Information

    Based in Mountain View, California, DNAnexus is experiencing rapid growth and is searching for the best talent to join our team. We recently completed a $200 million financing round to advance our growth globally to further serve leading healthcare and life science organizations. Key investors include Blackstone Group, Google Ventures, Perceptive Advisors, Northpond Ventures, TPG Biotech, and Foresite Capital.

    We look forward to meeting you and learning more about your career objectives - apply today!

    See more jobs at DNAnexus

    Apply for this job


    Other Job subscriptions you might be insterested in