Cyber Security Analyst jobs in Chicopee, MA

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better. Join us and build an exceptional experience for yourself, and a better working world for all. The exceptional EY experience. It's yours to build. EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. Today's world is fuelled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team helps protect the EY brand and build client trust. Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value. **The opportunity** Cyber Triage and Forensics (CTF) Incident Analyst will work as a senior member of the technical team responsible for security incident response for EY. The candidate will work as an escalation point for suspect or confirmed security incidents. Responsibilities include performing digital forensic analysis, following security incident response standard methodologies, malware analysis, identify indicators of compromise, support remediation or coordinate remediation efforts of a security incident, and develop documentation to support the security incident response process. **Your key responsibilities** + Investigate, coordinate, bring to resolution, and report on security incidents as they are brought up or identified + Forensically analyze end user systems and servers found to have possible indicators of compromise + Analysis of artifacts collected during a security incident/forensic analysis + Identify security incidents through 'Hunting' operations within a SIEM and other relevant tools + Interface and connect with server owners, system custodians, and IT contacts to pursue security incident response activities, including: obtaining access to systems, digital artifact collection, and containment and/or remediation actions + Provide consultation and assessment on perceived security threats + Maintain, manage, improve and update security incident process and protocol documentation + Regularly provide reporting and metrics on case work + Resolution of security incidents by identifying root cause and solutions + Analyze findings in investigative matters, and develop fact based reports + Be on-call to deliver global incident response **Skills and attributes for success** + Resolution of security incidents by identifying root cause and solutions + Analyze findings in investigative matters, and develop fact-based reports + Proven integrity and judgment within a professional environment + Ability to appropriately balance work/personal priorities **To qualify for the role you must have** + Bachelors or Masters Degree in Computer Science, Information Systems, Engineering or a related field + 5+ years experience in incident response, computer forensics analysis and/or malware reverse engineering; + Understanding of security threats, vulnerabilities, and incident response; + Understanding of electronic investigation, forensic tools, and methodologies, including: log correlation and analysis, forensically handling electronic data, knowledge of the computer security investigative processes, malware identification and analysis; + Be familiar with legalities surrounding electronic discovery and analysis; + Experience with SIEM technologies (i.e. Splunk); + Deep understanding of both Windows and Unix/Linux based operating systems; **Ideally, you'll also have** + Hold or be willing to pursue related professional certifications such as GCFE, GCFA or GCIH + Background in security incident response in Cloud-based environments, such as Azure + Programming skills in PowerShell, Python and/or C/C++ Understanding of the best security practices for network architecture and server configuration **What we look for** + Demonstrated integrity in a professional environment + Ability to work independently + Have a global mind-set for working with different cultures and backgrounds + Knowledgeable in business industry standard security incident response process, procedures, and life cycle + Excellent teaming skills + Excellent social, communication, and writing skills **What we offer** The compensation ranges below are provided in order to comply with United States pay transparency laws. Other geographies will follow their local salary guidelines, which may not be a direct conversion of published US salary range/s We offer a comprehensive compensation and benefits package where you'll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $87,700 to $164,000. The salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $105,200 to $186,400. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you'll decide how much vacation time you need based on your own personal circumstances. You'll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. + **Continuous learning:** You'll develop the mindset and skills to navigate whatever comes next. + **Success as defined by you:** We'll provide the tools and flexibility, so you can make a meaningful impact, your way. + **Transformative leadership:** We'll give you the insights, coaching and confidence to be the leader the world needs. + **Diverse and inclusive culture:** You'll be embraced for who you are and empowered to use your voice to help others find theirs. EY accepts applications for this position on an on-going basis. **If you can demonstrate that you meet the criteria above, please contact us as soon as possible.** EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. For those living in California, please click here (********************************************************************************************************************************************************************** for additional information. EY is an equal opportunity, affirmative action employer providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY's Talent Shared Services Team (TSS) or email the TSS at **************************

Project Lead / Cyber Security Analyst Washington, DC Are you ready to enhance your skills and build your career in a rapidly evolving business climate? Are you looking for a career where professional development is embedded in your employer's core culture? If so, Chenega Military, Intelligence & Operations Support (MIOS) could be the place for you! Join our team of professionals who support large-scale government operations by leveraging cutting-edge technology and take your career to the next level! Chenega Agile Real-Time Solutions (CARS) was created with the purpose of providing integrated enterprise IT support to Federal customers both CONUS and OCONUS. CARS employs Subject Matter Experts (SMEs) with decades of experience working in the Federal marketplace. The Project Lead / Cyber Security Analyst will support the Department of Education to ensure that the organization's networks, as well as information, are secure while employing continuous monitoring of intrusion detection/prevention for all systems and applications. Responsibilities * Perform project management tasks utilizing Agile methodologies, including progress tracking, sprint planning, and stakeholder updates. * Assist in the development and timely submission of reports, presentations, and other program deliverables. * Develop and maintain a monthly dashboard to track deliverables, milestones, and performance metrics. * Serve as the primary on-site liaison and program lead, ensuring alignment between internal teams and client objectives. * Provide program-level leadership and oversight of on-site staff to meet contractual and operational goals. * Manage daily staff responsibilities, including task assignments, performance monitoring, and resource coordination. * Gather team inputs and compile deliverables for submission in accordance with established timelines and client expectations. * Communicate effectively with customers to ensure strong relationship management, address concerns, and maintain high levels of satisfaction. * Support CRM (Customer Relationship Management) efforts by maintaining accurate records of interactions, follow-ups, and client needs. * Assist with the training, onboarding, and development of new and existing staff as required. * Ensure that the organization's networks, as well as information, are secure. * Employ continuous monitoring of intrusion detection/prevention for all systems and applications. * Ensure appropriate data encryption (in transit and at rest) levels based on protections needs of targeted data, administer host intrusion protection, data loss prevention, antivirus, vulnerability management, and security information event management. * Create and update Information Assurance artifacts, create and manage Plans of Action and Milestones, and perform all duties within the Cyber Security Asset Management portal. * Update all cybersecurity documentation and attend all related IT and Cybersecurity meetings. * Provide knowledge for maintaining awareness of system/network security posture, including vulnerability scanning to facilitate application of quick and effective corrective measures, while ensuring configuration management requirements are met. * Provide technical knowledge and information assurance analysis support, including security assessment of applications and systems, operating systems, internet-facing interfaces, intranet, and other interconnections. * Provide analysis of existing systems vulnerabilities, including possible intrusion/entry points, resource manipulation, denial of service, and/or destruction of resources. * Provide technical support and analysis to document organizational information protection framework and support policy and procedures preparation and implementation. * Technical and thought-leadership responsibilities for multiple information security disciplines, like incident response, vulnerability management, intrusion detection and prevention, threat hunting, security operations, security policy, and awareness/education. * Support, maintain, monitor, troubleshoot, and enhance security infrastructure tools, methodologies, software, and hardware. * Draft and review information security policies, processes, and procedures. * Oversee information security incident response activities, risk assessment and risk management activities, and vulnerability assessment and vulnerability management activities. * Manage detailed network, operating system, database, and application vulnerability assessments and security configuration audits. * Manage information security initiatives. * Prepare information security awareness and education materials and other documentation. * Determine and document information security requirements and controls necessary for the protection of information resources. * Provide guidance and assistance regarding information security matters, like the interpretation of information security policies and requirements or their applicability to situations. * Analyze data from Information Security functions and provide reports and recommended response actions to the Information Security Manager (ISM/ISSO). * Publish regular status reports and submit to management. * Supervisory Responsibilities. * Other duties as assigned. Qualifications * Bachelor's degree in computer science, information systems, or related cybersecurity certifications (i.e., CISSP, SSCP, etc.) and 8+ years of experience as a Cyber Security Analyst OR * High school diploma and 10+ years of Cyber Security Analyst experience may be used in lieu of a degree * Experience with IT Compliance and Risk Management Methodologies - Cyber Security Framework, NIST Standards (SP 800-53r5), HIPPA, and FISMA * Background check with the ability to obtain 6C Public Trust Knowledge, Skills, and Abilities: * Ability to work independently and yet be effective within a team setting * Must be capable of managing multiple efforts with time-related constraints in a fast-paced contracting environment * Demonstrated ability to effectively communicate and collaborate with diverse internal and external stakeholder groups and individuals * Friendly presence, helpful attitude, good interpersonal skills, and ability to work well with others. * Excellent skills in Microsoft Word, Excel, and other Office applications * Proficient with Microsoft Office Applications, and experience working in a home office setting, as well as the ability to train end users on frequently asked technical issues. * Ability to provide technical assistance and support over the phone; good phone skills, professional demeanor, and previous customer service experience strongly desired. * Good problem-solving skills; ability to visualize a problem/situation and think abstractly to solve it How you'll grow At Chenega MIOS, our professional development plan focuses on helping our team members at every level of their careers to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their careers. Benefits At Chenega MIOS, we know that great people make a great organization. We value our team members and offer them a broad range of benefits. Learn more about what working at Chenega MIOS can mean for you. Chenega MIOS's culture Our positive and supportive culture encourages our team members to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them be healthy, centered, confident, and aware. We offer well-being programs and continuously look for new ways to maintain a culture where we excel and lead healthy, happy lives. Corporate citizenship Chenega MIOS is led by a purpose to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our team members, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Chenega's impact on the world. Chenega MIOS News- ***************************** Tips from your Talent Acquisition Team We want job seekers exploring opportunities at Chenega MIOS to feel prepared and confident. To help you with your research, we suggest you review the following links: Chenega MIOS web site - ******************* Glassdoor - ******************************************************************************** LinkedIn - ***************************************** Facebook - ************************************* #Chenega Agile Real Time Solutions, LLC #DICE Estimated Salary/Wage USD $113,700.00/Yr. Up to USD $150,000.00/Yr.

VTG is searching for a Cyber Security Analyst professional who is interested in joining a fast-paced and dynamic work environment supporting Navy Shipbuilding. The candidate will provide direct support to the DDG 1000 Zumwalt Class Destroyer Program Office, working collaboratively with the Systems Engineering team and Cyber Security Analysts. The physical location of this position is flexible, (Hybrid) will be onsite at the Washington Navy Yard in Washington, DC or may be 30 miles from the nearest Naval base. What will you do? * Provide expertise in Cyber Security engineering, Navy Risk Management Framework (RMF) process and validation, Navy Cloud Broker processes, and systems engineering. * Support Zumwalt-class Total Ship Computing Environment (TSCE) with security engineering and testing. * Support PMS 500 with transitioning the business system on the ship to a cloud-based environment. * Support PEO IWS 9 and PMS 500 with security engineering and accreditation of TS/SCI domain on Zumwalt-class ships. * Process daily requirements in eMASS to include POA&Ms, IAVAs, Control Test Results (Control Correlation Identifiers [CCIs]), Categorization forms, PPSMs, SAPs, SLCMs and Inheritance updates. * Author I-Assure RMF templates to be routed through PMS 500 and IWS 9. * Create Conditional Access Requests (CARs) & High Risk Escalations (HREs) for ISOs to be routed through CSRD. * Complete DADMS and VRAM updates on a daily basis. * Test and correlate STIGs and SRGs, mapping results to RMF policy and Standard Operating Procedures (SOPs). * Create DoD approved diagrams from the DISM Connection Process Guide (CPG) to include Accreditation Boundary, Security Architecture, and Information Flow Management. Do you have what it takes? Required skills: * Bachelor's Degree in Computer Science, Electrical/Computer Engineering or the equivalent combination of education, technical certifications and/or training and work experience. * 6 years Cyber Security Engineering and Assessments, systems engineering, and project management * 3 years of directly related RMF experience or DoD Information Systems Security Engineering (ISSE) experience, NIST 800 series, eMass, NIPR & SIPR * CISSP, Navy Qualified Validator (NQV) Level II+. * Must have CompTIA Security+ * Must have an Active DOD Secret Clearance * Have an extensive background in ISSE and/or ISSO work. Candidate should be comfortable with technical writing. * Have an extensive working knowledge of NIST SP 800-53, 800-60, 800-37, 800-18, 800-160, 800-39, OMB Circular A-130, CNSS and FISMA. Preferred skills: * Experience with DoD processes and procedures, DDG 1000 or similar systems, SABI/TSABI (CDS accreditation) process, AWS/Azure Government cloud implementation, IATO/ATO testing, dcu,

In today's digital world, technology sits at the center of every decision, bringing both new risks and opportunities. As an Audit & Assurance Analyst, you could help our industry-leading clients navigate the risks and opportunities that come with innovation. From evaluating system controls to advising on compliance, you will be part of a team that drives resilience, trust, and future-ready solutions. Recruiting for this role ends on May 29, 2026. Work You'll Do As an Analyst, you will have the opportunity to work on projects to help our clients design, assess, and remediate technology controls. Specific areas of work could include: + Assist clients in advancing the quality of information disclosed to markets and investors to meet regulatory and attestation requirements + Evaluate accounting systems and controls to identify areas for improvement and utilize established methodologies to enhance clients' information technology controls and technology risk management programs + Perform internal audit assurance activities (internal audits over financial, operational, compliance, IT, SOX and QARs), consult with engagement leadership and clients on strategic plans and other business matters, and help to anticipate emerging risks for our clients + Create and manage SOC 1, SOC 2, and SOC 3 reports, ensuring all third-party services meet the required principles and standards + Oversee the implementation of new systems, ensuring they are executed efficiently and align with industry standards, client objectives and regulatory requirements + Perform internal control assessments, anticipate and identify emerging risks, and provide clients with proactive solutions and risk mitigation strategies + Develop recommendations to enhance business processes and systems based on audit findings Regardless of project type, your work will require: + Proficiency in verbal and written communication skills essential to interacting with clients and teams + Ability to work independently and manage multiple projects/assignments/ responsibilities in a fast-paced environment + Problem solving and critical thinking skills in support of both innovative and operational enhancement opportunities + Ability to collaborate and communicate across Deloitte team members and client stakeholders + Ability to identify, learn, understand, and implement new concepts, frameworks and emerging technologies + Ability to manage own personal and professional development; seek opportunities for professional growth and expansion of consulting skills and experience + A strong understanding of Windows Based systems and proficiency with Microsoft Excel, Word, and PowerPoint The Team Our team culture is collaborative and encourages team members to take initiative and seek on-the-job learning opportunities. Audit & Assurance services are focused on engagements related to independent External Audit services, Accounting, Controls & Reporting Advisory, and Specialized Assurance & Sustainability. We bring together the diverse skills and industry experience of our people, leading-edge technology, and a global network to deliver high-quality audits of financial statements and internal controls over financial reporting, along with assurance reports and valuable advice and insights across the corporate reporting landscape. Learn more about Deloitte Audit & Assurance. Qualifications Required: + Bachelor or Master's degrees in the following majors will be considered: + Accounting or related degree with a concentration in management information systems, business analytics or other business technology related areas + Technology related degree such as Management Information Systems, Business Analytics, Computer Science, Computer Information Systems, Data Analytics, Engineering, Information Science/Management and Math + Other technical majors will be considered with a concentration in accounting or a related area + Limited immigration sponsorship may be available + Strong academic record, cumulative GPA of 3.0 or above + You should reside within a commutable distance of your assigned office with the ability to commute daily, if required + You can expect to co-locate on average 3 times a week with variations based on types of work/projects and client locations + Ability to travel up to 50%, on average, based on the type of work you perform and the clients served Preferred: + Meets minimum educational requirements for CPA licensure (which may differ from the educational requirements to sit for the CPA exam) in the state of your assigned office location prior to beginning full-time employment + Cumulative GPA of 3.2 or above + Relevant work experience or work experience in a professional environment (e.g. internships, summer positions, school jobs) + Demonstrated recent leadership role(s), such as in a campus club, society, sports teams or other activity Information for applicants with a need for accommodation: ************************************************************************************************************ The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $58,730 to $117,880. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Meta's security team is the central engine driving data and systems security at the company, supporting Meta and all of its family of apps. The organization is responsible for preventing malicious actors from compromising our environment as well as detecting and responding to them before they can do damage. We ensure that we are maintaining the protections we say we will, and engaging with the community to help those outside the company learn from the work we do. We work across all parts of the company, from the corporate infrastructure to production to external services, interfacing with nearly every team in the company.We are looking for an experienced Security Engineer to join our Identity, Authentication & Access Management (IAM) leadership team to drive cross-company initiatives to reduce access risk, while maintaining an acceptable balance of friction for our workforce. **Required Skills:** Security Engineer, Access Risk Responsibilities: 1. Proactively identify and prioritize areas of access risk across the company 2. Lead major cross-company workstreams to deploy capabilities from multiple security teams to mitigate this risk 3. Understand technical implementation of Meta's highest-risk assets (eg. our social graph cache) and design appropriate solutions to reduce internal access risk 4. Understand how our workforce interacts with assets across the company, and pursue opportunities to reduce friction and help the company move fast 5. Work with policy and legal teams to strengthen our standards and governance, and software engineering teams to influence design of our core access control systems 6. Influence asset-owning teams and their leadership across Meta to adopt appropriate access control designs and operational processes **Minimum Qualifications:** Minimum Qualifications: 7. Understanding of how to manage security risks in a fast-moving environment 8. Significant experience in driving large cross-company engineering initiatives 9. Experience communicating and influencing across functions to drive solutions 10. Experience delivering executive-level security strategies 11. Engineering experience and capacity to understand and reason about complex technical systems 12. B.S. Computer Science or equivalent work experience 13. 10+ years of work experience in software or security engineering **Preferred Qualifications:** Preferred Qualifications: 14. Practical experience with authorization or access management solutions **Public Compensation:** $213,000/year to $293,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Lumen connects the world. We are igniting business growth by connecting people, data and applications - quickly, securely, and effortlessly. Together, we are building a culture and company from the people up - committed to teamwork, trust and transparency. People power progress. We're looking for top-tier talent and offer the flexibility you need to thrive and deliver lasting impact. Join us as we digitally connect the world and shape the future. **The Role** The Lead Information Security Engineer is a member of the Industrial Security team supporting Lumen Government Services and is responsible for performing cybersecurity compliance actives in support of government contracts as well as Lumen Product and Services targeting the Government market. The Lead Information Security Engineer must execute all six phases of the Risk Management Framework (RMF) process in accordance with FISMA, DoD, FIPS, and NIST requirements and policy. Responsibilities include developing RMF documentation (System Security Plan, Security Control Traceability Matrix, Plan of Action & Milestones, various Standard Operating Procedures, Continuous Monitoring Plan, etc), tracking/resolving vulnerabilities, performing continuous monitoring activities, developing security policies, and supporting cybersecurity guidance and compliance related activities. The Lead Information Security Engineer works closely with Lumen government customers (Federal and State), Lumen government program teams, Lumen operational teams, Lumen security teams, as well as Lumen Product and Services teams targeting our government customers. A successful candidate will have excellent communications skills and experience presenting cybersecurity issues to a wide variety of audiences. The candidate must be able to work independently and as a team leader to develop and execute strategies. The candidate must possess and maintain a broad technical knowledge of current and emerging technologies used within corporate infrastructure and government customer infrastructure. **The Main Responsibilities** + Perform as an Information Systems Security Officer (ISSO) for government system + Achieve and maintain ATO (Authority to Operate), as required. + Write System Security Plans (SSP), Plan of Actions & Milestones (POA&M), Continuous Monitoring Plan, Risk Assessments, Privacy Impact Analyses (PIA), and supporting documentation for systems subject to NIST SP 800-53 + Lead Security Assessment and Authorization processes and procedures + Manage cybersecurity audits by federal departments/agencies, including third party auditors + Develop and complete continuous monitoring reports and briefings + Interface with appropriate government agencies, company management and employees, customers, vendors, and suppliers to ensure understanding of and compliance with security requirements + Review vulnerability and compliance scan results (Nessus, Qualys, etc), and work with the various team members to remediate vulnerabilities, and track ongoing vulnerability status and remediation activities + Conduct periodic reviews to ensure compliance with established policies and procedures + Investigate and document cybersecurity incidents, as well as provide protective and corrective measures in response to such incidents + Report all cybersecurity incidents to the program Information Systems Security Managers (ISSM) through reports and briefings + Participate in the change management process to ensure changes to software, hardware, and firmware do not adversely impact the security of an environment + Develop, facilitate, and present information security awareness and security training on various customer and corporate security policies + Coordinate and participate in business development opportunities related to cybersecurity compliance to include evaluating Requests for Information (RFI) and + Requests for Proposal (RFP) from government customers and documenting cybersecurity responses + Recommend security best practices and system configuration standards **What We Look For in a Candidate** + 6+ years or experience performing cybersecurity, certification & accreditation (C&A), or assessment & authorization (A&A) related activities + Excellent oral and written communication skills, collaboration skills, and experience in presenting cybersecurity issues to all levels of management, as well as non-technical staff + Strong work ethic, demonstrated self-starter with the ability to work in a fast paced, team-oriented environment + Uses strong interpersonal skills to build partnerships with stakeholders and peers + Ability to successfully complete Government suitability and/or Government personnel security requirements is highly desired. + Education: Bachelors or equivalent years of experience. + Professional cybersecurity certification (CISSP, CISM, GSLC, CCISO) **Compensation** This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors. Location Based Pay Ranges: $103,711 - $138,281 in these states: AL, AR, AZ, FL, GA, IA, ID, IN, KS, KY, LA, ME, MO, MS, MT, ND, NE, NM, OH, OK, PA, SC, SD, TN, UT, VT, WI, WV, and WY. $108,896 - $145,195 in these states: CO, HI, MI, MN, NC, NH, NV, OR, and RI. $114,082 - $152,109 in these states: AK, CA, CT, DC, DE, IL, MA, MD, NJ, NY, TX, VA, and WA. \#GSS Lumen offers a comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing. We're able to answer any additional questions you may have about our bonus structure (short-term incentives, long-term incentives and/or sales compensation) as you move through the selection process. Learn more about Lumen's: + Benefits (**************************************************** + Bonus Structure **What to Expect Next** \#LI-JS1 Requisition #: 338652 **Background Screening** If you are selected for a position, there will be a background screen, which may include checks for criminal records and/or motor vehicle reports and/or drug screening, depending on the position requirements. For more information on these checks, please refer to the Post Offer section of our FAQ page (************************************* . Job-related concerns identified during the background screening may disqualify you from the new position or your current role. Background results will be evaluated on a case-by-case basis. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. **Equal Employment Opportunities** We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, gender expression, marital status, family status, pregnancy, or other legally protected status (collectively, "protected statuses"). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training. **Disclaimer** The job responsibilities described above indicate the general nature and level of work performed by employees within this classification. It is not intended to include a comprehensive inventory of all duties and responsibilities for this job. Job duties and responsibilities are subject to change based on evolving business needs and conditions. In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information. Please be advised that Lumen does not require any form of payment from job applicants during the recruitment process. All legitimate job openings will be posted on our official website or communicated through official company email addresses. If you encounter any job offers that request payment in exchange for employment at Lumen, they are not for employment with us, but may relate to another company with a similar name. **Application Deadline** 07/22/2025

Who Are We? Taking care of our customers, our communities and each other. That's the Travelers Promise. By honoring this commitment, we have maintained our reputation as one of the best property casualty insurers in the industry for over 160 years. Join us to discover a culture that is rooted in innovation and thrives on collaboration. Imagine loving what you do and where you do it. Job CategoryTechnologyCompensation Overview The annual base salary range provided for this position is a nationwide market range and represents a broad range of salaries for this role across the country. The actual salary for this position will be determined by a number of factors, including the scope, complexity and location of the role; the skills, education, training, credentials and experience of the candidate; and other conditions of employment. As part of our comprehensive compensation and benefits program, employees are also eligible for performance-based cash incentive awards. Salary Range$123,000.00 - $203,000.00Target Openings1What Is the Opportunity?Travelers is seeking an Application Security Engineer II to join our organization as we grow and transform our Technology landscape. This engineer will focus on supporting and driving security initiatives related to containerized development. Additionally, the individual will complete advanced end to end security engineering tasks for specific system including security research, application security testing, interpretation of vulnerability scan results, threat modeling code reviews, and will provide defensive coding techniques consulting. Works with circle leads in a Value Stream on security and performs Application Security testing for Value Stream. Provides guidance and support to junior team members. Performs application architecture security reviews. Partners with Cybersecurity and Enterprise Security Engineering on testing and remediation of vulnerabilities and implementation of Cybersecurity patterns.What Will You Do? Support the development of a container image security strategy to include supply chain risk initiatives. Support the container image security strategy implementation and integration with DevOps pipelines. Promote a culture around secure container development. Perform security research, application security testing, interpretation of vulnerability scan results, threat modeling code reviews and advise on defensive coding techniques with a high degree of accuracy and speed, operating as an individual contributor to team goals. Work independently to tackle well-scoped and loosely scoped problems. Seek opportunities to expand technical knowledge and capabilities. Provide technical guidance and mentorship to less experienced employees. Perform other duties as assigned. What Will Our Ideal Candidate Have? Four years of modern application development or application security experience. Moderate experience in Container Security working with technologies like Kubernetes and container technologies such as Docker or OpenShift Moderate experience with development in AWS Moderate knowledge and understanding of container security and related risks. Moderate knowledge and experience with build (CI/CD) pipeline technologies such as GitHub Actions, Jenkins, and/or GitLab CI/CD. Experience with container image hardening and base image management. Experience integrating and managing tools involving SAST, SCA, and Secrets scanning capabilities. Familiarity of microservices architecture and design patterns. Delivery - Intermediate delivery skills including the ability to estimate accurate timelines for tasks and deliver work at a steady, predictable pace to achieve commitments, contribute to the software design strategy and methodologies used to best meet the system requirements, consider and build for many different use cases, avoid over engineering, and ensure automation, deliver complete solutions but release them in small batches, and identify important tradeoffs and negotiate them. Domain Expertise - Demonstrated track record of domain expertise including understanding technical concepts necessary to do the job effectively and aware of industry trends, demonstrate willingness, cooperation, and concern for business issues and priorities, and possess in depth knowledge of immediate systems worked on and some knowledge of adjacent systems. Problem Solving - Strong problem solver who ensures solutions are built for the long term, is able to resolve new issues, recognizes mistakes using them as learning and teaching opportunities and consistently breaks down large problems into smaller, more manageable ones. Communication - Strong communicator who possesses the ability to articulate information clearly and concisely with the business, document work in a clear, easy to follow manner, collaborate well with team members as both a mentor and mentee, take in vague requirements and ask the right questions to ensure clarification, offer feedback appropriately and effectively, seek out and receives constructive criticism well, listen when others are speaking and make space for colleagues to share their thoughts. Leadership - Intermediate leadership skills with the ability to help create a safe environment for others to learn and grow as engineers and a proven track record of self-motivation in identifying opportunities and tracking team efforts. What is a Must Have? Bachelor's degree in Computer Science or a related field, or its equivalent in work experience Three years of system security experience. What Is in It for You? Health Insurance: Employees and their eligible family members - including spouses, domestic partners, and children - are eligible for coverage from the first day of employment. Retirement: Travelers matches your 401(k) contributions dollar-for-dollar up to your first 5% of eligible pay, subject to an annual maximum. If you have student loan debt, you can enroll in the Paying it Forward Savings Program. When you make a payment toward your student loan, Travelers will make an annual contribution into your 401(k) account. You are also eligible for a Pension Plan that is 100% funded by Travelers. Paid Time Off: Start your career at Travelers with a minimum of 20 days Paid Time Off annually, plus nine paid company Holidays. Wellness Program: The Travelers wellness program is comprised of tools, discounts and resources that empower you to achieve your wellness goals and caregiving needs. In addition, our mental health program provides access to free professional counseling services, health coaching and other resources to support your daily life needs. Volunteer Encouragement: We have a deep commitment to the communities we serve and encourage our employees to get involved. Travelers has a Matching Gift and Volunteer Rewards program that enables you to give back to the charity of your choice. Employment Practices Travelers is an equal opportunity employer. We value the unique abilities and talents each individual brings to our organization and recognize that we benefit in numerous ways from our differences. In accordance with local law, candidates seeking employment in Colorado are not required to disclose dates of attendance at or graduation from educational institutions. If you are a candidate and have specific questions regarding the physical requirements of this role, please send us an email so we may assist you. Travelers reserves the right to fill this position at a level above or below the level included in this posting. To learn more about our comprehensive benefit programs please visit *********************************************************

Senior Security Engineer - IS07FE We're determined to make a difference and are proud to be an insurance company that goes well beyond coverages and policies. Working here means having every opportunity to achieve your goals - and to help others accomplish theirs, too. Join our team as we help shape the future. The Hartford's Information Protection (THIP) organization is looking a Directory Services engineer, this position will be part of the primary technical team tasked with engineering and maintaining directory services platforms, specializing in HashiCorp Vault. The individual will have the opportunity to help shape the future direction and use of HashiCorp Vault as currently deployed at the Hartford. Additionally, the position will have broad accountabilities around currency, patching and operational support metrics for Vault. This role will provide thought leadership, professional support and valued contributions to a range of production support, development and project activities. We are looking for an experienced professional, who has a breadth of knowledge and skills across various technical acumens, along with an understanding of industry best practices. The right person will develop a deep understanding of Vaults usage and consumption, continuously advocate for automation and process efficiency, and where necessary challenge and influence management to take actions to appropriately utilize the systems. The role is heavily focused on ensuring currency and stability in the environment. Technical Expert for engineering and support for HashiCorp Vault - Includes monitoring overall health and well-being of the Vault environments, playing a key role on the current team as an ambassador for currency and stability, and analyzing and implementing required changes, patches and upgrades for Vault. Technical support for DR and Cyber Resilience testing - includes planning, testing and support activities for DR testing and Cyber Resilience recovery testing for Vault. This includes review of current process and designing and implementing improvements and efficiencies. Spearhead growth of Vault into AWS - Accountable for developing the plan and path for integrating HashiCorp Vault into AWS. Includes the plan for new / added infrastructure, design patterns for implementations, partnering with AWS partners for determining best use cases and developing a roadmap for implementation and support. Process design / automation implementation - Includes reviewing the current implementations and processes associated with Vault and helping design more efficient and automated solutions where feasible. Qualifications + 2+ years supporting HashiCorp Vault + A broad and diverse technical background. + Fluent in multiple authentication types and patterns (approle w/ trusted entities, Kerberos, LDAP, Kubernetes, OIDC, etc) + 4+ years supporting directory services and/or identity management related technologies + Expert knowledge in the use and configuration of various secrets engines (LDAP, AWS, KV2, etc...) + Strong understanding of best practices with short lived credentials and token TTLs. + Understanding of the use of performance cluster and DR clusters + Powershell / C# .NET knowledge + Splunk & audit log analysis beneficial + Strong overall knowledge of Windows servers + A track record in production support / system support activities. + Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate actions. + Confidence to effectively influence others to modify their opinions, plans, or behaviors. + Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part. + Organizational skills that enables one to work on several tasks simultaneously, providing management with appropriate insight into the workload and priorities. + Original and innovative thinking that produces new ideas and creates innovative solutions. + Demonstrated ability to develop and implement process improvement initiatives. + BS or MA in Engineering, Computer Science, Information Security, or related field preferred Candidate must be authorized to work in the US without company sponsorship. The company will not support the STEM OPT I-983 Training Plan endorsement for this position. Compensation The listed annualized base pay range is primarily based on analysis of similar positions in the external market. Actual base pay could vary and may be above or below the listed range based on factors including but not limited to performance, proficiency and demonstration of competencies required for the role. The base pay is just one component of The Hartford's total compensation package for employees. Other rewards may include short-term or annual bonuses, long-term incentives, and on-the-spot recognition. The annualized base pay range for this role is: $127,200 - $190,800 Equal Opportunity Employer/Sex/Race/Color/Veterans/Disability/Sexual Orientation/Gender Identity or Expression/Religion/Age About Us (************************************* | Culture & Employee Insights (***************************************************** | Diversity, Equity and Inclusion (********************************************************* | Benefits (********************************************* Every day, a day to do right. Showing up for people isn't just what we do. It's who we are - and have been for more than 200 years. We're devoted to finding innovative ways to serve our customers, communities and employees-continually asking ourselves what more we can do. Is our policy language as simple and inclusive as it can be? Can we better help businesses navigate our ever-changing world? What else can we do to destigmatize mental health in the workplace? Can we make our communities more equitable? That we can rise to the challenge of these questions is due in no small part to our company values that our employees have shaped and defined. And while how we contribute looks different for each of us, it's these values that drive all of us to do more and to do better every day. About Us (************************************* Our Culture What It's Like to Work Here (************************************************** Perks & Benefits Legal Notice (***************************************** Accessibility StatementProducer Compensation (************************************************** EEO Privacy Policy (************************************************** California Privacy Policy Your California Privacy Choices (****************************************************** International Privacy Policy Canadian Privacy Policy (**************************************************** Unincorporated Areas of LA County, CA (Applicant Information) MA Applicant Notice (********************************************

Datavant is a data platform company and the world's leader in health data exchange. Our vision is that every healthcare decision is powered by the right data, at the right time, in the right format. Our platform is powered by the largest, most diverse health data network in the U.S., enabling data to be secure, accessible and usable to inform better health decisions. Datavant is trusted by the world's leading life sciences companies, government agencies, and those who deliver and pay for care. By joining Datavant today, you're stepping onto a high-performing, values-driven team. Together, we're rising to the challenge of tackling some of healthcare's most complex problems with technology-forward solutions. Datavanters bring a diversity of professional, educational and life experiences to realize our bold vision for healthcare. **What We're Looking For** As a Cloud Security Engineer in the Secure Product & Infrastructure program, you will be part of a highly technical team, actively working to build security into Datavant's infrastructure. You'll play a key role helping to build secure patterns, and enabling engineering teams to move fast, while being secure. **What You Will Do** + Use your strong understanding of AWS security to help Datavant navigate all the traps of good AWS products vs. great AWS products and know when to be thoughtful on use. + Have strong experience and understanding of containerization, as well as operating and securing Kubernetes clusters. + Have a point of view on secure continuous development and represent it as Datavant continues to mature working collaboratively with other team members. + Have a point of view on secure network controls and the deep design paradigms of secure cloud networking, and overlay networks. + Have experience working with engineering teams, helping to tune WAF rules for applications. + Review components being built in our cloud infrastructure (via pull request reviews and contribution). During these reviews you'll be mentally present and use your ability to evaluate risk such that you have a great impact on the delivery of secure code. This role is not merely a +1. + You will have an understanding of risks, but may have some knowledge gaps in depth of risk management. It's OK, we'll teach you. The core skill set you bring to the table is a development mindset. + Work directly with DevOps peers to help build practical and usable security into the SDLC and AWS. + Own new projects for advancing security in our environment. Be a technical expert and collaborate with others on the teams to ensure project success. Your impact here cannot be understated, you are a core contributor and have deep influence to empower Datavant greatness. **What You Need to Succeed** + You are humble. + You have an "automation first" mindset. + You can build Infrastructure as Code in Terraform. It is expected that you have a "git native" skillset. + You can articulate start to finish what a secure release cycle should look like in detail. + You have opinions and options on most of the steps. + You are a consummate collaborator, it's inherent in your work behavior. + You value time deeply and optimize for greatest impact. + 3+ years of working in at least 1 major public Cloud provider and a desire to learn a second. + 2+ years of operating, and securing Kubernetes clusters. + Broad scoped projects don't scare you, they energize you. However, you like to get things done fast (and help others) with limited dependencies. **What Helps You Stand Out** + You are often viewed as the "expert in the room" on cloud security in your current role. + You have experience with SCA, SAST, and secrets detection. + You have experience with security in healthcare or other highly regulated space. Examples: FEDRAMP, HIPAA/HITRUST, SOC 2, PCI experience from an operational response standpoint. We are committed to building a diverse team of Datavanters who are all responsible for stewarding a high-performance culture in which all Datavanters belong and thrive. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status. At Datavant our total rewards strategy powers a high-growth, high-performance, health technology company that rewards our employees for transforming health care through creating industry-defining data logistics products and services. The range posted is for a given job title, which can include multiple levels. Individual rates for the same job title may differ based on their level, responsibilities, skills, and experience for a specific job. The estimated total cash compensation range for this role is: $152,000-$190,000 USD To ensure the safety of patients and staff, many of our clients require post-offer health screenings and proof and/or completion of various vaccinations such as the flu shot, Tdap, COVID-19, etc. Any requests to be exempted from these requirements will be reviewed by Datavant Human Resources and determined on a case-by-case basis. Depending on the state in which you will be working, exemptions may be available on the basis of disability, medical contraindications to the vaccine or any of its components, pregnancy or pregnancy-related medical conditions, and/or religion. This job is not eligible for employment sponsorship. Datavant is committed to a work environment free from job discrimination. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status. To learn more about our commitment, please review our EEO Commitment Statement here (************************************************** . Know Your Rights (*********************************************************************** , explore the resources available through the EEOC for more information regarding your legal rights and protections. In addition, Datavant does not and will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay. At the end of this application, you will find a set of voluntary demographic questions. If you choose to respond, your answers will be anonymous and will help us identify areas for improvement in our recruitment process. (We can only see aggregate responses, not individual ones. In fact, we aren't even able to see whether you've responded.) Responding is entirely optional and will not affect your application or hiring process in any way. Datavant is committed to working with and providing reasonable accommodations to individuals with physical and mental disabilities. If you need an accommodation while seeking employment, please contact us at *********************** . We will review your request for reasonable accommodation on a case-by-case basis. For more information about how we collect and use your data, please review our Privacy Policy (**************************************** .

**Who Are We?** Taking care of our customers, our communities and each other. That's the Travelers Promise. By honoring this commitment, we have maintained our reputation as one of the best property casualty insurers in the industry for over 160 years. Join us to discover a culture that is rooted in innovation and thrives on collaboration. Imagine loving what you do and where you do it. **Job Category** Technology **Compensation Overview** The annual base salary range provided for this position is a nationwide market range and represents a broad range of salaries for this role across the country. The actual salary for this position will be determined by a number of factors, including the scope, complexity and location of the role; the skills, education, training, credentials and experience of the candidate; and other conditions of employment. As part of our comprehensive compensation and benefits program, employees are also eligible for performance-based cash incentive awards. **Salary Range** $123,000.00 - $203,000.00 **Target Openings** 1 **What Is the Opportunity?** Travelers is seeking an Application Security Engineer II to join our organization as we grow and transform our Technology landscape. This engineer will focus on supporting and driving security initiatives related to containerized development. Additionally, the individual will complete advanced end to end security engineering tasks for specific system including security research, application security testing, interpretation of vulnerability scan results, threat modeling code reviews, and will provide defensive coding techniques consulting. Works with circle leads in a Value Stream on security and performs Application Security testing for Value Stream. Provides guidance and support to junior team members. Performs application architecture security reviews. Partners with Cybersecurity and Enterprise Security Engineering on testing and remediation of vulnerabilities and implementation of Cybersecurity patterns. **What Will You Do?** + Support the development of a container image security strategy to include supply chain risk initiatives. + Support the container image security strategy implementation and integration with DevOps pipelines. + Promote a culture around secure container development. + Perform security research, application security testing, interpretation of vulnerability scan results, threat modeling code reviews and advise on defensive coding techniques with a high degree of accuracy and speed, operating as an individual contributor to team goals. + Work independently to tackle well-scoped and loosely scoped problems. + Seek opportunities to expand technical knowledge and capabilities. + Provide technical guidance and mentorship to less experienced employees. + Perform other duties as assigned. **What Will Our Ideal Candidate Have?** + Four years of modern application development or application security experience. + Moderate experience in Container Security working with technologies like Kubernetes and container technologies such as Docker or OpenShift + Moderate experience with development in AWS + Moderate knowledge and understanding of container security and related risks. + Moderate knowledge and experience with build (CI/CD) pipeline technologies such as GitHub Actions, Jenkins, and/or GitLab CI/CD. + Experience with container image hardening and base image management. + Experience integrating and managing tools involving SAST, SCA, and Secrets scanning capabilities. + Familiarity of microservices architecture and design patterns. + Delivery - Intermediate delivery skills including the ability to estimate accurate timelines for tasks and deliver work at a steady, predictable pace to achieve commitments, contribute to the software design strategy and methodologies used to best meet the system requirements, consider and build for many different use cases, avoid over engineering, and ensure automation, deliver complete solutions but release them in small batches, and identify important tradeoffs and negotiate them. + Domain Expertise - Demonstrated track record of domain expertise including understanding technical concepts necessary to do the job effectively and aware of industry trends, demonstrate willingness, cooperation, and concern for business issues and priorities, and possess in depth knowledge of immediate systems worked on and some knowledge of adjacent systems. + Problem Solving - Strong problem solver who ensures solutions are built for the long term, is able to resolve new issues, recognizes mistakes using them as learning and teaching opportunities and consistently breaks down large problems into smaller, more manageable ones. + Communication - Strong communicator who possesses the ability to articulate information clearly and concisely with the business, document work in a clear, easy to follow manner, collaborate well with team members as both a mentor and mentee, take in vague requirements and ask the right questions to ensure clarification, offer feedback appropriately and effectively, seek out and receives constructive criticism well, listen when others are speaking and make space for colleagues to share their thoughts. + Leadership - Intermediate leadership skills with the ability to help create a safe environment for others to learn and grow as engineers and a proven track record of self-motivation in identifying opportunities and tracking team efforts. **What is a Must Have?** + Bachelor's degree in Computer Science or a related field, or its equivalent in work experience + Three years of system security experience. **What Is in It for You?** + **Health Insurance** : Employees and their eligible family members - including spouses, domestic partners, and children - are eligible for coverage from the first day of employment. + **Retirement:** Travelers matches your 401(k) contributions dollar-for-dollar up to your first 5% of eligible pay, subject to an annual maximum. If you have student loan debt, you can enroll in the Paying it Forward Savings Program. When you make a payment toward your student loan, Travelers will make an annual contribution into your 401(k) account. You are also eligible for a Pension Plan that is 100% funded by Travelers. + **Paid Time Off:** Start your career at Travelers with a minimum of 20 days Paid Time Off annually, plus nine paid company Holidays. + **Wellness Program:** The Travelers wellness program is comprised of tools, discounts and resources that empower you to achieve your wellness goals and caregiving needs. In addition, our mental health program provides access to free professional counseling services, health coaching and other resources to support your daily life needs. + **Volunteer Encouragement:** We have a deep commitment to the communities we serve and encourage our employees to get involved. Travelers has a Matching Gift and Volunteer Rewards program that enables you to give back to the charity of your choice. **Employment Practices** Travelers is an equal opportunity employer. We value the unique abilities and talents each individual brings to our organization and recognize that we benefit in numerous ways from our differences. In accordance with local law, candidates seeking employment in Colorado are not required to disclose dates of attendance at or graduation from educational institutions. If you are a candidate and have specific questions regarding the physical requirements of this role, please send us an email (*******************) so we may assist you. Travelers reserves the right to fill this position at a level above or below the level included in this posting. To learn more about our comprehensive benefit programs please visit ******************************************************** .

M.C. Dean is Building Intelligence. We design, build, operate, and maintain cyber-physical solutions for the nation's most recognizable mission-critical facilities, secure environments, complex infrastructure, and global enterprises. Our success relies on great people delivering innovative projects and solutions for Fortune 100 companies and the most recognized agencies in government, defense, and security. Join our more than 4,500 employees worldwide who engineer and deploy automated, secure, and resilient power and technology systems; and deliver the management platforms essential for long-term system sustainability. Together we are creating the integrated systems and technologies that shape the built and cyber-physical world. We offer an excellent benefits package including: * A competitive salary * Medical, dental, vision, life, and disability insurance * Paid-time off * Tuition reimbursement * 401k Retirement Plan * Military Reserve pay offset * Paid maternity leave Salary Range: $104,080- $156,120 Position Overview: M.C. Dean is seeking to hire a Cyber Security Specialist 3 to support the CIM Business Unit. The candidate will be required to travel to CONUS and OCONUS Government and Commercial facilities to support the development and implementation of the DoD Risk Management Framework (RMF) process. Responsibilities Position Responsibilities: * Conduct ICS/SCADA system inventories following guidance including, but not limited to U.S. Army ICS Inventory Methodology and Unified Facilities Criteria (UFC) 4-010-06, Cybersecurity of Facility-Related Control Systems. * Assist in the development and verification of documentation necessary to complete the DoD RMF assessment and authorization process. * Implement Implementation of DoD Security Technical Implementation Guides (STIGs) on traditional Information Technology (IT) and Operational Technology (OT) systems. * Conduct vulnerability scanning and document system vulnerabilities. * Work in a team environment alongside other cybersecurity engineers and Risk Management Framework (RMF) analysts. Qualifications Required Education & Experience: * 3+ Years of Experience with a Master's Degree in Information Technology, Risk Management, Cybersecurity * 5+ Years of Experience with a Bachelor's Degree in Information Technology, Risk Management, Cybersecurity * 8+ years of Experience with an Associate's Degree in Information Technology, Risk Management, Cybersecurity * 11+ Years with a High School Diploma * Ability to process and operate application software, to include word-processing, spreadsheets and databases. * Position requires a TSC/SCI w poly clearance * Must meet the Department of Defense Directive (DoDD) 8570.01 "Information Assurance Training, Certification, and Workforce Management" and DoD 8570-M "Information Assurance Workforce Improvement Program" requirements for IAM (Information Assurance Manager) Level 2, IAT (Information Assurance Technical) Level 2, OR IASAE (Information Assurance System Architect and Engineer) Level 2. * Documented training in the following areas: network infrastructure (Cisco), Microsoft Windows. * Experience working on government and/commercial projects implementing cybersecurity requirements in a variety of industrial control systems (e.g., building management, electronic security, fire alarm/mass notification, electrical distribution, power management, etc.). Additional Preferred Qualifications: * 5+ years of experience working with industry and government agencies on the design of ICS platforms and integrated ICS systems * Strongly preferred: Meet the Department of Defense Directive (DoDD) 8570.01 "Information Assurance Training, Certification, and Workforce Management" and DoD 8570-M "Information Assurance Workforce Improvement Program" requirements for IAM (Information Assurance Manager) Level 3, IAT (Information Assurance Technical) Level 3, OR IASAE (Information Assurance System Architect and Engineer) Level 3 * Familiarity with various industry ICS products * Experience implementing a variety of security assessment tools * Implementation of DoD Security Technical Implementation Guides (STIGs) * Security Readiness Review (SRR) Tools (scripts and OVAL Benchmarks, ACAS, Wireshark) * Excellent understanding of the DoD RMF lifecycle and NIST 800-53 controls implementation * Strong written and verbal communication skills Ability to coordinate with and support multiple team members, vendors, and government customers * Ability to identify, maintain, and troubleshoot HMI components * Ability to identify, maintain, and troubleshoot control network components * Ability to interpret drawings both mechanical and electrical * Ability to identify, maintain, and utilize SCADA systems and KPI's * Ability to train others with lesser skills * Ability to access all levels and areas of the facility * Working knowledge of EMS/SCADA or other operational control systems. * Knowledge of SCADA protocols like Modbus, IEC 60870-5-101 or 104, IEC 61850 and DNP3 and other major SCADA protocols * Awareness of NIST Special Publication 800-82, Guide to Industrial Control Systems (ICS) Security and UFC 4-010-06 Unified Facilities Criteria (UFC) Cybersecurity of Facility * Awareness of DoD Risk Management Framework (RMF) process. * Possession of excellent customer service and organization skills. * Possession of excellent oral and written communication skills. Preferred Certifications: * Certified Information Systems Security Professional (CISSP) * Certified Ethical Hacker (CEH) * Certified SCADA Security Architect (CSSA) Related Control Systems. Abilities: * Exposure to computer screens for an extended period of time. * Sitting for extended periods of time. * Reach by extending hands or arms in any direction. * Have finger dexterity in order to manipulate objects with fingers rather than whole hands or arms, for example, using a keyboard. * Listen to and understand information and ideas presented through spoken words and sentences. * Communicate information and ideas in speaking so others will understand. * Read and understand information and ideas presented in writing. * Apply general rules to specific problems to produce answers that make sense. * Identify and understand the speech of another person.

We are seeking an experienced Application Security Engineer to join our Software Security team and take charge of ensuring the security and integrity of our software applications. The ideal candidate will have advanced knowledge of secure software development, extensive experience with identifying vulnerabilities, and the ability to implement robust security solutions. This role will require collaboration with development teams, security architects, and other stakeholders to integrate security best practices into all stages of the software development lifecycle. The Impact Your key responsibilities will consist of the following to ensure applications are resilient against emerging threats, reducing potential financial and reputational damage from security incidents. Conduct in-depth security assessments, including vulnerability scanning, and code reviews. Leverage automated tools and manual testing techniques to identify, risk assess and prioritize and propose mitigation strategies for identified threats and application-level vulnerabilities (e.g., OWASP Top 10, etc.) ensuring our applications meet security standards and reducing exposure to data breaches. Collaborate with security architects to design secure application architectures that align with industry best practices. Ensure secure coding practices are followed, and security controls are incorporated into software designs. Conduct detailed threat modeling to identify attack vectors and potential weaknesses. Collaborate with our SDLC Council to develop and maintain secure coding standards, empowering developers to integrate security into the development process. Partner with DevOps teams to implement security within CI/CD (continuous integration & delivery) pipelines for automated and seamless deployment of secure code. Assist in incident response activities related to application security breaches, providing rapid identification and mitigation guidance. Ensure compliance with security regulations, frameworks, and industry standards such as OWASP. Leverage reporting tools to demonstrate the overall risk through metrics (KPIs, KRIs, OKRs) of vulnerabilities and code defects to cyber assets for various team leaders and executive leadership for risk prioritization and enablement of risk-based decision-making. Stay up to date with the latest security threats, vulnerabilities, and industry trends to inform and improve security strategies. Strong problem-solving abilities and analytical thinking. Excellent communication skills to explain security issues to both technical and non-technical stakeholders. A team player with the ability to work in a collaborative, fast-paced environment. The Minimum Qualifications Bachelor's or master's degree in computer science, Information Security, or a related field. Minimum of 5+ years of experience in application security, penetration testing, or secure software development. The Ideal Qualifications Relevant security certifications such as CEH, OSCP, or GWAPT) from an industry recognized certifier (e.g., SANS/GIAC, CompTIA, ISACA, ISC2, etc.) Strong knowledge of secure software development methodologies, including threat modeling, code reviews, and static/dynamic analysis. Experience in integrating security into DevOps (DevSecOps) and CI/CD environments. Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), mobile security, infrastructure as code (IaC), container security, and API security. Familiarity with SAST, DAST, and IAST tools. Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations. Advanced understanding and experience with writing source code (e.g., JavaScript, Java, C/C++/C#, Python, etc.) and familiarity with software security frameworks (e.g., Maven, Node, Gradle, etc.). Experience with identifying security vulnerabilities/defects in dockers, containers, and Kubernetes. Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins, AWS Cloud Formation Templates, Secrets Managers). Knowledge of compliance and regulatory frameworks (SOC 2, etc.). Education: Bachelor's or master's degree in computer science. Skills and Experience: Required Skills: MITIGATION CLOUD SECURITY METRICS SCANNING GCP Additional Skills: SOC INFORMATION SECURITY API DYNAMIC ANALYSIS C JAVA MAVEN AMAZON WEB SERVICES PROBLEM-SOLVING GITHUB DEPLOYMENT REPORTING TOOLS INCIDENT RESPONSE C/C++ CONTINUOUS INTEGRATION/DELIVERY TERRAFORM CODING DEV OPS EXCELLENT COMMUNICATION SKILLS JAVASCRIPT SOFTWARE SECURITY COMPTIA PYTHON STRUCTURED SOFTWARE GIAC SDLC JENKINS CODING STANDARDS TEAM PLAYER GRADLE KUBERNETES

Must have: Application security, Relevant security certifications , Devops, OWASP Duties: The Opportunity We are seeking an experienced Application Security Engineer to join our Software Security team and take charge of ensuring the security and integrity of our software applications. The ideal candidate will have advanced knowledge of secure software development, extensive experience with identifying vulnerabilities, and the ability to implement robust security solutions. This role will require collaboration with development teams, security architects, and other stakeholders to integrate security best practices into all stages of the software development lifecycle. Description: Your key responsibilities will consist of the following to ensure applications are resilient against emerging threats, reducing potential financial and reputational damage from security incidents. Conduct in-depth security assessments, including vulnerability scanning, and code reviews. Leverage automated tools and manual testing techniques to identify, risk assess and prioritize and propose mitigation strategies for identified threats and application-level vulnerabilities (e.g., OWASP Top 10, etc.) ensuring our applications meet security standards and reducing exposure to data breaches. Collaborate with security architects to design secure application architectures that align with industry best practices. Ensure secure coding practices are followed, and security controls are incorporated into software designs. Conduct detailed threat modeling to identify attack vectors and potential weaknesses. Collaborate with our SDLC Council to develop and maintain secure coding standards, empowering developers to integrate security into the development process. Partner with DevOps teams to implement security within CI/CD (continuous integration & delivery) pipelines for automated and seamless deployment of secure code. Assist in incident response activities related to application security breaches, providing rapid identification and mitigation guidance. Ensure compliance with security regulations, frameworks, and industry standards such as OWASP. Leverage reporting tools to demonstrate the overall risk through metrics (KPIs, KRIs, OKRs) of vulnerabilities and code defects to MassMutual's cyber assets for various team leaders and executive leadership for risk prioritization and enablement of risk-based decision-making. Stay up to date with the latest security threats, vulnerabilities, and industry trends to inform and improve security strategies. Strong problem-solving abilities and analytical thinking. Excellent communication skills to explain security issues to both technical and non-technical stakeholders. A team player with the ability to work in a collaborative, fast-paced environment. Office location worker is associated with: Springfield, MA, Boston, MA, or NY, NY. Skills: Bachelor's or master's degree in computer science, Information Security, or a related field. Minimum of 5+ years of experience in application security, penetration testing, or secure software development. The Ideal Qualifications Relevant security certifications such as CEH, OSCP, or GWAPT) from an industry recognized certifier (e.g., SANS/GIAC, CompTIA, ISACA, ISC2, etc.) Strong knowledge of secure software development methodologies, including threat modeling, code reviews, and static/dynamic analysis. Experience in integrating security into DevOps (DevSecOps) and CI/CD environments. Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), mobile security, infrastructure as code (IaC), container security, and API security. Familiarity with SAST, DAST, and IAST tools. Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations. Advanced understanding and experience with writing source code (e.g., JavaScript, Java, C/C++/C#, Python, etc.) and familiarity with software security frameworks (e.g., Maven, Node, Gradle, etc.). Experience with identifying security vulnerabilities/defects in dockers, containers, and Kubernetes. Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins, AWS Cloud Formation Templates, Secrets Managers). Knowledge of compliance and regulatory frameworks (SOC 2, etc.).

NetCentrics is seeking a highly motivated and technically skilled Mid-Level Cyber Defense Analyst to join our cybersecurity operations team. This role is responsible for supporting enterprise-wide cyber incident response and defense initiatives. The ideal candidate will have a strong background in threat analysis, intrusion detection, and real-time incident handling, and will be capable of correlating data from multiple sources to identify vulnerabilities and recommend effective remediation strategies. About Us: At NetCentrics, we proudly hold a distinguished position as a leader in cybersecurity, cloud, digital transformation, and mission support. With an esteemed clientele that includes the DoD, DHS, Federal Civilian Agencies, and the Intelligence Community, our impact on national security is undeniable. We are a diverse group of intellectually curious people, solving hard problems, and living by our core values while bonded by the shared vision to secure our nation - join us! Key Responsibilities: * Coordinate and execute incident response functions across enterprise systems. * Provide expert technical support to cyber defense technicians to analyze, resolve, and document incidents. * Perform log analysis from a wide range of sources including host, firewall, IDS, and network traffic logs to detect potential threats. * Conduct cyber incident triage, determine scope and urgency, identify vulnerabilities, and recommend immediate remediation. * Execute real-time incident handling activities such as forensic collection, intrusion correlation and tracking, and threat analysis. * Support deployable Incident Response Teams (IRTs) with technical tasks during active investigations. * Perform initial forensic image collection and inspection to support mitigation and remediation efforts. * Conduct cyber defense trend analysis and reporting to identify recurring patterns and emerging threats. * Receive, review, and analyze network alerts from internal monitoring tools and threat intelligence sources. * Track and document incidents from initial detection through final resolution, ensuring completeness and accuracy of case records. * Apply defense-in-depth principles and best practices, including layered security and redundancy. * Collect and analyze intrusion artifacts (e.g., malware, trojans, source code) to enhance incident mitigation strategies. * Collaborate with intelligence analysts to correlate cyber threat data and improve situational awareness. * Monitor external threat intelligence feeds (e.g., vendor advisories, CERT alerts, vulnerability databases) to stay informed of current threats and assess enterprise impact. Desired Qualifications: * Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent work experience). * 3-5 years of experience in cybersecurity operations, with a focus on incident detection, response, or analysis. * Experience with log analysis tools (e.g., Splunk, ELK, QRadar), SIEM platforms, and forensic tools. * Familiarity with IDS/IPS, firewall technologies, and network protocols. * Solid understanding of cybersecurity frameworks (e.g., NIST 800-61, MITRE ATT&CK). * Strong analytical and troubleshooting skills. * Excellent verbal and written communication skills. Preferred Qualifications: * Experience supporting federal government cybersecurity programs. * Familiarity with threat hunting, endpoint detection and response (EDR) tools, and malware analysis. * Experience documenting and reporting to internal leadership or external regulatory bodies. Relevant industry certifications such as: * GIAC Certified Incident Handler (GCIH) * Certified Ethical Hacker (CEH) * Certified Information Systems Security Professional (CISSP) * CompTIA Cybersecurity Analyst (CySA+) Where You Belong At the heart of our organization lies a set of five core values that guide every facet of our work. "Mission First" epitomizes our unwavering commitment to our goals. "People Always" underscores the significance we place on our team's well-being and development. We continually strive to "Be Eminent" by consistently pushing the boundaries of excellence. "Embrace the Team" reflects our unwavering belief in the power of collaboration, recognizing that together, we attain greatness. With every action, we "Act with a Purpose," ensuring that our efforts contribute meaningfully to a larger mission. These values serve as the bedrock of our company culture, propelling us forward as a united and purpose-driven team. Why Join NetCentrics Join us not just to be a part of safeguarding our nation, but to be at the forefront of innovation, where your ideas and expertise play a pivotal role in shaping the future of cybersecurity and IT. Together, we're not just protecting systems; we're pioneering them. Come be a part of our team and redefine the possibilities in our industry! Commitment to Diversity This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status or on the basis of disability. Equal Opportunity Employer/Veterans/Disabled

What we're all about. We find, when we come together in the pursuit of excellence, great things happen. And that's how we do things at Quantexa - together. Our business is data, but our culture is collective. We're about growth - but not just the bottom line. We create a culture where people feel empowered to do their best work. We might work across continents and time zones, but that doesn't stop us from collaborating. We're connected. We celebrate our successes together, and we unite to tackle the challenges. 41% of our colleagues come from an ethnic or religious minority background. We speak over 20 languages across our 47 nationalities, creating a sense of belonging for all. At Q, we're looking for people who share that vision. People like you. You will be expected to. As a Senior Security Engineer at Quantexa, you will play a pivotal role in shaping and securing our cloud-native environments across Azure and GCP. Leveraging your deep expertise in cybersecurity best practices, threat actor tactics, and modern detection techniques, you will help design, implement, and maintain secure systems that support our internal and client-facing environments. You will join the Security Operations team, reporting to the Cyber Security Manager, and be expected to contribute immediately by working with the team and advising the Cyber Security Manager to securely onboard, develop, deploy and manage new technologies within Quantexa from a security aspect. You will also be responsible for reviewing existing deployments, identifying areas for enhancement, and contributing to our continuous improvement workflows to ensure our security posture evolves with emerging threats. Your role will include interpreting open-source threat intelligence reports and translating them into actionable detection rules aligned with the MITRE ATT&CK framework. You'll also conduct proactive threat hunting to identify and test indicators of compromise before they escalate. Collaboration is key. You will work closely with the Information Security team on initiatives such as penetration testing, red teaming, SOC operations, and compliance-based audits (ISO, SOC2 and Cyber Essentials). You'll also partner with IT, DevOps and other stakeholders to embed security into every layer of our infrastructure. Strong communication skills are essential. You will be expected to clearly articulate complex technical concepts to non-technical audiences, influence stakeholders across the business, and advocate for adopting security best practices in conjunction with the Cyber Security Manager. Your ability to build trust and drive alignment will be critical in embedding security into our operations and culture.

Trustmark's mission is to improve wellbeing - for everyone. It is a mission grounded in a belief in equality and born from our caring culture. It is a culture we can only realize by building trust. Trust established by ensuring associates feel respected, valued and heard. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture of diversity and inclusion where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. At Trustmark, we have a commitment to welcoming people, no matter their background, identity or experience, to a workplace where they feel safe being their whole, authentic selves. A workplace made up of diverse, empowered individuals that allows ideas to thrive and enables us to bring the best to our colleagues, clients and communities. We are seeking a highly skilled Cyber Security Engineer to join our team and play a pivotal role in safeguarding our organization's digital assets. The ideal candidate will possess a deep understanding of cybersecurity principles, a strong technical background, and a passion for protecting sensitive information. You will be responsible for engineering, implementing and monitoring security measures for the protection of Trustmark's computer systems, networks and information. The role helps identify and define system security requirements as well as develop detailed cyber security designs. **Responsibilities:** + Design, implement, and maintain security architectures, systems, and solutions to protect critical infrastructure and data. + Conduct vulnerability assessments and penetration testing to identify and mitigate risks. + Develop and implement security policies, standards, and procedures. + Monitor security systems and respond to incidents promptly and effectively. + Stay up-to-date with the latest cybersecurity threats and trends. + Collaborate with cross-functional teams to ensure security is integrated into all aspects of the business. + Provide technical guidance and support to internal stakeholders. **Qualifications:** + Bachelor's degree in Computer Science, Information Technology, or a related field or + 3-5 Years of network engineering or cyber engineering experience + Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001). + Proficiency in network security, systems security, application security, and data security. + Hands-on experience with security tools and technologies (e.g., firewalls, intrusion detection systems, encryption, SIEM). + Excellent problem-solving and analytical skills. + Strong communication and interpersonal skills. + Ability to work independently and as part of a team. **Preferred Qualifications:** + Certifications such as CISSP, CISA, or CEH. + Experience with cloud security (e.g., AWS, Azure, GCP). + Knowledge of scripting and programming languages (e.g., Python, PowerShell). Brand: Trustmark Come join a team at Trustmark that will not only utilize your current skills but will enhance them as well. Trustmark benefits include health/dental/vision, life insurance, FSA and HSA, 401(k) plan, Employee Assistant Program, Back-up Care for Children, Adults and Elders and many health and wellness initiatives. We also offer a Wellness program that enables employees to participate in health initiatives to reduce their insurance premiums. **For the fourth consecutive year we were selected as a Top Workplace by the Chicago Tribune.** The award is based exclusively on Trustmark associate responses to an anonymous survey. The survey measured 15 key drivers of engaged cultures that are critical to the success of an organization. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, sexual identity, age, veteran or disability. Join a passionate and purpose-driven team of colleagues who contribute to Trustmark's mission of helping people increase wellbeing through better health and greater financial security. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. Introduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match. When you join Trustmark, you become part of an organization that makes a positive difference in people's lives. You will play a vital role in delivering on our mission of helping people increase wellbeing through better health and greater financial security. Our customers tell us they simply appreciate the personal attention and knowledgeable service. Others tell us we've changed their lives. At Trustmark, you'll be part of a close-knit team. You'll enjoy abundant opportunities to grow your career. That's why so many of our associates stay at Trustmark and thrive. Trustmark benefits from more than 100 years of experience but pairs that rich history with a palpable sense of optimism, growth and excitement for what's ahead - and beyond. This is a place where associates bring their whole selves to work each day. A place where you can be yourself. Whatever your beyond is, you can achieve it at Trustmark.

The Meta Security team is responsible for improving the security posture of the software and services used throughout our company. Our work spans Facebook, Instagram, WhatsApp, Oculus, and all of the underlying systems and infrastructure that power these products behind the scenes.We are seeking a committed and experienced security engineer to join our Security Risk Management (SRM) team to help design and build solutions to:* Drive better understanding of security risk and enable investment decisions through automation, monitoring, and tracking of Meta's security tools, systems, and controls* Enable security and software engineers to seamlessly respond to requests to prove effective design and operation of security capabilities* Increase maturity of security capabilities through control improvements and redesign **Required Skills:** Security Engineer - Security Risk Management Responsibilities: 1. Work with a team of software, data, and security engineers that design, build, and own software solutions that scale high fidelity security risk contextualization, tracking, and reporting 2. Understand and influence evolution of security capabilities across various domains to scale and automate: a) monitoring the effectiveness, and b) increasing the maturity of those capabilities 3. Design and build solutions to scale managing and responding to risk management & compliance related requests **Minimum Qualifications:** Minimum Qualifications: 4. Bachelor's degree or equivalent experience in information security 5. 5+ years work experience securing enterprise-scale infrastructure software and services 6. 3-5+ years programming experience with at least one of the following languages: Python, PHP, Ruby, or similar scripting languages 7. Experience remediating infrastructure security gaps across broad corporate boundaries using influence and relationships 8. Experience with security control automation/monitoring or "compliance as code" implementations 9. Experience thinking critically and defending solutions with solid communications skills in a cross-functional setting to influence decision makers across all levels of technical background **Preferred Qualifications:** Preferred Qualifications: 10. Networking and system administration experience of server (Linux, Windows) and client (Windows, mac OS, Linux) operating systems 11. Experience influencing software engineers to build products meant to scale security solutions 12. Experience generating automated metrics to measure service and program effectiveness and consistency 13. Experience with common risk & compliance program activities (e.g., controls, risk, policy management) **Public Compensation:** $147,000/year to $208,000/year + bonus + equity + benefits **Industry:** Internet **Equal Opportunity:** Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.

Who Are We? Taking care of our customers, our communities and each other. That's the Travelers Promise. By honoring this commitment, we have maintained our reputation as one of the best property casualty insurers in the industry for over 160 years. Join us to discover a culture that is rooted in innovation and thrives on collaboration. Imagine loving what you do and where you do it. Compensation Overview The annual base salary range provided for this position is a nationwide market range and represents a broad range of salaries for this role across the country. The actual salary for this position will be determined by a number of factors, including the scope, complexity and location of the role; the skills, education, training, credentials and experience of the candidate; and other conditions of employment. As part of our comprehensive compensation and benefits program, employees are also eligible for performance-based cash incentive awards. Salary Range $123,000.00 - $203,000.00 Target Openings 1 What Is the Opportunity? Travelers is seeking an Application Security Engineer II to join our organization as we grow and transform our Technology landscape. This engineer will focus on supporting and driving security initiatives related to containerized development. Additionally, the individual will complete advanced end to end security engineering tasks for specific system including security research, application security testing, interpretation of vulnerability scan results, threat modeling code reviews, and will provide defensive coding techniques consulting. Works with circle leads in a Value Stream on security and performs Application Security testing for Value Stream. Provides guidance and support to junior team members. Performs application architecture security reviews. Partners with Cybersecurity and Enterprise Security Engineering on testing and remediation of vulnerabilities and implementation of Cybersecurity patterns. What Will You Do? * Support the development of a container image security strategy to include supply chain risk initiatives. * Support the container image security strategy implementation and integration with DevOps pipelines. * Promote a culture around secure container development. * Perform security research, application security testing, interpretation of vulnerability scan results, threat modeling code reviews and advise on defensive coding techniques with a high degree of accuracy and speed, operating as an individual contributor to team goals. * Work independently to tackle well-scoped and loosely scoped problems. * Seek opportunities to expand technical knowledge and capabilities. * Provide technical guidance and mentorship to less experienced employees. * Perform other duties as assigned. What Will Our Ideal Candidate Have? * Four years of modern application development or application security experience. * Moderate experience in Container Security working with technologies like Kubernetes and container technologies such as Docker or OpenShift * Moderate experience with development in AWS * Moderate knowledge and understanding of container security and related risks. * Moderate knowledge and experience with build (CI/CD) pipeline technologies such as GitHub Actions, Jenkins, and/or GitLab CI/CD. * Experience with container image hardening and base image management. * Experience integrating and managing tools involving SAST, SCA, and Secrets scanning capabilities. * Familiarity of microservices architecture and design patterns. * Delivery - Intermediate delivery skills including the ability to estimate accurate timelines for tasks and deliver work at a steady, predictable pace to achieve commitments, contribute to the software design strategy and methodologies used to best meet the system requirements, consider and build for many different use cases, avoid over engineering, and ensure automation, deliver complete solutions but release them in small batches, and identify important tradeoffs and negotiate them. * Domain Expertise - Demonstrated track record of domain expertise including understanding technical concepts necessary to do the job effectively and aware of industry trends, demonstrate willingness, cooperation, and concern for business issues and priorities, and possess in depth knowledge of immediate systems worked on and some knowledge of adjacent systems. * Problem Solving - Strong problem solver who ensures solutions are built for the long term, is able to resolve new issues, recognizes mistakes using them as learning and teaching opportunities and consistently breaks down large problems into smaller, more manageable ones. * Communication - Strong communicator who possesses the ability to articulate information clearly and concisely with the business, document work in a clear, easy to follow manner, collaborate well with team members as both a mentor and mentee, take in vague requirements and ask the right questions to ensure clarification, offer feedback appropriately and effectively, seek out and receives constructive criticism well, listen when others are speaking and make space for colleagues to share their thoughts. * Leadership - Intermediate leadership skills with the ability to help create a safe environment for others to learn and grow as engineers and a proven track record of self-motivation in identifying opportunities and tracking team efforts. What is a Must Have? * Bachelor's degree in Computer Science or a related field, or its equivalent in work experience * Three years of system security experience. What Is in It for You? * Health Insurance: Employees and their eligible family members - including spouses, domestic partners, and children - are eligible for coverage from the first day of employment. * Retirement: Travelers matches your 401(k) contributions dollar-for-dollar up to your first 5% of eligible pay, subject to an annual maximum. If you have student loan debt, you can enroll in the Paying it Forward Savings Program. When you make a payment toward your student loan, Travelers will make an annual contribution into your 401(k) account. You are also eligible for a Pension Plan that is 100% funded by Travelers. * Paid Time Off: Start your career at Travelers with a minimum of 20 days Paid Time Off annually, plus nine paid company Holidays. * Wellness Program: The Travelers wellness program is comprised of tools, discounts and resources that empower you to achieve your wellness goals and caregiving needs. In addition, our mental health program provides access to free professional counseling services, health coaching and other resources to support your daily life needs. * Volunteer Encouragement: We have a deep commitment to the communities we serve and encourage our employees to get involved. Travelers has a Matching Gift and Volunteer Rewards program that enables you to give back to the charity of your choice. Employment Practices Travelers is an equal opportunity employer. We value the unique abilities and talents each individual brings to our organization and recognize that we benefit in numerous ways from our differences. In accordance with local law, candidates seeking employment in Colorado are not required to disclose dates of attendance at or graduation from educational institutions. If you are a candidate and have specific questions regarding the physical requirements of this role, please send us an email so we may assist you. Travelers reserves the right to fill this position at a level above or below the level included in this posting. To learn more about our comprehensive benefit programs please visit *********************************************************

Job Description We are seeking an experienced Application Security Engineer to join our Software Security team and take charge of ensuring the security and integrity of our software applications. The ideal candidate will have advanced knowledge of secure software development, extensive experience with identifying vulnerabilities, and the ability to implement robust security solutions. This role will require collaboration with development teams, security architects, and other stakeholders to integrate security best practices into all stages of the software development lifecycle. The Impact Your key responsibilities will consist of the following to ensure applications are resilient against emerging threats, reducing potential financial and reputational damage from security incidents. Conduct in-depth security assessments, including vulnerability scanning, and code reviews. Leverage automated tools and manual testing techniques to identify, risk assess and prioritize and propose mitigation strategies for identified threats and application-level vulnerabilities (e.g., OWASP Top 10, etc.) ensuring our applications meet security standards and reducing exposure to data breaches. Collaborate with security architects to design secure application architectures that align with industry best practices. Ensure secure coding practices are followed, and security controls are incorporated into software designs. Conduct detailed threat modeling to identify attack vectors and potential weaknesses. Collaborate with our SDLC Council to develop and maintain secure coding standards, empowering developers to integrate security into the development process. Partner with DevOps teams to implement security within CI/CD (continuous integration & delivery) pipelines for automated and seamless deployment of secure code. Assist in incident response activities related to application security breaches, providing rapid identification and mitigation guidance. Ensure compliance with security regulations, frameworks, and industry standards such as OWASP. Leverage reporting tools to demonstrate the overall risk through metrics (KPIs, KRIs, OKRs) of vulnerabilities and code defects to cyber assets for various team leaders and executive leadership for risk prioritization and enablement of risk-based decision-making. Stay up to date with the latest security threats, vulnerabilities, and industry trends to inform and improve security strategies. Strong problem-solving abilities and analytical thinking. Excellent communication skills to explain security issues to both technical and non-technical stakeholders. A team player with the ability to work in a collaborative, fast-paced environment. The Minimum Qualifications Bachelor's or master's degree in computer science, Information Security, or a related field. Minimum of 5+ years of experience in application security, penetration testing, or secure software development. The Ideal Qualifications Relevant security certifications such as CEH, OSCP, or GWAPT) from an industry recognized certifier (e.g., SANS/GIAC, CompTIA, ISACA, ISC2, etc.) Strong knowledge of secure software development methodologies, including threat modeling, code reviews, and static/dynamic analysis. Experience in integrating security into DevOps (DevSecOps) and CI/CD environments. Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), mobile security, infrastructure as code (IaC), container security, and API security. Familiarity with SAST, DAST, and IAST tools. Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations. Advanced understanding and experience with writing source code (e.g., JavaScript, Java, C/C++/C#, Python, etc.) and familiarity with software security frameworks (e.g., Maven, Node, Gradle, etc.). Experience with identifying security vulnerabilities/defects in dockers, containers, and Kubernetes. Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins, AWS Cloud Formation Templates, Secrets Managers). Knowledge of compliance and regulatory frameworks (SOC 2, etc.). Education: Bachelor's or master's degree in computer science. Skills and Experience: Required Skills: MITIGATION CLOUD SECURITY METRICS SCANNING GCP Additional Skills: SOC INFORMATION SECURITY API DYNAMIC ANALYSIS C JAVA MAVEN AMAZON WEB SERVICES PROBLEM-SOLVING GITHUB DEPLOYMENT REPORTING TOOLS INCIDENT RESPONSE C/C++ CONTINUOUS INTEGRATION/DELIVERY TERRAFORM CODING DEV OPS EXCELLENT COMMUNICATION SKILLS JAVASCRIPT SOFTWARE SECURITY COMPTIA PYTHON STRUCTURED SOFTWARE GIAC SDLC JENKINS CODING STANDARDS TEAM PLAYER GRADLE KUBERNETES