Cyber Security Analyst jobs in North Bergen, NJ

Outcomes. Delivered. Voyatek, formerly GCOM Software and OnCore Consulting, delivers outcome-driven technology solutions to public sector agencies and higher education institutions nationwide. For example, our technology: Facilitates access to nutritious food for children of mothers participating in the WIC program Supports first responders in reducing opioid overdoses within their communities Empowers colleges and universities to identify and thwart financial aid fraud Equips teachers with valuable insights to identify students requiring additional support Enhances efficiency for state tax agencies, leading to 99% faster return processing and quicker refunds for taxpayers With a focus on Tax & Revenue, Health & Human Services, and Justice & Public Safety, Voyatek combines the scale to support large complex projects with the agility and accessibility of a boutique solutions provider. Together, Voyatek and its customers work to improve population wellbeing, create safer communities, and foster a thriving economy. We're more than a technology company -- we're an outcomes company. We encourage our employees to think differently, ask tough questions, and relentlessly pursue what's best for our customers and the residents they serve. We believe that the value of technology is defined by its human impact. If you agree, you've come to the right place. Voyatek is seeking applicants to occupy the position of Cyber Security Analyst within our team. The New York Power Authority (NYPA) is the largest state public power organization in the United States, renowned for its role in providing clean, affordable, and reliable energy. NYPA's mission is to power New York with clean energy while driving economic growth and sustainability. It focuses on reducing greenhouse gas emissions, modernizing the state's energy infrastructure, and promoting energy efficiency and innovation across sectors. Key Responsibilities: Ensure proper implementation of firewall and zero trust policies and rules. Continuously monitor firewall and VPN logs and alerts for suspicious activity. Ensure that firewall and zero trust policies are in line with compliance standards. Diagnose and resolve firewall or zero trust related issues. Coordinate with network and IT teams to address and mitigate security incidents. Work closely with other cybersecurity professionals, network engineers, and IT staff to implement and maintain security measures. Participate in cross-functional teams to enhance overall security posture. Qualifications: Minimum of 5 years experience as a Cyber Security Analyst Proficiency with firewall platforms (e.g., Checkpoint, Palo Alto, Fortinet). Proficiency with zero-trust security tools (e.g. Zscaler). Familiarity with endpoint protection cyber security tools, such as Crowdstrike, Windows Defender. Familiarity with Splunk. Preferred Qualifications: Certifications: Cyber security certification preferred (e.g. CCSP, CySA+, Splunk) The wage range for this role reflects the wide array of factors considered in compensation decisions. These factors include, but are not limited to, skill sets, experience, training, licensure and certifications, and geographic location. Compensation decisions are based on the unique facts and circumstances of each case. A reasonable estimate of the hourly range is $74.00 - $84.00. At Voyatek, we believe in supporting our employees with a comprehensive benefits package designed to enhance their well-being and professional growth. Please note that eligibility for certain benefits may vary based on your role and employment status. Flexible Work Schedules Health, Dental, and Vision Insurance Medical, Limited, & Dependent Flexible Spending Accounts (FSA) Health Savings Account (HSA) with Employer Contributions Company-Paid and Voluntary Life Insurance Long and Short-Term Disability Insurance Accident, Critical Illness, & Hospital Indemnity Insurance 401(k) Retirement Plan with Company Match and Immediate Vesting Well hub Fitness and Wellness Platform Pet Insurance Training Opportunities Employee Referral Bonus Program We are committed to fostering a workplace that supports both your personal and professional aspirations. As part of our commitment to maintaining a compliant workplace, all final candidates will undergo and must pass a comprehensive background screening prior to starting work. This screening may include, but is not limited to, verification of employment history, education, criminal records, and other relevant checks. For certain positions, additional client-specific background screenings may be required in the future, in accordance with client requirements. Voyatek does significant work with Federal and State tax and revenue authorities. If applicable to this role, all hires will be required to obtain a Federal Public Trust Clearance (Moderate Background Investigation). This clearance process may start upon offer acceptance; and must be cleared prior to working on these projects. If you think you are a good fit for us, we encourage you to apply. Check out our career website for all open positions! Voyatek provides equal employment opportunities to all employees and applicants for employment. Voyatek will make employment decisions without regard to race, color, creed, ancestry, national origin, citizenship, sex or gender (including pregnancy, childbirth, and pregnancy-related conditions), gender identity or expression (including transgender status), sexual orientation, marital status or domestic violence victim status, religion, age, disability, genetic information, service in the military, or any other characteristic protected by applicable federal, state, or local laws and ordinances. Employment decisions include all terms and conditions of employment, including recruitment and hiring, job assignment/placement, promotion, upgrading, demotion, termination, layoff, recall, transfer, leave of absence, rates of pay or other compensation, internship, and training.

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG's shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges. In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization's extensive global network. The Group's operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd. The anticipated salary range for this role is between $97,000.00 and $154,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees. **Role Description** As a Cyber Security Analyst - Threat Researcher, you will be a key part of a high performing Cyber Threat Intelligence program with a desire to continually improve and advance capabilities that protect SMBC Group. A qualified applicant will have demonstrated experience researching cyber threats and vulnerabilities to develop and maintain attack flow models as part of the threat modeling process. This role plays a key part in advancing our understanding of adversary tactics, techniques, and procedures (TTPs) by transforming threat intelligence into visual attack flow models that drive proactive defense strategies. It involves close collaboration with stakeholders to communicate cybersecurity risks and advocate for secure technologies and practices. This is an excellent opportunity for a developing cybersecurity professional to apply threat-informed defense in a complex enterprise environment, address real-world challenges, and strengthen SMBC Group resilience against evolving threats. **Role Objectives: Delivery** **Key Responsibilities:** Successful candidates will require a blend of technical, analytical, and communication skills. You must be able to demonstrate a comprehensive understanding of cyber security best practices and clearly communicate knowledge of vulnerability exploitation lifecycles and network security concepts. You will be required to work as part of a team but capable of performing independant threat research to identify threat opportunity, security gaps, and key areas for improvement to mitigate potential cybersecurity related risks. You will be required to convey output of all threat research and analysis through the production of intelligence reports, briefings, and visual attack path diagrams in a clear, actionable format. Specific areas of responsibilties include: **Threat Research & Analysis:** + Conduct deep-dive research into threat actors, malware families, vulnerabilities, exploits, and campaigns to identify attack patterns and extract adversary tactics, techniques, and procedures (TTPs). + Analyze threat intelligence from open-source, commercial, and internal telemetry to identify relevant attack patterns and enrich threat models + Stay current with evolving threat landscape and industry best practices to identify emerging threats to the financial services sector. **Attack Flow Modeling:** + Design and maintain attack flow models that visually represent adversary behaviors across the cyber kill chain. + Use frameworks such as MITRE ATT&CK, Diamond Model, and Cyber Kill Chain to structure flows that map TTPs to real-world attack scenarios. + Simulate adversary behaviors against financial systems (e.g., SWIFT, ACH, card processing platforms) to identify detection and mitigation gaps. + Build attack flow models that support detection logic, vulnerability identification, threat hunting, and red team simulations. **Tooling & Automation:** + Use threat intelligence platforms (TIPs), SIEMs, to automate data collection and analysis. + Leverage threat modeling tools such as ATT&CK Navigator, or custom graphing tools to create and manage attack flows. + Develop scripts or workflows to automate the generation and updating of attack flow diagrams based on new intelligence. **Reporting & Communication:** + Produce clear, actionable intelligence reports and visualizations for both technical and executive audiences. + Present attack flow models in threat briefings, tabletop exercises, and strategic planning sessions. **Collaboration & Integration:** + Work closely with SOC analysts, security testing, cyber resiliance, and threat modeling pesonnel to validate and operationalize attack flows. + Communicate and integrate understanding of attack flow models into threat detection logic for security engineering, SIEMs, and other security orchestration tools. + Recommend improvements to threat modeling methodologies and threat intelligence workflows. **Qualifications and Skills** **Required Qualifications:** + 3+ years of dedicated experience in cyber threat intelligence, threat research, or a threat hunting role within a SOC or information security program. + Strong understanding of adversary TTPs and threat modeling frameworks (MITRE ATT&CK, Diamond Model, etc.). + Ability to analyze large datasets, multi-task, and effectively prioritize tasks. + Conduct attack surface risk modeling and articulate high-risk areas to stakeholders. + Experience building visual attack flows or kill chain diagrams using industry tools. + Excellent research, analytical, visualization, and communication skills. **Preferred Qualifications:** + Bachelor of Information Technology, Computer Science, or similar preferable + Practical, hands-on threat modeling experience using frameworks such as STRIDE, attack trees, and OWASP methodologies. + Familiarity with graph databases or visualization libraries (e.g., Neo4j, Graphviz, D3.js). + Experience in a financial institution, FinTech, or other industry with regulatory environment.Familiarity with financial regulations and compliance frameworks (e.g., FFIEC, GLBA, PCI-DSS). + Certifications such as GCTI, CTIA, CEH, or MITRE ATT&CK Cyber Threat Intelligence Certification. + Proficiency in scripting languages such as KQL and Python for data parsing, enrichment, and automation of threat intelligence workflows. **Additional Requirements** SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required. SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com. SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required. SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.

Job Level: Associate Job Function: Business Resilience & Security Employment Type: Full Time SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG's shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges. In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization's extensive global network. The Group's operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd. The anticipated salary range for this role is between $97,000.00 and $154,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees. Role Description As a Cyber Security Analyst - Threat Researcher, you will be a key part of a high performing Cyber Threat Intelligence program with a desire to continually improve and advance capabilities that protect SMBC Group. A qualified applicant will have demonstrated experience researching cyber threats and vulnerabilities to develop and maintain attack flow models as part of the threat modeling process. This role plays a key part in advancing our understanding of adversary tactics, techniques, and procedures (TTPs) by transforming threat intelligence into visual attack flow models that drive proactive defense strategies. It involves close collaboration with stakeholders to communicate cybersecurity risks and advocate for secure technologies and practices. This is an excellent opportunity for a developing cybersecurity professional to apply threat-informed defense in a complex enterprise environment, address real-world challenges, and strengthen SMBC Group resilience against evolving threats. Role Objectives: Delivery Key Responsibilities: Successful candidates will require a blend of technical, analytical, and communication skills. You must be able to demonstrate a comprehensive understanding of cyber security best practices and clearly communicate knowledge of vulnerability exploitation lifecycles and network security concepts. You will be required to work as part of a team but capable of performing independant threat research to identify threat opportunity, security gaps, and key areas for improvement to mitigate potential cybersecurity related risks. You will be required to convey output of all threat research and analysis through the production of intelligence reports, briefings, and visual attack path diagrams in a clear, actionable format. Specific areas of responsibilties include: Threat Research & Analysis: * Conduct deep-dive research into threat actors, malware families, vulnerabilities, exploits, and campaigns to identify attack patterns and extract adversary tactics, techniques, and procedures (TTPs). * Analyze threat intelligence from open-source, commercial, and internal telemetry to identify relevant attack patterns and enrich threat models * Stay current with evolving threat landscape and industry best practices to identify emerging threats to the financial services sector. Attack Flow Modeling: * Design and maintain attack flow models that visually represent adversary behaviors across the cyber kill chain. * Use frameworks such as MITRE ATT&CK, Diamond Model, and Cyber Kill Chain to structure flows that map TTPs to real-world attack scenarios. * Simulate adversary behaviors against financial systems (e.g., SWIFT, ACH, card processing platforms) to identify detection and mitigation gaps. * Build attack flow models that support detection logic, vulnerability identification, threat hunting, and red team simulations. Tooling & Automation: * Use threat intelligence platforms (TIPs), SIEMs, to automate data collection and analysis. * Leverage threat modeling tools such as ATT&CK Navigator, or custom graphing tools to create and manage attack flows. * Develop scripts or workflows to automate the generation and updating of attack flow diagrams based on new intelligence. Reporting & Communication: * Produce clear, actionable intelligence reports and visualizations for both technical and executive audiences. * Present attack flow models in threat briefings, tabletop exercises, and strategic planning sessions. Collaboration & Integration: * Work closely with SOC analysts, security testing, cyber resiliance, and threat modeling pesonnel to validate and operationalize attack flows. * Communicate and integrate understanding of attack flow models into threat detection logic for security engineering, SIEMs, and other security orchestration tools. * Recommend improvements to threat modeling methodologies and threat intelligence workflows. Qualifications and Skills Required Qualifications: * 3+ years of dedicated experience in cyber threat intelligence, threat research, or a threat hunting role within a SOC or information security program. * Strong understanding of adversary TTPs and threat modeling frameworks (MITRE ATT&CK, Diamond Model, etc.). * Ability to analyze large datasets, multi-task, and effectively prioritize tasks. * Conduct attack surface risk modeling and articulate high-risk areas to stakeholders. * Experience building visual attack flows or kill chain diagrams using industry tools. * Excellent research, analytical, visualization, and communication skills. Preferred Qualifications: * Bachelor of Information Technology, Computer Science, or similar preferable * Practical, hands-on threat modeling experience using frameworks such as STRIDE, attack trees, and OWASP methodologies. * Familiarity with graph databases or visualization libraries (e.g., Neo4j, Graphviz, D3.js). * Experience in a financial institution, FinTech, or other industry with regulatory environment. Familiarity with financial regulations and compliance frameworks (e.g., FFIEC, GLBA, PCI-DSS). * Certifications such as GCTI, CTIA, CEH, or MITRE ATT&CK Cyber Threat Intelligence Certification. * Proficiency in scripting languages such as KQL and Python for data parsing, enrichment, and automation of threat intelligence workflows. Additional Requirements SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required. SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com. SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required. SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com. Nearest Major Market: New York City

We are hiring Cyber Security Risk Analyst with deep Threat Vulnerability Management (TVM) experience for a long term contract consultancy working hybrid on-site 2 days per week in midtown Manhattan. In a very hands-on capacity you will responsible for the support and administration of several core network security tools... interesting projects, very professional and high-end environment. There is the possibility of converting to full-time after 6-9 months. You will assist in the management of the company wide TVM program and also perform targeted risk assessments In summary you will be responsible for the implementation, engineering, and management of security initiatives related to the end-point devices, evaluation and adoption of new systems. TVM work will include: Meet regularly with the various SME’s to ensure vulnerabilities are patched in accordance with the Threat and Vulnerability Management procedures Escalate aged vulnerabilities Provide technical guidance to owners to document a Risk Acceptance for aged vulnerabilities Assist with effort to automate the TVM process Prepare monthly TVM RAS metrics Prepare reports for aged vulnerabilities Improve the TVM program to work more effectively and efficiently Targeted risk assessment work will include: Evaluate applications and/or hardware assets to be assessed based on the inherent risk rating as well as other external factors Plan and document the scope of the assessment Inform the asset owner of the assessment in advance Document the results of the assessments, including Observations and/or MSII’s Report the results of the assessments Maintain/revise the Targeted Risk Assessment Procedure and improve the document Requirements include: Hands-on experience focused on managing Vulnerability Management solutions, including knowledge of Tenable/Nessus vulnerability scanning tools Endpoint management and best practices. Good Project Management skills Basic network design and infrastructure Active Directory and Group Policy. Knowledge of enterprise patching / software rollouts is a must and IBM BigFix experience is preferred. Tenable training and CISSP preferred. Completed Bachelor’s degree with Computer Science or related (math, engineering,...) course of study

Job Description Forhyre is seeking a talented individual that will be able to provide security architecture support and interface across the program as needed. This support includes, but is not limited to, cybersecurity solutions, providing technical strategy for solutions, guidance, policy, and implementations. The successful candidate for this position is a highly motivated individual, with a strong IT security background who excels integrating, operating, and deploying security technology and solutions and interacts well with both internal teams and clients. Note: U.S. citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time. Responsibilities: Engineer, implement and monitor security measures for the protection of computer systems, networks and information Develop and implement security policies and controls to support the Cyber Security framework Manage the existing cyber security training program across global, multilingual business Assists in ensuring global Information security program meets all industry regulations, standards, and compliance requirements Drive adoption of infrastructure security best practices and work with Information Technology teams to ensure security standards are maintained Implement technology to proactively scan Information Technology environment for security breaches and suspicious activity Continuous improvement in the areas of Information Security technologies, techniques and processes Develops and maintains an effective system for the distribution of regular key performance indicator reports and dashboard Ability to interpret penetration test results and describe issues and fixes to non-security expert Responsible for leading an accurate & comprehensive status reporting to the executive steering committee Create and implement SOP/ process improvement initiatives to achieve outcomes that align or exceed the expectations of strategic roadmap Skills & Experience Bachelor’s degree and 12+ years of experience; additional years of directly applicable experience may be accepted in lieu of a degree. Certified Information Systems Security Professional (CISSP) 8+ years hands-on experience designing or implementing security solutions, including all related documentation and artifacts Analytical ability, problem-solving skills, and ability to break down complex problems into actionable steps Extensive experience in design and development of enterprise security architectures. Experience must include a wide range of work in creating diagrams and documentation with all components that comprise IT systems including network topology. Strong knowledge and experience in secure enterprise architecture design, especially with regard to IAM, NDR, EDR, SIEM, AI/ML, and other cybersecurity tools and resultant applications Experience selecting effective methods, techniques, and evaluation criteria to achieve desired outcomes Previous experience developing architectures, strategies, strategic plans, roadmaps, and technical standards for the federal IT enterprise environment. Vulnerability Assessment testing and/or Penetration Testing (preferred) Robotic Process Automation/Intelligent Automation (preferred) Business case development supporting security technology solutions (preferred) Additional certifications demonstrating cybersecurity/technical mastery (preferred)

Select Cyber is looking for a Junior Security & Strategy Analyst for a client SOC office in Northern New Jersey. The employer is a world leader in cybersecurity services so your career will be in great hands! The position requires an interest in technology, leadership, and strategy, with a focus on information security. Although we prefer 1-3 years experience, New College Grads (with a computer science degree can apply! This position will assist in duties including, but not limited to, the following: Staying aware of the latest security threats, assessing impact, and suggesting solutions in addressing the emerging risks Use state-of-the-art software to monitor and report on potential cyber threats affecting our client Partnering across a variety of different teams to assess vulnerabilities, and conduct security reviews Help assess organizational cyber risk through industry standard frameworks Requirements Must have a degree in Business, Technology or related field Ability to manage/prioritize projects and tasks In-depth knowledge of diverse and emerging technology concepts, strategies, and methodologies Benefits FULL Competitive Benefits including 401K and medical

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Position Summary: Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank's Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities and operates a global security operations center that monitors, detects and responds to cybersecurity incidents. Within GIS, Identity and Access Management (IAM) is a security discipline that enables the right individuals to access the right resources at the right times and in the right context. IAM addresses the mission-critical need to ensure appropriate access to the resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements Role Description: * This role is primarily responsible for ensuring that relevant Privileged Access Controls are adequately enforced across platforms and applications to comply with IAM Standard. * Partner with PAM Governance leads to ensure that Privileged Access Controls are appropriately measured, reported and governed. * Apply industry PAM best practices, templates, and documentation while also proposing improvements based on practical knowledge. * Document and convey PAM related requirements to technology partners to build/implement enhanced PAM solutions that are efficient, effective, and modern and able to result in material risk reduction in sustainable manner. * Collaborate with stakeholders to develop PAM requirements that iteratively support long term PAM modernization and transformation (covers Process, Data and Technology aspects). * Provide education to team members and technology partners regarding the proposed changes to PAM controls. * Partners with the policy governance team for socialization and publication of proposed changes to the PAM Standard * Takes accountability for addressing PAM risks. Proactively identify risk and ways to continuously enhance and improve BAC's PAM controls. Implement and take decisive actions in finding solutions. Drives towards intended outcomes. * Engage senior management to provide factual, transparent, and timely reporting on existing and emerging PAM or information security risks. * Active participation in GIS IAM/PAM forums including but not limited to Monthly IAM Stakeholder Forum and Control Owner Forum for standard and Single Process Inventory (SPI) enhancements. * Supports audit issues for closure and sustainability. Required Qualifications * 7 years relevant hands-on experience in PAM / IAM in complex and heterogenous technology environment. * Deep experience with Linux, Windows, Cloud scale Identity, Access Management (Single Sign-On, Multi Factor Authentication), Authorization services or design and architecture of PAM services * Deep knowledge of bank financial practices and policies and ability to adapt to fast changing environment * Working level experience with IAM platforms such as Ping Identity, Active Directory OpenLDAP, OpenDJ * Experience in consumption of Web Service APIs such as JSON / XML * Hands on experience and involvement in large and complex projects. Expertise: * Expert level knowledge of privileged access management methodologies and techniques for on-prem and Cloud implementation. * Expert level knowledge of authentication platforms such as Active Directory, LDAP, Kerberos, LDAP, Radius. * Expert knowledge of PAM related tools which support session proxy, vaulting, just-in-time provision, integration with service management tool would be an advantage. * Deep security knowledge which covers core technology infrastructure (network, storage, servers, databases, etc.) identity management and application security practice. * Deep knowledge on Federation platforms or protocols such as Oauth, OpenID, SAML, WS-Fed, etc. * Good knowledge and understanding of PAM-specific laws, rules, and regulations within the financial services sector. * Proficient in Microsoft Office suite of products with ability to quickly analyze and synthesize large volumes of data. * Familiarity with security standards such as NIST, ISO/EC, FFIEC. Desired Qualifications * Bachelor's Degree or equivalent work experience * Understanding and interpreting BAC's established information security Policy, Standards, Procedure and Guides, and applying this knowledge to related PAM decisions and response. * Possession of CISSP certification would be an advantage. * Knowledge of Compliance Certifications such as SOX, SOC, SOC2. This job will be open and accepting applications for a minimum of seven days from the date it was posted Shift: 1st shift (United States of America) Hours Per Week: 40 Pay Transparency details US - CO - Denver - 1144 15th St - Denver Gis (CO9926), US - DC - Washington - 1800 K St NW - 1800 K Street NW (DC1842), US - IL - Chicago - 540 W Madison St - Bank Of America Plaza (IL4540), US - NJ - Jersey City - 101 Hudson St - 101 Hudson (NJ2101) Pay and benefits information Pay range $78,200.00 - $137,700.00 annualized salary, offers to be determined based on experience, education and skill set. Discretionary incentive eligible This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company. Benefits This role is currently benefits eligible. We provide industry-leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.

First Quality was founded in 1989 and has grown to be a global privately held company with over 4,000 employees. Its corporate offices are located in Great Neck, New York, with manufacturing facilities and offices in Pennsylvania, South Carolina, Georgia, and Canada. First Quality is a diversified family of companies manufacturing consumer products ranging from Absorbent Hygiene (adult incontinence, feminine care, and baby care), Tissue (bath and towel), and Industrial (print and packaging materials), serving institutional and retail markets throughout the world. First Quality focuses on private label and branded product lines. We are actively seeking an experienced Cyber Security Analyst to join our Security Operations Center in Great Neck, New York, or work in a hybrid capacity from CT, GA, NY, NJ, PA, or SC. In this role, you will be responsible for incident detection, investigation and response, rules development tuning and improvement, defining and developing automations, and incorporating Threat Intelligence and Threat Hunting activities to enhance detection and mitigation strategies. Primary responsibilities include: Incident Detection and Response - Monitor and analyze alerts generated by SIEM/SOAR platforms and user reports, investigate security incidents, and execute containment and eradication procedures to minimize impact and restore normal operations. Tuning & Optimization - Continuously refine detection rules and SOC processes to reduce false positives, enhance detection accuracy, and improve overall operational efficiency. Research & Development - Explore emerging threats and attack techniques to develop and implement new detection rules to expand visibility and strengthen the organization's security posture. Threat Hunting - Proactively hunt for hidden threats by analyzing logs and identifying gaps missed by existing security tools and improve security posture. Threat Intelligence - Review threat intelligence feeds, channels and articles to identify potential risks and proactively strengthen defenses. Automation Development - Design, implement, and maintain automation solutions to streamline SOC workflows, reduce manual effort, and accelerate incident response times. Reporting - Prepare and present comprehensive reports on key SOC activities, metrics, and security trends to stakeholders and management. Penetration Testing - Participate in Red and Purple Team exercises to assess and improve the effectiveness of security controls and incident response capabilities. The ideal candidate should possess the following: Bachelor's degree in Computer Security, Cybersecurity, Information Security, or a related field preferred. Additional relevant experience may be considered in lieu of a degree. Experience with advanced SIEM content development, including custom correlation rules, dashboards, and reporting. Minimum of 1 year of experience working in a Security Operations Center (SOC) environment, either in-house or with a Managed Security Service Provider (MSSP). Proficiency in scripting languages such as Python, PowerShell, or Bash for automating security tasks and processes. Direct involvement in end-to-end incident response, including root cause determination and post-incident reporting. Experience monitoring and securing cloud environments (e.g., Microsoft Azure, AWS, Google Cloud Platform). Hands-on experience working with SIEM (e.g. Splunk, Microsoft Sentinel, Qradar) Familiarity with EDR solutions like CrowdStrike, SentinelOne, Microsoft Defender for Endpoint or Cortex XDR. Understanding and familiarity with interpreting common log sources for monitoring and investigation (e.g. Firewall, Azure AD, Windows Security Log, Email, Proxy\URL Filtering etc.) Solid grasp of prevalent attack types, including phishing, brute-force attacks, malware, and data exfiltration techniques. Excellent verbal and written communication skills, with the ability to collaborate effectively with team members both within and outside the SOC. High level of situational awareness and problem sensitivity, with the ability to proactively identify issues and escalate concerns as appropriate. Demonstrated proactive mindset, strong sense of responsibility, and urgency in addressing security incidents and tasks. Ability to work independently, manage multiple priorities, and succeed in a fast-paced, dynamic environment. Strong motivation and willingness to continually learn and grow, adapting to new tools and evolving threat landscapes. The estimated annual base salary range for this position is $110,000 - $140,000. Base pay is only part of our total compensation package, which also includes an attractive annual discretionary bonus and robust suite of employee benefits for which you are eligible to participate in starting on your first day of employment. Base pay offered will be determined on an individualized basis and we will consider your location, experience, and other job-related factors. First Quality is committed to protecting information under the care of First Quality Enterprises commensurate with leading industry standards and applicable regulations. As such, First Quality provides at least annual training regarding data privacy and security to employees who, as a result of their role specifications, may come in to contact with sensitive data. First Quality is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, sexual orientation, gender identification, or protected Veteran status.

This is an opportunity to join Ascot Group - one of the world's preeminent specialty risk underwriting organizations. Designed as a modern-era company operating through an ecosystem of interconnected global operating platforms, we're bound by a common mission and purpose: One Ascot. Our greatest strength is a talented team who flourish in a collaborative, inclusive, and entrepreneurial culture, steeped in underwriting excellence, integrity, and a passion to find a better way, The Ascot Way. The Ascot Way guides our people and our organization. Our underwriting platforms collaborate to find creative ways to deploy our capital in a true cross-product and cross-platform approach. These platforms work as one, deploying our capital creatively through our unique Fusion Model: Client Centric, Risk Centric, Technology Centric. Built to be resilient, Ascot maximizes client financial security while delivering bespoke products and world class service - both pre- and post-claims. Ascot exists to solve for our clients' brightest tomorrow, through agility, collaboration, resilience, and discipline. About the role: As part of our 24x7 Cyber Defense function, the Senior SOC Analyst L3 will be responsible for investigating security incidents, improving detection content and supporting the overall monitoring, detecting and cybersecurity incident response activities. This involves working closely with the members of the internal Cyber Resilience team and our Managed Security Service Provider (MSSP). Acting as an escalation point for L1/L2 SOC analysts, this resource will work within an expanding cybersecurity team, collaborating with cybersecurity managers, IT Infrastructure, and Deskside Support Teams. You must be detail-oriented, diligent, and capable of managing multiple aspects of the incident response lifecycle simultaneously. You will be supporting a 24X7 Cybersecurity Defense function and will be required to work in shifts that will vary based on operational needs to support the global footprint across the UK and US time zones. This resource will additionally be responsible for maintaining detection content on the detection tool, (detection rules, log ingestion, parsers, forwarders), maintaining playbooks, SOC documentation and supporting integrations and log sources associated with the overall Cyber Defense solution. This role will be in the office with a hybrid work schedule. Responsibilities: Monitor our security tools to triage and respond to suspicious events and abnormal activities, capable of performing deep-dive incident investigations. Serve as a point of escalation for the L1, L2 SOC Analysts, and the point of contact for our MSSP, coordinating response efforts with other groups and stakeholders with varying technical expertise, such as IT, Legal, business etc. Develop and implement advanced security protocols and incident response procedures and improve our threat intelligence processes. Stay current with evolving threats, vulnerabilities, tools, technologies and threat actor TTPs to help improve detection and response capabilities. Provide oversight and governance over the daily operations of the MSSP and SOC team at a global level. Mentor and provide training to junior SOC team members. Develop and refine standard operating procedures in the form of run books and playbooks for incident response and threat detection. Create and make improvements to procedures and playbooks. Conduct technical analysis, log reviews, and assessments of cybersecurity incidents throughout the incident management lifecycle. Work with end users where appropriate on security related incident and request workflow. Document and manage incident cases to utilize information for stakeholder engagement to provide insight, intelligent recommendations, risk reporting and lessons learned. Work in scheduled shift patterns when required. Conduct in-depth security investigations, log analysis, network/email traffic assessment, and evaluate other data sources to identify root causes, assess impact, and gather evidence for response and mitigating actions. Implement detection use cases within our SIEM for our expanding estate using appropriate scripting languages. Manage log sources, log ingestion volumes, detection content and overall SIEM solution system health, maintenance, and upgrades. Assist with additional ad hoc projects as required. Requirements: Cybersecurity related Bachelor's degree or related field. Minimum of 10 years of experience in a security operations role, OC engineering and or a cybersecurity technical engineering role. Exposure to building and migrating log sources onto a new SIEM platform, creating detection content, log parsers and detection engineering will be preferred. Alternatively, candidates that have worked in senior technical roles in a Managed Security Service Provider (MSSP) will be preferred. Preference will be given to candidates who also have additional technical and cyber-risk certifications covering both defensive and offensive security such as CompTIA Security+, Certified SOC Analyst (CSA), Certified Ethical Hacker (CEH), CySA+, CISSP, GSEC, GCIH, CCSP, Microsoft SC-200, CISSP-ISSMP, CTIA, OSCP Candidates must have solid experience and knowledge of typical enterprise technologies. On-premises and cloud base Windows and Linux operating systems (OS), Microsoft Azure, M365 and the ability to detect signs of compromise in these systems. Possess a growth mindset and is willing to learn how to resolve technical security issues. Demonstrate a working and genuine interest and talent in Cybersecurity Demonstrate detail orientation and can take a structured approach to procedures and working instructions. Work and maintain a calm structured mindset even when under pressure. Possess an aptitude for understanding and analysing data when troubleshooting. Strong written communication, critical thinking, and analysis skills, including the ability to present potential risks and actual findings to a wide audience. Ability to communicate complex problems to a non-technical audience. Must have a working understanding of key security concepts and attack types such as phishing, malware, vulnerabilities, Cyber Kill Chain, and attack stages. A strong analytical mindset, capable of digesting a wide range of information to make practical judgements based on available data and context. Experience with security tools and technologies, including SIEM, intrusion detection systems, EDR, XDR, log analysis, and malware analysis. Understand threat actor tactics, techniques and procedures, have familiarity with the MITRE-ATT&CK Framework and different stages of an attack lifecycle. Maintain a desire to keep learning, with a curious and creative growth mindset. ***This position may be filled at a different level, depending on experience*** Compensation Actual base pay could vary and may be above or below the listed range based on factors including but not limited to experience, subject matter expertise, and skills. The base pay is just one component of Ascot's total compensation package for employees. Other rewards may include an annual cash bonus and other forms of discretionary compensation awarded by the Company. The annualized base pay range for this role is: $125,000 - $135,000. Company Benefits The Company provides a competitive benefits package that includes the following (eligibility requirements apply): Health and Welfare Benefits: Medical (including prescription coverage), Dental, Vision, Health Savings Account, Commuter Account, Health Care and Dependent Care Flexible Spending Accounts, Life Insurance, AD&D, Work/Life Resources (including Employee Assistance Program), and more Leave Benefits: Paid holidays, annual Paid Time Off (includes paid state /local paid leave where required), Short-term Disability, Long-term Disability, Other leaves (e.g., Bereavement, FMLA, Adoption, Maternity, Military, Primary & Non-Primary Caregiver) Retirement Benefits: Contributory Savings Plan (401k) #LI-Hybrid

About IEX IEX (IEX Group, Inc.) is an exchange operator and technology company dedicated to innovating for performance in capital markets. Founded in 2012, IEX launched a new kind of securities exchange in 2016 that combines a transparent business model and unique architecture designed to protect investors. Today, IEX applies its proprietary technology and experience to drive performance across asset classes, serve investors, and advocate for transparent and competitive markets. Role Overview: IEX is looking for an experienced Information Security Analyst to join our Information Security Team. You will perform security compliance and oversight of our environment and utilize security tools and processes to review, detect, investigate and/or escalate events that require further examination. You should have a solid understanding of information security, networking concepts, and strong analytical skills. You should be a strong team player who works with others to drive continuous improvement for yourself, the team and the program. About You: * Self-starter who is proactive and entrepreneurial * Organized, detail-oriented, and process-oriented * Cross-functional team player, resourceful, and responsive * Excellent analytical, critical thinking, communication, and problem-solving skills What You'll Do: * Identify security threats by monitoring and correlating events originating from security tooling and event logs * Apply and maintain standardized procedures to investigate and resolve potential security incidents * Tune security tooling as required to optimize and enhance the information available for analyzing potential security events * Identify and track security metrics related to environment and industry trends to create a normalized view of expected network behavior and to detect anomalies * Assist in running the IEX vulnerability management program as well as identify vulnerabilities that may exist in the environment through available sources and assessments * Identify and lead projects that further advance IEX's ability to detect, contain, and eradicate threats * Review threat intelligence sources for items that are relevant to IEX and investigate those that are applicable * Perform security and risk assessments of third-party tools, vendors, and systems * Work within the information security analyst team to perform and optimize operations and compliance oversight processes to confirm adherence to policy requirements Your Background: * 3-5 years of experience in an Information Security Analyst role, or equivalent * B.S./B.A. in Information Technology, Information Security, Computer Science, or a related field * Strong passion for and background in cybersecurity/information security, or related field experience * Deep understanding of threats, vulnerabilities, attack methodologies, and countermeasures * Strong experience with reviewing event logs, syslog, and using SIEM technologies * Familiarity with NIST standards and the MITRE ATT&CK Framework * Experience with security tooling, applications, platforms * SOAR * Threat Intelligence * SIEM * Vulnerability Management Solutions * AD/Entra ID * EDR * CSPM * Experience with Microsoft Excel Nice-to-Haves: * Project management experience * Technical understanding of networking, operating systems, cloud platforms and related security technologies * Scripting experience (e.g., Python, Ruby, BASH, Powershell) preferred * Relevant certifications (e.g., SSCP, GCIH, GCIA, GCFA, CISSP) a strong plus Our job titles may span more than one career level. The starting annual base pay is between $115,000 and $150,000 for this NY-based position. The actual base pay is dependent upon many factors, such as: training, transferable skills, work experience, business needs and market demands. The annual base pay range is subject to change and may be modified in the future. This role is eligible for bonus and equity. Here at IEX, we are dedicated to an inclusive workplace and culture. We are an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, color, creed, religion, alienage or national origin, ancestry, citizenship status, age, disability or handicap, sex, marital status, veteran status, sexual orientation, genetic information or any other characteristic protected by applicable federal, state or local laws. This policy not only complies with all applicable laws and protects workers' rights but is vital to IEX's overall mission and values.

Information Security Specialist Job Responsibilities: Safeguards information system assets by identifying and solving potential and actual security problems. Protects system by defining access privileges, control structures, and resources. Recognizes problems by identifying abnormalities; reporting violations. Implements security improvements by assessing current situation; evaluating trends; anticipating requirements. Determines security violations and inefficiencies by conducting periodic audits. Upgrades system by implementing and maintaining security controls. Keeps users informed by preparing performance reports; communicating system status. Maintains quality service by following organization standards. Maintains technical knowledge by attending educational workshops; reviewing publications. Contributes to team effort by accomplishing related results as needed. Information Security Specialist Skills and Qualifications: System Administration, Network Security, Problem Solving, Information Security Policies, Informing Others, Process Improvement, On-Call, Network Troubleshooting, Firewall Administration, Network Protocols, Routers, Hubs, and Switches.

We at Publicis Sapient, enable our clients to thrive in Next and to create business value through expert strategies, customer-centric experience design, and world-class product engineering. The future of business is disruptive, transformative and becoming digital to the core. In our 20 + years in IT, never before have we seen such a dire need for transformation in every major industry - from financial services to automotive, consumer products, retail, energy, and travel. To make this transformative journey a reality in these exciting times, we seek Rockstars who will: * Brave it out to go do the next; "what will be" from "what is" exhibit the optimism that says there is no limit to what we can achieve deeply skilled, bold, collaborative, flexible. * Reimagine the way the world works to help businesses improve the daily lives of people and the world. * Our people thrive because of the belief that it is both our privilege and responsibility to usher our clients and the world into Next. * Our work is fueled by challenging boundaries, multidisciplinary collaboration, highly agile teams, and the power of the newest technologies and platforms. If that's you, come talk to us! This is the world-class engineering team where you should build your career Overview The Information Security Officer is a senior level professional position responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall purpose of this role is to ensure the execution of Information Security (IS) directives and activities in alignment with client information and cybersecurity policy within the supported business units, primarily client's technology infrastructure. Responsibilities Responsibilities: * Identify opportunities to automate and standardize information security controls and for the supported groups. * Resolve any vulnerabilities or issues detected in an application or infrastructure. * Analyze source code to mitigate identified weaknesses and vulnerabilities within the system. * Review and validate automated testing results and prioritize actions that resolve issues based on overall risk. * Scan and analyze applications with automated tools and perform manual testing if necessary. * Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions. * Direct the development and delivery of secure solutions by coordinating with business and technical contacts. * Contribute to execution of the architectural vision for all IT systems through major, complex IT architecture projects. * Security Architecture: Collaborate with IT to ensure system architecture follows corporate policies and IT best practices. * Risk management: Identify, assess and mitigate security risks. Identify application compensating controls for non-compliant items. * Provide technical leadership and is responsible for developing components of, or the overall systems design. * Translate complex business problems into sound technical solutions. * Provide integrated systems planning and recommends innovative technologies that will enhance the current system. * Recommend appropriate infrastructure platforms, and communication links required to support IT goals and strategy. * Impact the architecture function by influencing decisions through advice, counsel or facilitating services. * Guide, influences and persuades others with developed communication and diplomacy skills. Qualifications Qualifications and Education: * Strong understanding of cloud security architectures (i.e. AWS Well-Architected Framework, Google Cloud Security Command Centre). * Knowledge of the Identity and Access management (IAM) security models of AWS and GCP. * In-depth knowledge of cloud infrastructure and architecture (e.g. VPC, EC2, S3, Cloud Storage and Compute Engine. * Familiarity with compliance and risk frameworks (NIST, ISO 27001, CSA STAR) * Experience in business engagement for Information Security, Risk or Control & Compliance, IT Analysis / Design or Program / Project Management. * Perform Information Security risk assessments and familiarity with Information Security Risk Governance. * At least 2 years' experience securing cloud environments particularly AWS and GCP * Bachelor's degree or higher (Computer Science or Cybersecurity preferred) or equivalent work experience. * Industry certifications such as CISSP/CISM/CCSP are desired. * Have good communication skills with the ability to articulate clearly in high stress situations. * Self-starter with good problem-solving skills. * Proven influencing and relationship management skills. * Familiarity with IaC security (Terraform, CloudFormation) * Advanced proficiency with Microsoft Office tools and software. * Public Cloud Solution Architect or Security Certifications are plus (i.e. AWS Certified Solution Architect, GCP Professional Cloud Security Engineer) Additional information Annual Pay Range: USD 128,000 - USD 180,000 The range shown represents a grouping of relevant ranges currently used at Publicis Sapient. The actual range for this position may differ, depending on location and the specific skillset required for the work itself. Benefits of Working Here: Flexible vacation policy; time is not limited, allocated, or accrued 16 paid holidays throughout the year Generous parental leave and new parent transition program Tuition reimbursement Corporate gift matching program As part of our dedication to an inclusive and diverse workforce. Publicis Sapient is committed to Equal Employment Opportunity without regard for race, color, national origin, ethnicity, gender, protected veteran status, disability, sexual orientation, gender identity, or religion. We are also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or accommodation due to a disability, you may contact us at ************************** or you may call us at ***************.

Role Overview: Balyasny Asset Management seeks an experienced candidate for an Information Security Analyst role. This role will be hands-on, building out BAM's firm-wide information security platform. At BAM, you will have the chance to work with some of the smartest and most driven individuals in the industry. The individual selected to fill this role will be a member of our SOC team primarily responsible for responding to and investigating potential security incidents and performing threat hunting exercises. The ideal candidate will have a track record of automating processes, finding innovative solutions to difficult problems, and adapting to new products and solutions. This position will report to BAM's Security Operations Lead. Strategic Responsibilities: - Implement BAM's Information Security vision and strategy for the firm. - Design and implement repeatable, efficient processes for Information Security operations. - Collaborate between technology and business teams to drive proper implementation of security controls and compliance requirements across the firm. - Enhance cyber security awareness by promoting through employee awareness. Tactical / Hands-On Responsibilities: - Triage, investigate, and remediate information security alerts. - Perform threat hunting exercises within the Balyasny network to identify potential security threats which have otherwise been unidentified. - Creating/maintaining runbooks for security investigations. - Continually improve internal scanning, detection, and reporting of security risks and anomalous activity. - Partner with global infrastructure staff to increase cyber security posture leveraging vendor-based and in-house custom built security solutions. - Provide guidance and implement security best practices and systems. - Create and maintain accurate documentation on the firm's information security policies and procedures. - Keep up with, and evaluate, new industry and information security trends to determine firm's best approach for dealing with new trends. Qualifications & Requirements: - Bachelors in cybersecurity, networking, computer science or closely related field - 3 + years information systems security background - 3 + years working in a SOC and/or related job function - Strong understanding of networking (TCP/IP, OSI, routing, switching, firewalls) - Solid understanding of good information security, cyber security practices and policies - Hands on experience with different security platforms, including SIEM and EDR platforms - basic understanding and implementation experience with encryption technologies (SSL, SSH, PKI) - Basic scripting abilities (Python and/or PowerShell) - Able to communicate technical concepts between technical and non-technical stakeholders - Awareness and understanding of current security and cyber threat landscape - Experience running incident response/resolution process - Hands on experience with logging and monitoring tools - Familiarity with the NIST Cybersecurity Framework Bonus Points For: - Hands on experience using Splunk and/or CrowdStrike platforms. - Knowledge of financial services industry best practices and regulations related to information security. - Information Security certifications (CISSP, ISACA, ISC2, SANS, etc. ) - Public cloud (AWS/Azure) information security experience Don't have all of the skills listed above? Have extra skills you think are important that we haven't thought of? Please, let us know by applying and telling us a bit more about yourself and why you think you're qualified.

How would you like to join one of the most highly regarded financial institutions in New Jersey with deep roots in the community? Provident is a successful and highly regarded multi-billion-dollar bank that continues to grow with branches in New Jersey, Eastern Pennsylvania and New York. Our longevity is a testament to our commitment to placing our employees, customers, and the communities we serve at the center of all we do. At Provident Bank, we are committed to enhancing our customer and employees' experience. POSITION OVERVIEW: This position reports to the Chief Information Security Officer. The Information Security department is responsible for identifying and securing the Bank's information assets and providing customers, em-ployees, and other stakeholders trust their sensitive information and privacy is protected. The Information Security Engineer is a management role for a seasoned information security professional with a focus on designing, implementing, and maintaining the technical infrastructure responsible for protecting the Bank's information assets. This position also is responsible for managing the Bank's se-curity operations center, including being the first responder to security incidents. KEY RESPONSIBILITIES: Develop and integrate cybersecurity designs for systems and networks in line with bank security standards for existing and new technical implementations. Manage the delivery of the Bank's outsourced security operations center (SOC). The SOC is responsible for managing the Bank's firewalls, IPS, IDS, SIEM, and identify network security incidents. Perform security reviews, identify gaps in security architecture, and develop a security risk management plan Operate as the primary stakeholder for Information Security for all new projects related to Information Technology, and Lending business line. Provide direction, monitor significant activities ensuring the project is delivered successfully. Determine the protection needs (i.e. security controls) for Bank systems and 3rd party systems housing bank owned data. Define and prioritize essential system capabilities or business function required after significant cyber event. Provide advice on technical design concepts to senior risk and technology management (e.g. Chief Information Security Officer, Chief Risk Officer, Senior Technology Officer) Provide input to the Risk Management frameworks relating to technical and security implementation risks. MINIMUM QUALIFICATIONS 3-5 years if experience in a technical Information Security role interacting with business lines. Knowledge and skill of integration of hardware & software assets while maintain security controls. Knowledge and skill of implementing secure computer networking concepts and methodologies. Knowledge and skill of designing secure authentication and authorization processes. Knowledge of Personally Identifiable Information (PII) data security standards. Knowledge of confidentiality, integrity, and availability requirements. Knowledge of Critical Security Controls, NIST Cybersecurity Framework, and FFIEC Information Security standards. Knowledge of cyber threats and vulnerabilities. Knowledge of organization's enterprise information security architecture. Skill in translating operational requirements into protection needs (i.e., security controls). Skill in applying and incorporating information technologies into proposed solutions. EDUCATION Bachelor's degree or equivalent work experience. LICENSES AND/OR CERTIFICATIONS At least one of: Security+, SSCP, CEH, GIAC, CISSP, CISA, CISM, or comparable certification highly desired. WORKING CONDITIONS: Work is performed in a normal office environment. Noise levels are usually moderate. This position involves travel to customers and property locations. Prolonged sitting Lifting from 5 to 10 lbs. (printer paper, storage boxes) Occasional bending or overhead lifting (storing files or boxes) The hazards are mainly those present in a normal office setting This may not be all-inclusive. Employees are expected to perform other duties as assigned and directed by management. Job descriptions and duties may be modified when deemed appropriate by management. Provident Bank recognizes and supports the importance of creating a socially and culturally diverse employee base. We understand, value, and appreciate the unique perspectives that a diverse workforce can contribute to our organization. We put the employee and the customer at the center of strategy because culture is a critical differentiator for why people choose to work here. We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to age 40 and over, color, disability, gender identity, genetic information, military or veteran status, national origin, race, religion, sex, sexual orientation or any other applicable status protected by state or local law. Pay Details: $73,600 - $106,100 annually Please note, the base pay actually offered may vary based upon the candidate's skills and experience, job-related knowledge, education, geographic location, internal equity, and other applicable business and organizational needs. This role is incentive eligible based upon company, business, and/or individual goal achievement and performance. Team members accrue paid time-off (PTO), receive Holiday (PTO) and are eligible to participate in the bank's Health and Wellness benefits including Medical, Dental and Vision Plans, Flexible and Health Savings Accounts, and a 401(k) Retirement Plan. In addition, the company provides Disability Insurance, an Employee Assistance Program, and Basic Life Insurance. Company sponsored Tuition Disbursement and Loan Repayment programs are also available. Voluntary benefits include Supplemental Life Insurance, Accident, Critical Illness, Hospital Indemnity and Legal plans.

Why us? You will be part of a team that believes that believes in employees success! They are a dynamic, fast growing company with great opportunities and an employee focused company culture. Join this fantastic team today and make a difference in your life and the lives of those around you! They are an equal opportunity employer and value diversity at our company. Job Description Strong knowledge of Information Security concepts such as: •Encryption, Cloud and Mobile Device Security •Data Loss and Prevention tools and solutions •Risk-Threat Analysis and Vulnerability Assessments •Enterprise Security Monitoring, Role-Based Access Control (RBAC) •Identity and Access Management, Computer Forensic •IT Audit and Compliance, Regulatory Requirements (HIPAA, CMS, FISMA, et. al.) •Knowledge of common vulnerability tools, and the ability to identify basic categories of vulnerability. Sounds like you? then ping us with your most updated resume. We'd love to talk to you! We are excited about the companies growth and the role you will play with them. Qualifications Desired Skills & Experience: You hold a Bachelor's degree in any domain. You are certified in CISSP, or CISA, or CEH, required. You have more than 1 year experience working in the IT security function. You have good experience with Operating System, Database, Network and Application Security . Additional Information All your information will be kept confidential according to EEO guidelines. Ping me at **********************

About ASCAP The American Society of Composers, Authors and Publishers (ASCAP) is a membership association of more than one million songwriters, composers and music publishers, and represents some of the world's most talented music creators. Founded and governed by songwriters, composers and publishers, it is the only performing rights organization in the U.S. that operates on a not-for-profit basis. ASCAP licenses a repertory of over 20 million musical works to hundreds of thousands of businesses that use music, including streaming services, cable television, radio and satellite radio and brick and mortar businesses such as retail stores, hotels, clubs, restaurants and bars. ASCAP collects the licensing fees; identifies, matches and processes trillions of performances every year; and returns nearly 90 cents of every dollar back to its members as royalties. The ASCAP blanket license offers an efficient solution for businesses to legally perform ASCAP music while respecting the right of songwriters and composers to be paid fairly. ASCAP puts music creators first, advocating for their rights and the value of music on Capitol Hill, driving innovation that moves the industry forward, building community and providing the resources and support that creators need to succeed in their careers. Learn more and stay in touch at ************** on X and Instagram @ASCAP and on Facebook. Are you passionate about working with customers? Are you excited to learn new technologies? Would you rather be coding than whiteboarding? If the answer is yes, then you might make a great fit for our team of talented software engineers who work with our business and product teams on high impact projects using emerging technologies and platforms. ASCAP technologists live our mission, we are passionate about what we do for our customers, and we practice what we preach. Our technologists serve with humility and a deep respect for their responsibility in helping our business partners and members achieve their goals and realize their dreams. We stand behind our mission and are committed to delivering the impossible. Bottom line? We outthink ordinary. Discover what you can do with technology at ASCAP! Job Description: Information Security Analyst (Application Security) We are looking for a motivated, detail-oriented individual with strong technical skills. This role's primary focus is on working to secure in-house built and software as a service integrated applications plus working with management on security strategies and product owners/designers/developers/platform engineers/endpoint engineers to design, develop and implement secure systems, networks, and applications. They will also work with Sr. Security Analysts to investigate and respond to security event alerts, manage technical aspects of incident response, work on third party applications/services reviews and the organizations vulnerability management program. This role requires knowledge of Salesforce security and privacy architecture including Salesforce Shield. This role will assist with the creation of a true SDLC program with DevSecOps for our in-house built applications and work with developers to implement information security best practices ensuring that our code is proactively secured while in the pipeline prior to moving to production. The person in this role will need to prioritize and ensure the timely completion of tasks from the scrum masters and management. They should also be able to shift and adjust priorities based on changing business needs in our dynamic environment, while also remaining task-oriented to ensure completion of work from start to finish with appropriate solutions. Responsibilities: * Configures, manages, and uses security systems, security monitoring and alerting applications, and security management tools. * Works closely with Sr. Security Analysts and Security Platform Engineers to investigate and resolve security related events. * Reviews business partners, new vendors, and products/services for security stature * Work independently with developers, system/network administrators, product owners, design teams and other colleagues to ensure secure design, development, and implementation of applications and networks - promoting a full SDLC program. * Perform security architecture design reviews of our applications (primarily Salesforce). * Perform code analysis of large applications manually and conduct manual vulnerability analysis. * Provide remediation guidance and recommendations to developers and administrators. * Work with development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests. * Ensure development teams receive pertinent annual secure coding training. * Researches, evaluates, tests, and assists on implementation of new security solutions around DevSecOps and the application pipeline. * Works alongside project management in a SCRUM environment to successfully monitor progress and implement security initiatives. Qualifications: * Experience supporting security products like CrowdStrike, SecureWorks, Cisco Umbrella, BitLocker, Qualys, CloudLock, SonarQube, Nexus IQ, and Checkpoint. * Cloud security experience with Salesforce Shield and AWS. * Bachelor's degree in computer science or information security. * Experience investigating and resolving security events. * A keen eye for detail, an analytical thinker, and the ability to multitask. * The ability to thrive in fast-paced, high stress situations. * A problem solver with the ability to communicate effectively with peers, business partners, and management. * Experience working with development teams to build secure solutions. * Experience breaking down complex systems and applications to find flaws. * Able to read, write, and audit Java and the ability to pick up new languages/technologies. * Experience with secure coding practices and architecting secure applications written in Java. * The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management. * Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations, and best practices. * Interest in providing security training to developers. What We Love About You: * You love our users. You deeply understand our users and put them at the center of everything you do. You aim to serve and delight them every day. * You do the right thing. You are respectful and act with the highest integrity. If you see something that isn't right, you say something. * You debate it. You ask questions to understand a perspective and are comfortable respectfully challenging assumptions. You are not turned off by constructive conflict to get to the right answer. * You own your outcomes. You set clear ambitious goals. You anticipate obstacles, persevere, and are accountable for your commitments. * You make fast decisions. You are an effective and timely communicator. You understand how to collaborate, compromise, and escalate when needed. * You get better every day. You welcome the gift of feedback. You never settle in your quest to grow and develop. By being here, you make our company stronger. Occasional travel for in-person meetings may be required. Please be aware that ASCAP is not a nut-free or other allergen-free workplace. Compensation/Benefits: Besides providing a unique and dynamic work environment, there are a few other reasons you should consider ASCAP in your career planning. We also offer generous benefit options that are comprehensive and provide the flexibility that most employees want and need. These health care and financial plan options include the following: * A choice of either network-only provider medical and dental plans or more flexible medical and dental plans where you can see providers in or out-of-network * Vision plan that offers both in and out-of-network provider options * 401(k) Plan that offers pre-tax, Roth, and an after-tax employee contribution option which includes a company match. * An additional employer paid discretionary profit share contribution, regardless of your participation in the 401(k) Plan * Generous time-off policy * 12 company holidays * Health care and dependent care flexible spending accounts * Short-term disability insurance/salary continuation and long-term disability insurance * Company provided basic life and accidental death and dismemberment insurance * Employee gym discounts at select gyms * Commuter benefits * Voluntary pet health insurance * Voluntary auto and homeowners insurance * Voluntary employee, spouse, and dependent life insurance options * Voluntary ID protection Coverage ASCAP is an equal opportunity employer. All ASCAP employment decisions are made on the basis of individual qualifications and performance and not on the basis of race, national origin, ethnicity, sex, age, marital status, sexual orientation or preference, gender identity, genetic information, disability, handicap, color, creed, religion, veteran status, or any characteristic protected by applicable federal, state or local laws. The anticipated base salary range for this position is $100,000.00 to $110,000.00 and will be determined on an individualized basis depending on several factors that are unique to each candidate including geographic location (due to differences in the cost of labor), skills, education and prior relevant experience.

IEX (IEX Group, Inc.) is an exchange operator and technology company dedicated to innovating for performance in capital markets. Founded in 2012, IEX launched a new kind of securities exchange in 2016 that combines a transparent business model and unique architecture designed to protect investors. Today, IEX applies its proprietary technology and experience to drive performance across asset classes, serve investors, and advocate for transparent and competitive markets. Role Overview: IEX is looking for an experienced Information Security Analyst to join our Information Security Team. You will perform security compliance and oversight of our environment and utilize security tools and processes to review, detect, investigate and/or escalate events that require further examination. You should have a solid understanding of information security, networking concepts, and strong analytical skills. You should be a strong team player who works with others to drive continuous improvement for yourself, the team and the program. About You: Self-starter who is proactive and entrepreneurial Organized, detail-oriented, and process-oriented Cross-functional team player, resourceful, and responsive Excellent analytical, critical thinking, communication, and problem-solving skills What You'll Do: Identify security threats by monitoring and correlating events originating from security tooling and event logs Apply and maintain standardized procedures to investigate and resolve potential security incidents Tune security tooling as required to optimize and enhance the information available for analyzing potential security events Identify and track security metrics related to environment and industry trends to create a normalized view of expected network behavior and to detect anomalies Assist in running the IEX vulnerability management program as well as identify vulnerabilities that may exist in the environment through available sources and assessments Identify and lead projects that further advance IEX's ability to detect, contain, and eradicate threats Review threat intelligence sources for items that are relevant to IEX and investigate those that are applicable Perform security and risk assessments of third-party tools, vendors, and systems Work within the information security analyst team to perform and optimize operations and compliance oversight processes to confirm adherence to policy requirements Your Background: 3-5 years of experience in an Information Security Analyst role, or equivalent B.S./B.A. in Information Technology, Information Security, Computer Science, or a related field Strong passion for and background in cybersecurity/information security, or related field experience Deep understanding of threats, vulnerabilities, attack methodologies, and countermeasures Strong experience with reviewing event logs, syslog, and using SIEM technologies Familiarity with NIST standards and the MITRE ATT&CK Framework Experience with security tooling, applications, platforms SOAR Threat Intelligence SIEM Vulnerability Management Solutions AD/Entra ID EDR CSPM Experience with Microsoft Excel Nice-to-Haves: Project management experience Technical understanding of networking, operating systems, cloud platforms and related security technologies Scripting experience (e.g., Python, Ruby, BASH, Powershell) preferred Relevant certifications (e.g., SSCP, GCIH, GCIA, GCFA, CISSP) a strong plus Our job titles may span more than one career level. The starting annual base pay is between $115,000 and $150,000 for this NY-based position. The actual base pay is dependent upon many factors, such as: training, transferable skills, work experience, business needs and market demands. The annual base pay range is subject to change and may be modified in the future. This role is eligible for bonus and equity. Here at IEX, we are dedicated to an inclusive workplace and culture. We are an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, color, creed, religion, alienage or national origin, ancestry, citizenship status, age, disability or handicap, sex, marital status, veteran status, sexual orientation, genetic information or any other characteristic protected by applicable federal, state or local laws. This policy not only complies with all applicable laws and protects workers' rights but is vital to IEX's overall mission and values.

The Information Security Analyst will be a member of the Threat & Vulnerability team within Security Operations. General responsibilities focus on the identification and proactive mitigation of cyber threats, while collaborating with various teams within Information Security to support the company's strategic goals. Essential Job Functions: The following duties and responsibilities are intended to be representative of the work performed by the incumbent(s) in this position and are not all-inclusive. The omission of a specific duty or responsibility will not preclude it from the position. Under direction, report and communicate vulnerabilities to determine objectives, scope, analysis, and the proper actions, needed to respond to security vulnerabilities Partner with stakeholders to document the lifecycle of vulnerabilities and provide recommendations for mitigation strategies. Collaborate on patch validation and reporting of remediation planning and compensating controls of mitigation to address open vulnerabilities Monitors, tracks, responds, investigates, and reports in compliance to security requirements, and partners with the responsible parties to drive timely results and remediation Perform analysis of cyber threats and process timely tasks to help mitigate the risk of exposure. This includes reviewing daily intelligence feeds, working with different Security Operations teams to apply technical controls to detect and protect systems. Experience recognizing threats and conducting analysis on emerging threats. Provide written reports and analysis of findings to communicate potential risks and impact, with a focus on business impact Support risk reporting and escalation to cross-functional teams in a cooperative manner Communicate incidents and vulnerabilities to stakeholders in a timely manner following internal policies and procedures; Follow-up to ensure teams carry-out short-term and long-term remediation. Organizes and maintains documentation for internal process and procedures Participation in after-hours incidents when required Assist with additional projects as needed Basic Qualifications: Strong communication and project management skills Requires a highly motivated, dynamic and customer-centric associate who thrives in a challenging and changing environment Working knowledge of crisis management communication, incident response and handling methodologies, NIST cybersecurity standards and FDA cybersecurity guidance Effective meeting management and group facilitation skills Experience with reviewing intrusion detection systems and identifying host and network-based intrusions via intrusion detection technologies

Hours: 37.5 Line of Business: Technology Solutions Pay Details: $91,200 - $136,800 CAD TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidate's skills and experience, job-related knowledge, geographic location, and other specific business and organizational needs. As a candidate, you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role. Job Description: Job summary: We are looking for a detailed-oriented Verification & Automation engineer to join our team. This individual will focus on automating and validating compliance as code policies across multi cloud environments including GCP, Azure and AWS. This role involves creating and implementing automated test cases to ensure these policies function as intended. The engineer will integrate these tests into GitHub based CI CD pipelines using GitHub workflows and GitHub actions and leverage terraform Python PowerShell and go to deploy and test compliance as code policies. This individual also play a key role as a code owner reviewing and approving policy related poll requests to ensure secure and compliant deployments into upper environments. . Key responsibilities: Automated testing for cloud policies * Design, develop, implement and maintain automated test frameworks for the behavior of existing compliance as a code policy across cloud environments (GCP/AWS/Azure) in alignment with banking regulations. * Develop comprehensive positive negative and edge exception test cases to validate policy enforcement logic. * Build automated test pipelines integrated with CI CD workflows to ensure continuous validation of CAC changes * Collaborate with CaC policy developers and security architects and Cloud Service Owners to understand intended behavior and failure conditions * Implement mock cloud environments/services/IAM for to simulate realistic scenarios for policy testing * Maintain a test suite library and ensure traceability between compliance requirements validation cases and artifacts Continuous testing & CI/CD integration * Integrate compliance validation tests into CI CD pipelines GitHub actions GitHub workflows and terraform to enforce continuous compliance checks before deployment. * Automate security scanning and validation of terraform deployments with PowerShell, and Python * Validate the enforcement of banking cloud security policies by embedding automated compliance checks into DevSecOps workflows and actions. Cloud Security and Regulatory Compliance enforcement * Work closely with Banking security, DevSecOps teams, and Cloud Compliance governance teams to define and enforce cloud security controls in accordance with regulatory mandates. * Validate cloud resource configurations against financial industry standards, (NIST, ISO 27001, SOC 2) Reporting & Audit Readiness * Implement/test logging and monitoring solutions to detect compliance violations in real time. * Automate/validate the generation of compliance reports and dashboards using tools like SonarQube, Wiz.IO, Splunk * Ensure that all TD Standards & STIG requirements for IAAS, PaaS, SaaS CaC development, and testing activities are traceable and auditable for internal risk assessments and external regulatory audits. Required Skills and Experience: * University degree * Information security certification / accreditation an asset * 7+ years of relevant experience * 4+ years in Cloud Security, DevSecOps, or Cloud Engineering roles. * Cloud infrastructure as a code - experience with Terraform, ARM, JSON, YAML * Policy as a code (PaC)- Hands on experience with HashiCorp Sentinel, Azure policy, Wiz policy, GCP Org policy and Open Policy Agent. * CI/CD Pipelines- Experience with GitHub actions, Jenkins * Scripting and Automation- Proficiency in Python, Bash, Go, PowerShell, terraform and automate testing framework. * Cloud Security & Compliance - Understanding of CIS benchmarks, NIST standards and security frameworks. * Preferred Qualifications: * Specifications; Azure fundamentals certification Azure security engineer associate, GCP fundamentals certification * Experience with multi cloud security testing GCP, Azure and AWS * Experience with Container security and Kubernetes policy enforcement. #LI-Tech Who We Are: TD is one of the world's leading global financial institutions and is the fifth largest bank in North America by branches/stores. Every day, we deliver legendary customer experiences to over 27 million households and businesses in Canada, the United States and around the world. More than 95,000 TD colleagues bring their skills, talent, and creativity to the Bank, those we serve, and the economies we support. We are guided by our vision to Be the Better Bank and our purpose to enrich the lives of our customers, communities and colleagues. TD is deeply committed to being a leader in customer experience, that is why we believe that all colleagues, no matter where they work, are customer facing. As we build our business and deliver on our strategy, we are innovating to enhance the customer experience and build capabilities to shape the future of banking. Whether you've got years of banking experience or are just starting your career in financial services, we can help you realize your potential. Through regular leadership and development conversations to mentorship and training programs, we're here to support you towards your goals. As an organization, we keep growing - and so will you. Our Total Rewards Package Our Total Rewards package reflects the investments we make in our colleagues to help them and their families achieve their financial, physical, and mental well-being goals. Total Rewards at TD includes a base salary, variable compensation, and several other key plans such as health and well-being benefits, savings and retirement programs, paid time off, banking benefits and discounts, career development, and reward and recognition programs. Learn more Additional Information: We're delighted that you're considering building a career with TD. Through regular development conversations, training programs, and a competitive benefits plan, we're committed to providing the support our colleagues need to thrive both at work and at home. Please be advised that this job opportunity is subject to provincial regulation for employment purposes. It is imperative to acknowledge that each province or territory within the jurisdiction of Canada may have its own set of regulations, requirements. Colleague Development If you're interested in a specific career path or are looking to build certain skills, we want to help you succeed. You'll have regular career, development, and performance conversations with your manager, as well as access to an online learning platform and a variety of mentoring programs to help you unlock future opportunities. Whether you have a passion for helping customers and want to expand your experience, or you want to coach and inspire your colleagues, there are many different career paths within our organization at TD - and we're committed to helping you identify opportunities that support your goals. Training & Onboarding We will provide training and onboarding sessions to ensure that you've got everything you need to succeed in your new role. Interview Process We'll reach out to candidates of interest to schedule an interview. We do our best to communicate outcomes to all applicants by email or phone call. Accommodation Your accessibility is important to us. Please let us know if you'd like accommodations (including accessible meeting rooms, captioning for virtual interviews, etc.) to help us remove barriers so that you can participate throughout the interview process. We look forward to hearing from you! Language Requirement (Quebec only): Sans Objet