person looking for a Security Operations Remote Jobs

Get Remote Security Operations Jobs in your mailbox.

75 exciting remote jobs on file from 2500+ top remote companies.

  • Hot new jobs of this week
  • 75 active jobs from past weeks to consult
  • Segmented for USA, Europe or Worldwide.
  • Personally selected for you by our experienced remote hiring managers.


A selection of jobs from the previous newsleterrs.

9d

Application Security Engineer

EcoVadisWarsaw, Poland, Remote
Designazurejavac++linuxpythonAWSjavascript

EcoVadis is hiring a Remote Application Security Engineer

Job Description

Our IT Security team is looking for an Application Security Engineer to help our effort in protecting our corporate products and services, our internal solutions and the data managed by EcoVadis. 

You will be part of the team that collaborates in all areas of our Secure Software Development Lifecycle (SSDLC), with a predominant focus on enhancing the security of our code, ensuring that our developers follow the best practices to avoid vulnerabilities, promote automation inside the SSDLC, and collaborate with the team in executing different tests and reviews with a technical approach.

You will have the opportunity to make a significant impact and contribute to the overall success of our company.

This role will include the following responsibilities:

  • Integrate SAST into SDLC:
    • Perform and maintain code analysis using one of industry-recognized SAST tools;
    • Exhibit knowledge and ability to integrate code scanning into the SSDLC (e.g. understand the basics of the code life-cycle and CI/CD platforms);
    • Understand the code to find and fix flaws that developers may have missed and help in the identification of false positives;
    • Help the engineering teams fix security issues, and mentor them to improve their security expertise.
  • Conduct web application penetration tests:
    • Perform manual and automated application vulnerability assessments, document identified vulnerabilities and provide recommendations for remediation;
    • Exhibit knowledge and ability to perform industry standard web application penetration testing methods, including OWASP guides;
    • Plan and create penetration methods, scripts and tests, as well as to simulate security breaches in a secure manner.
  • General Security Engineer responsibilities:
    • Ability to analyze security issues (both white-box and black-box), determine its cause and impact to the business, and identify the corrective action needed to eliminate and prevent the event from materializing in the future;
    • Work with IT Security team members and the development teams to design mitigation strategies for identified weaknesses, including the prioritization and contextualization of vulnerabilities;
    • Contribute to and help to further develop application security frameworks and standards;
    • Present your findings, risks and conclusions to different stakeholders (technical and non-technical);
    • Assist with other organization security projects and tasks as required;
    • Support the development and growth of Application Security practices and tools in the company;
    • Drive the efforts to automate operational security.

Qualifications

  • A minimum of 3 years of professional experience in application security, penetration testing, or static code analysis;
  • Proven track record of conducting successful penetration tests and security assessments on web applications or other software systems;
  • Strong experience with static and dynamic code analysis tools and techniques, including code review and identifying code-level vulnerabilities;
  • Familiarity with DevSecOps practices and integrating security into CI/CD pipelines;
  • Experience with tools and frameworks commonly used in application security testing, such as Burp Suite, Kali linux, Metasploit, etc.;
  • Familiarity with various programming languages (e.g., C#, Python, JavaScript, Java) and ability to understand and review code for security vulnerabilities;
  • Proficiency in identifying, exploiting, and mitigating common security vulnerabilities (e.g., OWASP Top Ten) in web applications and APIs;
  • Understanding of network protocols, operating systems, and databases, and their security implications;
  • Basic knowledge of cloud security concepts and best practices (e.g., AWS, Azure, Google Cloud);
  • Understanding of cryptography principles and secure authentication and authorization mechanisms;
  • Ability to work independently;
  • Ability to conduct research about areas unknown to him/her, and use that knowledge to deliver security guidelines and propose improvements;
  • Open to work in an international, multilingual environment;
  • Proficient in English (oral and written);
  • Professional certification (e.g. OSCP or OSWE) is a plus;
  • Hands-on experience with Google Workspace is a plus.

See more jobs at EcoVadis

Apply for this job

BlueVoyant is hiring a Remote Spanish Speaking SOC Security Analyst

Spanish Speaking SOC Security Analyst - BlueVoyant - Career Page
  • See more jobs at BlueVoyant

    Apply for this job

  • Abarca Health is hiring a Remote Security Risk and Compliance Analyst

    What you’ll do 

    In a few words…

    Abarca is igniting a revolution in healthcarewith a Cloud First approach and a modern systems mentality.  We built our company on the belief that smarter technology can redefine pharmacy benefits, but this journey continues with a focus on sustainability and expansion of our operations.

    Our Infrastructure Operations team plays a crucial role in the success of Abarca Health by modernizing and optimizing our cloud infrastructure. This team manages our system’s architecture, ensuring efficient data processing and system stability. The Information Security team monitors, detects, investigates, and responds to potential threats while working towards IT Risk and Governance maturity and implementing preventative security measures and controls on a consistent basis.

    As a Security Risk and Compliance Analyst, your role is essential in maintaining the security and compliance of our cloud-centric, modern systems. You will support Risk, Audit, Legal, and Compliance activities related to Information Systems and Security. Additionally, you will contribute to planning for HITRUST maturity, promote sustainable practices, and support the expansion of our operations.What you’ll do:

    The fundamentals for the job…

    • Support the modernization and optimization of Security-related policies and procedures, aligning with corporate Risks, Audit, Legal, and Compliance needs.
    • Assist in the development and enhancement of security GRC processes.
    • Participate in vulnerability assessment efforts, adopting a Cloud First approach and adhering to the latest security standards for cloud environments.
    • Help with HITRUST certifications and support maturity in security and compliance endeavors.
    • Contribute to the management of the third-party risk program, ensuring vendor alignment with our principles.
    • Help audit access rights, prioritizing a Cloud First approach and modern systems.
    • Contribute to developing security requirements for new company initiatives, with an emphasis on sustainability and operation expansion.
    • Support the creation and review of all Security-related policies and procedures, integrating corporate Risks, Audit, Legal, and Compliance requirements into the Information Security Program.
    • Serve as a supportive liaison for the Compliance, Security, and Risk Management (CSRM) Committee.

    What we expect of you:

    The bold requirements…

    • Bachelor’s Degree in Information Technology, Computer Science, or a related field (relevant work experience may be considered in lieu of a degree).
    • 3+ years of experience in Information Security roles. 
    • Experience within Healthcare Compliance.
    • Familiarity with Internal Controls, Security Policies and Procedures, Action Planning, and Execution.
    • Understanding of the selection, implementation, and maintenance of security and compliance tools such as SIEM, vulnerability scanning, or identity management solutions.
    • Knowledge of qualitative and quantitative risk management approaches and processes.
    • Awareness of security practices and controls to address security risks, applying frameworks such as NIST, COBIT, and ISO.
    • Understanding of IT Compliance and Security principles.
    • Familiarity with Compliance and Local Regulations as well as Federal Regulations relevant to the Healthcare Industry.
    • Strong oral and written communication skills.
    • Flexible hybrid work model with certain on-site workdays (Puerto Rico location).

    Nice to haves…

    • Professional security certifications (e.g., CISSP, CRISC, CISA, etc.).
    • Experience in Healthcare, Pharmacy, and Pharmacy Benefit Management industries, including knowledge of Medicare Part D and CMS regulations.
    • Understanding of regulatory compliance and IT service management frameworks such as ITIL, ISO 20000.
    • Experience with GRC products (e.g., RSA-Archer, Riskonnect, Metric Stream, ServiceNow GRC, etc.).

    Physical requirements…

    • Must be able to access and navigate each department at the organization’s facilities.
    • Sedentary work that primarily involves sitting/standing.

    The above description is not intended to limit the scope of the job or to exclude other duties not mentioned. It is not a final set of specifications for the position. It’s simply meant to give readers an idea of what the role entails.

    Abarca Health LLC is an equal employment opportunity employer and participates in E-Verify.  “Applicant must be a United States’ citizen. Abarca Health LLC does not sponsor employment visas at this time”

    All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of gender, race/ethnicity, gender identity, sexual orientation, protected veteran status, disability, or other protected group status.

    #LI-AMBT1 #LI-REMOTE

    See more jobs at Abarca Health

    Apply for this job

    Windmill Smart Solutions is hiring a Remote Information Security Officer

    Information Security Officer - Windmill Smart Solutions - Career Page

    See more jobs at Windmill Smart Solutions

    Apply for this job

    ReCharge Payments is hiring a Remote Staff Information Security Engineer

    Who we are

    In a world where acquisition costs are skyrocketing, funding is scarce, and ecommerce merchants are forced to do more with less, the most innovative DTC brands understand that subscription strategy is business strategy.

    Recharge is simplifying retention and growth for innovative ecommerce brands. As the #1 subscription platform, Recharge is dedicated to empowering brands to easily set up and manage subscriptions, create dynamic experiences at every customer touchpoint, and continuously evaluate business performance. Powering everything from no-code customer portals, personalized offers, and customizable bundles, Recharge helps merchants seamlessly manage, grow, and delight their subscribers while reducing operating costs and churn. Today, Recharge powers more than 20,000 merchants serving 90 million subscribers, including brands such as Blueland, Hello Bello, CrunchLabs, Verve Coffee Roasters, and Bobbie—Recharge doesn’t just help you sell products, we help build buyer routines that last.

    Recharge is recognized on the Technology Fast 500, awarded by Deloitte, (3rd consecutive year) and is Great Place to Work Certified.

    Overview

    • As a Staff Information Security Engineer, you will play a pivotal role in designing, implementing, and maintaining robust security measures to safeguard our cloud network infrastructure. You will be responsible for ensuring the confidentiality, integrity, and availability of our critical systems, as well as proactively identifying and mitigating potential security threats.
    • In this role, you will be a core contributor in ensuring the security of Recharge’s cloud platform. You will collaborate, both within and outside of your team to clarify, theorize, figure out, and decide solutions to complex problems.

    What you’ll do

    • Network Security Architecture:
      • Design, implement, and maintain secure network architectures, ensuring the confidentiality, integrity, and availability of data.
      • Create and maintain network and security documentation.
      • Collaborate with cross-functional teams to integrate security measures into network designs and implementations.
    • Firewall and Intrusion Prevention:
      • Configure and manage firewalls (including WAFs), intrusion prevention systems, SIEM, and other network security devices and/or tools.
      • Monitor network traffic for unusual activity and respond to security incidents in a timely manner.
    • Vulnerability Assessment:
      • Conduct regular vulnerability assessments on network infrastructure to identify and remediate potential security risks.
      • Stay abreast of emerging threats and vulnerabilities, applying proactive measures to protect against them.
    • Incident Response:
      • Maintain and continuously improve incident response plans, participate in tabletop exercises, and lead incident response efforts when necessary.
      • Collaborate with internal teams and external stakeholders to investigate and mitigate security incidents.
    • Mentor other engineers on security configurations and best practices
    • Investigate, analyze and evangelize good security posture throughout the organization
    • Live by and champion our values: Accountability, Collaboration, Iteration and Details

    What you’ll bring

    • Network security design experience and an an in-depth knowledge of network protocols, firewall configurations, and intrusion detection/prevention systems
    • Robust understanding of WAF technologies such as Akamai, Cloudflare, Google Cloud Armor, Imperva, etc
    • Experience configuring SIEM tools such as Splunk, LogRhythm, FileVault, etc
    • Extensive knowledge of Vulnerability Management practices
    • Understanding of virus and malware defense systems such as Crowdstrike, Sentinel One, Trend Micro, etc
    • Understanding of backup systems and disaster recovery planning
    • Experience with security assessment tools and techniques
    • Ability to manage multiple projects, activities, and tasks simultaneously
    • Ability to learn and support new systems and applications
    • Strong analytical and problem-solving skills
    • Excellent communication and collaboration skills
    • Willingness to participate in a first line of support on-call rotation
    • Desire to work remotely and to make an impact

    Experience/Credentials/Education

    • 10+ years of experience in network and/or security roles, with a focus on edge security tools
    • 2+ years experience with k8s, Helm, IaC, Terraform and Docker
    • 2+ years experience with Monitoring, Metrics and Logging (Splunk) solutions.
    • 5+ years experience in cloud-native environments such as GCP, AWS, or Azure
    • Bachelor’s degree in Computer Science, Information Technology, or related field
    • Relevant certifications such as CISSP, CCSP, GSEC, or equivalent

    Our stack

    GCP, Kubernetes, GitLab, Helmfile, Terraform, Docker, Ansible, Nginx, Redis, CloudSQL/MySQL, Python, Flask, React, Vue.js, Snowflake, Looker

    Recharge | Instagram | Twitter | Facebook

    Recharge Payments is an equal opportunity employer. In addition to EEO being the law, it is a policy that is fully consistent with our principles. All qualified applicants will receive consideration for employment without regard to status as a protected veteran or a qualified individual with a disability, or other protected status such as race, religion, color, national origin, sex, sexual orientation, gender identity, genetic information, pregnancy or age. Recharge Payments prohibits any form of workplace harassment. 

    Transparency in Coverage

    This link leads to the Anthem Blue Cross machine-readable files that are made available in response to the federal Transparency in Coverage Rule and includes network negotiated rates for all items and services; allowed amounts for OON items, services and prescription drugs; and negotiated rates and historical prices for network prescription drugs (delayed). EIN 80-6245138. This link leads to the Kaiser machine-readable files.

    #LI-Remote

    See more jobs at ReCharge Payments

    Apply for this job

    Webflow is hiring a Remote Senior Enterprise Security Engineer

    At Webflow, our mission is to bring development superpowers to everyone. Webflow is the leading visual development platform for building powerful websites without writing code. By combining modern web development technologies into one platform, Webflow enables people to build websites visually, saving engineering time, while clean code seamlessly generates in the background. From independent designers and creative agencies to Fortune 500 companies, millions worldwide use Webflow to be more nimble, creative, and collaborative. It’s the web, made better. 

    We’re looking for a Senior Enterprise Security Engineer on Webflow's new Security and Compliance team, you will work with the Director of Product Security to help us meet current and future product security needs.

    About the role 

    • Location: Remote-first (United States; BC & ON, Canada) 
    • Full-time
    • Exempt 
    • The cash compensation for this role is tailored to align with the cost of labor in different US geographic markets. The base pay for this role ranges from $143,000 in our lowest geographic market up to $198,000 in our highest geographic market. These figures are in $USD and apply to candidates in the United States. The specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills.
    • Reporting to the Director of Security

    As a Senior Enterprise Security Engineer you’ll … 

    • Collaborate primarily with the Information Technology (IT), Facilities, and People teams
    • You will be working to secure:
      • endpoints
      • corporate SaaS and internal tooling
      • corporate offices
    • Improve security related processes and procedures
    • Work to establish or improve security standards while balancing business strategies and requirements.
    • Support Webflow’s security current and future security frameworks such as SOC2
    • Participate in incident response and forensics
    • Support 3rd party risk

    In addition to the responsibilities outlined above, at Webflow we will support you in identifying where your interests and development opportunities lie and we'll help you incorporate them into your role.

    About you 

    You’ll thrive as a Senior Enterprise Security Engineer if you:

    • First and foremost, are a technologist, and have a broad fundamental understanding of the technology space with solid background in current IT trends and tooling.
    • Have 3+ years of experience evaluating and securing corporate IT environments with an eye to improve security design, continuous commitment to risk reduction and sustainable security.
    • Have experience securing MacOS endpoints, and working with tools such as Jamf and Crowdstrike
    • Have experience with IAM & IDP systems such as Okta
    • Have experience with incident response, and conducting endpoint forensics
    • Have a solid understanding of the corporate threat landscape, and intrusion patterns, and the itch to investigate for potential security issues
    • Have experience evaluating and securing corporate network environments
    • Love to share knowledge, and the gift of explaining complex security concepts with your colleagues.
    • Have an understanding of IT processes, and HR operations, tools and procedures
    • Have experience automating security processes and procedures
    • Are passionate about security in general, and always hungry to learn
    • Have experience working with a security framework such as SOC2 or ISO 2700

    Even if you don’t meet 100% of the above qualifications, you should still seriously consider applying. Research shows that you may still be considered for a role if you meet just half of the requirements.

    Our Core Behaviors:

    • Obsess over customer experience.We deeply understandwhatwe’re building andwhowe’re building for and serving. We define the leading edge of what’s possible in our industry and deliver the future for our customers.
    • Move with heartfelt urgency.We have a healthy relationship with impatience, channeling it thoughtfully to show up better and faster for our customers and for each other. Time is the most limited thing we have, and we make the most of every moment.
    • Say the hard thing with care.Our best work often comes from intelligent debate, critique, and even difficult conversations. We speak our minds and don’t sugarcoat things — and we do so with respect, maturity, and care.
    • Make your mark.We seek out new and unique ways to create meaningful impact, and we champion the same from our colleagues. We work as ateamto get the job done, and we go out of our way to celebrate and reward those going above and beyond for our customers and our teammates.

    Benefits & wellness

    • Equity ownership (RSUs) in a growing, privately-owned company
    • 100% employer-paid healthcare, vision, and dental insurance coverage for employees and dependents (US; full-time Canadian workers working 30+ hours per week), as well as Health Savings Account/Health Reimbursement Account, dependent on insurance plan selection. Employees also have voluntary insurance options, such as life, disability, hospital protection, accident, and critical illness
    • 12 weeks of paid parental leave for both birthing and non-birthing caregivers, as well as an additional 6-8 weeks of pregnancy disability for birthing parents to be used before child bonding leave. Employees also have access to family planning care and reimbursement
    • Flexible PTO with an mandatory annual minimum of 10 days paid time off, and sabbatical program
    • Access to mental wellness coaching, therapy, and Employee Assistance Program
    • Monthly stipends to support health and wellness, as well as smart work, and annual stipends to support professional growth
    • Professional career coaching, internal learning & development programs
    • 401k plan and financial wellness benefits, like CPA or financial advisor coverage
    • Commuter benefits for in-office workers

    Be you, with us

    At Webflow, equality is a core tenet of our culture. We arecommittedto building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law.

    Stay connected

    Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, Twitter, and/or Glassdoor. 

    Please note:

    To join Webflow, you'll need valid U.S. or Canadian work authorization depending on the country of employment.

    If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes.

    Protecting your privacy and the security of your data is a longstanding top priority for Webflow. Please consult our Applicant Privacy Notice to know more about how we collect, use and transfer the personal data of our candidates.

     

     

    See more jobs at Webflow

    Apply for this job

    ServiceNow is hiring a Remote Staff Product Security Engineer

    Job Description

    About Digital Technology & The SSO  

    We’re not yesterday’s IT department, we're Digital Technology. The world around us keeps changing and so do we. We’re redefining what it means to be IT with a mindset centered on transformation, experience, AI-driven automation, innovation, and growth.   

    We’re all about delivering delightful, secure customer and employee experiences that accelerate ServiceNow’s journey to become the defining enterprise software company of the 21st century. And we love co-creating, using, and highlighting our own products to do it.   

    Ultimately, we strive to make the world work better for our employees and customers when you work in ServiceNow Digital Technology, you work for them.   

    The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact  

      

    What you get to do in this role 

    • Perform and support security assessments against most modern product features. 

    • Support code reviews across a mixed language codebase. 

    • Participate and lead the security research initiative. 

    • Manage security integration into the SDLC at ServiceNow. 

    • Partner with developer team and architects to design, implement and improve application security solutions. 

    • Share experience with authentication and authorization models, modern mobile security methodologies, applied cryptography, and secure-by-design development practices. 

    • Advocate security awareness and teach secure behavior and methods. 

    • Implement best-practice security procedures, standards, and guidelines in the application space. 

    • Work on strategic and highly visible BSIMM activities across the organization. 

    • Assist in compliance activities such as external audits from customers, regulatory compliance projects, and overall information security reviews. 

    • Develop tools that make it easier to ship secure code and harder to ship insecure code. 

    • Lead “shift-left” initiatives and scale AppSec efforts across the development organizations. 

    Qualifications

    To be successful in this role you have: 

    • MUST HAVE 8+ years of application/product security experience. 

    • MUST HAVE 5+ years working with JAVA 

    • You can break down complex security problems into measurable and solvable pieces. 

    • Demonstrated experience and expertise with:  

    • Secure code reviews. 

    • Identifying and resolving OWASP Top 10 vulnerabilities. 

    •  Threat modeling in an Agile environment. 

    • Security Verification Standards. 

    • Cryptography implementations. 

    • Authentication and authorization schemes. 

    • Common DAST and SAST tools. 

    • Strong understanding of web and mobile application security assessment techniques, threat modeling, general software development practices. 

    • Experience with creating automation in a higher-level scripting language (Python, JavaScript, etc.). 

    • Ability to perform technical risk assessments, evaluate Static Application Security Testing (SAST) tool results, triage security testing results, and manage security response actions. 

    • Self-starter, able to work with a mix of technical and non-technical clients. 

    • Bachelor’s OR master's degree in computer science/engineering/information security or equivalent work experience. 

    • Ability and passion to coach and mentor junior members of the team. 

     

    Desired: 

    • Gen AI security Testing methodologies. 

    • You have experience working in enterprise software and SaaS domains. 

    • You have run/lead an AppSec program. 

    • You have experience working with large engineering teams and codebases. 

    • You’re involved in the InfoSec community. 

     

    #DTjobs 

    See more jobs at ServiceNow

    Apply for this job

    16d

    Enterprise Security Incident Manager

    ExperianNottingham, United Kingdom, Remote

    Experian is hiring a Remote Enterprise Security Incident Manager

    Job Description

    As a member of Experian’s Global Security Office, the Enterprise Security Incident Manager functions as a Cyber Incident Commander and coordinates the Cyber Fusion Centre’s (CFCs) response to significant cyber-security incidents according to Experian’s Global Information Security Incident Response Plan and processes.

    You will be responsible for initiating and tracking various workstreams during security incidents to ensure there is effective detection, response, containment, eradication, and recovery during incident response and managing executive communications until incident termination.

    The candidate for this role must be a self-starter, capable of working independently, and have strong technical skills involving cyber-incident response, strong writing skills and effective communication with leaders.

    This role will require you to be part of an on-call rotation for response to significant security incidents outside of normal work hours, including holidays and weekends.

    Key Responsibilities Include

    • Serve as the Cyber Incident Commander for significant or high-profile security incidents & table-top exercises  including validating and escalating incidents, coordinating cross-enterprise response activities, facilitating information sharing, and incident documentation.
    • Serves as liaison between technical teams, business leadership, and other stakeholders to minimize the impact of an incident and resume normal business operations.
    • Coordinates response activities in partnership with the CFC teams, business units, crisis management, technology teams, and other stakeholders for moderate and major severity security incidents.
    • Conducts post incident reporting, root cause analysis, and provides relevant insights to guide process improvements and lessons learned to prevent future occurrences of similar security incidents.
    • Participates as Cyber Incident Commander during routine table-top exercises designed to test the IR Plan and crisis response for major security incidents with participation from executives and other key business stakeholders.

    Qualifications

    • Experience with large scale and complex incidents of all types to include APT, DDOS, insider threats, web and mobile applications, data exfiltration, ransomware, etc.
    • An ability to triage and assess a Cyber Security Incident at the moment of notification to determine impact, actions necessary, and make recommendations for remedial action & investigative process / analysis to find root cause
    • Demonstrated knowledge of common adversary tactics, techniques, and procedures.
    • An ability to assess the needs of the role and take action without being tasked, while keeping the team and leadership aware of the status of any projects taken on.
    •  Certifications involving incident response, ethical hacking, digital forensics, or cyber security (GIAC, CISSP, SSCP, CISM, EC-Council, Offensive Security, etc.) highly desireable

    See more jobs at Experian

    Apply for this job

    Synack is hiring a Remote Security Analyst Intern

    Job Application for Security Analyst Intern at Synack

    See more jobs at Synack

    Apply for this job

    20d

    Principal Security Engineer

    ServiceNowChesterfield, Missouri, Remote
    agileDesignansibleazurejavadockerkubernetesubuntupythonAWS

    ServiceNow is hiring a Remote Principal Security Engineer

    Job Description

    About Digital Technology & The SSO  

    We’re not yesterday’s IT department, we're Digital Technology. The world around us keeps changing and so do we. We’re redefining what it means to be IT with a mindset centered on transformation, experience, AI-driven automation, innovation, and growth.   

    We’re all about delivering delightful, secure customer and employee experiences that accelerate ServiceNow’s journey to become the defining enterprise software company of the 21st century. And we love co-creating, using, and highlighting our own products to do it.   

    Ultimately, we strive to make the world work better for our employees and customers when you work in ServiceNow Digital Technology, you work for them.   

    The ServiceNow Security Organization delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact  

    Position Overview:

    As Principal Security Engineer, you will play a pivotal role in shaping the technical direction of our company and driving the execution of our technology roadmap. This is a highly cross functional role where you will lead assembled teams of talented engineers, fostering a culture of collaboration, innovation, and excellence. Leveraging your expertise in engineering, development and software architecture, you will design and deploy scalable systems, design robust solutions, and ensure the highest standards of quality and performance across our infrastructure. 

    What you get to do in this role: 

    • As a key member of our Enterprise Security team, you will be responsible for designing, building and consulting on complex solutions related to securing our global cloud infrastructure. 

    • Deep technical understanding of operating systems, web technologies, application and development methodologies and tooling, the ability to both oversee, or be hands-on to prove out value propositions for emerging technologies. 

    • Research security technologies and products in the marketplace and evaluate fit-for-purpose.   

    • Create security requirements by aligning business strategies and stakeholder interests, using your knowledge of information security standards, external compliance, and industry best practices. 

    • Bring your experience around conducting security, vulnerability analyses, and risk assessments to produce architecture/platform designs that highlight broader opportunities and support cost estimations. 

    • Supports cross team collaboration and the creation of common practices and patterns to encourage consistency and reusability across various functional roles. 

    • Evaluates existing security designs; identifying opportunities and working with leadership to prioritize technology investments related to networking; cryptography (PKIs), endpoint security, and server and monitoring infrastructure. 

    • Supports secure system implementations by specifying intrusion detection methodologies, preparing preventive and detective measures; ensuring security of data both in transit and at rest; providing technical guidance to engineering and support teams; while supporting the creation of an appropriate level of documentation. 

    • Verifies system and application security by performing security assessments, code reviews, configuration and design reviews. 

    • Helps maintains organizational risk posture by ensuring we have adequate security measures that align with compliance standards and policies; conducting incident response analysis when required and working with leadership and technical teams on remediation plans. 

    • Helps define and scope new projects and programs, prepares presentation material including problem statements, proposed solutions, and business justification. 

    Qualifications

    Qualifications 

    To be successful in this role you have: 

    • 15+ years of experience in architecture and engineering, with a focus on programming, operating systems, networking, and security. 

    • Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and communicate technical concepts to non-technical stakeholders. 

    • Strong knowledge of enterprise architecture and engineering principles, design patterns, and best practices. 

    • Master's degree in computer science, Engineering, or equivalent experience. 

    • Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and communicate technical concepts to non-technical stakeholders. 

    • Ability to synthesize complex information and prepare presentations for executive leadership. 

    • Experience with Agile development methodologies and DevOps practices.  

    • Design, implement, and maintain scalable and resilient network architectures that meet the current and future needs of the organization. 

    • Solid understanding of routing protocols (e.g., BGP, OSPF, EIGRP) and switching technologies (e.g., VLANs, STP, VTP) to ensure efficient and reliable data transmission. 

    • Solid understanding of network security including firewalls, VPNs, IDS/IPS, and access controls to protect our network infrastructure from security threats and vulnerabilities. 

    • Ability to design and architect IAM solutions, including identity lifecycle management, single sign-on (SSO), multi-factor authentication (MFA), and privilege access management (PAM), to meet client requirements. 

    • Strong proficiency in Linux/UNIX operating systems (e.g., RHEL, CentOS, Ubuntu), including installation, configuration, and troubleshooting. 

    • Expertise in scripting languages such as Bash, Python, or Perl, and experience with configuration management tools such as Ansible, Puppet, or Chef. 

    • In-depth knowledge of networking concepts, protocols, and security principles. 

    • Experience with virtualization and containerization technologies (e.g., VMware, Docker, Kubernetes). 

    • Strong development and programming skillset is a must (C/C++, Python, Java) 

    • Familiarity with cloud platforms (e.g., AWS, Azure, GCP) and hybrid cloud environments. 

    • Understanding of ServiceNow platform capabilities, including Service Portal, Service Catalog, Workflow Automation, and Integration Hub. 

     

    #DTjobs 

    See more jobs at ServiceNow

    Apply for this job

    Cloudflare is hiring a Remote Network Security Engineer

    About Us

    At Cloudflare, we have our eyes set on an ambitious goal: to help build a better Internet. Today the company runs one of the world’s largest networks that powers approximately 25 million Internet properties, for customers ranging from individual bloggers to SMBs to Fortune 500 companies. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures list and ranked among the World’s Most Innovative Companies by Fast Company. 

    We realize people do not fit into neat boxes. We are looking for curious and empathetic individuals who are committed to developing themselves and learning new skills, and we are ready to help you do that. We cannot complete our mission without building a diverse and inclusive team. We hire the best people based on an evaluation of their potential and support them throughout their time at Cloudflare. Come join us! 

    Available Locations: Lisbon, or Remote Portugal

    What You’ll Do

    Do you love solving complex technical issues and interacting with people? Are you passionate about providing premium-level support to customers and are a standout colleague? Cloudflare is seeking an experienced Network Security Engineer to join our team and support our largest and most technically sophisticated customers in resolving technical problems, threats or attacks on their infrastructure at OSI Layers 3, 4, and 7. This will span the range of Cloudflare products from Magic Transit Infrastructure Protection, Argo Smart Routing, DDoS mitigation and Network Firewall, to using the Web Application firewall (WAF), Spectrum and Rate Limiting to help customers.

    Examples of desirable skills, knowledge and experience

    • Self-driven and capable of learning new technologies / systems / features with little guidance
    • Fundamental understanding how the Internet works (OSI Model)
    • Advanced understanding of modern internet protocols like TCP and UDP
    • Computer Networking fundamentals, experience with iptables and looking glass
    • Experience troubleshooting network connectivity issues, BGP routing, and GRE tunnels
    • Packet capture analysis
    • Experience in command line and tools, including curl, dig, traceroute, openssl, git
    • Experience troubleshooting DNS, SSL / TLS, HTTP
    • Experience in a web development and / or hosting environment such as installing and configuring web servers like Apache, Nginx, Caddy and IIS
    • Experience writing scripts in Bash, Python, JavaScript or other scripting language
    • Experience in working as part of a team in a customer-facing role

    Responsibilities

    • Communicate with customers via chat, email, and phone 
    • Compare traffic signatures and attributes including IP addresses, cookie variations, HTTP headers, and JavaScript footprints to determine what is good traffic and what is malicious
    • DDoS mitigation for OSI layers 3,4, & 7: advise customers on how to filter malicious traffic using Cloudflare tools like Magic Transit, Network Firewall, WAF, IP reputation lists, packet inspection, blocklisting, allowlisting, and rate limiting
    • Work with Engineering and Operations teams to mitigate attacks, suggest steps to mitigate, and apply the appropriate mitigation, when applicable
    • Work with Engineering and Product teams to improve the products and tools

    Bonus Points

    • You are fluent in German, Japanese, French, Spanish, Portuguese, or Mandarin
    • You have worked with PostgreSQL, MySQL, MS SQL, and other database servers
    • You are familiar with Cloudflare and are actively using our platform

    What Makes Cloudflare Special?

    We’re not just a highly ambitious, large-scale technology company. We’re a highly ambitious, large-scale technology company with a soul. Fundamental to our mission to help build a better Internet is protecting the free and open Internet.

    Project Galileo: We equip politically and artistically important organizations and journalists with powerful tools to defend themselves against attacks that would otherwise censor their work, technology already used by Cloudflare’s enterprise customers--at no cost.

    Athenian Project: We created Athenian Project to ensure that state and local governments have the highest level of protection and reliability for free, so that their constituents have access to election information and voter registration.

    Path Forward Partnership: Since 2016, we have partnered with Path Forward, a nonprofit organization, to create 16-week positions for mid-career professionals who want to get back to the workplace after taking time off to care for a child, parent, or loved one.

    1.1.1.1: We released 1.1.1.1to help fix the foundation of the Internet by building a faster, more secure and privacy-centric public DNS resolver. This is available publicly for everyone to use - it is the first consumer-focused service Cloudflare has ever released. Here’s the deal - we don’t store client IP addresses never, ever. We will continue to abide by our privacy commitmentand ensure that no user data is sold to advertisers or used to target consumers.

    Sound like something you’d like to be a part of? We’d love to hear from you!

    This position may require access to information protected under U.S. export control laws, including the U.S. Export Administration Regulations. Please note that any offer of employment may be conditioned on your authorization to receive software or technology controlled under these U.S. export laws without sponsorship for an export license.

    Cloudflare is proud to be an equal opportunity employer.  We are committed to providing equal employment opportunity for all people and place great value in both diversity and inclusiveness.  All qualified applicants will be considered for employment without regard to their, or any other person's, perceived or actual race, color, religion, sex, gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship, age, physical or mental disability, medical condition, family care status, or any other basis protected by law.We are an AA/Veterans/Disabled Employer.

    Cloudflare provides reasonable accommodations to qualified individuals with disabilities.  Please tell us if you require a reasonable accommodation to apply for a job. Examples of reasonable accommodations include, but are not limited to, changing the application process, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.  If you require a reasonable accommodation to apply for a job, please contact us via e-mail athr@cloudflare.comor via mail at 101 Townsend St. San Francisco, CA 94107.

    See more jobs at Cloudflare

    Apply for this job

    Devoteam is hiring a Remote Cloud Security Consultant

    Job Description

    Overview:
    We are seeking a highly motivated and experienced Security Cloud Consultant to join our team and play a key role in helping our clients achieve robust information security and compliance within their cloud environments. they will leverage their expertise in cloud security to assess client needs, develop and implement security controls, and guide them on their journey toward secure and compliant cloud adoption.
     
    Responsibilities:

    • Develop and implement effective GRC strategies and frameworks tailored to client needs and cloud platforms GCP
    • Design and implement cloud security controls aligned with industry best practices (e.g., CIS Controls, NIST CSF) and relevant regulations (e.g., NCA, HIPAA, SAMA, NDMO).
    • Design and implement security architectures for cloud deployments, using industry best practices and compliance frameworks.
    • Configure and manage cloud security services, such as identity and access management (IAM), encryption, logging, and monitoring.
    • Conduct security assessments and penetration testing of cloud environments to identify and mitigate vulnerabilities.
    • Respond to security incidents and take appropriate action to contain and remediate them.
    • Develop and implement security automation tools and scripts to improve efficiency and effectiveness.
    • Stay up-to-date on the latest cloud security threats and trends and recommend mitigation strategies.
    • Collaborate with other teams to ensure security is integrated throughout the development lifecycle.
    • Provide training and awareness programs to client teams on cloud security best practices.
    • Conduct comprehensive risk assessments and gap analyses to identify potential security vulnerabilities within client cloud environments.
    • Assist clients in developing and maintaining cloud security policies, procedures, and documentation.
    • Conduct internal audits and provide ongoing monitoring of security controls for effectiveness.
    • Stay up-to-date on the latest cloud security threats, trends, and technologies.
    • Collaborate with internal teams (e.g., sales, engineering) to ensure aligned and successful client engagements.
    • Assist the sales team throughout the sales cycle, from initial contact to closing the deal.
    • Prepare proposals, quotes, and presentations tailored to specific customer needs.
    • Participate in customer meetings and negotiations.
    • Stay up-to-date on industry trends and competitor offerings.


     

    Qualifications

    • Bachelor's degree in Computer Science, Information Security, or a related field.
    • Minimum 7 years of experience with a Minimum  of 4 years of experience in cloud security
    • Minimum of 4 years as a Consultant
    • Proven experience in designing and implementing security controls in cloud environments.
    • Experience with security assessment and penetration testing tools and methodologies.
    • Excellent communication, interpersonal, and problem-solving skills.
    • Ability to work independently and as part of a team.
    • Strong analytical and critical thinking skills.
    • Experience with cloud-based security GCP tooling (e.g. IAM, Cloud Identity, Access Transparency, Key management, Security Command Center).
    • Knowledge of containerization technologies (e.g., Docker, Kubernetes).
    • Cloud certifications (e.g., CSA-CCSK, CSA-CCAK, CCSP ).

     

    See more jobs at Devoteam

    Apply for this job

    Crowell & Moring is hiring a Remote Security Analyst

    Job Description

    Crowell & Moring LLP is an international law firm with offices in the United States, Europe, MENA, and Asia that represents clients in litigation and arbitration, regulatory and policy, intellectual property, and transactional and corporate matters. The firm is internationally recognized for its representation of Fortune 500 companies in high-stakes litigation and government-facing matters, as well as its ongoing commitment to pro bono service and diversity, equity, and inclusion.

    Job Summary

    The Security Analyst (Identity and Access Management) specializes in IAM technologies and applications including Single Sign-On (SSO), federation, permissions, authorizations, and identity management. The SA maintains the Firm’s IAM platform and related systems and works with InfoSec management and others in the Firm to ensure the right people have appropriate access to data and applications at the right time. The SA is responsible for keeping up-to-date with current identity technologies, threats, vulnerabilities, and automation and participates in projects implementing, upgrading, and modifying identity systems.

    Job Responsibilities

    • Under general supervision of the Infosec Manager the SA manages the IAM system including Enterprise Applications, federations, certificates, Identity Provider (IdP).
    • Maintains and validates the Firm’s Multifactor Authentication (MFA) systems.
    • Integrates external applications with the Firm’s identity system using OAUTH, SAML, OpenID or other appropriate technology
    • Coordinates with Human Resources, Finance, and others to automate as much as possible the Join/Move/Leave process for employee, Partner, and third-party identities.
    • Maintains and manages the Firm’s sources of Identity, including Active Directory, Microsoft Entra ID, and Active Directory Federation Systems (AD FS)
    • Manages federation and replication technologies such as Entra ID Connect.
    • Maintains the Firm’s Public Key Infrastructure (PKI) systems including certificate templates, issuance policies, security, and revocation.
    • Completes special projects and other duties as assigned by the InfoSec Manager.

    Qualifications

    Requirements:

    Knowledge, Skills and Abilities

    • Knowledge of Identity technologies and systems including Security Assertion Markup Language (SAML) Single Sign On (SSO), and related technologies such as OAUTH, OpenID.
    • Understanding of directory and authentication technologies such as Active Directory (AD), lightweight directory access protocol (LDAP), Kerberos, RADIUS, and Public Key Infrastructure (PKI)
    • Understanding of Microsoft identity products such as Entra ID, Conditional Access, Defender for Identity, and Enterprise Applications
    • Understanding of multifactor technologies and platforms, including NIST 800-63 R3 approved methods.
    • Ability to work overtime as needed.

    Education

    The position requires a Bachelor’s Degree, preferably in Computer Science/MIS or equivalent certification from an accredited technical training school.  Four years of progressive experience may substitute for education.

    Certification

    Microsoft SC-300 or related Identity and Access, Azure, or Entra certifications. CISSP or GIAC certifications are a plus

    Experience

    The position requires a minimum of four (4) years of increasingly responsible, directly related experience during which knowledge, skills and abilities applicable to the position were demonstrated.

    See more jobs at Crowell & Moring

    Apply for this job

    +30d

    Senior Security Engineer

    QlikHybrid Remote, King of Prussia, Pennsylvania
    5 years of experienceazurerubyjavac++linuxpythonAWS

    Qlik is hiring a Remote Senior Security Engineer

    Description

    What makes usQlik

    Qlik helps enterprises around the world move faster, work smarter, and lead the way forward with an end-to-end solution for getting value out of data.A Gartner Magic Quadrant Leader for 13years in a row!Our platform is the only one on the market that allows for open-ended, curiosity-driven exploration, giving everyone – at any skill level – the ability to make real discoveries that lead to real outcomes and transformative changes. We are a Values-Driven organization, operatinginover 100 countries with38,000 customers around the world. If you think we are interesting, please read on – we may be looking for you!

     

    TheSr. Security Engineerroleat Qlik

    As part of the organization, and our growing team, you will be in a unique position to impact the future direction the company takes. With approximately38,000 customers worldwide you will have access to a rich user community to help inform your decisions. Our highly collaborative environment means you will be working with a diverse group of talented people continuously innovating and improving.

    .


    The Sr. Security Engineer role at Qlik

    Qlik has an innovative, team-oriented,and high-energy culture. We offer a flexible and exciting work environment, and plenty of opportunities for you to grow as a professional and as an individual.

     

    As aSenior Security Engineerand team member of our rapidly growing company, you will haveasignificant impact on our company’s growth and success. Candidates must be self-driven andresults-oriented, with a strong will to succeed.

    • Support the investigation of security incidents, alerts andevents
    • Implement and support security-focusedtools
    • Assist in managing vulnerabilityprogram
    • Support company-wide projects for security
    • Assist in penetrationtesting
    • Proactive security checks and threat hunting
    • Assist in incidentresponse

     

    Responsibilitiesinclude, but not limited to:

     

    • Strong understanding of networking principles (OSI Model, Routing fundamentals, TCP/IP)
    • Advance understanding of host operating systems and applications, including Microsoft Windows,Linuxand Mac
    • Experience in programming (Ex: Java or C++)
    • Experience with scripting languages such as Python, or Ruby
    • Understanding of network security principles
    • Incident response principles
    • Endpoint experience – AV, EDR
    • Minimum Years of Experience: 5 years of experience in Information Security
    • Vulnerability Management – Nessus, Qualys, Rapid 7
    • Basic Public Cloud experience – AWS, Azure, GCP

     

     

    Skillsand qualificationsfor this roleinclude:

     

    • Qualifications – CCNA, CCNP, AWS Certified Security a plus
    • Security certifications like CEH, CIH, OSCP,andCISSP a plus

     

    Thelocationfor this role is/re:

    • The role is open to any US Qlik office or Remote, for the right candidate.

     

    About Qlik

     

    The anticipated base salary range for this role is $108,000.00MIN –148,000.00 Maxper year. Final compensation offered by Qlik will be based on factors such as the candidate’s location, job-related skills, education, experience, and other business and organizational needs.

    Qlik offers a comprehensive benefits package which includes, but is not limited to, group medical, dental and vision benefits, a 401(k) plan and match, flexible paid vacation, 10 paid annual company holidays, 9 days of annual paid sick leave (prorated upon hire), up to 16 weeks of paid parental leave, and mental and emotional wellbeing benefits.

     

    Qlik is an Equal Opportunity/Affirmative ActionEmployer,and we value the diversity of our workforce.Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Click here to review the US Department of Labor’sEqual Employment Opportunity Posters, including theEEO is The Lawnotice and thePay TransparencyNondiscrimination Provision.

     

    If you need assistance due to disability during the application and/or recruiting process, please contact us via theAccessibility Request Form.

     

    Qlik is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at Qlik via-email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Qlik. No fee will be paid in the event the candidate is hired by Qlikas a result ofthe referral or through other means.

     

     

     

    See more jobs at Qlik

    Apply for this job

    CIYIS LLC is hiring a Remote Cybersecurity Engineer

    We are seeking a Cybersecurity Engineer to join our team! You will be responsible for the management and delivery of SaaS applications for a government client. Serves as the Cybersecurity Engineer for a large, complex task order (or a group of task orders affecting the same system) and shall assist the PMO in working with managing customer requirements. Under the responsible for the overall delivery of various FedRAMP and ATO compliance project initiatives while ensuring that the technical solutions and schedules in the task order are implemented in a timely manner. Manages and reports project cost, schedule, and performance.

    Responsibilities:

    • Plans, directs, and co-ordinates a group of Cybersecurity activities to manage and implement Cybersecurity project(s) from contract/proposal initiation to final operational stage.
    • Accountable for the monitoring and enforcing compliance to IT and cyber security policies and governing procedures to reduce risk to cyber incidents and potential areas of non-compliance.
    • Responsible for understanding and assessing technology and operational risks related to internal technology solutions and at times, might be asked to provide input to personnel on appropriate controls to address those risks.
    • Leads the project/program team(s) in determining client requirements and translating requirements into operational plans.
    • Ensures adherence to legally binding requirements and client’s long-term goals. Facilitates status review meetings among project team members and clients.
    • Works with the PMO on project/program proposals, bids, contracts, estimates, and schedules.
    • Maintains awareness on emerging technologies and project/program management techniques.
    • Provides Cybersecurity leadership in the design, build and overseeing of the security architectures, security engineering life cycle, infrastructure & network, and computer security for an organization.
    • Provides Cybersecurity leadership in the vulnerability testing, risk analyses and security assessments of local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices according to security standards, security systems and authentication protocols.
    • Provides Cybersecurity leadership in the definition, implementation, and maintenance of enterprise security policies and procedures.
    • Provides Cybersecurity leadership in the response to security-related incidents and follow(s) industry best practices in a thorough post-event analysis.
    • Provides Cybersecurity leadership in the architecture review and risk & impact assessment for the critical information assets.

    Qualifications:

    • Previous experience in ERP information technology and/or other related fields
    • Demonstrated leadership experience in projects of similar size and complexity
    • Six years general IT experience
    • Six years cybersecurity experience
    • Must possess a DOD Secret Clearance and be eligible for an IT-II upon assignment.
    • Must possess certification meeting the DOD 8570.01 IAM level III
    • Nice to have a Risk Management Professional credential
    • Strong knowledge of RMF

    Education & Clearance Requirements:

    • 4 Year degree in computer sciences, Information Technology, or equivalent experience
    • Candidate must posses the ability to maintain a government security clearance.
    • No visa sponsorship available.

      CIYIS is an Equal Opportunity Employer and all Qualified Applicants will receive consideration for employment without regard to Race, Color, Religion, Sex, National Origin, Disability Status, Protected Veteran Status or any other Characteristic Protected by Law.

      See more jobs at CIYIS LLC

      Apply for this job

      +30d

      Cybersecurity Engineer

      ClientSolvTechnologiesDallas, TX, Remote

      ClientSolvTechnologies is hiring a Remote Cybersecurity Engineer

      Job Description

      We are seeking an experienced and CISSP certified Cybersecurity Engineer for a 3 month contract-to-hire role.  This role can work remotely from anywhere within the U.S. 

      In this role, you will apply Information Technology (IT) security principles, methods and security products to protect and maintain the availability, integrity, confidentiality and accountability of   IT resources and physical security access of property and personnel. You will be accountable for executing assigned tasks to implement the goals of the organization's Information Security initiatives, on time and within approved budget.

      Essential Duties and Responsibilities:

      • Maintains configurations for IT security technologies to optimize protective equipment functions and capabilities.
      • Develops, documents and maintains methodology for sensitive and critical application and general support for IT security systems.
      • Researches technical and IT security topics; maintains information on industry trends.
      • Collaborates with others in the Company (i.e. Information Technology engineers, Network Engineers, etc) to perform design review and analysis of network infrastructure modifications.
      • Develops policies, procedures and maintains scripts, routines and software for accomplishing security studies and assessments to provide professional level analysis in recognizing system threats and vulnerabilities; detects malware or malicious activities.
      • Periodically reviews firewall and router rules and access control lists.
      • Monitors and reviews intrusion detection systems and firewall logs to identify adverse patterns and coordinate mitigation responses.
      • Performs security assessments, risk identification and mitigation planning and execution.
      • Leads vulnerability management efforts and actively participates in patch management and risk management processes.
      • Participates in emergency operations, including the Computer Security Incident Response Team.
      • Responsible for PKI Infrastructure management and support - User and Server Authentication
      • Draft policy based on NIST, FISMA, PCI, PII and CJIS compliance.
      • Ensures processes and procedures are developed, documented, maintained and adhered to for incident identification, investigation and response, analysis and recommendations for risk management, collection of forensic data and regulatory require

         

      Qualifications

      • 5+ years of professional experience as a Cybersecurity Engineer
      • Experience working with Technical tools and implementing them such as
        • Identity Access Management
        • Privilege Access Management Identity Access Management
        • Vulnerability Management
        • Threat Hunting
      • Must have CISM, CISA, CRIS, CISSP, or similar certification
      • SIEM tools -Splunk
      • BS in Information Technology or equivalent combination of directly applicable experience and certification
      • Strong experience working with market standard Vulnerability Assessment tools
      • Must have experience with network monitoring, network security, network equipment programming, firewall configurations and DLP solutions, log monitoring and event correlation
      • Experience with policy and process documentation
      • Understanding of DNS, DHCP and LDAP
      • System hardening experience utilizing STIGs, CIS or USGCB
      • Security Incident Response experience
      • Strong oral and written communication abilities with experience writing policies
      • Must possess strong analytical and troubleshooting skills
      • Must be able to serve as a technical resource to IT staff

      Apply for this job

      Level is hiring a Remote Head of Security

      At Level, we believe using your benefits should be as easy as buying a cup of coffee. We’re unlocking the full value of compensation by rebuilding benefits as a simple payments experience — fast, flexible, and transparent. Our mission is to empower people to build better financial futures, and we’re accomplishing that by transforming the status quo of benefits.

      Level is a B2B2C fintech company comprised of a diverse team from industry-leading companies like Square, Oscar, Google, Uber, and Airbnb. Together, we’re creating a new payments tech stack to help employers offer more accessible and personalized benefits for their teams — and this is just the beginning.

      At Level, collaboration is our superpower. By leveraging each other’s strengths and curiosity, we’ve been able to build a best-in-class product, culture, and business. Plus, our employee benefits are so awesome that we let our customers buy them too.

      What You'll Do:

      • Define Level’s security roadmap
      • Get hands-on with implementation, design, and execution
      • Work directly with our research teams to protect our core assets
      • Ensure compliance with relevant frameworks, such as PCI-DSS, HIPAA, SOC 2, ISO-27001, and conduct compliance audit in collaboration with legal, IT, and other teams
      • Maintain and develop security documentation to reflect design and best practices in areas such as network security, data flow diagrams, and related topics
      • Support on-call activities such as incident response, daily log/dashboard reviews, and design and code reviews
      • Lead customer security interactions, answer questionnaires, and confidently represent Level during security reviews to build customer trust
      • Conduct annual vendor reviews and assess ongoing vendor risk management
      • Proactively identify and mitigate security threats
      • Build and evangelize security policies, programs and best practices

      Who You Are:

      • 10+ years of security experience
      • 3+ years leading and managing teams in a fast-paced environment
      • Strong experience in protecting at least one cloud platform and a willingness to become an expert with AWS
      • Deep knowledge of attack surfaces for enterprise systems and services
      • Experience defending against state-level actors a plus
      • Willingness to dive in to problems to formulate plans and drive execution
      • Expertise in thinking through insider threat scenarios
      • Experience defining threat models for a small or medium size organization
      • You have strong written and verbal communication skills, building strong relationships with stakeholders and teams around the organization
      • Excellence in problem-solving, strategic thinking, and collaboration with cross-functional teams
      • Experience working with highly sensitive confidential information ideally financial and/or health data

      What We Offer:

      • Competitive salary and equity
        • Remote first, with an office in NYC (HQ) as an option to work from
      • For those not in the NYC area, we offer up to $500 monthly for renting a co-working or office space
      • 100% employer paid medical
      • 100% employer paid dental through Level with a $2,500 benefit allowance
      • 100% employer paid vision through Level with a $600 benefit allowance
      • 401(k)
      • Generous additional fringe benefits offered through Level’s platform:
        • $25 monthly through our R&D funds to help stress-test new products and features
        • $150 monthly through our Wellbeing lifestyle spending account
        • $500 in New Hire Office Funds available in your first 90 days to assist with getting your remote workspace set up
        • $1,000 annually through Level’s Mental Health EAP
        • $3,000 annually in Education benefits (made available upon your 1 year anniversary) that can be used to continue professional education or be applied towards student loan payments
        • $4,000 lifetime balance through our Medical Travel EAP
        • $5,000 annually through our Gender Affirmation Fund
      • Flexible paid time off: take the time you need when you need it!
      • 10 days of paid sick leave per year
      • Company paid STD, LTD and life insurance
      • Voluntary life, legal and pet insurance
      • 8-16 weeks of paid parental leave
      • Quarterly company sponsored events
      • The chance to work at a leading innovator and trailblazer in the world of benefits and payments!

      This position has a minimum base salary of $236,000 and a midpoint base salary of $263,000. The base pay may vary depending on job-related knowledge, skills, and experience. In addition to a competitive base salary this position is also eligible for equity awards.

      Level is proud to be an Equal Opportunity Employer. We celebrate diversity and are committed to creating a welcoming and inclusive environment for all. Please apply to this role if you feel you are a good fit, regardless of your race, color, religion, gender identity, sex, sexual preference, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other perceived limiting factor. We welcome applicants from all walks of life.

      E-Verify Program Participant: Level participates in the Department of Homeland Security U.S. Citizenship and Immigration Services' E-Verify program (For U.S. based applicants and employees only). Please click below to learn more about the E-Verify program:

      See more jobs at Level

      Apply for this job

      Webflow is hiring a Remote Senior Application Security Engineer

      At Webflow, our mission is to bring development superpowers to everyone. Webflow is the leading visual development platform for building powerful websites without writing code. By combining modern web development technologies into one platform, Webflow enables people to build websites visually, saving engineering time, while clean code seamlessly generates in the background. From independent designers and creative agencies to Fortune 500 companies, millions worldwide use Webflow to be more nimble, creative, and collaborative. It’s the web, made better. 

       

      We’re looking for a Senior Application Security Engineer to help us level up Webflow’s secure development practices ranging from secure coding, tooling, and improving procedures.

       

      About the role 

      • Location: Remote-first (United States; BC & ON, Canada) 
      • Full-time
      • Exempt 
      • The cash compensation for this role is tailored to align with the cost of labor in different US geographic markets. The base pay for this role ranges from $143,000 in our lowest geographic market up to $198,000 in our highest geographic market. These figures are in $USD and apply to candidates in the United States. The specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills.
      • Reporting to the Director of Security

       

      As a Senior Application Security Engineer, you’ll … 

      • Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem.
      • Bring security best practices to the software development lifecycle.
      • Work as part of a team to champion security standards while balancing business strategies and requirements.
      • Support Webflow’s security current and future compliance frameworks
      • Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings.
      • Contribute code and architecture improvements to enable security within Webflow’s application for engineers.
      • Cross-train entry and mid-level application security engineers

       

      In addition to the responsibilities outlined above, at Webflow we will support you in identifying where your interests and development opportunities lie and we'll help you incorporate them into your role.

       

      About you 

      You’ll thrive as a Senior Application Security Engineer if you:

      • Have 2+ years of software development experience in security
      • Are passionate about security in general, and always hungry to learn
      • Have expertise in evaluating application/software with an eye to improve security design, continuous commitment to risk reduction and sustainable security.
      • Have experience fully rolling out secure code development lifecycle (SDLC) processes improvements, tools, and automation including planning, communication, and deployment of such tools.
      • Have solid experience penetration testing, finding and developing medium complexity application vulnerabilities
      • Have experience supporting software supply chain risks
      • Have experience with Threat Modeling 
      • Love to share knowledge, and the gift of explaining complex security concepts with your colleagues.
      • Have a solid understanding of web application security, secure software design, and secure coding, and insecure engineering practices.
      • Have set-up or supported bug bounty programs.

      Even if you don’t meet 100% of the above qualifications, you should still seriously consider applying. Research shows that you may still be considered for a role if you meet just half of the requirements.

      Our Core Behaviors:

      • Obsess over customer experience.We deeply understandwhatwe’re building andwhowe’re building for and serving. We define the leading edge of what’s possible in our industry and deliver the future for our customers.
      • Move with heartfelt urgency.We have a healthy relationship with impatience, channeling it thoughtfully to show up better and faster for our customers and for each other. Time is the most limited thing we have, and we make the most of every moment.
      • Say the hard thing with care.Our best work often comes from intelligent debate, critique, and even difficult conversations. We speak our minds and don’t sugarcoat things — and we do so with respect, maturity, and care.
      • Make your mark.We seek out new and unique ways to create meaningful impact, and we champion the same from our colleagues. We work as ateamto get the job done, and we go out of our way to celebrate and reward those going above and beyond for our customers and our teammates.

      Benefits & wellness

      • Equity ownership (RSUs) in a growing, privately-owned company
      • 100% employer-paid healthcare, vision, and dental insurance coverage for employees and dependents (US; full-time Canadian workers working 30+ hours per week), as well as Health Savings Account/Health Reimbursement Account, dependent on insurance plan selection. Employees also have voluntary insurance options, such as life, disability, hospital protection, accident, and critical illness
      • 12 weeks of paid parental leave for both birthing and non-birthing caregivers, as well as an additional 6-8 weeks of pregnancy disability for birthing parents to be used before child bonding leave. Employees also have access to family planning care and reimbursement
      • Flexible PTO with an mandatory annual minimum of 10 days paid time off, and sabbatical program
      • Access to mental wellness coaching, therapy, and Employee Assistance Program
      • Monthly stipends to support health and wellness, as well as smart work, and annual stipends to support professional growth
      • Professional career coaching, internal learning & development programs
      • 401k plan and financial wellness benefits, like CPA or financial advisor coverage
      • Commuter benefits for in-office workers

      Temporary employees are not eligible for paid holiday time off, accrued paid time off, paid leaves of absence, or company-sponsored perks.

      Be you, with us

      At Webflow, equality is a core tenet of our culture. We arecommittedto building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law.

      Stay connected

      Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, Twitter, and/or Glassdoor. 

      Please note:

      To join Webflow, you'll need valid U.S. or Canadian work authorization depending on the country of employment.

      If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes.

      Protecting your privacy and the security of your data is a longstanding top priority for Webflow. Please consult our Applicant Privacy Notice to know more about how we collect, use and transfer the personal data of our candidates.

       

       

      See more jobs at Webflow

      Apply for this job

      Lampenwelt GmbH is hiring a Remote IT Security Engineer (f/m/d)

      Stellenbeschreibung

      Wir suchen einen engagierten IT Security Engineer (f/m/d), der unsere Sicherheitsarchitektur mit Leidenschaft stärkt. In deiner Rolle als Experte für IT Security spielst du eine zentrale Rolle bei der Identifizierung, Analyse und Minderung von Sicherheitsrisiken. Du arbeitest Hand in Hand mit verschiedenen Teams, um unsere Sicherheitsstrategien, überwiegend in Projekten, weiterzuentwickeln, zu implementieren und kontinuierlich zu verbessern und bist Sparringspartner in der täglichen Analyse von Security Alerts. 

      Gelegentliche Vor-Ort-Einsätze sind erforderlich, ansonsten ist auch Remote-Arbeit möglich. 

       

      Wo deine Skills gefragt sind

      • Weiterentwicklung, Implementierung und Überwachung von Security Policies, um die Einhaltung von Standards und Best Practices sicherzustellen 
      • Administration und Beratung hinsichtlich unserer Security Infrastruktur, inklusive IAM, Cloud-, Endpoint- und Network Security
      • Durchführung von Security Assessments, inklusive Risiko-, Schwachstellen- und Compliance-Management
      • Proaktives Incident Management, von der schnellen Reaktion auf Sicherheitsvorfälle bis hin zum Business Continuity Management
      • Förderung der Sicherheitskultur durch Unterstützung bei der Durchführung regelmäßiger Security Awareness Trainings und Penetrationstests sowie Sicherheitsscans
      • Stetige Weiterentwicklung und Verfeinerung der Shared LUQOM IT-Services mit Fokus auf IT Security

      Qualifikationen

      Lampenwelt ist der richtige Ort für dich, wenn du Veränderungen als Chance begreifst und neugierig auf das Unbekannte bist. Wenn du dich jeden Tag aufs Neue herausforderst, um die beste Lösung zu finden. Hier wird dir Verantwortung übertragen, damit du deine Ideen nicht nur einbringen, sondern auch selbst umsetzen kannst. Bei Lampenwelt gehen wir jeden Tag ein Stück weiter, handeln schnell, sind offen und setzen auf eine direkte und lösungsorientierte Kommunikation auf allen Ebenen. 

      Was dir helfen wird, zukünftige Herausforderungen zu meistern 

      • Tiefgehendes Verständnis für IT-Sicherheitskonzepte und -technologien
      • Fundiertes Wissen über Netzwerktechnologien, Cloud- & On-Prem Security Lösungen, End Point Protection, Betriebssystemen und SIEM
      • Kenntnisse im Umfeld von Microsoft Defender von Vorteil, insbesondere im Bereich Defender for Endpoint, Cloud sowie Identity
      • Starkes Interesse an neuen Technologien und fortlaufender persönlicher sowie beruflicher Weiterentwicklung
      • Eigeninitiative und Teamgeist bei der Durchführung von IT-Projekten
      • Analytische, konzeptionelle, strukturierte und eigenständige Arbeitsweise
      • Ausgeprägte Teamfähigkeit, Kommunikationsstärke und Engagement
      • Abgeschlossene Ausbildung im IT-Bereich oder ein Studium in Wirtschaftsinformatik, Informatik oder einem verwandten Feld
      • Sehr gute Deutsch- und Englischkenntnisse in Wort und Schrift

      See more jobs at Lampenwelt GmbH

      Apply for this job

      +30d

      IT Security Engineer

      Timocom GmbHErkrath, Germany, Remote

      Timocom GmbH is hiring a Remote IT Security Engineer

      Stellenbeschreibung

      Als IT Security Engineer (m/w/d) bei TIMOCOM erarbeitest du gemeinsam mit deinem Team Maßnahmen, Konzepte und Richtlinien zur kontinuierlichen Verbesserung des Betriebs- und Sicherheitsniveaus.

      • Dabei bist du für die Definition, Einführung, sowie Weiterentwicklung und Implementierung von IT-Sicherheitsvorgaben verantwortlich.
      • Für den IT-Betrieb evaluierst und betreust du IT-Sicherheitslösungenund identifizierst IT-Sicherheitsrisiken sowie Schwachstellen.
      • Du konzipierst Sicherheitsanforderungen für Web-Applikationen und etablierst einen Secure Software Development Lifecycle.
      • Zudem führst du Sicherheitsprüfungen und Sicherheitsanalysen der IT-Infrastruktur durch.
      • Du berätst Softwareentwicklern sowie Fachbereiche und Projektgruppen zu Themen der IT-Sicherheit und empfiehlst Maßnahmen zur Steigerung des IT-Sicherheitsniveaus.
      • Es steht dir frei, entweder 100 Prozent remote zu arbeiten oder flexibel unsere TEAMocom Spaces vor Ort zu nutzen.

      Qualifikationen

      • Du bringst mehrjährige Berufserfahrung im Bereich der IT-Sicherheit mit.
      • Mit Client- und Server-Betriebssystemen wie Microsoft und Unix kennst du dich bestens aus.
      • Zudem bringst du fundiertes Wissen zur sicheren Konfiguration und Überwachung der Office 365 Cloudmit.
      • Du hast ein gutes Verständnis für Best-Practices der IT-Sicherheit, sowie für Netzwerk- und Betriebssystem-Architekturen (z.B. ISO 27001, ISO 22301).
      • Bestenfalls konntest du erste Erfahrungen im Bereich von Pentesting und Red Teaming sammeln.
      • Damit du dich in deinem Team gut verständigen kannst, bringst du gute Deutsch- und Englischkenntnisse mit.

      See more jobs at Timocom GmbH

      Apply for this job


      Other Job subscriptions you might be insterested in