Security Expert Salary in USA

DescriptionSecurity ArchitectU.S. citizenship is required for this position due to Department of Defense restrictionsRole Summary:Work as a senior member of Information Security team with focus on improving decision-making through collaboration with management, staff, and customers on technology strategy, enterprise architecture, and investments in strategic technology. Provide overall direction, lifecycle management, and leadership for all Information Security architecture and technology. Perform a lead role in identification, analysis, evaluation, lifecycle management and adoption of security technologies. Serve as a key consultant regarding security features of technologies throughout WPS Health Solutions business lines and corporate environment. Work closely with specialized security teams to ensure coordination with activities in technology choices.    In this role you will:Architect, prioritize, coordinate, and communicate choice of security technologies necessary to ensure a highly secure, yet usable, computing environment.Be responsible for creation and maintenance of enterprise security standards applicable to all technologies in portfolio.Manage and advise on information security issues to ensure internal security controls are appropriate and operating as intended.Guide employees by utilizing credibility and subject matter expertise that aligns security and enterprise architectures.Build strong cross-organizational relationships and effectively influence staff across IT organization and broader enterprise.Provide leadership to extend organizational ability to optimize use of emerging technologies.Participate in setting strategic direction and advise leadership on Information Security issues, systems, processes, products, and services.Maintain an expert knowledge in field of Information Security and related issues, systems, processes, products, and services.Utilize best practices and risk tolerances frameworks. Stay current with security technologies and make recommendations for use based on business value.Evaluation of overall risk for IT systems and data they contain and process, accounting for people, processes, and technologies that provide security controls.Maintain oversight of design and implementation of IT systems to ensure appropriate and effective security controls are included.Design and implement segregation of duties controls for enterprise.This role could be a good fit if you: Possess excellent verbal and written communication skills and are able to navigate in an environment with both highly technical and highly nontechnical individuals.Enjoy working in the “grey”, possessing the unique ability to deal with ambiguous information/conditions/circumstance and make expert judgments in situations where no precedent exists.Are comfortable interacting and presenting to executives highly effective communicator with well-honed influencing and negotiating skills.Get excited about creating and presenting materials ranging from detailed technical specifications to high-level presentations.Possesses the ability to translate technical security concepts into layperson's terms and to maintain a high level of confidentiality and professionalism.Want to take leadership role in the integration of various security and data protection. technologies/controls into a cohesive architecture to sufficiently mitigate risk.You’ll benefit from this experience by:Working in a highly complex highly security conscious environment that has a security umbrella that encompasses health Insurance, contract with Center for Medicare and Medicaid Service (CMS) and Department of Defense contracts that include, Tricare and VA.Work as a thought leader providing guidance insights into security industry standards.Working in an environment that serves our Nation’s military, veterans, Guard and Reserves along with their families.You need to have: U.S. citizenship is required for this position due to Department of Defense restrictions.Bachelor’s degree in Computer Science, Information Systems, or related field OR equivalent post high school education and/or work-related experience.1 or more years of related work experience.We also prefer: An active Certified Information Systems Security Professional (CISSP) certification or the ability to get this certification within 6 months of hire.5 or more years as a Security Architect/Engineer in information security field with expert knowledge of platform, application, storage, network, virtualization, cloud and mobile security.5 or more years of security and networking systems such as Cisco, Microsoft, Linux.Possess a thorough understanding of enterprise risk management principles and processesKnowledge and experience with cloud security.Experience with ensuring acquisition or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines.Related Security and/or Audit certifications, such as:Certified Ethical Hacker (CEH)GIAC Security Essentials Certification (GSEC)Certified in Risk and Information Systems Control (CRISC)A Comprehensive understanding of:Project management methodologies and processes; e.g., SCRUM, Agile, Waterfall, DevSecOpsIT infrastructure such as routers, firewalls, serversUnderstanding of various security technologies such as:Anti-virus – McAfee preferredEncryption (transmission and at-rest)Vulnerability scanning and management toolsFirewall auditingWeb Filtering / IPSCentralized event loggingPenetration testing concepts and toolsVulnerability assessment tools, such as NessusRisk assessment and analysis toolsGRC softwareMicrosoft SharePointServiceNow Service Desk suiteYour team:Our team is a group of security professionals with a variety of backgrounds and expertise focused on providing sound security leadership to the organization.  This requires the team to work closely together and rely on each other’s strengths and areas of expertise.Remote work:This role is open to considering 100% remote work the following approved states:Approved States: Arizona, Colorado, Florida, Georgia, Illinois, Indiana, Iowa, Michigan, Minnesota, Missouri, Nebraska, New Jersey, North Dakota, South Carolina, Texas, Virginia, Wisconsin    Compensation and BenefitsEligible for annual Performance Bonus Program401(k) with dollar-per-dollar match up to 6% of salaryCompetitive paid time offHealth and dental insurance start DAY 1Vision insuranceFlexible spending, dependent care, and health savings accountsShort- and long-term disability, group life insuranceInnovative professional and cognitive development programsWho We AreWPS Health Solutions is an innovator in health insurance and a worldwide leader in claims administration, serving millions of beneficiaries in the United States and abroad.Founded in 1946, WPS offers health insurance plans for individuals, families, and seniors, and group plans for small and large businesses. We are a world-class claims processor and program administrator for the government’s Medicare program. And we manage benefits for millions of active-duty and retired military personnel and their families.WPS has been named one of the World's Most Ethical Companies® by the Ethisphere® Institute for 10 years in a row.Learn more about WPS. Our Purpose and ValuesOur purpose is to make healthcare easier for those we serve. Click HereOur values – Customer Focused, Individual Responsibility, Mutual Respect, and Driven & Passionate – are the core of who we are and how we conduct business every day.Health InsuranceWPS Health Insurance offers high-quality health insurance plans for individuals and families, Medicare supplement plans for seniors, and group health plans for businesses of every size.http://wpshealthsolutions.com/business-units/wpshi.shtmlMilitary and Veterans HealthWPS Military and Veterans Health administers claims and provides customer service and related activities for the U.S. Department of Defense and the U.S. Department of Veterans Affairs and their beneficiaries.http://wpshealthsolutions.com/business-units/wpsmvh.shtmlGovernment Health Administrators WPS Government Health Administrators manages Medicare Part A and Part B benefits for more than 7 million beneficiaries. As one of the largest contractors for the Centers for Medicare & Medicare Services, we’ve served Medicare beneficiaries and their health care providers since 1966.http://wpshealthsolutions.com/business-units/wpsgha.shtmlEPIC Specialty BenefitsEPIC Specialty Benefits provides businesses group insurance products that cover:LifeDisabilityDentalVisionVoluntary benefitshttp://wpshealthsolutions.com/business-units/epicsb.shtml Stay connected: Sign-up for Job AlertsFOLLOW US!FacebookTwitterLinkedInEqual Opportunity Employer/Protected Veterans/Individuals with DisabilitiesThe contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

DESCRIPTIONHave you ever wanted to be part of a team who is building industry changing technology? Amazon’s Project Kuiper is an initiative to launch a constellation of Low Earth Orbit satellites that will provide low-latency, high-speed broadband network connectivity to unserved and underserved communities around the world.Skilled, qualified and experienced leader in security assurance, with experience in automating security controls per compliance requirements. We are looking for a highly autonomous person motivated to take on challenges with a technical background to be part of a growing team that analyzes and implements Kuiper security controls. As part of the Kuiper Enterprise Technology team, be seen as an expert in delivering Kuiper control systems and processes to meet Kuiper security and compliance standards. Be a key liaison with Kuiper service teams, infrastructure teams, Kuiper Security, and Global Trade and Compliance. Have the ability to dive deep, understand, document, communicate and implement controls for IT systems and processes, and be able to drive innovative process changes and automation throughout the Kuiper organization.You are someone who loves working across many stakeholders to design solutions for complex compliance challenges. We have a team culture that encourages ownership, diversity, inclusion, and innovation. We expect team members and management alike to take a high degree of ownership for their program vision of ideas. You will have an opportunity to work across the entire Kuiper organization implementing and managing various security controls along side of Kuiper Security. Kuiper security owns policy and definition of controls, this role owns the coordination, development, implementation, and change management of controls as well as managing defects and improvements.Key job responsibilities•Partner with the developer teams developing our services, and contribute security expertise to the architecture and design of Audible systems•Automate and implement security controls• Partner with the developer teams developing our services, and contribute security expertise to the architecture and design of Kuiper services and systems• Assisting certifications and assessments programs by liaising with Kuiper Security, auditors, and Kuiper service teams, articulating control implementation and impact, and documenting procedures• Establishing credibility and maintaining strong working relationships with groups involved with Information Security and compliance teams (Kuiper Sec, Info Sec, Legal, Internal Audit, Physical Security, Developer Community, Networking, Systems, etc.)• Identify automation opportunities while working across engineering teams• Captures and tracks information security metrics and goals for all required controls• Due to the need to access certain federal controlled information, you must be a U.S. citizen for consideration.A day in the lifeThis is a fast-paced, intellectually challenging position, and will work with leaders in multiple technology areas. Have relentlessly high standards for yourself and everyone you work with, and be constantly looking for ways to improve your product’s performance, quality and cost. We want individuals who are ready for this challenge and want to reach beyond what is possible today.About the teamHere at Amazon, we embrace our differences. We are committed to furthering our culture of inclusion. Amazon has ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and host annual and ongoing learning experiences. Amazon’s culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust. At Amazon, our mission is to be the most customer-centric company on Earth. To get there, we need exceptionally talented, bright and driven people. We're dedicated to supporting new team members. Our team has a broad mix of experience levels and Amazon tenures, and we’re building an environment that celebrates knowledge sharing and mentorship.We are open to hiring candidates to work out of one of the following locations:Bellevue, WA, USABASIC QUALIFICATIONS- BS in Computer Science, Information Security, or equivalent professional experience.- Minimum 8 years of demonstrated experience in areas such as application security, offensive security and/or systems security.- Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences.- Ability to work with a high degree of autonomy.- Scripting skills (E.g: Python, Perl, Bash, Ruby, PowerShell, etc.)PREFERRED QUALIFICATIONS- You demonstrate excellent judgement in assessing and prioritizing technical risk- You have a strong application security background with a focus on scalable solutions- You have experience building and securing complex AWS or Azure architecture- You have excellent written and verbal communication skills- Experience with technologies such as Windows Single-Sign-On, Kerberos, FIDO/FIDO2, Passwordless Authentication, AuthZ, AuthN and Auditing.Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $135,500/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.

DESCRIPTIONAWS Sales, Marketing, and Global Services (SMGS) is responsible for driving revenue, adoption, and growth from the largest and fastest growing small- and mid-market accounts to enterprise-level customers including public sector. The AWS Global Support team interacts with leading companies and believes that world-class support is critical to customer success. AWS Support also partners with a global list of customers that are building mission-critical applications on top of AWS services.AWS Trust and Safety (T&S) is the primary organization within AWS responsible for taking mitigation actions against customer resources that violate the AWS AUP or otherwise threaten other AWS customers, services, and AWS IP reputation. We work closely with AWS service teams to determine appropriate mitigation actions and act as the customer facing outreach team on their behalf. You will join our global, innovative, and specialized Risk and Response team who respond to reports of AWS AUP violations and security incidents to:* Identify tactics, techniques, and procedures used by abusive threats and identify/execute remediation actions to remove the threat from AWS. * Work with other AWS security teams to develop automated detections for these abusive threats, and responds to security incidents caused by abusive behavior which could affect AWS services. * Respond to abuse incidents and manage the response for T&S from notification to remediation.* Represent T&S as the technical expert on abuse during high-impact situations requiring immediate response to protect AWS and its customers from violations of the AWS AUP. You must thrive in ambiguous, often high-pressure situations to identify the cause of abuse and develop mitigation and remediation actions. Key job responsibilities- You are a technical leader within the T&S organization. You must understand the mechanics of how security incidents occur in the cloud, understand the mitigation option, and provide guidance to frontline employees in response to violations of the AUP. - Use SQL and Python or similar scripting languages to automate tasks and retrieve data to identify trends in abuse.- You will engage autonomously with AWS customers, programs, and services to create, build, and innovate security operations. - Communicate ideas effectively, both verbally and in writing, to all types of audiences from front line employees to AWS VPs. - Complete projects that contribute to the objectives and goals that strive to meet our strategic vision for the team.- Partnering effectively with customers and stakeholders. You will help establish a roadmap and successfully deliver engineering solutions that drive towards accomplishing the team’s mission.- Work effectively with customers, leaders, and other engineering teams. You must foster a constructive dialogue, harmonize discordant views, and lead the resolution of contentious issues (influence and build consensus). - Proactively identify risks and bring them to the attention of your manager, customers, and stakeholders with plans for mitigation before they become larger events.- You will be Amazon’s voice in technical security engagements with customers addressing abuse.- Collect, analyze, and document information to author threat reports to drive scalable mitigation and remediation actions. - Provide situational awareness on the current threat landscape and the TTPs associated with specific threats to our business, including ongoing malware campaigns. - Collect data from intelligence communities, threat intelligence platforms, open source data repositories, and other sources to analyze TTPs and anomalies.- Drive operational excellence and efficiency in everything you do, whether by researching new, or scaling up existing capabilities, creating effective mechanisms, and automating day-to-day tasks.- Participate in 24/7 on-call duties.About the teamDiverse ExperiencesAWS values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Why AWS?Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.Inclusive Team CultureHere at AWS, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness.Mentorship & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional. Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud. We are open to hiring candidates to work out of one of the following locations:Herndon, VA, USABASIC QUALIFICATIONS- Knowledge of current security trends, threats, and mitigations.- Understanding of industry standard threat frameworks (Lockheed Martin Cyber Kill Chain, Diamond Model, MITRE ATT&CK)- 5+ years’ experience in areas such as cloud service infrastructure, cloud security, networking, computer engineering or a BS degree in Computer Science, Cyber Security, Computer Engineering.- 3+ years experience with focus in areas such as systems, network, web protocols, and/or application security.- 2+ years experience building scalable incident response utilities and automated tools in any of these languages: Python, C, C++, Perl, and/or Ruby.- 2+ years experience with SQL or other query languages- Excellent written and oral communication skills- Previous experience on a Security Operations team, or experience coordinating responses to security incidents.- A high degree of organization and be very detail-oriented. Must be able to interact with and influence people at all levels.- Strong knowledge of Computer Science fundamentals, including; data structures, object-oriented programming, design, and analysis of algorithmsPREFERRED QUALIFICATIONS- A MS degree in Computer Science, MIS, Computer Engineering, or 8+ years’ equivalent technology experience.- 5+ years of experience conducting threat intelligence research and analysis- 5+ years global analysis and threat mitigation background- 5+ years scripting/programming experience: Python, C, C++, Java, Ruby, and/or PowerShell- 3+ years of experience building with and securing AWS cloud services such as Lambda, EC2, and S3.- Experience with virtualization technologies, familiarity with AWS and GuardDuty services is highly valued in particular.- One or more professional network and security certifications such as Security+, CEH, CCNA, GSEC, CISA or CISSP (or equivalent work experience)- Extensive knowledge of internet security issues and threat landscape.- Strong knowledge of web protocols and an in-depth knowledge of Linux/Unix tools and architecture.- Well-rounded background in host, network and application security.Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

Take the next step in your journey at Inspira Financial. You will help businesses and individuals thrive today, tomorrow, and into retirement. Become part of a company that is people centric and client obsessed in every interaction; a community of forward-thinking individuals focused on driving results to deliver our mission with an unwavering commitment to integrity. Join us as we strengthen and simplify the health and wealth journey relentlessly pursuing better outcomes for all. We believe in finding the best talent! While some roles are based at one of our office locations, remote roles can sit in any of the following states: AL, AZ, FL, GA, IA, IL, IN, MI, MN, MO, NC, NE, PA, SC, TN, TX, UT, VA and WV. Remote status and role locations are subject to change. Relocation is not provided. Dont meet every single requirement? Here at Inspira Financial, we believe there is no perfect candidate and want to encourage applying even if all the requirements listed arent met. Our goal is to build an authentic workplace by valuing diversity in our candidates. We work to ensure that our team reflects the diversity of the businesses and clients we serve. We are always looking to expand our growing team with dynamic and enthusiastic individuals. If you enjoy a collaborative, fun environment that champions career development, Inspira Financial is the place for you! We look forward to receiving your application! Check out this Inspira Financial video to learn more about our company! HOW YOU WILL SOAR: The Security Engineer II will report into the Security Engineering Manager in the Technology Department. This role is responsible for performing analysis of IAM systems to identify vulnerabilities, inefficiencies, and areas for improvement as well as proactively recommend and implement strategies to enhance security, streamline processes, and ensure optimal system functionality. They will work closely with development teams, IT security experts, and other stakeholders to integrate secure identity solutions throughout the product lifecycle and foster open communication and collaboration to ensure successful IAM implementation and adoption across the organization The role also actively participates in compliance efforts by ensuring IAM systems adhere to relevant regulations and internal policies, while also conducting regular audits and assessments to identify and address potential compliance gaps. Develop a strong knowledge and skillset across multiple designated security functional areas including application security, technical project management, third party risk, policy governance, awareness training Contribute to the evidence collection and audit maintenance for organizational assessments. Assists in providing support for the implementation and administration of IAM platform Collaborate with other IAM team members seeking guidance on IAM related matters and contributing to system support Assist in the maintenance of IAM policies, standards, and procedure Ensure IAM security is aligned with the overall security strategy to reduce risk to the organization Ensure IAM solutions adhere to regulatory, compliance, and internal requirements Prioritize and respond to findings from audits, security questionnaires, and internal/external scanning or testing Provide support to the Information Security Department to facilitate cross-functional work with other internal business units, such as Compliance, Legal, IT, Finance, HR, and engage with other leaders to drive security outcomes that benefit the organization Track and provide security metrics, status updates and reports for the Millennium Trust Security Program Provide guidance to Security Engineer I role Other duties as assigned IF YOU HAVE SOME OR ALL OF THE FOLLOWING, APPLY: Bachelor's Degree in Computer Science, Software/Computing Engineering, Applied Mathematics, or related field 2-4 years of applicable experience Technical Certifications a plus Highly self-motivated An expert level of understanding of Enterprise or Customer Identity & Access Management, Single Sign-On, Multi-Factory Authentications (MFA), and Authentication, Privileged Access Management (PAM), Identity Knowledge of fraud prevention and detection, identity proofing and identity verification technologies Knowledge of the Financial or Insurance Services Industry preferred Intellectual curiosity to find new and unusual ways of how to solve cyber security issues Ability to approach cyber security challenges while keeping an eye on what is important Experience interpreting, analyzing, and maintaining systems Ability to create and maintaining respectful, strong working relationships with both IT and business units to integrate security principles with business operations Strong client service orientation Ability to prioritize, plan and take initiative and be highly self-motivated Strong verbal and written communication skills; positive attitude; ability to work as team member Experience in a high availability environment preferred Knowledge of NIST and CIS practices and frameworks preferred Inspira Financial provides health, wealth, retirement, and benefits solutions that strengthen and simplify the health and wealth journey. With more than 7 million clients, representing over $62 billion in assets, Inspira works with thousands of employers, plan sponsors, recordkeepers, TPAs, and other institutional partners helping the people they care about plan, save, and invest for a brighter future. Inspira relentlessly pursues better outcomes for all with our automatic rollover services, health savings accounts, emergency savings funds, custody services, and more. Learn more at inspirafinancial.com . We have been recognized for our remarkable growth on lists such as Crains Fast 50 and Inc. 5000, and for our outstanding workplace culture and benefits with Built Ins 2023 Best Places to Work and Gallaghers 2022 Best-In-Class Employer awards.

DESCRIPTIONThe Infrastructure Security Team is responsible for the security and risk management of the AWS Infrastructure. We build systems that detect, assess, and mitigate risk across the global infrastructure and are accountable for keeping the Amazon Infrastructure secure and compliant with customer requirements. The Infrastructure Compliance Team is looking for a Security Engineer to join our dynamic, outcome-driven team. The successful candidate is an owner who can deliver through high performing, diverse teams and who understands all parts of security, software development, deployment, and operations. You must possess strong technical networking, supply chain security and/or data center compliance background, strong verbal and written communication skills, be self-driven, demonstrate high impact and influence across teams, and deliver high quality results in a fast-paced environment. We’re looking for leaders who can lead through challenges and seek to shed light on ambiguity. If that is you, Amazon is the place to be as we solve hard problems, make history, and have fun.Key job responsibilities• You will aid in the development, assessment, and analysis of security outcomes for AWS Infrastructure (networking, supply chain security and/or data center compliance) in accordance with NIST, FedRAMP, ISO and AWS standards. • As a member of the Infrastructure Security Compliance organization, you are expected to be the subject matter expert on regulatory, compliance, legal implications on security risks and opportunities.• Identify and drive mitigation of security risks through formal, deep dive assessment activities• Lead in the identification and application of remediations and mitigation techniques, including the development of monitoring and reporting capabilities for continued compliance. • Lead compliance related discussions both internally, with stakeholders and customers, and externally, representing Infrastructure holistically in audit/regulatory exams. • You will assist technical teams in resolving security issues and concerns and providing contextualization as well to how compliance with various standards and frameworks is achieved.We are open to hiring candidates to work out of one of the following locations:Herndon, VA, USA | Minneapolis, MN, USA | Seattle, WA, USABASIC QUALIFICATIONS- Bachelor's degree, or CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+- 4+ years’ experience and technical knowledge in and direct experience with security engineering, secure architecture development, system and network security, authentication and security protocols, and/or applied cryptography.- 3+ years of experience in performing in-depth networking, supply chain security and/or data center compliance or security architecture assessments.- 5+ years of experience with Cloud Computing, FedRAMP, ISO, NIST and other industry leading security compliance frameworks.- 2+ years of experience with content/reports/attestations.- Weekly on-site office time is required for this position.PREFERRED QUALIFICATIONS- Experienced with Software Development Lifecycle (SDLC) and related terminology as it relates to Information Security/Information Assurance on the cloud.- Exceptionally detail-oriented with strong organizational and planning skills.- Strong technical background in networking, systems administration, secure application development, or cloud operations with a focus on security aspects.Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $135,500/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. Applicants should apply via our internal or external career site.

Title: Security Compliance Analyst - RemoteLocation: RemoteLength: Long termRestriction: W2 or C2CDescription:Interview : Skype ***Remote but must be local to CO***Description:The Governor’s Office of Information Technology (OIT) is seeking an analytical and detail-oriented Sr. Compliance Analyst with standards development expertise primarily in SDLC and DevOps (application development & support). The analyst should have excellent communication and people skills and a curiosity for researching best practices and trends. The Analyst will be responsible for Compliance activities and for reviewing existing standards, refreshing them, and or developing new ones primarily for application development (SDLC, DevOps) in partnership with functional areas.The analyst will be also responsible for applying compliance expertise for accurate development of OIT services for State Agencies, improving Compliance programs, and ensuring adherence to the relevant Security, State, and Federal Policies and Standards. These include but are not limited to NIST, HIPAA, IRS, CJIS, and others. The analyst will leverage their curiosity to extend their knowledge and understanding of new and changing regulations and develop requirements, controls, and compliance checklists for teams to follow and adhere to.This position resides inside the OIT Service Delivery & Support Organization. The Compliance Analyst is expected to partner closely with OIT’s Security Organization.Job Duties:Experienced in researching applicable laws and regulations as they relate to the State systems and driving compliance activities.Develop, drive, and or assist in tracking and delivery of Compliance activities - compliance checklist, identifying and mitigating any compliance or regulatory concerns, identifying risks and solutions to mitigate them.Subject matter expert representation from Service Delivery organization to the State Agencies, and for Application teams (development and support).Review application (and other departments) needs of Interpret Policies (e.g. CJIS) and standards and develop checklists and procedures for teams to use.Develop a checklist of all compliances and standards that need to be followed by a department or a functional area in the Service Delivery & Support organization, e.g. DevOps Applications, and ensure compliance with the applicable standards, policies, and or controls. Leverage subject matter experts (SMEs) to develop or facilitate the development of standards. Collaborate with OIT’s Security organization to ensure compliance checklists and security standards have the necessary details required for the Service Delivery organization functional areas.Develop and present reports on compliance adherence, identify gaps and risks, and collaborate with partner teams to mitigate risks and improve adherence to compliance.Continuously improve the compliance process and improve efficiencies. Work collaboratively with impacted areas, partner groups, and vendors.Review audit findings and work with functional areas to ensure audit findings are remediated.Miscellaneous: Other responsibilities related to Standards and Compliance work as assigned.

Job Title: Security Specialist- Expert (Remote)Location: Raleigh, NCDuration: 12+ MonthsJob Description:This supplemental staff position will be working with the Network Security team for the 1st half of 2024. The skills required are on the configuration processes of Cisco ASA & FTD firewalls, Cisco Secure Client 5.x (used to be AnyConnect), Cisco Identity Services Engine (ISE) integration with Cisco Catalyst Center Network Management (used to be DNAC), Cisco Umbrella, Cisco DUO, Infoblox (IPAM), and Firemon firewall management tool. The job is mainly to develop technical documents that will be used by the operations team based on the design from the architecture team, support new security initiatives and CAP (Corrective Action Plan) items.Skills:SkillRequired / DesiredAmountof ExperienceCisco FTD/FMCRequired3YearsCisco ASARequired3YearsCisco Cisco Secure Client (formerly AnyConnect)Required3YearsCisco Identity Services Engine (ISE)Required2YearsCisco UmbrellaRequired2YearsCisco Catalyst Center Network Management (formerly Cisco DNA Center)Required2YearsCisco DUORequired2YearsInfoblox (IPAM)Highly desired2YearsFiremon Firewall Management ToolDesired2Years

Technology Division, Cyber Security Operations Team100% Remote (working EST)About the Team:The Cyber Security Operations team is critical to the strategic foundation of our products, most notably the secure delivery of our new Digital SAT and AP programs. We are a highly motivated group of cyber security experts who take a proactive approach to ensuring a strong security posture. We partner across the organization to mature our Threat Management and Incident Response procedures and are constantly seeking and experimenting with new technologies. We are currently using a variety of cutting-edge tools that provide comprehensive cyber security operations for the College Board's critical infrastructure in support of the College Board's mission to connect students to college success and opportunity. College Board is committed to creating an inclusive environment where all team members feel valued, respected, and supported in their work. We welcome individuals from diverse backgrounds and experiences to join our team and contribute to our ongoing success.About the RoleThe College Board is seeking a Red Team Operator who will play a critical role in strengthening our cybersecurity infrastructure. This individual will validate the effectiveness of our security controls and detection logic through offensive security operations and collaborative purple teaming exercises. Leveraging their deep understanding of threat actors, they will simulate potential cyber threats across our systems while documenting their findings and methodologies. This will provide invaluable insights into vulnerabilities and serve as a roadmap for improving our security measures. The operator will also need to communicate these results effectively to various stakeholders within the organization, ensuring leadership is aware of the potential threats and can take appropriate action to mitigate them. This work is crucial to protecting the College Board from potential cyber-attacks and ensuring the safety of our data.In this role, you will:Conduct Offensive Cyber Security Operations: Execute covert operations to assess the organization's security posture and readiness against cyber threats.Perform Penetration Testing: Conduct comprehensive assessments of the Digital Exam Player, web applications, and other systems using both manual and automated testing techniques.Engage in Purple Teaming: Facilitate collaborative exercises with internal Incident Response and Threat Hunt teams to enhance the organization's defensive capabilities.Execute Multi-stage Attack Simulation: Coordinate with Red Team members to simulate attacks, including initial access, privilege escalation, lateral movement, and data exfiltration.Create Threat Mimicry: Mimic adversary tactics, techniques, and procedures (TTPs) to assess defensive capabilities and identify weaknesses.Conduct Security Control Evaluation: Evaluate the detection and response capabilities of security controls, such as SIEM, EDR, and network monitoring solutions.Investigate C2 Techniques: Research and integrate new C2 techniques and tools to evade detection and enhance operational capabilities. Monitor and analyze C2 traffic for anomalies and indicators of compromise (IOCs).Provide Technical Guidance: Provide technical expertise and guidance to the VTM team on building custom scanning signatures and techniques. Also, guide threat hunters on adversary behaviors, attack techniques, and IOCs.Contribute to Culture Building: Foster a culture of collaboration and continuous learning within all Cyber Operations teams.Stay abreast of emerging threats and vulnerabilities affecting web applications or endpoints and incorporate them into assessment methodologies.About you, you have:A bachelor's in computer science or equivalent work experience7 years in IT, with 3 years in offensive securityExperience in Red/Purple team exercises and penetration testingProficiency in C2 frameworks (e.g., Cobalt Strike) Certifications like CEH, OSCP, GWAPT, Sec+, or GIAC preferredFamiliarity with open-source/commercial offensive security tools, and cloud-based attacker infrastructure deployment.Strong understanding of web application CWEs, OWASP Top 10, Threat Intelligence, and Threat ProfilingExperience with IDS/IPS, SIEM, network defense tools, DLP technologies, network security architecture, and enterprise anti-virus/malware solutionsProficiency with Burp Suite and testing Web Applications and API's. Familiarity/experience with Electron framework preferredAbility to maintain discretion and integrity at all timesAbility to work in the US without sponsorshipOur Benefits & Compensation:College Board offers a strong compensation and benefits package that attracts top talent looking to make a difference in education. Our robust benefits package includes health, dental, and vision insurance, tuition assistance, paid time off, paid parental leave, retirement benefits with a generous matching program, and more. We reward performance through annual bonuses and provide opportunities for salary growth over time through base compensation increases, merit raises and promotions. We believe in compensating staff members fairly in relation to each other, their qualifications, and their impact.The salary range for a new employee in this position is$120,000 to $143,000.The salary offer of an individual candidate within this range is specific to their location and qualifications. Each salary offer is determined carefully using internal and external benchmarking and adjusting for the candidate's location. You will have an opportunity to discuss salary in more detail after you begin the application process. As a self-sustaining non-profit organization with global impact, College Board offers a job that matters, a team that cares, and a place to learn, innovate and thrive!About Us:We are motivated to positively impact the educational and career trajectories of millions of students a year.We prioritize building a diverse and inclusive team where every employee can thrive, and every voice is heard.We value learning and growth; we offer formal and informal ways to lead through your superpowers, sharpen your strengths, and meet your development goals.Our high-performing engineers work with the latest technologies, so you will be constantly learning and sharpening your skills, enabling you to be industry-forward instead of left behind technologically.#LI-TheAcorn#LI-Remote

Technology Division, Cyber Security Operations Team100% Remote (working EST)About the Team:The Cyber Security Operations team is critical to the strategic foundation of our products, most notably the secure delivery of our new Digital SAT and AP programs. We are a highly motivated group of cyber security experts who take a proactive approach to ensuring a strong security posture. We partner across the organization to mature our Threat Management and Incident Response procedures and are constantly seeking and experimenting with new technologies. We are currently using a variety of cutting-edge tools that provide comprehensive cyber security operations for the College Board's critical infrastructure in support of the College Board's mission to connect students to college success and opportunity. College Board is committed to creating an inclusive environment where all team members feel valued, respected, and supported in their work. We welcome individuals from diverse backgrounds and experiences to join our team and contribute to our ongoing success.About the RoleThe College Board is seeking a Red Team Operator who will play a critical role in strengthening our cybersecurity infrastructure. This individual will validate the effectiveness of our security controls and detection logic through offensive security operations and collaborative purple teaming exercises. Leveraging their deep understanding of threat actors, they will simulate potential cyber threats across our systems while documenting their findings and methodologies. This will provide invaluable insights into vulnerabilities and serve as a roadmap for improving our security measures. The operator will also need to communicate these results effectively to various stakeholders within the organization, ensuring leadership is aware of the potential threats and can take appropriate action to mitigate them. This work is crucial to protecting the College Board from potential cyber-attacks and ensuring the safety of our data.In this role, you will:Conduct Offensive Cyber Security Operations: Execute covert operations to assess the organization's security posture and readiness against cyber threats.Perform Penetration Testing: Conduct comprehensive assessments of the Digital Exam Player, web applications, and other systems using both manual and automated testing techniques.Engage in Purple Teaming: Facilitate collaborative exercises with internal Incident Response and Threat Hunt teams to enhance the organization's defensive capabilities.Execute Multi-stage Attack Simulation: Coordinate with Red Team members to simulate attacks, including initial access, privilege escalation, lateral movement, and data exfiltration.Create Threat Mimicry: Mimic adversary tactics, techniques, and procedures (TTPs) to assess defensive capabilities and identify weaknesses.Conduct Security Control Evaluation: Evaluate the detection and response capabilities of security controls, such as SIEM, EDR, and network monitoring solutions.Investigate C2 Techniques: Research and integrate new C2 techniques and tools to evade detection and enhance operational capabilities. Monitor and analyze C2 traffic for anomalies and indicators of compromise (IOCs).Provide Technical Guidance: Provide technical expertise and guidance to the VTM team on building custom scanning signatures and techniques. Also, guide threat hunters on adversary behaviors, attack techniques, and IOCs.Contribute to Culture Building: Foster a culture of collaboration and continuous learning within all Cyber Operations teams.Stay abreast of emerging threats and vulnerabilities affecting web applications or endpoints and incorporate them into assessment methodologies.About you, you have:A bachelor's in computer science or equivalent work experience7 years in IT, with 3 years in offensive securityExperience in Red/Purple team exercises and penetration testingProficiency in C2 frameworks (e.g., Cobalt Strike) Certifications like CEH, OSCP, GWAPT, Sec+, or GIAC preferredFamiliarity with open-source/commercial offensive security tools, and cloud-based attacker infrastructure deployment.Strong understanding of web application CWEs, OWASP Top 10, Threat Intelligence, and Threat ProfilingExperience with IDS/IPS, SIEM, network defense tools, DLP technologies, network security architecture, and enterprise anti-virus/malware solutionsProficiency with Burp Suite and testing Web Applications and API's. Familiarity/experience with Electron framework preferredAbility to maintain discretion and integrity at all timesAbility to work in the US without sponsorshipOur Benefits & Compensation:College Board offers a strong compensation and benefits package that attracts top talent looking to make a difference in education. Our robust benefits package includes health, dental, and vision insurance, tuition assistance, paid time off, paid parental leave, retirement benefits with a generous matching program, and more. We reward performance through annual bonuses and provide opportunities for salary growth over time through base compensation increases, merit raises and promotions. We believe in compensating staff members fairly in relation to each other, their qualifications, and their impact.The salary range for a new employee in this position is$120,000 to $143,000.The salary offer of an individual candidate within this range is specific to their location and qualifications. Each salary offer is determined carefully using internal and external benchmarking and adjusting for the candidate's location. You will have an opportunity to discuss salary in more detail after you begin the application process. As a self-sustaining non-profit organization with global impact, College Board offers a job that matters, a team that cares, and a place to learn, innovate and thrive!About Us:We are motivated to positively impact the educational and career trajectories of millions of students a year.We prioritize building a diverse and inclusive team where every employee can thrive, and every voice is heard.We value learning and growth; we offer formal and informal ways to lead through your superpowers, sharpen your strengths, and meet your development goals.Our high-performing engineers work with the latest technologies, so you will be constantly learning and sharpening your skills, enabling you to be industry-forward instead of left behind technologically.#LI-TheAcorn#LI-Remote

Technology Division, Cyber Security Operations Team100% Remote (working EST)About the Team:The Cyber Security Operations team is critical to the strategic foundation of our products, most notably the secure delivery of our new Digital SAT and AP programs. We are a highly motivated group of cyber security experts who take a proactive approach to ensuring a strong security posture. We partner across the organization to mature our Threat Management and Incident Response procedures and are constantly seeking and experimenting with new technologies. We are currently using a variety of cutting-edge tools that provide comprehensive cyber security operations for the College Board's critical infrastructure in support of the College Board's mission to connect students to college success and opportunity. College Board is committed to creating an inclusive environment where all team members feel valued, respected, and supported in their work. We welcome individuals from diverse backgrounds and experiences to join our team and contribute to our ongoing success.About the RoleThe College Board is seeking a Red Team Operator who will play a critical role in strengthening our cybersecurity infrastructure. This individual will validate the effectiveness of our security controls and detection logic through offensive security operations and collaborative purple teaming exercises. Leveraging their deep understanding of threat actors, they will simulate potential cyber threats across our systems while documenting their findings and methodologies. This will provide invaluable insights into vulnerabilities and serve as a roadmap for improving our security measures. The operator will also need to communicate these results effectively to various stakeholders within the organization, ensuring leadership is aware of the potential threats and can take appropriate action to mitigate them. This work is crucial to protecting the College Board from potential cyber-attacks and ensuring the safety of our data.In this role, you will:Conduct Offensive Cyber Security Operations: Execute covert operations to assess the organization's security posture and readiness against cyber threats.Perform Penetration Testing: Conduct comprehensive assessments of the Digital Exam Player, web applications, and other systems using both manual and automated testing techniques.Engage in Purple Teaming: Facilitate collaborative exercises with internal Incident Response and Threat Hunt teams to enhance the organization's defensive capabilities.Execute Multi-stage Attack Simulation: Coordinate with Red Team members to simulate attacks, including initial access, privilege escalation, lateral movement, and data exfiltration.Create Threat Mimicry: Mimic adversary tactics, techniques, and procedures (TTPs) to assess defensive capabilities and identify weaknesses.Conduct Security Control Evaluation: Evaluate the detection and response capabilities of security controls, such as SIEM, EDR, and network monitoring solutions.Investigate C2 Techniques: Research and integrate new C2 techniques and tools to evade detection and enhance operational capabilities. Monitor and analyze C2 traffic for anomalies and indicators of compromise (IOCs).Provide Technical Guidance: Provide technical expertise and guidance to the VTM team on building custom scanning signatures and techniques. Also, guide threat hunters on adversary behaviors, attack techniques, and IOCs.Contribute to Culture Building: Foster a culture of collaboration and continuous learning within all Cyber Operations teams.Stay abreast of emerging threats and vulnerabilities affecting web applications or endpoints and incorporate them into assessment methodologies.About you, you have:A bachelor's in computer science or equivalent work experience7 years in IT, with 3 years in offensive securityExperience in Red/Purple team exercises and penetration testingProficiency in C2 frameworks (e.g., Cobalt Strike) Certifications like CEH, OSCP, GWAPT, Sec+, or GIAC preferredFamiliarity with open-source/commercial offensive security tools, and cloud-based attacker infrastructure deployment.Strong understanding of web application CWEs, OWASP Top 10, Threat Intelligence, and Threat ProfilingExperience with IDS/IPS, SIEM, network defense tools, DLP technologies, network security architecture, and enterprise anti-virus/malware solutionsProficiency with Burp Suite and testing Web Applications and API's. Familiarity/experience with Electron framework preferredAbility to maintain discretion and integrity at all timesAbility to work in the US without sponsorshipOur Benefits & Compensation:College Board offers a strong compensation and benefits package that attracts top talent looking to make a difference in education. Our robust benefits package includes health, dental, and vision insurance, tuition assistance, paid time off, paid parental leave, retirement benefits with a generous matching program, and more. We reward performance through annual bonuses and provide opportunities for salary growth over time through base compensation increases, merit raises and promotions. We believe in compensating staff members fairly in relation to each other, their qualifications, and their impact.The salary range for a new employee in this position is$120,000 to $143,000.The salary offer of an individual candidate within this range is specific to their location and qualifications. Each salary offer is determined carefully using internal and external benchmarking and adjusting for the candidate's location. You will have an opportunity to discuss salary in more detail after you begin the application process. As a self-sustaining non-profit organization with global impact, College Board offers a job that matters, a team that cares, and a place to learn, innovate and thrive!About Us:We are motivated to positively impact the educational and career trajectories of millions of students a year.We prioritize building a diverse and inclusive team where every employee can thrive, and every voice is heard.We value learning and growth; we offer formal and informal ways to lead through your superpowers, sharpen your strengths, and meet your development goals.Our high-performing engineers work with the latest technologies, so you will be constantly learning and sharpening your skills, enabling you to be industry-forward instead of left behind technologically.#LI-TheAcorn#LI-Remote