REMOTE Cloud Security or Cyber Security Analyst at CyberCoders
If you are an experienced Cyber Security Analyst looking to join a growing firm with great culture, please read on!
Top Reasons to Work with Us
Ranked in Fortunes 100 Best Companies to Work For 2021
What You Will Be Doing
In this fully remote role you will be responsible for analyzing, designing, implementing, and auditing cloud infrastructure, security solutions, and integrated technologies through a lens of security, resiliency, and scalability.
You’ll also collaborate with team members in-person and remotely. Work closely with different business functions to ensure monitoring, logging, and auditing of relevant events and assisting in automation of security controls.
What You Need for this Position
At least 3 years of experience with
• Cyber Security or Cloud Security
• Compliance frameworks
What’s In It for You
• Salary: $100,000-$130,000
• Fully covered benefits for individual and family
• 401k Match up to 6%
• Annual Bonus
• Sabbatical program
• Fully remote
So, if you are a REMOTE Cyber Security Analyst with experience, please apply today!
Email Your Resume In Word To
Looking forward to receiving your resume through our website and going over the position with you. Clicking apply is the best way to apply, but you may also:
• Please do NOT change the email subject line in any way. You must keep the JobID: linkedin : JR19-1698578 — in the email subject line for your application to be considered.***
Jimmy Rowland – Recruiter – CyberCoders
Applicants must be authorized to work in the U.S.
CyberCoders, Inc is proud to be an Equal Opportunity Employer
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, or any other characteristic protected by law.
Your Right to Work – In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
For Remote REMOTE Cloud Security or Cyber Security Analyst roles, visit Remote REMOTE Cloud Security or Cyber Security Analyst Roles
Information Security Analyst at Camden National Bank
• re looking to build your career at a forward-thinking organization with deep community roots and a vision for growth, success, and giving back, you
• ve come to the right place.
• The Information Security Analyst will need to provide accurate and timely administration, monitoring, and reporting of systems and potential risks related to the company.
• In addition, the position will lead efforts to support the banks Business Continuity Plan /Business Impact Analysis documents, oversee firewall administration & change management, provide email support, and education Stakeholders to keep the company in compliance with regulations and policies.
• This position offers the flexibility to work remotely from home anywhere in Maine or come into a Camden National Bank location!
• Essential Duties and Responsibilities: Responsible for information security related education and awareness initiatives for the company.
• This will ensure Stakeholders are up to date on expectations and processes at a corporate and departmental level.
• Coordinate, monitor and test the Corporation
• s information security controls, including Spamwall and Firewall administration to ensure compliance with the Information Security Policy, and prepares management reports on results.
• Ensure appropriate planning, documentation, scheduling, and testing of the Corporation
• s Business Continuity Plan and Business Impact Analysis.
• Responsible for the development, implementation, monitoring, and maintenance of the Corporation
• s information security policies, procedures, standards, and guidelines.
• Technical project lead for Information Security initiatives.
• Oversee daily administration of information security systems that includes firewalls, spam filtering, SIEM, and other perimeter security systems.
• Ensure the Corporation
• s logical access rights testing program is up to date, and for reporting test results and related corrective recommendations to management.
• Maintain and document the Corporation
• s social engineering testing, including reporting results and remediation.
• Lead Cybersecurity vulnerability remediation efforts for network devices and systems.
• Review the firewall ticketing system and document effective change management controls.
• Ensure compliance with the Corporation
• s Information Security Policy, GLBA, Dodd Frank, and other regulatory governance through compliance testing, remediation, and departmental education.
• Maintain the current information/documentation to support the Corporation
• s FDICIA/SOX reporting, internal audits, and regulatory reviews.
For Remote Information Security Analyst roles, visit Remote Information Security Analyst Roles
Cybersecurity Risk Analyst at CBRE
• Cybersecurity Risk Analyst
• Areas of Interest
• Digital & Technology/Information Technology
• Remote – US – Remote – US – United States of America
• The Business Information Security Office (BISO) Cyber Security Risk Analyst is a member of the Business Information Security Office within Global Cyber Security and works closely with the global lines of business, the Digital & Technology (D&T) Solutions & Delivery teams, and other D&T teams.
• Essential Roles and Responsibilities
• Interfaces with the client for RFPs, inquiries, and client security audit reviews.
• Understands and communicates policies and standards for inquiries internally and externally.
• Maintains client relationship by responding to client security-related inquiries and documenting actions.
• Prepares for client inquiries by studying our products, services, and client service processes.
• Responds to client inquiries by understanding inquiry; reviewing previous inquiries and responses; gathering and researching information; assembling and forwarding information; verifying client’s understanding of information and answer.
• Manages, prepares, and dispatches client security support requests.
• Records client inquiries by documenting inquiry and response in clients’ accounts.
• Improves quality service by recommending improved processes and identifying new client security requirements from clients.
• Updates job knowledge by participating in educational opportunities.
• Accomplishes client service and organization mission by completing related results as needed.
• Actively supports the execution of the GCSO program and other plans developed by the Business or as applicable.
• Strong working knowledge related to cyber security governance, controls, and effective monitoring is a plus.
• Facilitates awareness and training programs as needed based on issue/risk trends.
• Promotes awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit.
• Distributes information security awareness materials and publications appropriately within the business.
• Builds relationships and engage frequently with business leaders and client account teams.
• Frequently interact with, and educate, business leads and their Senior Management team on current issues and overall status of the global cyber security program.
• Help drive cyber security best practices between organizations and countries.
• Identify key business contacts to ensure adequate coverage for the business’ security program.
• Maintain a positive relationship with client auditors.
• Previous in-depth experience in technology including information security governance, risk or compliance.
• Experience giving presentations and superb communication skills
• Bachelor’s and/or Master’s degree in Computer Science, Information Technology or related field.
• 1+ years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments.
• Client-facing experience in sales, sales support, or service delivery.
• Subject matter experience in application security (security by design), vulnerability testing, identity management, and incident response with deep experience in software engineering/development.
• Knowledge and familiarity in using ServiceNow for Request Management and GRC Management.
• CISSP or CISM (or equivalent)
• We are an equal opportunities employer and do not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.
• CBRE is an equal opportunity/affirmative action employer with a long-standing commitment to providing equal employment opportunity to all qualified applicants regardless of race, color, religion, national origin, sex, sexual orientation, gender identity, pregnancy, age, citizenship, marital status, disability, veteran status, political belief, or any other basis protected by applicable law.
• An additional requirement for this role is the ability to comply with COVID-19 health and safety protocols, including COVID-19 vaccination proof and/or rigorous testing.
• CBRE, Inc. is an Equal Opportunity and Affirmative Action Employer (Women/Minorities/Persons with Disabilities/US Veterans)
For Remote Cybersecurity Risk Analyst roles, visit Remote Cybersecurity Risk Analyst Roles
Senior Lead Cyber Security Research Consultant at Wells Fargo
About this role:
Wells Fargo is seeking a Senior Lead Cyber Security Research Consultant red teamer to build a world-class red teaming capability at Wells Fargo. The successful Cyber Security Strategist will lead the enterprise’s efforts in adopting and maintaining a system-wide view of threat-driven risks, with the goal of working with senior management to control these risks. The following skills are relevant for this position:
• Systems thinking
• Systems Analysis
• Game theory
• War gaming
• Intelligence analysis
• Writing and presenting
• Risk Assessment
• Controls Effectiveness
This position will interact directly with the Offensive Security Application Research Team and indirectly with our application, technology infrastructure teams including the development and software pipeline teams.
The ideal candidate will have extensive experience in conducting research, utilizing attack methods, and evolving Tactics, Techniques, and Procedures (TTPs) for exposing issues with our application stack. The position will require regular interface with external entities including cyber threat intelligence organizations, financial industry contacts, and government agencies. Interaction with internal partners including legal, fraud, financial crimes, technology and line of business leaders and executives will be required.
• Oversee the development of red teaming methods and activities within and across the enterprise, to include (but not limited to) the areas of business continuity, emergency management, supply chain security, information security, personnel security, operations security, and facilities security.
• Work closely with our Technology Infrastructure (TI) partners to surface issues with our SDLC workflow.
• Develop and manage a threat intelligence program to address threats relevant to the areas listed above.
• Build and maintain a comprehensive model of relevant, feasible threats to the enterprise.
• Educate senior management regarding the strengths, weaknesses, opportunities, and threats associated with strategic red teaming.
• Provide regular threat/risk briefings to senior management regarding issues raised by the red team. Present findings within a context of overall risk to the enterprise. Adjust red team activities and agenda based on senior management input.
• Work closely with existing infrastructure and security teams, both to receive input and to provide practical and actionable intelligence.
• Act as an adversarial counterpoint to security strategy proposals.
• Help build, hire, and retain top talent to shape a world-class red team. Taken as a whole, this team (or teams) should represent expertise across a complete range of the enterprise’s functions.
In this role, you will:
• Apply advanced data analysis techniques, including machine learning, statistics and data mining to solve core business challenges, capture cyber security requirements and translate them into solutions
• Build prototypes and proof of concepts, pilot systems, and optimize databases in support of program operational, business, and strategic requirements development process
• Conduct research and identify technologies to address capability gaps for emerging cyber threats, attack methods and evolving tactics, techniques, and procedures
• Integrate new architectural analysis of cyber security features and relate existing system to future needs and trends
• Embed advanced forensic tools and techniques for attack reconstruction, and provide engineering recommendations
• Provide oversight and guidance to a team in responding to and resolving critical cyber security events and consult leadership with the decisions related to business process, security controls, policies and standards, regulations and investment prioritization
• Set the strategy and direction for advanced cyber security incident response and threat detection for the company
• Collaborate and influence all levels of professionals including managers
• Lead team to achieve objectives
Required Qualifications, US:
• 7+ years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 7+ years of information security reporting and analysis experience
• 5+ years of experience in one or a combination of the following: reporting, analytics, or modeling in an information security environment, information technology environment, or a combination of both
• 7 years of experience conducting red team assessments of high-consequence systems.
• 7+ years of cyber security incidents and events investigation experience
• 7+ years of Incident Response Protocols and Tools experience
• Cross-functional security experience in at least two of the areas listed above.
• Thorough understanding of concepts and principles related to security, strategy, management, and intelligence analysis.
• Ability to work productively with a variety of stakeholders (and their associated, sometimes conflicting) interests within the enterprise.
• Ability to work with and against internal resistance, and, as necessary, build consensus for red teaming within the enterprise.
• Ability to think and act both strategically and tactically, theoretically and pragmatically.
• Ability to collaborate and share knowledge within a fast-moving, multifaceted enterprise environment.
• Ability to travel up to 15% of the time
We Value Diversity
At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.
Company: WELLS FARGO BANK
Req Number: R-154590-11
Updated: Fri Sep 02 05:08:10 GMT 2022
For Remote Senior Lead Cyber Security Research Consultant roles, visit Remote Senior Lead Cyber Security Research Consultant Roles
Security Analyst Sr. (Hybrid) (Portland, OR) at M Financial Group
M Financial Group is a community of leaders comprising the best and brightest minds in our industry. By combining individuals’ expertise and skill, M Financial Group has become a powerful force committed to advancing the interests of our industry, communities, and clients for over 40 years. M’s solutions are rooted in the diverse expertise of our team, our collaborative approach to innovation and our comprehensive support.
We embrace a progressive, dynamic mindset for every role. M Financial Group provides a professional community that actively supports individuals with diverse backgrounds and perspectives who come together to build and support best-in-class solutions. If you’re looking to be a part of a high performing, collaborative, and dedicated team, M Financial Group is in search of our next Security Analyst Sr. to join our team.
Responsible for leading the design, planning, facilitation, evaluation and implementation of information security-related policies, procedures, standards, and controls across M Financial Holdings. Assists in the development of the goals, strategy, methodologies, and outcomes of the MFH and Member Firm Information Security Policy program and related technologies. Provides leadership, expertise, and technical direction in collaboration with Infrastructure peers, junior team members, and colleagues from MFH departments. Responsible for the day-to-day operations of multiple information security-related program areas and technology systems. Prepares and presents detailed high-level reports to internal and external stakeholders at multiple levels. Acts as a subject matter expert in the security and integration of systems, applications, processes, access controls, upgrades, and enhancements for business and technical requirements for the systems M supports. Assigns work, plans, and manages department priorities in coordination with senior management within the Core Technology and Data team. Oversees the information security awareness training program to ensure all staff understands the importance of protecting client data. Mentors junior staff, provides constructive feedback, ensures quality improvement, provides leadership feedback on staff performance, and assists with goal setting for the team. Assists in the recruitment, development, and training of junior security staff.
• Leads the design, engineering, implementation and operation of information security processes, policies, standards, systems, and controls based on business and technical requirements
• Analyzes and correlates data from multiple security tools, such as endpoint protection, intrusion detection systems, security event monitors, web application firewalls and SaaS based platforms (e.g. Microsoft Cloud App Security, zScaler, Entreda, Cloudflare, MAM, MECM, etc)
• Protects M Financial information and information systems by analyzing public and private information sources to develop effective defensive techniques, policies, procedures, and standards
• Develops security roadmaps, diagrams, and documentation for increased adoption of cloud platforms (AWS, Azure)
• Responsible for the annual compliance of the Member Firm Information Security Policy program for all Member Firms
• Responsible for the remediation of findings in the annual MFH penetration test
• Effectively communicates technical issues and investigative findings to technical and non-technical audiences in written and verbal form
• Leads information sharing and integration procedures across the Core Technology and Data Team through the exchange of threat intelligence and vulnerability assessment data
• Develop annual goals and metrics for patch and vulnerability management program
• Coordinate and develop appropriate third-party risk management goals in coordination with Internal Audit
• Serves as an advisor and subject matter expert on identified projects or any other M Financial initiative that may have an information security implication
• Develops and leads user access reviews in coordination with the Internal Audit team
• Develops and generates reports and metrics (e.g. system/control metrics, status updates, risk assessments reports, remediation reports) to support information security measurement and reporting objectives
• Provides support and assistance across the organization related to information security related technology and programs.
• Triage, investigate, respond to, and escalate security anomalies and alerts
• Investigates and verifies potential phishing emails for MFH
• Investigates and provides leadership on Member Firm security incidents. Reports to the compliance and Wealth Solutions department
• Provides on-call after-hours support as assigned, including evenings, weekends, and holidays
• Performs other duties as assigned
• Bachelor’s degree in Computer Science, Information Technology, or relevant field or equivalent knowledge and skills obtained through a combination of education, training, and experience required
• Minimum of five (5) years of experience in IT, of which at least 2 years of experience in information security is required.
• Leadership experience working with project or technical teams required
• Financial services experience preferred
• Two or more relevant security-related certifications preferred (e.g. CISSP, CISM, GSEC, Security+, CEH, GPEN, GSEC, or equivalent)
• Knowledge of regulatory and compliance standards is required (GDPR, CCPA, HIPAA, GLBA, NIST, ISO27001)
• Expertise with networking protocols and basics of TCP/IP
• Strong knowledge with Metasploit
• Expertise with Rapid7 and InsightVM platform
• Familiar with DAST and SAST concepts for web application security testing
• Excellent project management, written and verbal communication skills
• Ability to collect and analyze data to guide decision making while under potentially intense pressure to address security incidents
• Ability to identify and correlate cyber threats and vulnerabilities
• Strong understanding of adversarial tactics and techniques
• Hands-on experience with cybersecurity, ethics, and privacy principles
• Strong knowledge of Microsoft Azure cloud and security services (e.g. MCAS, Azure Information Protection, DLP).
• Strong knowledge of MFA specifically Okta
• Ability to build trust and credibility with business partners and senior leadership while recommending initiatives and identifying gaps and potential issues
• Ability to effectively lead others
JOB CONDITIONS AND ENVIRONMENT
• Hybrid work environment offering a blend of virtual/work from home and onsite days designed to support flexibility
• Normal business casual office environment & desk assignment
• Extensive use of PC’s, computer terminal, display, keyboard, and mouse
• Extensive use of video conferencing for content acquisition, meetings, and course presentation
• Extensive hands on work with documents, spreadsheets and other written documents
• M Financial is following federal, state and local COVID-19 guidelines and has adopted a policy requiring all employees to be fully vaccinated against COVID-19 or to have a COVID-19 test performed weekly when coming into the office
This position description is not intended to be and should not be construed as an all-inclusive list of responsibilities, skills or working conditions associated with this position. While this description is intended to accurately reflect the position’s activities and requirements, management reserves the right to modify, add or remove duties as necessary.
For Remote Security Analyst Sr. (Hybrid) (Portland, OR) roles, visit Remote Security Analyst Sr. (Hybrid) (Portland, OR) Roles
Senior Cyber at IBERDROLA
Augusta, ME, US Portland, ME, US Orange, CT, US
Establishes, administers, and monitors departmental standards, procedures, and performance to minimize risk and ensure compliance with NERC Reliability Standards and other compliance requirements. Works with Subject Matter Experts and management to provide specialized technical expertise and support for compliance program development and compliance performance tracking and reporting.
New or revised Standards and Guidance – NERC and the Regional Entity continues to develop and revise Standards subject to enforcement as well issue guidance documents. The Senior Specialist will monitor the changes and work closely with the Subject Matter Experts to determine impacts and ensure compliance. Will coordinate the tracking of changes to standards and manage overall compliance for the Networks operating companies to ensure compliance requirements are met. Audit Preparation – The companies are subject to regular audits for compliance with NERC Standards. The Senior Specialist will be expected to lead the preparation of audit documents prior to external audits and to conduct regular internal audits of individual Standards to support company compliance. Compliance Investigations and Post Mortems – Lead root cause investigations for identified potential noncompliance issue and post mortem event reports. Document Management – The NERC Reliability program includes almost 100 policies, procedures, and forms that need to be reviewed and updated on an annual basis. A document trail must be kept to demonstrate compliance with each Standard. The Senior Specialist will manage the review and updates of policies and procedures in conjunction with Subject Matter Experts. Procedure Documentation – work independently to maintain and update Operational policies, procedures and associated documentation. Other duties as assigned.
Bachelor’s Degree with a minimum of 6 years in compliance, operations, auditing, cybersecurity/IT and/or engineering OR an Associates’ Degree with a minimum of 8 years in compliance, operations, auditing, cybersecurity/IT and/or engineering. Experience with the NERC Critical Infrastructure Protection (CIP) Standards.
Skills/Abilities: Demonstrated track record of strong problem-solving and analytical skills. Ability to understand and analyze FERC/NERC/NPCC regulatory requirements. Able to work independently and exercise considerable judgment and decision-making. Excellent written and verbal communication skills. Able to work under tight deadlines with changing priorities. Proficient with PC skills and programs. Desired Skills/Abilities: Experience with audits and reviewing evidence to ensure compliance. Experience with conducting root cause analyses. Training experience.
• Be a role model
• Be agile
• Collaborate and Share
• Develop Self & Others
• Empower to grow
• Focus to achieve results
• Technical Skills
Please note that any applicant who is not a citizen of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country
Avangrid employees may be assigned a system emergency role and in the event of a system emergency, may be required to work outside of their regular schedule/job duties. This is applicable to employees that will work in Connecticut, Maine, Massachusetts, and New York within AVANGRD Network and Corporate functions. This does not include those that will work for Avangrid Renewables
For Remote Senior Cyber roles, visit Remote Senior Cyber Roles
Lead Threat & Vulnerability Analyst at Deloitte
Position Summary Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Deloitte’s Information Technology Services (ITS). We are curious and life-long learners focused on technology and innovation. Work you’ll do You will serve as a Threat and Vulnerability Lead Analyst within the Deloitte US Information Technology Services (ITS) Cyber Security group. Threat and Vulnerability Lead Analysts can identify, test, validate, track, research, and provide corrective consultation for threat intelligence or technical vulnerabilities in applications or infrastructure assets. They have an exceptional grasp of information security theory. They have a deep understanding of risk and possess the communication skills to effectively convey technical risks. They are continual learners and provide research support for various information security issues and current challenges. Lead Analysts are functionally still technical, while having areas of managerial responsibility and accountability. Job Description: Plan and operationalize high-level and detailed Threat & Vulnerability management program translating business needs, architecture, operational structure, and compliance and/or regulatory requirements tailored to US member firm needs Provide recommendations and technical guidance for the lifecycle of vulnerability management Represent US member firm interests in services provided by Global member firm Serve as a point of escalation for remediation activities conducted by Global within the US member firm Use automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet our rapidly changing needs Identify opportunities to collaborate across cyber teams and optimize efficiencies to reduce the level of effort, costs and risks across threat landscapes while facilitating increased organizational situational awareness Perform ad-hoc data manipulations, clean-ups, and reporting using large complex data sets for rapid security responses. Develop reports using data that is hosted in multiple sources/tools (e.g., spreadsheets, databases) and communicate clearly to leadership and other cyber teams Conduct in-depth research projects for various threat topics The team Information Technology Services (ITS) helps power Deloitte’s success, which serves many of the world’s largest, most respected organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence. The 3,000 professionals in ITS deliver services including: Cyber Security Technology Support Technology & Infrastructure Applications Relationship Management Strategy & Communications Project Management Financials Cyber Security Cyber Security vigilantly protects Deloitte and client data. The team leads a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand. Areas of focus include: Risk & Compliance Identity & Access Management Data Protection Cyber Design Incident Response Security Architecture Business Partnership Basic Qualifications Bachelor’s Degree in Information Security, Computer Science, or Information Systems or related and/or equivalent experience Minimum 8 years of information security related experience within areas of focus (5 years with degree) Preferred Qualifications Expert-level, in depth information security theory (CISSP Preferred) Expert-level, in depth experience with at least four of the following Network Devices and Routing Windows / Linux System Administration Software Development Vulnerability Management Penetration Testing Cloud Services In depth understanding of vulnerabilities, hacking techniques, and hacking tools In depth understanding of penetration testing and red team activities In depth understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc. In depth knowledge in system security architecture and security solutions In depth knowledge in networking, phishing, and endpoint security Excellent interpersonal and organizational skill and excellent oral and written communication skills Proven analytical and problem-solving skills Excellent written and oral communication skills Self-motivated to improve knowledge and skills Works well both in a team environment and independently In depth understanding of programing and scripting concepts Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future For individuals assigned and/or hired to work in Colorado or Nevada, Deloitte is required by law to include a reasonable estimate of the compensation range for this role. This compensation range is specific to the State of Colorado and the State of Nevada and takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $95,070 – $ 1,75,080. You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance. EA ExpHire FY23 US Cyber Security 50 Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. As used in this posting, “Deloitte” means Deloitte Services LP, a subsidiary of Deloitte LLP. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available. Requisition code: 115679
For Remote Lead Threat & Vulnerability Analyst roles, visit Remote Lead Threat & Vulnerability Analyst Roles
Principal Cybersecurity Engineer at Columbia Sportswear
OUTGROWN YOUR OWN BACKYARD? COME PLAY IN OURS.
At Columbia, we’re as passionate about the outdoors as you are. And while our gear is available worldwide, we’re proud to be based in the Pacific Northwest, where natural wonders are our playground.
Every product we make and every task we undertake is inspired by the famous words of our founder Gert Boyle: “It’s perfect. Now make it better.” As pioneers of relentless improvement, we are constantly evolving.
We believe the outdoors is ours to protect and strive to keep our planet healthy. We believe in empowering people to experience the outdoors to the fullest.
And we believe in you.
ABOUT THE POSITION
Although we’re an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear’s Digital Technology (CDT) teams enable an IT infrastructure across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.
The Principal Information Security Engineer supports the global Information Security team in designing, implementing, maintaining, and improving information security systems in addition to detecting and responding to Cybersecurity events and incidents.
This role is necessary to support the Cybersecurity Incident Response and threat hunting capabilities. It requires a deep understanding of the entire information security space, expert knowledge of the Incident Response lifecycle, and technical depth to perform and direct response actions.
HOWYOU’LLMAKE A DIFFERENCE
• Member of CSC’s global Information Security team responsible for the detection, containment, and recovery actions of an incident.
• Collaborate with MDR provider and cross functional teams to prioritize, build, deploy, and tune use-cases across IT and security tools and platforms (e.g., SIEM, EDR, DLP, etc.).
• Develop and maintain global incident response technologies, runbooks, and procedures.
• Facilitate incident response exercises, assists with network and systems penetration testing, and conducts Cybersecurity risk and gap assessments.
• Operationalizes threat intelligence and performs proactive hunt assessments.
• Creates and presents incident, threat intelligence, and after-action reports to senior and executive level management.
• Manages global Information Security tools and programs (e.g., vulnerability detection (VM), endpoint security (EDR), log correlation (SIEM), etc.).
• Leads review and use of new technologies and capabilities to support constantly changing digital landscape; ensures solutions meet security requirements and align to corporate information security posture.
• Performs other duties, as assigned.
• Regarded as the expert in the information security discipline within the organization function or business.
• Extensive knowledge of deploying and maintaining enterprise security tools and capabilities.
• Knowledge of industry and regulatory security standards and frameworks (e.g., NIST CSF, ISO 27001, SOX, PCI/DSS, GLBA, GDPR, and CCPA).
• Ability to work both individually and as part of a team.
• Excellent written and verbal communication skills as well as a high degree of business acumen and an enterprise mindset.
• Bachelor’s degree or equivalent experience with one or more Information Security certifications (GCIH, GCFE, GCFA, GREM, or GCED).
• Requires 8+ years of professional Cybersecurity with a recent emphasis on incident response and/or threat hunting.
• Scripting experience preferred (e.g., Python, PowerShell, bash, etc.).
• Understanding of the MITRE ATT&CK Framework, Diamond Model of Intrusion Analysis, Offensive Security, and/or adversary techniques.
• Excellent understanding of security protocols, hybrid and multi-cloud architecture, security controls, modern threats, and countermeasures.
• Ability to interact with a broad cross-section of personnel to define, explain and effectively manage security measures based on business value and objectives.
Columbia Sportswear Company and our portfolio of brands, including Columbia, SOREL, Mountain Hardwear and prAna, know a thing or two about adventures. After all, we’ve been on one since 1938, working to perfect the art of enjoying the outdoors. Behind everything we make is an employee who’s found that the greatest adventure starts with joining a company that strives to do the right thing.
This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position’s scope and function in the company.
At Columbia Sportswear Company (CSC), we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, military and veteran status, and any other characteristic protected by applicable law. CSC believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. All employment is decided on the basis of qualifications, merit, and business need.
For Remote Principal Cybersecurity Engineer roles, visit Remote Principal Cybersecurity Engineer Roles