Fulltime Network Security Engineer openings in Portland on September 10, 2022

Cyber Security Engineer – Government and Public Sector at EY

Location: Portland

At EY, youll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And were counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

At EY, youll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And were counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

From strategy to execution, the Government & Public Sector (GPS) practice of Ernst & Young LLP provides a full range of consulting and audit services to help our Federal, State, Local and Education clients implement new ideas to help achieve their mission outcomes. We deliver real change and measurable results through our diverse, high-performing teams, quality work at the highest professional standards, operational know-how from across our global organization, and creative and bold ideas that drive innovation. We enable our government clients to achieve their mission of protecting the nation and serving the people; increasing public safety; improving healthcare for our military, veterans and citizens; delivering essential public services; and helping those in need. EY is ready to help our government build a better working world.

Our GPS Technology Organization is a structure within the US GPS practice that implements and maintains a new operate and technology model designed specifically to support U.S. defense and Government engagements.

The opportunity

As the Cyber Security Engineer, youll be part of our Security Engineering & Operations team. Youll be involved in leading and coordinating activities related to multi-functional security technologies for our US Government and Public Sector (GPS) Practice. Youll also work with internal security teams including IAM and Cyber Defense to ensure the related systems are secure. Youll spend most of your time supporting the run state of our security technologies. The remainder of your time will be spent bringing operational expertise into efforts which introduce new technologies and upgrade current ones, robust and compliant.

Your key responsibilities
• Supporting the run state of our security technologies
• Bringing operational expertise into efforts which introduce new technologies and upgrade current ones
• Providing technical oversight of Information Security technologies that fall under the teams responsibilities, confirming they are operating within agreed service levels, compliance specifications and at peak performance
• Managing and coordinating planned maintenance activities as well as incidents for Information Security technologies
• Representing the team in specific project activities, including leading projects and managing the activity of others towards successful completion
• Articulating technology issues/concerns that may emerge at any level of the technical stack, and from any component across the ecosystem, to technology leaders
• The role will likely be 100% remote and require
• Occasional weekend and off hours work to support the business. It will also require a rotational on-call schedule.
Skills and attributes for success
• Operational experience in an environment of more than 3000 users
• Performed detailed troubleshooting of issues, by using your analytical skills collaborating with other technical teams, stakeholders and internal and external customers.
• Functional and/or technical experience in supporting security technologies including detailed knowledge of many of the following: Cloud Operations especially Azure, o365 Tenants, networking concepts & mechanisms, EDR, DLP, AV/AM, DNS, Encryption, E-Mail technologies including DMARC, DKIM, SMTP, TLS as well as a myriad of other related security and desktop technologies
• Strong ability to document processes, procedures and security controls clearly and accurately for distribution to internal teams and customers
• Comfort working remotely in a large, global virtual environment
• Ability to react appropriately during stressful and ambiguous situations and communicate clearly to senior leadership when the situation requires
• Strong problem solving, decision making and collaboration skills
• Functional and/or technical experience in supporting security technologies including detailed knowledge of many of the following:
• Azure networking and platform protection
• Diagnostic logging & log retention
• Vulnerability scanning and policies
• Virtual networks and Network Security Groups
• Application gateways and load balancing
• Traffic Manager and Azure DDoS protection
• Host Security and VM Hardening
• Serverless Computing (Kubernetes)
• Subscription security and policies
• Azure resource policies and resource locks
• Azure information protection
• Access control and key management for storage accounts
To qualify for the role, you must have
• At least 5 years of experience in managing Information Systems and Security, including demonstratable knowledge of the various platforms and interactions
• Strong English language skills written and verbal
• Eligible to obtain and maintain top Secret Security Clearance
• Proven experience in configuration of the following Microsoft and Azure security services:
• Azure Sentinel
• Azure Defender for O365 and Endpoint
• Microsoft O365 DLP
• Microsoft Cloud App Security (MCAS)
• Microsoft Intune
• Azure Security Center
• Azure Log Analytics
• Must be able to obtain and maintain a Top-Secret clearance
• Must present verification that you have been fully vaccinated for COVID-19 before your start date. If you are not able to be vaccinated because of a medical condition or disability or because of a sincerely held religious belief, an accommodation will be considered upon request.
Ideally, youll also have
• Degree in computer related field or equivalent work experience
• Experience with Microsoft Sentinel, MS Exchange, O365, and Azure, Azure Firewall, Azure WAF, Azure EventHub, Azure Network Watcher
• Advanced skills in troubleshooting cloud environments
• Knowledge of FedRAMP, NIST SP 800-53, and NIST SP 800-171
• Federal Government experience, including CMMC Maturity Level 3
• Strong ability to document processes, procedures and security controls clearly and accurately for distribution to internal teams and customers
• GSEC/CISSP or other security related generalist certification from ISC2 or GIAC
• Experience in incident, problem and change management
• Certifications:
• AZ-900: Azure Fundamentals
• AZ-500: Azure Security Technologies
• AZ-303: Azure Architect Technologies
• SANS SEC401: Security Essentials – Network, Endpoint, and Cloud
• SANS SEC 510, Public Cloud Security: AWS, Azure, and GCP
What we look for

Individuals with strong business and technical acumen who demonstrate drive, vision, teaming andpurpose and are passionate about helping our clients achieve their goals.

What we offer

We offer a competitive compensation package where youll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Under our flexible vacation policy, youll decide how much vacation time you need based on your own personal circumstances. Youll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• Continuous learning: Youll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: Well provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: Well give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: Youll be embraced for who you are and empowered to use your voice to help others find theirs.
If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. Its yours to build.

EY Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

EY is an equal opportunity, affirmative action employer providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis….. click apply for full job details
Apply Here
For Remote Cyber Security Engineer – Government and Public Sector roles, visit Remote Cyber Security Engineer – Government and Public Sector Roles

********

Senior Information Security Engineer at Wells Fargo

Location: Portland

About this role:
Wells Fargo is seeking a Senior Information Security Engineer with experience or education in tactical cyber-attack evaluation, exploit testing and analysis, cyber intelligence, and red or purple teaming. The ideal candidate will have experience in using tactical expertise in exploit testing, and exploit proof-of-concept development and analysis, to identify over-the-horizon cyber-attack vectors that may pose a risk to the company’s information security environment. The candidate will also have experience partnering with cyber defenders to resolve identified capability gaps. The team member will need to have experience in conducting technical research and identifying methods to detect emerging cyber threats, emulating full-life cycle cyber-attack methodologies, and have a deep, technical understanding of evolving Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs).
The ideal candidate will have a well-rounded understanding of endpoint/network defenses and detection methodologies, or incident response, in addition to an expertise in how adversarial cyber threat actors think and attack. Regular collaboration with multiple teams such as the Cyber Threat Fusion Center, Security Content Development, Cyber Threat Intelligence, and Offensive Security teams will be critical to success.
In this role, you will:
• Lead or participate in computer security incident response activities for moderately complex events
• Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies
• Provide security consulting on medium projects for internal clients to ensure conformity with corporate information, security policy, and standards
• Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security
• Review and correlate security logs
• Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity
• Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives
• Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals

Required Qualifications, US:
• 4+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 4+ years of information security applications and systems experience
• 4 + years of experience with technical project coordination associated with Red Team, Purple Team, Blue Team Assessments or offensive security research assessment
• 3+ years of experience managing cybercrime detection, investigation, and intelligence strategies

Desired Qualifications:
• 3+ years of information security experience including experience in one or more of the following security disciplines: information security monitoring, incident response, vulnerability management, host/network forensics, cyber-crime investigation, penetration testing, business continuity, or cyber threat intelligence
• 2+ years of Splunk experience
• Knowledge and understanding of banking or financial services industry
• Certifications in one or more of the following: Global Information Assurance Certification (GIAC), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), or Offensive Security Web Expert (OSWE).
• Experience conducting project meetings, presentations and status reporting
• Knowledge and understanding of data security controls including malware protection, firewalls, intrusion detection systems, content filtering, Internet proxies, encryption controls, and log management solutions
• Knowledge of offensive security, with the ability to think like an adversary when hunting and responding to incidents
• Experience with multiple operating systems to include Windows, Mac OS, and Unix/Linux

Job Expectations:
• Ability to travel up to 10% of the time

We Value Diversity
At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.
Apply Here
For Remote Senior Information Security Engineer roles, visit Remote Senior Information Security Engineer Roles

********

Cyber Security Test Engineer at DAIMLER TRUCKS NORTH AMERICA

Location: Portland

When you join Daimler Truck, you become an agent of change within our global community of people working to create a cleaner, safer, and more efficient world for today and tomorrow. Through innovation at all levels, our teams ensure our world-changing brands continue to increase the quality of life and the business success of our customers, their customers, and the world around them. The Daimler Truck North America (DTNA) brand portfolio is second to none, and includes Freightliner Trucks, Western Star Trucks, Detroit engines and components, Thomas Built Buses and Freightliner Custom Chassis.

We are the undisputed leader in the commercial vehicle market and the industrys technology trendsetter. Empowered by purpose, DTNA employees drive a Technology Revolution through innovative products and a customer-centric culture. Our dedication to our customers and society does not end once our products hit the road. Thats because we believe that business success and social responsibility go hand in hand. We immerse ourselves in our customers experience, and support the environmental responsibilities of our sites to ensure our products are the reliable, sustainable and the desired tools of the future.

Job Overview

Focuses on work that requires a combination of mechanical engineering, electrical engineering and systems software design responsibilities. Focus on the integration between the mechanical, electrical and systems components of the vehicle. Designs and troubleshoots advanced systems, and focuses on how to integrate these systems into new and existing design concepts. Also evaluates, tests, recommends, coordinates, monitors and maintains information systems (IS) and cyber security policies, procedures and systems, including access management for hardware, firmware and software

As part of the newly formed Truck Technology organization, our team is working towards providing our communities with cleaner, safer and better transportation technologies for the future. We are creating a team of specialists to address the challenges of vehicle cyber security. This role is essential for the development and implementation of processes, standards and technologies necessary to keep our commercial vehicle safe from cyber security threats and attacks.

Vehicles are more connected and becoming a part of the consumer IT environment, the need for cyber security is increasing in vehicles. In accordance with the UN ECE Guideline R155 for Cyber Security, software and components for vehicle development must be developed under a Cyber Security Management System and work products must be created in accordance with ISO/SAE DIS 21434 “Road Vehicles – Cybersecurity Engineering”.

Responsibilities

Design responsibilities include but not limited to:
• Evaluation of cyber security technologies for use in vehicle Electrical / Electronics (E/E) architectures such as transport layer security in vehicle networks or trust model concepts
• Testing of digital certificates and cryptographic algorithms used at the interfaces of the vehicle (diagnostic interfaces, connectivity/backend connections) as well as within the vehicle E/E architecture, especially with regard to new electronic control unit (ECU) software architectures
• Creation of test specifications and test methods for cryptographic content
• Support cyber security architects with the identification of new requirements and definition of future strategies, definition of innovative concepts for vehicle validation of ECU software architectures
• Conduct analyses on new IT security technologies for feasibility of use in the automotive environment
• Identify and evaluate cyber security weak points and risk analyses and support derivation of mitigation measures for risk reduction
• Review security concepts for ECUs and vehicle architectures
• Work with global partners for the creation of documentation and training documents, as well as implementation of training courses and presentations for internal departments and external suppliers in a global environment
Qualifications – Internal

Basic Qualifications (Required Skills & Experience)
• Bachelor of Science in Computer Science, Electrical Engineering/Information Technology or comparable degree and 5-8 years of relevant experience required
• Professional experience in automotive E/E development required
• Cyber security and software development required
• Experience in the field of cyber security and evaluation of security solutions required
• Experience in evaluation of embedded SW components, firewall concepts and IT security standards (ISO 21434) required
• Experience in process-compliant software development in the automotive industry (ASPICE) required
• Knowledge of E/E networking and architecture, hardware and software architectures in vehicles reuqired
• Knowledge of testing cryptography and IT system security solutions required
• Knowledge of security analysis and threat management process models required
• Excellent written and verbal communication skills required
• An attached resume is required
Typical Minimum Experience Preferred (Desired Skills/Experience)
• Experience in automotive cyber security preferred

Additional Information

Visa sponsorship will only be open to current Daimler Truck North America employees working under an existing U.S. Daimler Truck North America visa

Final candidate must successfully complete a pre-employment drug screen and criminal background check.

Contractors, professional services, or other contingent workers should confirm with their local agency if they are eligible to apply for FTE positions.

EEO/Minorities/Females/Disabled/Veterans.

Daimler Truck North America is committed to employing a diverse workforce and providing an environment where equal employment opportunities are available to all applicants and employees without regard to race, color, sex (including pregnancy), religion, national origin, age, marital status, family relationship, disability, sexual orientation, gender identity and expression (including transgender and transitioning status), genetic information, or veteran status.

For an accommodation or special assistance with applying for a posted position, please contact our Human Resources department at or toll free . For TTY/TDD enabled call or toll free .
Apply Here
For Remote Cyber Security Test Engineer roles, visit Remote Cyber Security Test Engineer Roles

********

Sr. Security Vulnerability Management Engineer at Zoom

Location: Portland

Work Styles at Zoom

In most cases, you will have the opportunity to choose your preferred working location from the following options when you join Zoom: in-person, hybrid or remote. Visit this page for more information about Zoom’s Workstyles.

About Us

Zoomies help people stay connected so they can get more done together. We set out to build the best video product for the enterprise, and today help people communicate better with products like Zoom Contact Center, Zoom Phone, Zoom Events, Zoom Apps, Zoom Rooms, and Zoom Webinars.

We’re problem-solvers, working at a fast pace to design solutions with our customers and users in mind. Here, you’ll work across teams to deliver impactful projects that are changing the way people communicate and enjoy opportunities to advance your career in a diverse, inclusive environment.

We are seeking a Senior Security Vulnerability Management Engineer to join our Vulnerability Discovery team. The new member of our team will focus on creating POCs for known vulnerabilities, provide root-cause analysis for triaged vulnerabilities, and work with engineers throughout Zoom to remediate vulnerabilities.

Responsibilities:
• Provide root cause analysis of triaged vulnerabilities
• Provide actionable security guidance to engineers to enable remediation within SLA
• Create POCs to facilitate fix verification and enable regression testing
• Help drive quality engagement on bug bounty programs
• Assess incoming Bug Bounty submissions
• Work with product security team to review and process external reports
• Provide guidance on effective vulnerability countermeasures
• Contribute to security policy, standards, and guidelines related to Bug Bounty
• Engage with the security researcher community and promote high quality experiences

Minimum Qualifications:
• Hands-on experience discovering, validating and fixing common vulnerabilities
• Ability to communicate ideas and proposals concisely
• Ability to distill complex security problems and drive towards creative solutions
• Ability to engage with teams to review security issues and recommend solutions
• Excellent written and verbal communication skills for conveying security concepts and engineering solutions
• Strong knowledge of web, mobile, and/or desktop application security vulnerabilities and countermeasures, including the OWASP Top 10
• Experience with application programming

Preferred Qualifications:
• Prior bug hunting and/or bug triage experience
• Experience performing threat modeling, design and code reviews to assess security implications and requirements for the introduction of new systems and technologies
• Experience building out integrations with open source scanners and/or vendor products
• History of participating in Bug Bounty programs
• Programming experience with JavaScript, Python, PHP, Ruby, Java, or C/C++
• Bachelor’s degree in CS/EE or related area

We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone’s perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. Zoom is proud to be an equal opportunity workplace and is an affirmative action employer. All your information will be kept confidential according to EEO guidelines.

We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records and any qualified applicants requiring reasonable accommodations in accordance with the law. If you need any assistance or accommodations due to a medical condition, or if you need assistance accessing our website or completing the application process, please let us know by emailing us at careers@zoom.us.

Zoom requires all U.S. employees who will work in person at a Zoom office, attend in-person Zoom meetings or have in-person customer meetings to be fully vaccinated. Zoom will consider requests for reasonable accommodations for religious or medical reasons as required under applicable law.

At Zoom, we care about our employees, their families, and their well-being. As part of our award-winning workplace culture and commitment to delivering happiness, our benefits program offers a variety of perks, benefits, and options to help employees maintain their physical, mental, emotional, and financial health; support work-life balance; and contribute to their community in meaningful ways. To view our benefits, click here.

Explore Zoom:
• Hear from our leadership team
• Browse Awards and Employee Reviews on Comparably
• Visit our Blog
• Zoom with us!
• Find us on social at the links below and on Instagram
• View more jobs, sign up for job alerts and join our talent community. Visit the Zoom careers site.

#LI-Remote
Apply Here
For Remote Sr. Security Vulnerability Management Engineer roles, visit Remote Sr. Security Vulnerability Management Engineer Roles

********

Cyber Security Manager- Threat Management at Ledgent Technology

Location: Portland

Cyber Security Manager- Threat Management
100% Remote- (Must reside in WA, OR, ID, NV, CA, AZ)
$170k-$210k DOE plus 20% Annual Bonus
Direct Hire- Full Time
Ledgent Technology has partnered with key employer for a killer new opportunity to join their Cyber team!!
• Lead a team of engineers who will oversee the cybersecurity threat management function that includes application security testing, vulnerability management, penetration testing, bug bounty programs, configuration management compliance (on-prem/cloud), purple teaming, and breach and attack simulation.

Functions
• Drive vision and plans to implement, mature, and maintain application security testing services, vulnerability management, and penetration testing
• Partner with Cybersecurity Engineering and Cybersecurity Operations to advance use case detection and prevention capabilities
• Oversee, manage, and deliver cloud infrastructure security policy within Azure to govern and maintain a secure environment through automation of our compliance objectives
• Partner with the application development function to support streamlined, automated, and effective CI/CD pipeline security testing
• Drive a culture of DevSecOps, creating reporting and self-service capabilities to drive more ownership and accountability for security across functional teams
• Support continuous delivery of vulnerability scanning, remediation, and reporting across various platforms and architectures
• Develop and maintain security metrics and the communication of those metrics to Management.

Qualifications
• Bachelor’s Degree in Computer Science, related field, or an equivalent combination of education, training, and experience. Required.
• Working knowledge and experience with multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
• Subject Matter Expert (SME) experience with Secure Software Development Life Cycle (SSDLC) (e.g. risk assessments, threat modeling, static code analysis, code reviews and dynamic application scanning)
• Experience working with modern development practices (e.g. micro services, containers, orchestration, continuous integration & delivery pipelines)
• Experience working in regulated industries leveraging information security management frameworks and industry recognized best practice / standards (e.g. FFIEC CAT, NIST, ISO, and PCI)
• Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA
• 5 years’ experience managing people or leading project teams, including proven experience providing effective coaching, feedback, and development plans to team members.
• 7 years proven track record of technical expertise in IT Security.

We are an equal opportunity employer and make hiring decisions based on merit. Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance.

We are an equal opportunity employer and make hiring decisions based on merit. Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance.
Apply Here
For Remote Cyber Security Manager- Threat Management roles, visit Remote Cyber Security Manager- Threat Management Roles

********

Principal Engineer – Application Security & Strategy Innovation at Wells Fargo

Location: Portland

Job Description

At Wells Fargo, we are looking for talented people who will put our customers at the center of everything we do. We are seeking candidates who embrace diversity, equity and inclusion in a workplace where everyone feels valued and inspired. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

About this role:

Wells Fargo Information and Cyber Security (ICS) Application Security Strategy & Innovation is looking for a Principal Engineer. Learn more about the career areas and lines of business at wellsfargojobs.com .

In this role, you will:

Drive strategic efforts and lead innovation projects in the application security program. The ideal candidate will lead the charge in identifying and developing our next generation automation and application security solutions. The ideal candidate should have a proven track record of successfully bringing ideas to full production implementation in a large, complex environment. This person will be viewed as a Subject Matter Expert (SME) within the application security domain. This individual will possess a mindset focused on creating proactive, preventative, and predictable solutions.
The Application Security function within Information and Cyber Security is responsible for the secure software training, practices, and processes to address security risks across all phases of the Wells Fargo software development life cycle and prevent the introduction of unmanaged software security risks, through proactive code reviews, regulatory scanning, and
advance penetration testing techniques.

Key Responsibilities

• Lead innovation projects across ICS Application Security and other strategic initiatives
• Present to and be able influence leadership and peer organizations
• Stay abreast of industry standards and thinking around innovation in the application security space
• Collaborate with ICS and Technology groups to improve automation and solve security concerns by accelerating reviews
and release into production
• Review and identify opportunities and gaps in current ICS process related to application security
• Drive a culture of innovation across Application Security
• Provide mentoring and development to more junior and entry level employees
• Prototype innovative solutions to problems
o Lead projects to productize solutions and implement them within the enterprise
o Work towards patentable solutions

Required Qualifications, US:
• 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years of Cloud experience (GCP, Azure, AWS)
Desired Qualifications:
• 5 + years – Development experience in more than one language
• 3+ years of experience with secure DevOps and deployment automation to cloud environments
• 3 + years – CI/CD integration experience
• 2+ years of ServiceNow Experience
• Demonstrated experience in Pen Testing
• Demonstrated experience in determining root cause analysis for actionable SDLC security updates
• Dynamic Analysis Security Testing (DAST) experience
• Knowledge of Kubernetes Containerization Strategy
• Static Analysis Security Testing (SAST) experience (Checkmarx, Fortify, Semgrep, manual code review, etc.)
• Recent Java or C# & .NET CORE development experience including the development of RESTful APIs
• Experience with Artificial Intelligence with a focus on Machine Learning
• Experience with SDLC and Agile methodologies
• Expert knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards,
and best practices
Job Expectations:
• Ability to Travel up to 10% of the time
We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.
Apply Here
For Remote Principal Engineer – Application Security & Strategy Innovation roles, visit Remote Principal Engineer – Application Security & Strategy Innovation Roles

********

Cyber Security Manager – Threat Management at Ledgent Technology

Location: Portland

• Cybersecurity Threat Management Senior Manager
• 100% Remote- (Must reside in WA, OR, ID, NV, CA, AZ)
• Direct Hire- Full Time Opportunity
• Ledgent Technology has partnered with key employer for a killer new opportunity to join their Cyber team
• Lead a team of engineers who will oversee the cybersecurity threat management function that includes application security testing, vulnerability management, penetration testing, bug bounty programs, configuration management compliance (on-prem/cloud), purple teaming, and breach and attack simulation.
• · Serve as experts by defining, supporting, and managing solutions that partner with technology operations and application development teams to deliver business value for Umpqua Bank. Provide leadership, coordination and operations planning to accomplish department/corporate goals and objectives.
• · Collaborate with peer and senior management to focus on service improvements for critical security control processes
• · Drive vision and plans to implement, mature, and maintain application security testing services, vulnerability management, and penetration testing
• · Partner with Cybersecurity Engineering and Cybersecurity Operations to advance use case detection and prevention capabilities
• · Oversee, manage, and deliver cloud infrastructure security policy within Azure to govern and maintain a secure environment through automation of our compliance objectives
• · Partner with the application development function to support streamlined, automated, and effective CI/CD pipeline security testing
• · Drive a culture of DevSecOps, creating reporting and self-service capabilities to drive more ownership and accountability for security across functional teams
• · Support continuous delivery of vulnerability scanning, remediation, and reporting across various platforms and architectures
• · Partner with technology teams to implement configuration compliance by leveraging technical knowledge and problem-solving skills in the network, database, server, and desktop technology areas in accordance with the secure SDLC process
• · Develop and maintain security metrics and the communication of those metrics to Management.
• · Manage vendor relationships to ensure business partner/customer satisfaction with all information system security services.
• Build and maintain effective working relationships with business partners
• · Bachelor’s Degree in Computer Science, related field, or an equivalent combination of education, training, and experience.
• · Working knowledge and experience with multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
• · Subject Matter Expert (SME) experience with Secure Software Development Life Cycle (SSDLC) (e.g. risk assessments, threat modeling, static code analysis, code reviews and dynamic application scanning)
• · Experience working with modern development practices (e.g. micro services, containers, orchestration, continuous integration & delivery pipelines)
• · Experience working in regulated industries leveraging information security management frameworks and industry recognized best practice / standards (e.g. FFIEC CAT, NIST, ISO, and PCI)
• · Demonstrated ability to resolve sensitive issues with other departments and to present information to senior management
• · Demonstrated analytical and problem-solving skills applied to both technical and business challenges
• · Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA
• · 5 years’ experience managing people or leading project teams, including proven experience providing effective coaching, feedback, and development plans to team members.
• · 7 years proven track record of technical expertise in IT Security
• We are an equal opportunity employer and make hiring decisions based on merit.
• Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification.
• We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance.
Apply Here
For Remote Cyber Security Manager – Threat Management roles, visit Remote Cyber Security Manager – Threat Management Roles

********

Senior Security Engineer at WayUp

Location: Portland

Remote Senior Security Engineer for industry leader

Our energetic and entrepreneurial firm tackles complex application security challenges for our clients. We would like to meet experienced application pen testers who are interested in joining our dynamic and growing team. Our firm was founded in 2011 and has built a solid reputation in Portland, ad. We do top tier work that is technically challenging and academically rigorous. Our team thrives on the challenges our clients bring us, while maintaining a fun, collegiate culture that rewards individual contributions and supports a healthy work-life balance.

Our clients are leaders in their respective industries, typically generating $20M to $1B+ in revenue annually. We support them as they innovate in Healthcare, Energy, Software Development, Manufacturing and Higher Ed.

But enough about us. Let’s talk about you.
• You thrive on digging into the dirty underbelly of an application to find its weaknesses and pain points.
• You eat, sleep, and breathe exploit discovery and remote code execution.
• You have a demonstrable track record of responsible vulnerability disclosure.
• You spend your free time hacking on code and tinkering in the test environment you set up in your garage/basement/bedroom/kitchen.

The Lead Application Security Engineer plays a key role in keeping our clients’ applications and their data safe and protected. Our clients hire us to find vulnerabilities and help them fix them so if vulnerabilities exist, you will find them. If they are juicy, you will exploit them.

You will perform penetration testing and application vulnerability assessment work on, and within, client environments. This challenging and rewarding work includes conducting formal tests on a diverse variety of applications and associated network, server, database, and other infrastructure components to measure and document their susceptibility to compromise.

In addition to strong technical skills, you will have strong interpersonal skills and be able to communicate complex security topics to technical teams within enterprise-class organizations. In order to be successful, you will stay current on the latest vulnerabilities and technology trends, maintain and hone your ability to develop proofs of concept that accurately and effectively demonstrate vulnerabilities you discover.

You will have a professional and polished ability to communicate findings and recommendations clearly in writing. The successful person in this role will have the ability to lead projects, mentoring other team members, and interacting with clients directly.

Duties
• Perform application penetration tests, as well as support other information security assessments for clients
• Perform security reviews of application designs, source code and deployments as required; covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
• Review and define requirements for information security improvements
• Continuously improve existing App Sec services, including the enhancement of existing testing methodologies, materials, and supporting assets
• Conduct architecture security reviews, application testing, internal vulnerability assessments and external penetration testing modeled after real world attackers (i.e., exploit and pivot)
• Conduct security architecture reviews of the full stack including applications built on cloud and emerging technologies
• Conduct manual application security testing and source code auditing for a variety of technologies.
• Provide clear and detailed risk assessment and remediation guidelines for developers and business leaders
• Perform security research on the latest best practices, trends, threats and vulnerabilities, and technology frameworks
• Document and disseminate guidelines for common security issues, remediation guidance, and security technology baselines
• Develop tools and exploits to support application security review and/or penetration testing.
• Other duties as assigned

Key

Qualifications Experience manually testing web applications and enterprise penetration testing
• Experience with scripting languages (e.g. perl, python, PHP, ruby) and programming languages (e.g. JAVA, Objective

C)
• Proficiency UNIX/Linux, Windows, and Mac OS
• Understanding of and ability to explain networking concepts (routing, ACL, load balancers, SSL/TLS, TCP) in order to provide application architecture feedback to clients
• Experience with application penetration testing across a variety of platforms
• Experience in web application development and/ting
• Passion for discovering and researching new vulnerabilities and exploitation techniques
• Application development background and security knowledge – example of languages include C, C#, C++, Java, J2EE, .NET
• Vulnerability and threat management experience
• Experience with various security tools and products (Burp Suite, Fortify, App Scan, Metasploit, SAINT, Nessus, Wireshark, etc.)
• Good understanding of the components of a secure DLC/SDLC
• Vulnerability analysis…
Apply Here
For Remote Senior Security Engineer roles, visit Remote Senior Security Engineer Roles

********

Network Operations Center Analyst at Reed College

Location: Portland

• Reed College is seeking an experienced professional with network management and system administration monitoring experience to be our Network Operations Center Analyst.
• The Network Operations Center (NOC) Analyst will work with other IT technical staff to design, build, implement and maintain the monitoring systems needed for Reed Colleges IT infrastructure.
• The NOC Analyst ensures maximum possible service availability and performance of Reed’s core IT services by monitoring the performance and capability of physical and virtual IT systems using a diverse set of software tools.
• This role reports to the Chief Information & Security Officer.
• Reed College offers an exceptional benefits package, including comprehensive and cost-free medical and dental insurance for you, and a 60% discount on medical and dental insurance for your dependents, 403(b) retirement plan with 10% employer contribution (after one year of service), educational assistance for employees and their children, 22 days of paid vacation, paid holidays, half-day Fridays in the summer, and many other campus amenities.
• This is a full-time, exempt role with work hours of 8:30 a.m. to 5:00 p.m. with a one hour unpaid lunch.
• Salary for this position is $74,000 per year.
• This is not a remote position.
• Who You Are You are extremely detail oriented and highly organized.
• You understand the fundamentals of network infrastructure.
• You’re an excellent communicator with internal and external partners.
• You exercise tact and are adept at modifying your communication style to those of your audience or listener.
• You enjoy solving complex problems and you remain calm and clear-headed when faced with challenges.
• You are customer service-oriented and you take time to explain processes in a way users can understand.
• You enjoy working in a dynamic environment that is committed to continuous improvement.
• You are an optimistic and empathetic person that works collaboratively with their team.
• You are comfortable handling confidential and sensitive information.
• You are self-aware.
• You understand your own culture, identity, biases, prejudices, power, privilege, and stereotypes.
• What You’ll Do Monitor operational support systems to identify service impacting events related to IT network and IT environmental conditions.
• Monitor and respond to critical outage alerts associated with college wide physical network, server, storage and backup systems, including environmental monitoring of all IT closets and data center environments.
• Configure monitoring thresholds and related alerting systems to ensure Reed is able to immediately respond to cyber threats and system outages with the added ability to anticipate potential issues.
• Perform troubleshooting and triage in order to support IT Directors, technical administrators, engineers and application owners in pinpointing issues.
• Serves as point of contact for technical teams responding to high risk and service impacting incidents as needed.
• Perform monitoring and escalation duties as part of operations and cybersecurity team.
• Work in conjunction with the cybersecurity team in addressing Common Vulnerabilities and Exposures (CVE’s), patch management functions and active threat hunting.
• Coordinate incident response efforts with internal IT teams, third party vendors and customer contacts.
• Collaborate with the Helpdesk Management to coordinate communications for incident response with internal and external parties.
• Be available for rotational work in monitoring systems 24/7.
• Qualifications Bachelor’s degree and/or 5 years of relevant technical experience in IT functions that demonstrate technical troubleshooting abilities and thorough understanding of network security and monitoring
Apply Here
For Remote Network Operations Center Analyst roles, visit Remote Network Operations Center Analyst Roles

********

IT Security Engineer at Cynet Systems

Location: Portland

Planning, deployment, and operation of enterprise security management tools such as IDS/IPS (network and host), advanced anti-malware (Network), firewalls
Specific knowledge of authentications technologies such as AD, LDAP, RADIUS, TACACS+, 802.1x, NAC, Microsoft Certificate Services, and PKI in general.
Leads, performs or reviews security incident investigations.
Assist in formulating security architecture recommendations and design security services for Network Security.
Perform project leadership tasks on select security projects including development of requirements, evaluation of competing products, selection and implementation of products for Network Security.
Assists in the testing of controls and the remediation of any deficiencies identified for Network Security.
Conduct risk assessments, penetration tests and diagnose internet/extranet security, intrusion attempts, and cyber-crime response.
Manage the proxy, VPN, log collection, intrusion detection and content filtering systems.
Review security events from all security monitoring environments on a daily basis and follow defined incident response processes in their analysis and reporting for Network Security.
Monitor appropriate venues for threats to the security of the environment. Provide notification to all impacted parties related to the actions needed to mitigate threats and manage the threat lifecycle in totality for Network Security.
Participate in analyzing, processing and fulfilling audit requests for Network Security.
Support general troubleshooting related to information security tasks and provide support as needed.
Provide other teams with security consulting services, including responding to requests for additional information and assisting with specific projects.
Apply Here
For Remote IT Security Engineer roles, visit Remote IT Security Engineer Roles

********

The Tech Career Guru
We will be happy to hear your thoughts

Leave a reply

Tech Jobs Here
Logo