Fulltime Network Security Engineer openings in Portland on September 19, 2022

Senior Cloud Security Engineer at Humana

Location: Portland

Description

The Senior Cloud Security Engineer-AWS Responsible for build, deployment and maintenance of the multi-cloud security controls; engineering the security posture and implementation to the cloud based applications and systems. The Senior Cloud Security Engineer work assignments involve moderately complex to complex issues where the analysis of situations or data requires an in-depth evaluation of variable factors.

Responsibilities

The Senior Cloud Security Engineer-AWS Ensure the Cyber security policies are engineered and deployed (Policy-as-a-Code) to the cloud environments and meet the compliance requirements. Automate the cloud security controls to ensure threat, vulnerabilities and risk are minimized and reduced. Ensure cross functional business process in place for cloud security control engineering and implementation with proper visibility and approvals. Begins to influence department’s strategy. Makes decisions on moderately complex to complex issues regarding technical approach for project components, and work is performed without direction. Exercises considerable latitude in determining objectives and approaches to assignments.

Required Qualifications
• Bachelor’s Degree in Computer Science or related field
• 5 or more years of experience designing, developing, and testing of software applications and/or infrastructure in AWS, Azure and GCP
• Must be passionate about contributing to an organization focused on continuously improving consumer experiences
Preferred Qualifications
• Master’s Degree
• Experience working in AWS. Familiarity with AWS services such as IAM, S3, KMS, Security Groups and NACLs, AWS Config, EBS Volumes. Elastic IP.
• A solid foundation in Windows and Linux operating systems with a good understanding of the following programming languages and experience with any two: Python, Javascript, PowerShell, .net, C# and Go
• Modern software development experience including secure design, development, QA and deployment – embracing agile development methodologies
• Ability to communicate effectively and build working relationships across the organization
• Must be passionate about contributing to an organization focused on continuously improving customer experiences
Additional Information

For this job, associates are required to be fully COVID vaccinated (preferred) or undergo weekly COVID testing and wear a face covering while at work. The weekly testing will need to be done through an approved Humana vendor, and unvaccinated associates should follow all social distancing and masking protocols if they are required to come into a Humana facility or work outside of their home. We are ahealthcarecompany committed to putting health and safety first for our members, patients, associates, and the communities we serve.

If progressed to offer, you will be required to:
• Provide proof of full vaccinationor commit to testing protocols OR
• Provide proof of applicable exemption including any required supporting documentation
Medical, religious, state and remote-only work exemptions are available.

Work-At-Home Requirements
• WAH requirements: Must have the ability to provide a high speed DSL or cable modem for a home office. Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense.
• A minimum standard speed for optimal performance of 25×10 (25mpbs download x 10mpbs upload) is required.
• Satellite and Wireless Internet service is NOT allowed for this role.
• A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information
Scheduled Weekly Hours

40

Humana complies with all applicable federal civil rights laws and does not discriminate on the basis of race, color, national origin, age, disability, sex, sexual orientation, gender identity or religion. We also provide free language interpreter services. See our
Apply Here
For Remote Senior Cloud Security Engineer roles, visit Remote Senior Cloud Security Engineer Roles

********

Senior Information Security Engineer at Wells Fargo

Location: Portland

About this role:

Wells Fargo is seeking a Senior Information Security Engineer with experience or education in tactical cyber-attack evaluation, exploit testing and analysis, cyber intelligence, and red or purple teaming. The ideal candidate will have experience in using tactical expertise in exploit testing, and exploit proof-of-concept development and analysis, to identify over-the-horizon cyber-attack vectors that may pose a risk to the company’s information security environment. The candidate will also have experience partnering with cyber defenders to resolve identified capability gaps. The team member will need to have experience in conducting technical research and identifying methods to detect emerging cyber threats, emulating full-life cycle cyber-attack methodologies, and have a deep, technical understanding of evolving Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs).

The ideal candidate will have a well-rounded understanding of endpoint/network defenses and detection methodologies, or incident response, in addition to an expertise in how adversarial cyber threat actors think and attack. Regular collaboration with multiple teams such as the Cyber Threat Fusion Center, Security Content Development, Cyber Threat Intelligence, and Offensive Security teams will be critical to success.

In this role, you will:
• Lead or participate in computer security incident response activities for moderately complex events
• Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies
• Provide security consulting on medium projects for internal clients to ensure conformity with corporate information, security policy, and standards
• Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security
• Review and correlate security logs
• Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity
• Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives
• Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals
Required Qualifications, US:
• 4+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 4+ years of information security applications and systems experience
• 4 + years of experience with technical project coordination associated with Red Team, Purple Team, Blue Team Assessments or offensive security research assessment
• 3+ years of experience managing cybercrime detection, investigation, and intelligence strategies
Desired Qualifications:
• 3+ years of information security experience including experience in one or more of the following security disciplines: information security monitoring, incident response, vulnerability management, host/network forensics, cyber-crime investigation, penetration testing, business continuity, or cyber threat intelligence
• 2+ years of Splunk experience
• Knowledge and understanding of banking or financial services industry
• Certifications in one or more of the following: Global Information Assurance Certification (GIAC), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), or Offensive Security Web Expert (OSWE).
• Experience conducting project meetings, presentations and status reporting
• Knowledge and understanding of data security controls including malware protection, firewalls, intrusion detection systems, content filtering, Internet proxies, encryption controls, and log management solutions
• Knowledge of offensive security, with the ability to think like an adversary when hunting and responding to incidents
• Experience with multiple operating systems to include Windows, Mac OS, and Unix/Linux
Job Expectations:
• Ability to travel up to 10% of the time
We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.
Apply Here
For Remote Senior Information Security Engineer roles, visit Remote Senior Information Security Engineer Roles

********

Application Security Engineer at Ledgent Technology

Location: Portland

Role: Application Security Engineer (Level 1)
Contract To Hire
100% Remote in OR, WA, CA, NV, ID, CO, AZ
$100k-115k

Job Summary
• Ledgent Technology is looking for an Application Security Engineer to provide application security testing services to ensure consistent secure software development practices for our local client.
• Their focus is on building a DevSecOps culture working closely with their product and software development teams.
• In this role, you will serve as an expert by defining, supporting, and managing solutions that partner with cloud operations and application development teams to deliver business value for our client

Functions
• Support continuous delivery of application vulnerability scanning, remediation, and reporting across various platforms and architectures
• Manage application vulnerabilities scanning tools (DAST, SAST, and SCA) such as Veracode, SonarQube, and OWASP Dependency Checker
• Onboard applications into SAST, DAST, and SCA scanning solutions
• Tune false positives and validate findings with our application development teams
• Partner with the application development function to support streamlined, automated, and effective CI/CD pipeline security testing
• Drive a culture of DevSecOps, creating reporting and self-service capabilities to drive more ownership and accountability for security across functional teams

Qualifications
• Bachelor’s Degree in Computer Science, related field, or an equivalent combination of education, training, and experience. Required.
• Working knowledge and experience with multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
• Subject Matter Expert (SME) experience with Secure Software Development Life Cycle (SSDLC) (e.g. risk assessments, threat modeling, static code analysis, code reviews and dynamic application scanning)
• Experience working with modern development practices (e.g. micro services, containers, orchestration, continuous integration & delivery pipelines)
• Experience working in regulated industries leveraging information security management frameworks and industry recognized best practice / standards (e.g. FFIEC CAT, NIST, ISO, and PCI)
• Knowledge of security monitoring, diagnostic and administrative tools.
• Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA

We are an equal opportunity employer and make hiring decisions based on merit. Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance.

We are an equal opportunity employer and make hiring decisions based on merit. Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance.
Apply Here
For Remote Application Security Engineer roles, visit Remote Application Security Engineer Roles

********

Application Security Engineer at Ledgent Technology

Location: Portland

Role: Application Security Engineer (Level 1)
Contract To Hire
100% Remote in OR, WA, CA, NV, ID, CO, AZ
$100k-115k

Job Summary
• Ledgent Technology is looking for an Application Security Engineer to provide application security testing services to ensure consistent secure software development practices for our local client.
• Their focus is on building a DevSecOps culture working closely with their product and software development teams.
• In this role, you will serve as an expert by defining, supporting, and managing solutions that partner with cloud operations and application development teams to deliver business value for our client

Functions
• Support continuous delivery of application vulnerability scanning, remediation, and reporting across various platforms and architectures
• Manage application vulnerabilities scanning tools (DAST, SAST, and SCA) such as Veracode, SonarQube, and OWASP Dependency Checker
• Onboard applications into SAST, DAST, and SCA scanning solutions
• Tune false positives and validate findings with our application development teams
• Partner with the application development function to support streamlined, automated, and effective CI/CD pipeline security testing
• Drive a culture of DevSecOps, creating reporting and self-service capabilities to drive more ownership and accountability for security across functional teams

Qualifications
• Bachelor’s Degree in Computer Science, related field, or an equivalent combination of education, training, and experience. Required.
• Working knowledge and experience with multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
• Subject Matter Expert (SME) experience with Secure Software Development Life Cycle (SSDLC) (e.g. risk assessments, threat modeling, static code analysis, code reviews and dynamic application scanning)
• Experience working with modern development practices (e.g. micro services, containers, orchestration, continuous integration & delivery pipelines)
• Experience working in regulated industries leveraging information security management frameworks and industry recognized best practice / standards (e.g. FFIEC CAT, NIST, ISO, and PCI)
• Knowledge of security monitoring, diagnostic and administrative tools.

• Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA

We are an equal opportunity employer and make hiring decisions based on merit. Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance.

We are an equal opportunity employer and make hiring decisions based on merit. Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance.
Apply Here
For Remote Application Security Engineer roles, visit Remote Application Security Engineer Roles

********

Information Security Principal Engineer at TTEC

Location: Portland

Information Security Principal Engineer

Are you looking for the next challenge in your career? Are you looking to apply your leadership experience within a global company? TTEC is seeking an Information Security Principal Engineer to join our Information Technology team.

Our global IT organization of 500 supports the entire enterprise that encompasses over 40,000 users across our businesses aligned in four pillars – Customer Care, Technology Services, Strategy Services, & Growth Services.

What you’ll be doing:
• Manages Investigations of security events to determine full lifecycle of an cyber event.
• Provides technical security architectural support, to remediate the discoveries of any cyber event.
• Provided technical support of tuning TTEC specific security tools.
• Assists Fraud & Compliance, Human Capital and Operations with fraud detection, documentation, and prevention, and provides investigative support as needed.
• Monitors changes of the IT environment to detect changes and to ensure proper configuration was completed.
• Provides reports to the security leadership on the effectiveness of data security and makes recommendations for the adoption of new procedures and tools.

What we’re looking for:
• Experience investigations of events related to information security.
• Experience in forensics of security incidents across multiple
• Experience in a wide variety of security products to validate appropriate configurations (Palo Alto and Cisco Firewalls, Network devices, Privilege Access Management, Digital Guardian, O365, ProofPoint)
• Experience Security Architecture modelling

What skills you’ll need:
• BA/BS degree or equivalent experience.
• Security certifications, such as CEH, CCNA or CCNP, CHFI, CSFA
• 5-7 years of Information Security experience
• A PLUS
• Product certifications Palo Alto, Cisco ASA, LogRhythm, Digital guardian, O365, AWS, GCP and Azure

COMPENSATION & BENEFITS

The anticipated starting range for individuals expressing interest in this position is $83,000 – $132,000. This position is eligible to participate in an annual incentive program. Actual compensation offers to a candidate may vary based upon geographic location, work experience, education and/or skill levels.

Benefits available to eligible employees include the following:
• Medical, dental, and vision
• Tax-advantaged health care accounts
• Financial and income protection benefits
• Paid time off (PTO) and wellness time off

TTEC is proud to be an equal opportunity employer where all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. TTEC embraces and is committed to building a diverse and inclusive workforce that respects and empowers the culture and perspectives within our global teams. We strive to reflect the communities we serve by not only delivering amazing service and technology, but also humanity. We make it a point to make sure all our employees feel valued and comfortable being their authentic selves at work. As a global company, we know diversity is our strength. It enables us to view projects and ideas from different vantage points and allows every individual to bring value to the table in their own unique way.

Notice to external Recruiters and Recruitment Agencies: TTEC does not accept unsolicited headhunter and agency resumes. Headhunters and recruitment agencies may not submit resumes/CVs through this web site or directly to any employee. TTEC, and any of our subsidiaries, will not pay fees to any third-party agency or company that does not have a signed agreement with TTEC.
Apply Here
For Remote Information Security Principal Engineer roles, visit Remote Information Security Principal Engineer Roles

********

Security Engineer at Aspen Capital

Location: Portland

Aspen Capital is in search of a Security Engineer to join our technology team.

You will be responsible for building out security systems and controls to reduce the risks on data. We believe security should be enabled by default across the business.

You will ensure that the flow of information across our ecosystem is safe and secure.

You will continue to improve Aspen Capital’s services around data deletion and encryption to exceed industry standards and norms. Partner with engineering teams to implement security improvements and provide security architecture guidance. We’re guided by our principles including impact, growing together, embracing openness and positivity, inventing tomorrow; we’re looking for leaders who are motivated by those same principles.

What excites you

• Improving security through building software.

• Working across legal, product, and engineering to improve security l.

• Setting a new standard for data privacy across the financial industry.

• Thinking of security primitives like authentication, encryption, logging as products for engineers as customers.

What excites us

• Experience building mission critical backend infrastructure.

• Experience building services to manage (ideally one or more):
Data encryption, data deletion, abuse detection, authentication.

• Experience with threat modeling, security architecture reviews, or incident response.

• Passionate about educating others on security and privacy. We’re guided by our principles including impact, growing together, embracing openness and positivity, inventing tomorrow; we’re looking for leaders who are motivated by those same principles.

Benefits

Work with cutting-edge technology. Data Science is in the DNA of Aspen Capital and we hope it is in yours as well. Join us as we rewrite the rules of residential and commercial mortgages and real estate.

We are a private equity firm based in Portland, , NY. We utilize data and technology to enhance business insight, propel growth, transform our investment strategies and business operations, and execute industry-leading deals. The unique Aspen Capital worldview is reflected in a nimble, efficient organizational structure that allows the company to capitalize on market demands, seize business opportunities and excel in a wide range of roles including investment, lending and servicing, acquisitions, management, joint ventures, asset management, recapitalization and advisory services.

We offer competitive salary and a great benefits package including medical, dental, and vision insurance, covering 100% of the employee premiums and 50% for dependents. We provide life insurance, short & long term disability insurance, 15 days of PTO, 8 paid holidays and a 401(k) plan with company match up to 4%. We have a dog friendly work environment, and casual dress.
• We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status r characteristic protected by law.
• We maintain a drug-free workplace and perform pre-employment substance abuse testing.
Apply Here
For Remote Security Engineer roles, visit Remote Security Engineer Roles

********

Cyber Security Manager- Threat Management at Ledgent Technology

Location: Portland

Cyber Security Manager- Threat Management
100% Remote- (Must reside in WA, OR, ID, NV, CA, AZ)
$170k-$210k DOE plus 20% Annual Bonus
Direct Hire- Full Time

Ledgent Technology has partnered with key employer for a killer new opportunity to join their Cyber team

Lead a team of engineers who will oversee the cybersecurity threat management function that includes application security testing, vulnerability management, penetration testing, bug bounty programs, configuration management compliance (on-prem/cloud), purple teaming, and breach and attack simulation.
Functions
Drive vision and plans to implement, mature, and maintain application security testing services, vulnerability management, and penetration testing
Partner with Cybersecurity Engineering and Cybersecurity Operations to advance use case detection and prevention capabilities
Oversee, manage, and deliver cloud infrastructure security policy within Azure to govern and maintain a secure environment through automation of our compliance objectives
Partner with the application development function to support streamlined, automated, and effective CI/CD pipeline security testing
Drive a culture of DevSecOps, creating reporting and self-service capabilities to drive more ownership and accountability for security across functional teams
Support continuous delivery of vulnerability scanning, remediation, and reporting across various platforms and architectures
Develop and maintain security metrics and the communication of those metrics to Management.

Qualifications
Bachelor’s Degree in Computer Science, related field, or an equivalent combination of education, training, and experience. Required.
Working knowledge and experience with multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
Subject Matter Expert (SME) experience with Secure Software Development Life Cycle (SSDLC) (e.g. risk assessments, threat modeling, static code analysis, code reviews and dynamic application scanning)
Experience working with modern development practices (e.g. micro services, containers, orchestration, continuous integration & delivery pipelines)
Experience working in regulated industries leveraging information security management frameworks and industry recognized best practice / standards (e.g. FFIEC CAT, NIST, ISO, and PCI)
Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA

5 years’ experience managing people or leading project teams, including proven experience providing effective coaching, feedback, and development plans to team members.
7 years proven track record of technical expertise in IT Security.

We are an equal opportunity employer and make hiring decisions based on merit.

Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification.

We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance.
We are an equal opportunity employer and make hiring decisions based on merit.

Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification.

We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angele
Apply Here
For Remote Cyber Security Manager- Threat Management roles, visit Remote Cyber Security Manager- Threat Management Roles

********

Manager, Cyber Security at The Lancet

Location: Portland

Business Title: Manager, Cyber Security – ServiceNow GRC

Requisition Number: 8590- 73

Function: Advisory

Area of Interest: Cyber

State: OR

City: Portland

Description:

Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today’s most important industries.
Our growth is driven by delivering real results for our clients.

It’s also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities.

With qualities like those, it’s no wonder we’re consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc.
and others. If you’re as passionate about your future as we are, join our team.

KPMG is currently seeking a Manager, Cyber Security – Cyber GRC / ServiceNow IRM to join our Cyber Security organization

Responsibilities
• Experience in guiding clients and developing their Cyber GRC vision, strategy, and implementation roadmap
• Experience demonstrating out of the box capabilities within ServiceNow IRM/GRC, ServiceNow SecOps, and/or OneTrust and aligning those capabilities against client’s objectives
• Experience designing, architecting and implementing Cybersecurity, Cyber Risk, Sec
Ops and GRC / IRM programs and technology platforms in one or more of the following areas:
Policy and Compliance, Risk, Vendor Risk, Business Continuity, Data Privacy, Issues Management, Vulnerability Response and Security Incident Response
• Oversee implementation of one or more applications in ServiceNow IRM/GRC, ServiceNow SecOps, or OneTrust GRC supporting Cybersecurity and Cyber GRC programs
• Experience with agile and scrum methodology, creating process designs and technical designs, defining user stories, working with a diverse development teams in multiple geographies, leading user acceptance testing (UAT), and providing the necessary end-user training to deliver the proposed solution to the highest caliber
• Facilitate requirements gathering, scrum, sprints, testing, and deployment by working directly with clients
• Actively participate in practice development such as innovate solutions to complex problems, knowledge management and work towards building a strong Cyber GRC community.

Qualifications:
• A minimum of five years’ experience in the field of Cybersecurity, Cyber Risk and GRC with a strong working knowledge of ServiceNow and/or OneTrust GRC;
• Bachelor’s degree from an accredited college/university or equivalent professional experience;
• Certifications in any of the following: Service
Now Certified System Administrator (required for candidates with ServiceNow experience);ServiceNow CIS certification in IRM in either:
Risk and Compliance, Vendor Risk Management OneTrust GRC Professional Certification ServiceNow CIS certification in SecOps in either; Security Incident Response or Vulnerability Response (a plus)
• Solid competencies in processes related to Cyber GRC domain including Security Policy Management, Security Compliance Management, Cyber Risk, Vendor Security Risk, Business Continuity, Data Privacy Vulnerability Management, Security Incident Response Management and / or Issues Management
• Competency in security frameworks including NIST CSF, NIST 800-53, ISO 27001, HIPAA, PCI, SOX
• Competency in Unified Controls Framework (UCF) and mapping to common controls
• Experience with security tools such as Nessus, Rapid 7, Tanium, Qualys, Splunk, QRadar, LogRhythm, etc. is a plus
• Demonstrable interpersonal, facilitation and presentation skills to help clients navigate through complex cybersecurity and GRC challenges
• Ability and Willingness to Travel
KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring.

All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state or local laws.

The attached link ( ) contains further information regarding the firm’s compliance with federal, state and local recruitment and hiring laws.
No phone calls or agencies please.

KPMG does not currently require partners or employees to be fully vaccinated or test negative for COVID-19 in order to go to KPMG offices, client sites or KPMG events, except when mandated by federal, state or local law.
In some circumstances, clients also may require proof of vaccination or testing (e.g., to go to the client site).

GL: 4

GF: 15304
Apply Here
For Remote Manager, Cyber Security roles, visit Remote Manager, Cyber Security Roles

********

Principal Cybersecurity Engineer – Hiring Immediately at Columbia Sportswear

Location: Portland

OUTGROWN YOUR OWN BACKYARD? COME PLAY IN OURS.

At Columbia, we’re as passionate about the outdoors as you are. And while our gear is available worldwide, we’re proud to be based in the Pacific Northwest, where natural wonders are our playground.

Every product we make and every task we undertake is inspired by the famous words of our founder Gert Boyle: “It’s perfect. Now make it better.” As pioneers of relentless improvement, we are constantly evolving.

We believe the outdoors is ours to protect and strive to keep our planet healthy. We believe in empowering people to experience the outdoors to the fullest.

And we believe in you.

ABOUT THE POSITION

Although we’re an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear’s Digital Technology (CDT) teams enable an IT infrastructure across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.

The Principal Information Security Engineer supports the global Information Security team in designing, implementing, maintaining, and improving information security systems in addition to detecting and responding to Cybersecurity events and incidents.

This role is necessary to support the Cybersecurity Incident Response and threat hunting capabilities. It requires a deep understanding of the entire information security space, expert knowledge of the Incident Response lifecycle, and technical depth to perform and direct response actions.

HOWYOU’LLMAKE A DIFFERENCE
• Member of CSC’s global Information Security team responsible for the detection, containment, and recovery actions of an incident.
• Collaborate with MDR provider and cross functional teams to prioritize, build, deploy, and tune use-cases across IT and security tools and platforms (e.g., SIEM, EDR, DLP, etc.).
• Develop and maintain global incident response technologies, runbooks, and procedures.
• Facilitate incident response exercises, assists with network and systems penetration testing, and conducts Cybersecurity risk and gap assessments.
• Operationalizes threat intelligence and performs proactive hunt assessments.
• Creates and presents incident, threat intelligence, and after-action reports to senior and executive level management.
• Manages global Information Security tools and programs (e.g., vulnerability detection (VM), endpoint security (EDR), log correlation (SIEM), etc.).
• Leads review and use of new technologies and capabilities to support constantly changing digital landscape; ensures solutions meet security requirements and align to corporate information security posture.
• Performs other duties, as assigned.

YOU ARE
• Regarded as the expert in the information security discipline within the organization function or business.
• Extensive knowledge of deploying and maintaining enterprise security tools and capabilities.
• Knowledge of industry and regulatory security standards and frameworks (e.g., NIST CSF, ISO 27001, SOX, PCI/DSS, GLBA, GDPR, and CCPA).
• Ability to work both individually and as part of a team.
• Excellent written and verbal communication skills as well as a high degree of business acumen and an enterprise mindset.

YOUHAVE
• Bachelor’s degree or equivalent experience with one or more Information Security certifications (GCIH, GCFE, GCFA, GREM, or GCED).
• Requires 8+ years of professional Cybersecurity with a recent emphasis on incident response and/or threat hunting.
• Scripting experience preferred (e.g., Python, PowerShell, bash, etc.).
• Understanding of the MITRE ATT&CK Framework, Diamond Model of Intrusion Analysis, Offensive Security, and/or adversary techniques.
• Excellent understanding of security protocols, hybrid and multi-cloud architecture, security controls, modern threats, and countermeasures.
• Ability to interact with a broad cross-section of personnel to define, explain and effectively manage security measures based on business value and objectives.
#LI-JD1

Columbia Sportswear Company and our portfolio of brands, including Columbia, SOREL, Mountain Hardwear and prAna, know a thing or two about adventures. After all, we’ve been on one since 1938, working to perfect the art of enjoying the outdoors. Behind everything we make is an employee who’s found that the greatest adventure starts with joining a company that strives to do the right thing.

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position’s scope and function in the company.
At Columbia Sportswear Company (CSC), we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, military and veteran status, and any other characteristic protected by applicable law. CSC believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. All employment is decided on the basis of qualifications, merit, and business need.
Apply Here
For Remote Principal Cybersecurity Engineer – Hiring Immediately roles, visit Remote Principal Cybersecurity Engineer – Hiring Immediately Roles

********

Sr Security Engineer – Infra, eero Security at Amazon.com Services, Inc.

Location: Portland

Desciption

Job summary

eero is looking for an experienced Security Infrastructure & Operations Engineer to work within our Security team. The Security team spans all areas of security, including product security, infrastructure, detection and response, risk, compliance, sales support, etc.

This role will own many aspects of eero’s infrastructure security, including configuration standards, security tooling, and incident response, both for cloud and physical infrastructure. The role will also participate in design, architecture, and code reviews, and create threat models for new and existing projects.

This role will partner extensively with other infrastructure and security teams at eero and Amazon, learning lessons from those teams while also setting local strategy and technical direction for security projects, including a rolling 12-month forecast of security infrastructure and operations work

Successful candidates will excel in scaling both automation and human elements, including teaching and coaching other engineers.

Key job responsibilities
• Setting standards for infrastructure security, and implementing secure infrastructure and tooling
• Investigating security incidents, running postmortems, and designing and implementing corrective actions
• Partnering with development and ops teams to raise the security bar across the organization
• Partnering with other security teams across Amazon to benefit from technical economies of scale
Basic Qualifications
• 5 years experience of security engineering, or infrastructure / operations engineering with a security focus
Preffered Qualifications
• Knowledge of Kubernetes and Terraform
• Experience setting technical direction or strategy for others
• Experience working with physical networking and infrastructure
• Experience working with Amazon Web Services or a similar cloud service provider
• Experience configuring, deploying, and securing Linux systems
• Experience investigating and/or resolving security incidents
• Proficiency in at least one programming language

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Apply Here
For Remote Sr Security Engineer – Infra, eero Security roles, visit Remote Sr Security Engineer – Infra, eero Security Roles

********

The Tech Career Guru
We will be happy to hear your thoughts

Leave a reply

Tech Jobs Here
Logo