5 Ccsk Jobs

Some of your daily responsibilities would be the following: Analyze current asset management workflows and identify areas for automation. Develop and implement automation scripts and tools using programming languages (e.g., Python, PowerShell). Integrate asset management systems with other enterprise applications. Design and develop automation scripts and tools for identity provisioning, de-provisioning, and access management. Integrate identity management systems with other network infrastructure and applications. Create and maintain documentation for automation processes and scripts. Implement security best practices in automation processes. Ensure compliance with regulatory requirements and internal policies Implement automated discovery and inventory processes. Collaborate with internal teams and external auditors on compliance matters. Leverage industry proven tools to identify and reduce Cyber Risks Assist in Crisis Management, Ransomware Recovery and Business Continuity planning. Identify, investigate and resolve global security breaches / incidents Develop and maintain network and infrastructure security reporting dashboards and scorecards used to measure our Cyber Practice. What were looking for... You are passionate about network security and automation as a career. You are self-driven and motivated, with good communication and analytical skills. Youre a sought-after team member that thrives in a dynamic work environment. You will be working with multiple partners from the business groups, so networking and managing effective working relationships should be your top most priority. You have an understanding of industry trends in all areas of Information Security. You'll need to have some of the skills listed below: Bachelors degree or four or more years of work experience. Four or more years of relevant work experience. Four or more years of experience in network / information security, risk and compliance management. Understanding of network fundamentals, switching, routing protocols, load balancers, web proxies, firewalls and software defined networking solutions. Experience in handling enterprise scale server infrastructure & management Knowledge of Cloud infrastructure and technologies Proficiency in scripting languages (e.g., Python, Bash, PowerShell). Experience with network management tools and protocols (e.g., SNMP, Netconf). Knowledge of database management systems (e.g., SQL, NoSQL). Familiarity with API integrations and web services (REST, SOAP). Excellent analytical and problem-solving skills. Ability to manage multiple tasks and priorities in a fast-paced environment Understanding of security fundamentals Confidentiality, Integrity, Availability, access control, Authentication, Authorization, Auditing secure design concepts like Experience working on IT ticketing systems like JIRA, Service Now and ability to partner and collaborate with other teams in the organization Experience with hosting security awareness campaigns, gamification and bug bounty programs will be an added advantage Strong analytical problem solving, communication and interpersonal skills Passion to stay abreast with emerging technologies, network security trends, tools and techniques. Even better if you have one or more of the following: Masters degree in Computer Science / Information Technology Engineering Industry relevant security certifications Security+, OSCP, CEH, CISSP, GIAC, etc Strong expertise in at least one operating system Window or Linux. Cloud relevant certifications CCSP, CCSK

We are looking for a self-motivated Senior Cybersecurity Analyst to join the R1 Cybersecurity Operations Team. We have a relentless focus on driving results for our customers and enabling them to invest more into patient care; in turn, this allows us to continue to grow our company and your career. The successful candidate must be well-versed in security operations, cyber security tools, intrusion detection, and secured networks. They will serve as an expert and be responsible for providing network and security operations technical analysis, assessment, and recommendations in the areas of real-time security situational awareness, operational network system and applications systems security monitoring. Responsibilities: Monitor various security tools to identify potential incidents, network intrusions, and malware events, etc., to ensure the confidentiality, integrity, and availability of R1s architecture and information systems are protected. Generate trouble tickets and perform initial validation and triage to determine whether incidents are security events using open-source intelligence (OSINT). Review and analyze log files to report any unusual or suspect activities. Utilize incident response use-case workflows to follow established and repeatable processes for triaging and escalating. Follow established incident response procedures to ensure proper escalation, analysis, and resolution of security incidents. Analyze and correlate incident event data to develop preliminary root cause and corresponding remediation strategy. Provide technical support for new detection capabilities, recommendations to improve upon existing tools/capabilities to protect R1s network, and assessments for High Value Assets. Research Threat Intelligence sources on the latest malware, trends, patches to keep the Security Program up to date. Document and maintain SOPs/Runbooks related to investigating security incidents. Perform case management throughout the incident lifecycle for moderately complex security incidents. Understand and assist with compliance and enterprise change management policies and procedures. Attend and participate in cybersecurity projects and the change management process. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning. Maintain metrics & reports on the status of the R1 cybersecurity operations program. Required Qualifications: A bachelors degree in a technical discipline (e.g., Computer Science, Business Analyst, etc.) A minimum of 3-5 years of professional experience in an IT-related field. Intermediate knowledge of security, monitoring, and networking technologies, tools, protocols, and standards. Intermediate or advanced security, networking, or audit certification or equivalent professional experience in security operations. Knowledge of security policy, programs, process, and metrics. Understanding/Experience on Network Security, Firewall Security, and Web Security (including web application firewalls and proxies). Experience on SIEM, PIM, Content Filtering, and Firewalls. Experience on Change Management Review and Security Audits/Reviews. Understanding/Experience on Linux and pen testing tools. Experience on Investigating, documenting, and reporting on any information security (InfoSec) issues as well as emerging trends. Experience administering Security Tools. Experience Threat Hunting and searching for malicious activity. Strong drive and passion to deliver distinctive end-products, a quick learner with a strong attention to detail and quality. Excellent interpersonal and communication skills. Self-driven, with attention to detail and the ability to think outside the box for solutions to issues. Knowledge of IT Industry standards such as ISO 27001, HIPAA, SOX. Good knowledge of security programs, process, and metrics. Good knowledge of IT Security Infrastructure and related applications and toolsets. Examples include firewalls & Network, Active Directory, DNS. Desired Qualifications: Certification (or ability to obtain certification) in at least one of the following areas: General Security (CISSP), Cloud Security (GCLD, Cloud+, CCSK), and Ethical Hacking (CEH). Experience with advanced cybersecurity tools, network topologies, intrusion detection, and secured networks. In-depth understanding of NIST SP 800-61,?SOC 2 AICPA controls, and frameworks. Recent experience with static and/or dynamic code review process. Experience with forensic data analysis. Leadership experience and qualities.

We are looking for a self-motivated Senior Cybersecurity Analyst to join the R1 Cybersecurity Operations Team. We have a relentless focus on driving results for our customers and enabling them to invest more into patient care; in turn, this allows us to continue to grow our company and your career. The successful candidate must be well-versed in security operations, cyber security tools, intrusion detection, and secured networks. They will serve as an expert and be responsible for providing network and security operations technical analysis, assessment, and recommendations in the areas of real-time security situational awareness, operational network system and applications systems security monitoring. Responsibilities: Monitor various security tools to identify potential incidents, network intrusions, and malware events, etc., to ensure the confidentiality, integrity, and availability of R1s architecture and information systems are protected. Generate trouble tickets and perform initial validation and triage to determine whether incidents are security events using open-source intelligence (OSINT). Review and analyze log files to report any unusual or suspect activities. Utilize incident response use-case workflows to follow established and repeatable processes for triaging and escalating. Follow established incident response procedures to ensure proper escalation, analysis, and resolution of security incidents. Analyze and correlate incident event data to develop preliminary root cause and corresponding remediation strategy. Provide technical support for new detection capabilities, recommendations to improve upon existing tools/capabilities to protect R1s network, and assessments for High Value Assets. Research Threat Intelligence sources on the latest malware, trends, patches to keep the Security Program up to date. Document and maintain SOPs/Runbooks related to investigating security incidents. Perform case management throughout the incident lifecycle for moderately complex security incidents. Understand and assist with compliance and enterprise change management policies and procedures. Attend and participate in cybersecurity projects and the change management process. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning. Maintain metrics & reports on the status of the R1 cybersecurity operations program. Required Qualifications: A bachelors degree in a technical discipline (e.g., Computer Science, Business Analyst, etc.) A minimum of 3-5 years of professional experience in an IT-related field. Intermediate knowledge of security, monitoring, and networking technologies, tools, protocols, and standards. Intermediate or advanced security, networking, or audit certification or equivalent professional experience in security operations. Knowledge of security policy, programs, process, and metrics. Understanding/Experience on Network Security, Firewall Security, and Web Security (including web application firewalls and proxies). Experience on SIEM, PIM, Content Filtering, and Firewalls. Experience on Change Management Review and Security Audits/Reviews. Understanding/Experience on Linux and pen testing tools. Experience on Investigating, documenting, and reporting on any information security (InfoSec) issues as well as emerging trends. Experience administering Security Tools. Experience Threat Hunting and searching for malicious activity. Strong drive and passion to deliver distinctive end-products, a quick learner with a strong attention to detail and quality. Excellent interpersonal and communication skills. Self-driven, with attention to detail and the ability to think outside the box for solutions to issues. Knowledge of IT Industry standards such as ISO 27001, HIPAA, SOX. Good knowledge of security programs, process, and metrics. Good knowledge of IT Security Infrastructure and related applications and toolsets. Examples include firewalls & Network, Active Directory, DNS. Desired Qualifications: Certification (or ability to obtain certification) in at least one of the following areas: General Security (CISSP), Cloud Security (GCLD, Cloud+, CCSK), and Ethical Hacking (CEH). Experience with advanced cybersecurity tools, network topologies, intrusion detection, and secured networks. In-depth understanding of NIST SP 800-61,?SOC 2 AICPA controls, and frameworks. Recent experience with static and/or dynamic code review process. Experience with forensic data analysis. Leadership experience and qualities.

What youll be doing... Youll be finding the right technology to help ensure our customers keep their systems secure and spot risks before they become real threats. But youll be doing more than just providing SOX and IT securityyoull help customers prepare for the unexpected, defend their systems, and protect their business, brand, and bottom line. Designing solutions to mitigate risk and close security gaps and reduce vulnerability. Managing SOX Audit. PM/Engineering effort for tracking Security vulnerabilities. Working closely with VCG Application Development, App Security teams and other Key stakeholders in strategizing SOX and Security Engineering Practices and mitigating the Security Vulnerabilities. Adhering to industry standards and best practices and understanding emerging technologies and trends to continuously improve the systems, application, infrastructure, and processes. Performing SOX QA Support for Controls to ensure minimal SOX findings by auditors. Conducting quarterly Lesson Learned with SOX POCs/Directors/Performers to prevent the same issues from happening quarter over quarter. Supporting SOX BOT automation enhancements and testing in partnership with Control Performers. Supporting SOX Ops - Maintain and enhance SOX SOP documents for effective QA reviews by team. Where you'll be working... In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager. What were looking for... Application Security Skills: Secure Coding Practices: Deep understanding of secure coding principles and common vulnerabilities (OWASP Top 10, SANS 25) in various languages (e.g., Java, Python, .NET, JavaScript). SAST/DAST/IAST Expertise: Proficiency in using and interpreting results from Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and ideally Interactive Application Security Testing (IAST) tools. Open Source Software (OSS) Security: Knowledge of common OSS vulnerabilities, license compliance issues, and tools for managing OSS risks. Threat Modeling: Ability to perform threat modeling exercises to identify potential security weaknesses in application architectures and designs. Cloud Security (for Cloud-Native Apps): Familiarity with cloud security concepts, including secure configuration of cloud services (e.g., AWS, Azure, GCP), identity and access management (IAM), and cloud-native security tools. Logging and Monitoring: Experience with implementing and analyzing security logs, setting up security information and event management (SIEM) systems, and using intrusion detection/prevention systems (IDS/IPS). DevSecOps Practices: Understanding of integrating security into the software development lifecycle (SDLC) using DevSecOps methodologies and tools. Platform Security Skills: Cloud Security: Strong knowledge of cloud security best practices, including securing cloud infrastructure (compute, storage, network), managing cloud access, and implementing security monitoring in cloud environments. Container Security: Expertise in securing containerized applications and their underlying infrastructure (e.g., Docker, Kubernetes), including image scanning, runtime security, and container orchestration security. Vulnerability Management: Proficiency in using vulnerability scanning tools (like Tenable) for both network and application layers, prioritizing vulnerabilities, and coordinating remediation efforts. Hardware Security: Understanding of hardware security concepts, including firmware security, hardware-based encryption, and physical security measures. Incident Response: Experience with incident response processes, including detection, containment, eradication, and recovery, as well as post-incident analysis. SOX Auditing Exposure/ Experience: We are seeking a highly motivated and detail-oriented SOX Audit person to join our growing team. In this role, you will play a crucial part in ensuring the effectiveness of our internal control environment and compliance with the Sarbanes-Oxley Act (SOX). Plan, execute, and document SOX testing procedures for key financial and IT controls. Identify and assess the design and operating effectiveness of internal controls. Evaluate control deficiencies and recommend remediation strategies. Collaborate with process owners to remediate control deficiencies and enhance the control environment. Stay abreast of SOX compliance requirements and industry best practices. Assist with the development and maintenance of SOX documentation, including process narratives, flowcharts, and risk control matrices. Participate in special projects and other duties as assigned Additional Important Skills: Automation and Scripting: Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automating security tasks and integrating security tools. Communication and Collaboration: Excellent communication skills to effectively convey security findings to technical and non-technical audiences and collaborate with development and operations teams. Problem-Solving and Analytical Skills: Strong analytical and problem-solving abilities to investigate security issues, identify root causes, and develop effective solutions. Youll need to have: Bachelors degree or four or more years of work experience. Four or more years of relevant experience required, demonstrated through work experience and/or military experience. Worked as a consultant. Four or more years of relevant experience in Application Security Skills, Platform Security Skills & SOX Auditing Exposure/ Experience. Even better if you have one or more of the following: A degree in engineering or computer science. Experience with security risk procedures, security patterns, authentication technologies and security attack pathologies. Certifications in one or more of the following: Security: CISSP, CISM, CEH, GCIH, GPEN, CCSK, Security+, Cisco, F5, BlueCoat, Check Point. Network: Cisco, Juniper, Palo Alto. Architecture: TOGAF. Service Delivery/Governance: ITILv2/3.

What youll be doing... The Verizon Product Security Team ensures security by design product engineering and architecture for both consumer and business products. As a Principal Security Architect, you will work to conduct security assessments on both Consumer and Business products and solutions. You will help to create, define, and implement security controls and tooling in conjunction with product development teams and product owners. You will manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements. You will also work in conjunction with security stakeholders in other areas of the business and make decisions and help lead initiatives to ensure timely delivery of security solutions that support business objectives. You will also manage work that involves coordination with multiple organizations and is the focal point within the group. Help implement Secure Software Development Lifecycle (SSDLC) practices and use automation where possible Work with the product development teams to perform security design/code reviews and vulnerability assessment. Provide security guidance to Engineering and Product teams. Contribute to security architecture and assist in building and rolling out processes for secure code development and deployment involving truly cutting edge technology Contribute to security policy, standards, and guidelines related to Information Security Evaluate and operationalize new technologies for securing the organization Create security user stories and security test cases for products that are tailored to the product attributes and technology Support and advise product owner and product development teams by ensuring technical and architectural feasibility, readiness and compliance. What were looking for You'll need to have: Bachelors degree or one or more years of work experience. Experience in cybersecurity. Experience with security requirements analyses, building threat models, performing security design reviews, applying zero trust principles. Knowledge of application security vulnerabilities, secure coding, attack surfaces and countermeasures. Knowledge of S-SDLC, best practices for secure coding, understanding of OWASP Top 10, CIS Top 20 Even better if you have one or more of the following: Understanding of Docker, Kubernetes, container security best practices. Experience with Threat Management and Monitoring tools (like CrowdSrike, GuardDuty, Tenable, CloudTrail, Cloudwatch) and container security tools. Experience with building security and hardening Cloud Containers, Cloud OS, on-premise/cloud storage, like Cassandra, MongoDB, Data Warehouse and Object-Based storage. Hands on experience on security testing like SAST, DAST, SCA and Pen testing Understanding of authentication protocols like OID, OAuth2.0, SAML Hands-on experience in securing software development projects using iOS/Android platforms Familiar with Content Streaming Services Security like DRM, CA (Widevine, Playready, FairPlay) Experience with application programming (C/C++/Java/Kotlin/Swift/JavaScript or any other languages) and the overall software development life cycle. Written and verbal skills for communicating security concepts and solutions. Ability to prioritize between and execute on multiple work streams. Excellent organizational and interpersonal skills. One of more of the following certifications: CISSP, CISM, SANS, CCSK.