Senior Security Engineer

SENIOR SECURITY ENGINEER at npm

Who We Are

npm is the world’s largest software repository, with over 10 million users and over 26 billion software package downloads every month. 


What You'll Do

The npm registry supplies the world with its JavaScript. Its availability and security is critical to the daily work of millions of JavaScript programmers. We need your help to build and audit systems, improve tooling, and collaborate with our other teams to help keep npm services secure.


* Support the security team with engineering efforts

- Improve existing tools and build new ones from scratch to help security efforts

- Build tooling in JavasScript to help security research and development


*Support the engineering team with security advice and fixes

- Perform code and architecture reviews from a security perspective

- Help support a Secure software development life cycle for our engineering team


* Identify problems and investigate incidents as needed understanding their security impact and root cause as well as providing guidance for remediation.

* Help keep the registry as secure as it can be with the support of your colleagues

* Write internal documentation. This includes RFCs for new features as well as descriptions of APIs.

* Collaborate with teams across the company - from Engineering and Support to Sales and Marketing.


What you’ll need

Ability to program in JavaScript; other languages or frontend experience are a bonus

Ability to read code / design documents and identify security flaws and weaknesses


Your work at npm will help JavaScript developers around the world to build amazing things, safer.


Our Code of Conduct

npm exists to facilitate sharing code, by making it easy for JavaScript module developers to publish and distribute packages.


npm is a piece of technology, but more importantly, it is a community.


We believe that our mission is best served in an environment that is friendly, safe, and accepting; free from intimidation or harassment. We do not tolerate abusive behavior. See our unabridged code of conduct here.


Why You Should Join

In joining the npm team, you'll become an important part of a small but dedicated security team. We strive to provide a sensible working environment that doesn't ask for or encourage habitual overtime and we offer flexibility in schedule. We have a progressive parental leave policy and vacation time is not just encouraged, but celebrated. We also understand that healthy schedules lead to better outcomes. To help ensure this balance we have contracted support night coverage so we don't interrupt anyone's sleep. 


We believe that high-performing teams include people from different backgrounds and experiences who can challenge each other's assumptions with fresh perspectives. To that end, we actively seek a diverse pool of applicants, including those from historically marginalized groups — women, people with disabilities, people of color, formerly incarcerated people, people who are lesbian, gay, bisexual, transgender, and/or gender nonconforming, first and second generation immigrants, and people from low-income families.

CLOUD SECURITY ARCHITECT

CLOUD SECURITY ARCHITECT at TWO SIGMA

New York, NY

We are seeking a Security Engineer and Architect with considerable experience and expertise in public cloud platforms to join the Cloud Security team.  

The Cloud Security team works as a key asset through the design, development and implementation of initiatives that span various public cloud provider platforms, in order to incorporate a robust security posture from the outset to accelerate innovation across Two Sigma.

This is a highly visible role with impact across many lines of business, with a variety of threat models, risks and technologies.

CORE RESPONSIBILITIES INCLUDE:

·        Providing design-time review and guidance to teams building and deploying new applications that leverage public cloud platforms, including Amazon Web Services and Google Cloud Platform

·        Assessing and mitigating security risk associated with integrated and native services provided by public cloud platforms

·        Defining security policy for the public cloud and overseeing its execution

·        Threat and risk modeling

·        Collaborating with key business partners to understand their success criteria and enabling them to iterate and innovate in a secure manner

·        Thinking creatively, communicating clearly and driving to overcome obstacles by designing, testing and executing solutions

·        Designing and building automation systems that allow for secure review, deployment, and continuous validation of public cloud infrastructure

REQUIREMENTS INCLUDE:

·        Hands-on experience in a technical information security role, with demonstrable understanding of:

o   Network Security

o   Host-Based Security

o   Application Security

·        Hands-on experience with at least one of the following cloud platforms:

o   Amazon Web Services

o   Google Cloud Platform

o   Microsoft Azure

·        Demonstrable software engineering or scripting experience

·        Familiarity with distributed systems and cloud-scale, cloud-native techniques and tools:

o   Infrastructure as code

o   Continuous Integration / Continuous Deployment

o   Containers and container orchestration

·        Strong communication skills

·        Passion for problem solving and execution

·        Collaborative, no-ego approach

·        Self-starter and self-driven with strong initiative 

SECURITY ENGINEER: INSURANCE

SECURITY ENGINEER: INSURANCE at TWO SIGMA

Two Sigma Insurance Quantified (TSIQ) seeks to partner with leaders in the insurance industry by applying Two Sigma's core engineering, modeling and analytics capabilities. TSIQ works closely with its industry partners to deliver products and solutions, which lead to enhanced automation and data-driven decision making.  Comprised of a diversified and growing team of highly skilled data scientists, engineers, and business professionals, TSIQ possesses the agility and innovation of a dynamic startup with the resources and long-term view of Two Sigma.

Two Sigma is a technology company dedicated to finding value in the world's data. Since its founding in 2001, Two Sigma has built an innovative platform that combines extraordinary computing power, vast amounts of information, and advanced data science to produce breakthroughs in investment management, insurance and related fields. Today, Two Sigma manages approximately $52+ billion in assets, employs more than 1,000 people and has offices in New York, Hong Kong, Houston and London.

The TSIQ Engineering team is made of multiple functional teams responsible for all the software components, services and cloud infrastructure that power the TSIQ Insurance platform (IQ OS)

TSIQ is looking to add a Security Engineer to its team as we develop IQ OS and work with our industry partners. Your core mission is to ensure that our services, applications, and infrastructure are designed and implemented to the highest security standards. You will have the opportunity to learn from, and be mentored by a growing security and engineering team whose mission is to use industry leading practices to secure our deployments.

Responsibilities

●       Engineer security controls and process in our applications, services, and cloud infrastructure

●       Infrastructure and application security  assessment

●       Application and infrastructure design review and control recommendation

●       Work with a variety of engineering and infrastructure teams to review and improve security controls

●       Design, build, and improve all aspects of our secure engineering lifecycle

●       Application Security testing using static and dynamic testing tools

●       Perform code reviews on internal products and open source libraries

●       Communicate security concepts and recommendations to engineers and enable them to write secure code

Basic Qualifications

●       BA/BS in Computer Science or related technical field, or equivalent experience.

●       At least 3 years as a security engineer directly contributing to systems/services and supporting them in production.

●       At least 2 years of experience with application security testing and review using modern static and dynamic testing tools

●       Knowledge of common application security vulnerabilities and secure engineering practices to mitigate such attacks.

●       Ability to read code in a wide variety of languages, discover security vulnerabilities with ease, and explain them to engineers in plain English

●       Defensive experience in prioritizing security vulnerabilities, missing controls, and unknown systems

●       At least 2 years working with common and industry standard cloud-native/cloud-friendly authentication mechanisms (SAML, OAuth, etc).

●       At least 2+ years of exposure to service-oriented architecture for cloud-based services.

Preferred Qualifications

●       Cloud security and architecture  or related certifications

●       Experience with modern programming languages.

●       Familiarity with security issues in CI/CD

●       Technical writing experience.

●       Strong passion for security best practices and the ability to partner with other parts of the Engineering organization.

LEAD ENGINEER - SECURITY DETECTION AND RESPONSE

LEAD ENGINEER - SECURITY DETECTION AND RESPONSE at TWO SIGMA

New York, NY

We are seeking an experienced security engineer and architect, with broad and deep experience across computer science and business.  In this role you will be responsible for:

  • Providing design-time review and guidance to teams building and deploying new technology at Two Sigma;

  • Defining security policy and overseeing its execution;

  • Assessing and mitigating security risk associated with new and existing systems;

  • Threat and risk modeling.

Requirements Include:

  • At least a bachelor’s degree in computer science, mathematics, or a related field.

  • At minimum 4 years of experience in information technology security.

  • Demonstrable and detailed understanding of cryptography, network security, operating systems, and PKI infrastructure and implementation.

  • Experience with securing micro-services architecture, containers, and related technologies is preferred

  • Experience (need not be recent) as a software developer.

  • Familiarity with distributed systems and physical security.

SECURITY ARCHITECT

SECURITY ARCHITECT at TWO SIGMA

New York, NY

We are seeking an experienced security engineer and architect, with broad and deep experience across computer science and business.  In this role you will be responsible for:

  • Providing design-time review and guidance to teams building and deploying new technology at Two Sigma

  • Defining security policy and overseeing its execution

  • Assessing and mitigating security risk associated with new and existing systems

  • Threat and risk modeling

Requirements Include:

  • At least a bachelor’s degree in computer science, mathematics, or a related field.

  • At minimum 4 years of experience in information technology security.

  • Demonstrable and detailed understanding of cryptography, network security, operating systems, and PKI infrastructure and implementation.

  • Experience with securing micro-services architecture, containers, and related technologies is preferred

  • Experience (need not be recent) as a software developer.

  • Familiarity with distributed systems and physical security.

WINDOWS INFRASTRUCTURE ENGINEER - SECURITY

WINDOWS INFRASTRUCTURE ENGINEER - SECURITY at TWO SIGMA

New York, NY

We are seeking an Infrastructure Engineer for our Security Infrastructure team. Communication skills are vital to this position as its responsibilities include working directly with other teams within Security and throughout Two Sigma.  This role will be responsible for:

  • Operational support for security environments and applications;

  • Windows server administration and configuration management;

  • Operational support and management of Hyper-V and a multi-forest Active Directory environment

  • Design and implementation of security systems and products;

  • Development of automation tools and scripts;

Requirements Include:

  • Bachelor’s degree.

  • Proficiency in Windows administration, including Active Directory, DNS, Hyper-V, Group Policy, Powershell

  • General knowledge and experience with security, networking, and systems concepts.

  • Must be a critical thinker with strong problem-solving skills.

  • High degree of initiative, dependability and ability to work with little supervision.

  • Ability to work under tight deadlines and handle multiple, detailed tasks.

  • Team-oriented mindset and interest in sharing information and goals.

  • Excellent written, verbal, organizational, and documentation skills.

  • Experience on a Security Infrastructure team is preferred.

Privacy Engineer

Privacy Engineer at Square

San Francisco, CA

Company Description

We believe everyone should be able to participate and thrive in the economy. So we’re building tools that make commerce easier and more accessible to all. We started with a little white credit card reader but haven’t stopped there. Our new reader helps our sellers accept chip cards and NFC payments, and our Cash app lets people pay each other back instantly. We’re empowering the independent electrician to send invoices, setting up the favorite food truck with a delivery option, helping the ice cream shop pay its employees, and giving the burgeoning coffee chain capital for a second, third, and fourth location. Let’s shorten the distance between having an idea and making a living from it. We’re here to help sellers of all sizes start, run, and grow their business—and helping them grow their business is good business for everyone.

Job Description

As a Privacy Engineer at Square, you will build internal products and infrastructure to protect Square’s customers’ privacy. In this role, you will closely collaborate with many teams across Square, including other teams within security, as well as platform engineering, product engineering, data science, and privacy counsel.

You should expect to:

  • Design and develop services that support data privacy initiatives and consumer’s privacy rights across Square’s engineering ecosystem

  • Derive and apply new principles from the emerging field of privacy engineering to problems at industry scale

  • Help define the technological future of data privacy for data science and machine learning services at Square

  • Act as a force multiplier for software development by supporting engineering teams to incorporate privacy engineering products in their engineered solutions

  • Provide mentorship and reviews for engineering teams working with privacy technologies

  • Contribute to monitoring, and stability of our existing tools

Qualifications

Some qualifications you may have:

  • 3+ years of software engineering experience

  • A high bar for writing quality scalable, robust, and testable code

  • Willingness to learn new technologies or languages

  • Willingness to cut across new or existing services, infrastructure, or frameworks to achieve privacy goals

  • A desire to perform and grow technically as an engineer or engineering leader

  • Strong communication skills

As a bonus, you may have experience or interest in:

  • Designing novel yet robust security architectures

  • Technologies in privacy, such as k-anonymity, differential privacy, or private information retrieval

  • Understanding and applying the emerging field of privacy-enhancing technologies and usable privacy

  • Explaining complex technical security or privacy concepts clearly

Additional Information

At Square, we value diversity and always treat all employees and job applicants based on merit, qualifications, competence, and talent. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

Manager, Technical Support

Manager, Technical Support at ForeScout

What We Are Doing:

We are providing solutions for one of the largest needs in the security space.  ForeScout is at the forefront of IoT Security. As the world is becoming more and more connected so is the need for ForeScout’s solutions.


What you will do:

Responsible for the start-up, implementation and operational excellence of a technical support team. Functioning successfully in this role will require a sense of urgency, total ownership for the customer experience and the ability to navigate and get things done cross-functionally.

Essential Duties and Responsibilities:

  • Responsible for the day to day leadership of front line Support Engineers including, hiring, training, and developing a highly qualified team with focus on the customer experience, skills development, productivity, resource scheduling, employee morale and team motivation

  • Through the use of metrics and a hands on approach, ensure support team is delivering high quality customer support

  • Develop, track/monitor and analyze key customer support metrics to manage the team effectively.

  • Manage escalation of customer issues, working closely with customers and internal teams for resolution.

  • Ensure that the necessary processes and policies are in place and are adhered to in effort to meet the service level agreements and customer satisfaction goals of the organization.

  • Work with Sustaining Engineering to ensure that customer found defects and product supportability gaps are addressed

  • Develops technical support policies and procedures to ensure consistent customer service and satisfaction.

  • Evaluates individual and team performance and provides guidance on resolving performance issues.

What you bring to ForeScout:

  • Bachelor’s degree in business or related field required. MBA a plus.

  • Must have a minimum 8 years of experience in customer support management in the high-technology industry

  • Strong understanding of support processes and methodologies including how to interpret support KPIs and metrics

  • Experience utilizing Salesforce.com or similar Sales CRM-like tool

  • Strong understanding of the following: Routing, Switching (layer 2/layer3), Traffic Monitoring/Spanning: 802.1Q VLAN, VPN,      LAN, WAN, WLAN

 

Travel or Other Requirements:

  • Extended or non-traditional work hours will be required.

  • Opportunity for domestic and international travel.

What ForeScout Offers You:

Strong product, good leadership, great culture, good people, diverse, great benefits, great compensation. If you have good work ethic, are visible, lean in, you will be recognized. We are in growth mode and there is tons of opportunity. A positive attitude and being flexible to change goes a long way here at ForeScout!

  • Competitive compensation and Benefits

  • Collaborative and innovative environment – make an impact on worldwide security while working on the hottest technology.

  • We work hard…and we PLAY hard!

Professor of the Practice in Cybersecurity

Steed Family Professorship of the Practice in Cybersecurity: Duke University.  The Sanford School of Public Policy at Duke University invites applications for the inaugural Steed Family Professorship of the Practice in Cybersecurity. This search is for a professional with a national or international reputation and visibility, who can provide thought leadership through teaching, research, and public engagement on pressing issues of cybersecurity in the context of broader global and national security.  The ideal candidate will also have experience and/or demonstrated interest in building a program at Duke in cybersecurity.


Professors of the Practice need not have a PhD, but the ideal candidates for this position will likely have significant professional experience beyond a post-graduate degree.


The Sanford School includes a full-time faculty of almost 70 and offers an undergraduate major, three masters programs, and a Ph.D. program. Current faculty members have degrees in a variety of disciplines including: demography, economics, history, law, medicine, philosophy, political science, psychology/social psychology, public policy, public health/health policy, and sociology. The School houses several interdisciplinary research centers, and offers degree-related programs and opportunities in Washington, China, Scotland, India, London and Geneva. More information on the Sanford School can be found at www.sanford.duke.edu.

Candidates should submit a letter of application that traces their professional experience and makes it clear why they would be interested in joining the Sanford School of Public Policy. The letter, along with a CV and the names of three references, should be submitted via the following website: https://academicjobsonline.org/ajo/jobs/12187.   Any questions can be directed to Professor Philip Napoli, Chair, Steed Professorship in Cybersecurity Search, at [email protected].


For the job description, click https://duke.box.com/v/Steed

Applications submitted by November 16, 2018 will be guaranteed consideration.

Duke University is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, genetic information, gender, gender identity, national origin, race, religion, sexual orientation, or veteran status.

Privacy Legal Researcher

Privacy Legal Researcher

Location: Atlanta, GA

The position is for a member of the OneTrust Global Privacy Team which requires an individual with legal expertise who can provide research and monitoring of global data protection developments. A familiarity with privacy law and technology is important in order to provide high quality content.

 

Typical day/week snapshot

  • Research new legal developments in the data protection field for specific regions/countries

  • Indexing data protection materials

  • Drafting content for availability in the software and in marketing

  • Prepare reports, analyses, briefing materials, and presentations.

  • Follow industry groups and standards bodies that advance privacy methodologies.

  • Attending data protection events around the world

Position Requirements

  • JD

  • Research experience

  • Familiarity with data privacy regulatory requirements and compliance issues.

  • Excellent writing and proofreading skills

  • Ability to work independently

  • Ability and willingness to travel (10%-30%)

Additional Highly Preferred Skills

  • Fluency in more than one language preferred.

  • CIPP/E certification, CIPM certification, or other privacy certifications

  • Experience in a trade association, think tank, university, consulting, law firm, compliance, and in-house

What You’ll gain from joining OneTrust

You can expect tremendous professional development; an opportunity to work in an open environment on solutions that are reshaping the way businesses operate; and respect for your ideas. We believe in recognition for a job well-done, competitive salaries and a fast paced, entrepreneurial environment.

 

About OneTrust

OneTrust is an enterprise software platform for data privacy compliance. Our web based software solves this problem by helping organizations understand the complete picture of personal data being governed. It is a single place for the privacy office to collaborate with business groups, vendors and trusted advisors managing privacy risks.

 

OneTrust was founded by seasoned veterans with an extensive background in building enterprise-grade software for the world’s most complex and highly regulated organizations. Our advisory board consists of industry experts who helped shape the global privacy policy landscape and invented foundational principles and frameworks used by business over the past 20+ years. As an IAPP Platinum Plus Member, we are committed to advancing innovation and helping organizations minimize their compliance risk. We can be found online at www.onetrust.com.

Technical Writer

Technical Writer, Chronicle

Mountain View, CA, United States

Born from X, Alphabet's moonshot factory, Chronicle is advancing cybersecurity for enterprises of all sizes. We are dedicated to helping companies find and stop cyber attacks before they cause harm. We work with the entire security industry to give good the advantage in the fight against cybercrime. Joining experts in large-scale cloud computing, big data, machine learning, and cybersecurity, you'll help build out the next generation of security intelligence solutions.

As part of the Engineering team, you will be our first Technical Writer, responsible for writing customer-facing documentation for our customer base (from small to large enterprises). You will play a key role in directly helping our customers and partners better understand our SaaS solution. We are looking for a writer who enjoys communicating complex information clearly, concisely, and accurately. You will be the key link between engineers, UX, product, marketing, and customers. You will analyze and use customer feedback to continually improve product documentation. We're looking for an enthusiastic technical writer who can deliver high quality documentation for multiple Chronicle products and services and help set the standard for Technical Writing at Chronicle.

Due to the smaller size of our organization and rapid pace of growth and change, you will have cross-functional exposure at a company that moves quickly. The ideal candidate is someone who is comfortable operating in an organization that scales quickly; someone who loves variety in their work and who wants to get their hands dirty. You are a self-starter and bring innovative approaches to problem solving, to develop and propose new ideas, and actively participate in improving the quality of our content.

Responsibilities

● Write, publish, and maintain customer-facing documentation, including references, online content, in-app guides, and tutorials, based on advanced concepts in the domain of cybersecurity.

● Edit, clarify, and proofread documents written by others, and coach non-writers on ways to improve their writing skills.

● Work closely with Product, Engineering, and Marketing to determine documentation requirements.

● Manage multiple competing priorities in a fast-paced and constantly changing environment.

Minimum qualifications:

● BA/BS degree or equivalent practical experience

● 5-7 years of relevant experience in the technical writing field having designed, authored and delivered online, technical, and user experience documentation in SaaS, enterprise security deployments and network infrastructures

● Familiarity with enterprise security deployments and infrastructures

● Ability to prioritize and succeed in a highly ambiguous environment with competing demands

Preferred qualifications:

● Excellent interpersonal skills, with proven ability to take initiative and build strong, productive relationships

● Interest or experience in leading a community forum

● Experience producing task-oriented documentation

● Familiarity with documenting APIs

● Strong technical writing skills, oral communication, and grammar skills

Apply on www.chronicle.security or direct link here.

Software Engineer, Customer Experience

Software Engineer, Customer Experience, Chronicle

Mountain View, CA, United States

As a Software Engineer, you will be a part of fast moving projects with responsibilities for making our customer experience as “self driving” as possible. We do this by building and bridging tools and systems that need to be as innovative as our projects themselves.

Born from X, Alphabet's moonshot factory, Chronicle is advancing cybersecurity for enterprises of all sizes. We are dedicated to helping companies find and stop cyber attacks before they cause harm. We work with the entire security industry to give good the advantage in the fight against cybercrime. Joining experts in large-scale cloud computing, big data, machine learning, and cybersecurity, you'll help build out the next generation of security intelligence solutions.

Responsibilities

● Design and implement portals, systems, tools and integrations related to operational efficiency, customer experience and new business models.

● Manage projects that can take anywhere between a few days and multiple months to implement.

● Be responsible for the internal tooling used by our business teams and the external tooling for users and customers.

● Bridge the business and engineering teams - be the voice of the customer and the business in engineering planning and the voice of the engineering team in business planning.

● Collaborate with a cross-functional team of business, engineering, UX, etc. to come up with the best solutions.

Minimum qualifications:

● Bachelor's degree in a technical field or equivalent practical experience.

● 3 years of software development experience building full-stack web applications.

● Experience in integrating with 3rd party systems and APIs.

● Experience with one or more general purpose programming languages including but not limited to: Java, Python, JavaScript, Go, or Swift.

Preferred qualifications:

● Experience with Google Cloud Platform.

● Experience with Python, Polymer and Node.js.

● Experience in system integration and eCommerce portals.

● Experience in startups or new product launches.

Apply on www.chronicle.security or direct link here.

Front End Software Engineer

Front End Software Engineer, Chronicle

Mountain View, CA, United States

Born from X, Alphabet's moonshot factory, Chronicle is advancing cybersecurity for enterprises of all sizes. We are dedicated to helping companies find and stop cyber attacks before they cause harm. We work with the entire security industry to give good the advantage in the fight against cybercrime. Joining experts in large-scale cloud computing, big data, machine learning, and cybersecurity, you'll help build out the next generation of security intelligence solutions.

In this role you will be squarely focused on frontend UI/UX implementation and architectural decisions, but some interest or experience with full-stack work and/or with backend product work is also a plus. Most frontend development will be in Typescript and Polymer.

Responsibilities

● Lead designs of major software components, systems, and features.

● Design, develop, test, deploy, maintain and improve software.

● Manage individual projects priorities, deadlines and deliverables with your technical expertise.

● Mentor and train other team members on design techniques, and coding standards

Minimum qualifications:

● BA/BS degree in Computer Science or related technical field or equivalent practical experience.

● 5 years of relevant work experience with experience developing UI/UX as part of a team.

● Experience in Software Development with Javascript and Javascript frameworks.

● Experience with writing and debugging UI/UX code for the Chrome browser and with UI/UX testing environments (such as WebDriver).

Preferred qualifications:

● Master’s degree in Engineering, Computer Science or related technical field.

● Experience with Typescript and Polymer.

● Interest and ability to learn other coding languages as needed.

Apply on www.chronicle.security or direct link here.

Backend Software Engineer

Backend Software Engineer at Chronicle; Mountain View, CA, United States

Born from X, Alphabet's moonshot factory, Chronicle is advancing cybersecurity for enterprises of all sizes. We are dedicated to helping companies find and stop cyber attacks before they cause harm. We work with the entire security industry to give good the advantage in the fight against cybercrime. Joining experts in large-scale cloud computing, big data, machine learning, and cybersecurity, you'll help build out the next generation of security intelligence solutions.

Primary responsibilities for this role will be squarely focused on backend design and implementation, but some interest or experience with full-stack work and/or with user-facing product work is a plus. Most backend development will be in Go, Java and C++.

Responsibilities

● Lead designs of major software components, systems, and features.

● Design, develop, test, deploy, maintain and improve software.

● Manage individual projects priorities, deadlines and deliverables with your technical expertise.

● Mentor and train other team members on design techniques, and coding standards

Minimum qualifications:

● BA/BS degree in Computer Science or related technical field or equivalent practical experience.

● 5 years of relevant work experience.

● Experience in software development in one or more general purpose programming languages including but not limited to: C/C++, Java, Python, or Go.

● Experience architecting and developing large scale systems processing data.

Preferred qualifications:

● Master’s degree or PhD in Engineering, Computer Science or related technical field.

● Experience working with one or more from the following: Indexing and searching huge amounts of data, Infrastructure, Machine Learning, Front End Development, Security and Privacy.

● Strong familiarity with cyber-security (attacks, defenses), and experience analyzing/processing cyber-security-related big-data to derive useful insights

● Interest and ability to learn other coding languages as needed.

Apply on www.chronicle.security or direct link here

LEAD SECURITY ANALYST/ENGINEER - SECURITY OPERATIONS

Working for Equity Residential (EQR), a leading multi-family real estate investment trust (REIT), means being part of a community and striving to provide the best in apartment living, speaking boldly about new ideas for innovation, and inspiring creativity in the ways we work together. Our portfolio of high-quality properties in urban growth markets – New York City, Boston, Washington DC, Seattle, San Francisco and Los Angeles – provides homes where people most want to live, work and play. We've got the best people in the business, and our experience shows in our dedication to our residents and in how much we value each other as colleagues. That’s why our employees say they are proud to work at Equity, a company that gives our residents a place where they can Live Remarkably, and offers a culture where our employees have the opportunity to make their mark.

 

We are currently seeking a Lead Security Analyst/Engineer to join our Security Operations team at our corporate headquarters in Chicago, IL.  As a Senior Security Analyst/Engineer at EQR, you will be responsible for hands-on incident response following the guidelines of our Information Security Program. You’ll serve as a key member of the Security Operations team to lead the development, improvement, and documentation of our security program. You will focus on real-time security events analysis, helping to protect the organization’s electronic assets. And by relying on your knowledge and previous experience with a wide range of security areas including (but not limited to): IDR solutions, IDS/IPS, malware analysis, firewalls, and data loss prevention solutions, you’ll recommend detection, prevention and mitigation strategies to be evaluated by the greater EQR security team.

 

WHO YOU ARE

  • Knowledgeable.  You have a broad-based familiarity with Security Operations with 5 to 7 years of experience as an Incident Responder. More specifically, your background includes at least 2 years of Splunk experience as well as with IDR tools, familiarity with static and dynamic malware analysis, DFIR and threat hunting methodologies is key. A solid network background is also important.

  • A Problem Solver. You are a creative thinker, who focuses on the problem as stated and gathers information and knowledge to achieve an appropriate solution. Your skillfulness in this area helps you determine how to quickly assess security incidents.

  • A Strong Communicator. Your writing and speaking skills are clear, articulate, and effective, demonstrating your ability to interact with and be understood by all levels and various teams across the organization.  In addition, you’re skilled in communicating in a non-technical manner with everyone from end users to senior management and also in a technical manner to other IT professionals.

  • Organized, Efficient, and Accountable. You have a keen eye for detail and pride yourself on delivering quality work. You multitask well, re-prioritize accordingly, and meet deadlines consistently. Above all, you are flexible and able to juggle the needs of changing priorities of the business, even if that means an occasional after-hours project.

  • Passionate. Motivated. Eager to Learn.  You are resourceful, ask smart questions, challenge the status quo, and regularly seek to understand. You’re willing to learn a range of business and/or technical specialties, based on organizational needs. And when a special project arises, you volunteer!

  • Trustworthy and Discerning.  The ability to work with confidential information, while using discretion, is crucial to this position.


 

WHAT YOU’LL DO

  • Lead a team of Incident Responders.

  • Investigate and document security incidents according to the security incident response policy.

  • Assist with architecting firewalls changes, as well as manage IPS/IDS and web filtering technologies.

  • Create actionable items out of threat intelligence feeds.

  • Coordinate and execute red/blue team exercises.

  • Evaluate and map risk accordingly to risk models.

  • Understand and apply threat model concepts.

  • Collaborate with the team to resolve fault conditions on security systems.

  • Support the team on high priority and high visibility security issues.

  • Mentor other less experienced Security Analysts and train peers on platform enhancements and technology changes.

  • Ensure platform accessibility, software revisions, and best practices are maintained.

  • Prepare ad-hoc analysis and reports as needed.

  • Perform other duties and participate in special projects, as needed.


 

PREVIOUS EXPERIENCE

  • Solid understanding of Windows Operating Systems and Windows Internals.

  • 4+ years work experience in IP addressing and subnetting, routing protocols, VPN concepts, VLAN configuration and concepts and L2/L3 switching technologies.

  • Experienced leading a team of incident responders

  • 5+ years experience as an Incident Responder and in Security Operations.

  • 4+ years of experience designing and maintaining firewall policies

  • Bachelor's degree, with an emphasis in computer science or information systems preferred or equivalent experience.

  • Experience maintaining highly available and highly secure networks.

  • Experience with SSL decryption technologies.

  • Must possess expert level knowledge with DMZ architectures.

  • Well-versed in layer 2 to layer 7 troubleshooting experience.

  • Exposure to major system applications and databases; Unix and Windows experience a plus!

  • Excellent understanding of VMware Infrastructures.

 

REWARDS

We recognize everyone has different needs outside of work. That’s why, in addition to a competitive benefits package (medical, dental, vision and paid time off), we offer many unique options to employees, like adoption benefits and paid time off for community service projects. To learn more, view our Total Wellbeing page here.

To apply, contact Jamie Preski at [email protected]

Security and Compliance Associate

Everlaw is a group of PhDs, engineers, lawyers, and business professionals working to introduce elegant solutions to the legal market. We're a venture-backed, 75+ person startup with sustained 100% year-over-year growth and funding from top-tier VCs like Andreessen Horowitz.

We are deeply committed to the security of our data, the privacy of our clients, and the integrity of our company. We believe that clear, flexible, well-designed processes are the way to achieve these aims -- after all, belief in process is one of our company values. We are looking for the right person to support the implementation of Everlaw’s security and compliance program from top to bottom. This position reports to Everlaw’s VP of Security and Compliance.

Responsibilities

    • Collaborate with senior Security and Compliance team members to establish and implement processes (including routine office and technology audits and monitoring internal procedures)
    • Lead team documentation of internal metrics and project tracking
    • Assist with policy maintenance, including providing input into policy and procedure reviews and updating quarterly reports
    • Support third-party audits and responding to security, compliance and privacy requests and RFPs from clients and prospects
    • Work with internal teams to research and respond to compliance, security and privacy questions from staff 
    • Assist with regular risk assessments, including organizing recurring meetings, reviewing and implementing process changes, business and/or support function procedures and internal controls, and assessment and/or development of internal documentation
    • Educate and engage Everlaw employees across all teams about policies and processes and help drive security awareness and a culture of security and compliance across all Everlaw teams

Requirements

    • You have strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, and a love for details
    • You have superb organizational skills and an innate urge to document
    • You have excellent communication, interpersonal, and issue resolution abilities
    • You are eager to work in a cross-functional role with the entire Everlaw team
    • BA or BS at a minimum 
    • Authorization to work in the United States; please note that at this time, Everlaw is not sponsoring visas for any positions
    • Plus: Project management experience and familiarity with compliance, security and privacy frameworks (e.g., AML, ABC, SOC 2, NIST, HIPAA, GDPR)
    • Plus: JD, CCEP, CIPP, or other relevant degrees or certifications may be useful

Benefits

    • Competitive salary
    • Substantial equity
    • Retirement plan with company matching
    • Health, dental, and vision insurance
    • Flexible Spending Accounts for health and dependent care expenses
    • Maternity, paternity, and sick leave
    • Seventeen paid vacation days, plus ten bankable federal holidays
    • Reimbursement of bar membership (if applicable)

Perks

    • Work in the East Bay, just steps from the BART line and dozens of restaurants
    • Select your own hardware and customize your desk setup
    • Bond over team lunches and out-of-the-box events
    • Take advantage of learning and career development opportunities
    • Voted "Best Workplaces of 2018" having one of the highest-scoring businesses with standout employee engagement

About Everlaw

We help law firms, government agencies, and corporations sift through millions of documents of evidence in big lawsuits and investigations to find the proverbial smoking gun (or needle in the haystack -- pick your metaphor). It's a multi-billion dollar space typically dominated by service-oriented vendors, and we're coming at it with cutting-edge technology and elegant design.

It's working, and we've been growing very rapidly: we host scores of terabytes of data and work with all 50 state Attorneys General and hundreds of law firms on some of the most high-profile cases litigated today. If you’re looking for an open, democratic company culture that values passion, integrity, and a desire to learn, we want to hear from you.

Everlaw is an equal opportunity employer. We do not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law. It is our policy to comply with all applicable national, state and local laws pertaining to nondiscrimination and equal opportunity.

Technical Support Engineer

Technical Support Engineer

ForeScout

McLean, Virginia or Dallas, Texas

The Technical Support Engineer is a key technical resource in the Support organization, providing expert guidance to customers and to other support engineers.  The ideal candidate will have extensive experience with enterprise computing environments, distributed applications, and a strong knowledge and understanding of TCP/IP networks to include ASA, Palo Alto firewalls, Cisco, Juniper, and Brocade switches, along with solid experience in network security solutions.  In addition, the candidate will have Advance Systems Administrator’s level of knowledge and understanding of all protocol layers and operating systems: Linux, Windows, and Mac OS. Advanced knowledge in the area of virtualization is strongly desired. The Technical Support Engineer will develop a deep understanding of ForeScout products and in-depth knowledge of environments in which they are deployed, and will use his knowledge and experience to solve technical problems for customers and to act as advisor to less experienced team members.  The Technical Support Engineer completes assigned duties with minimal direction from Technical Services Leadership. Routinely acts independently while researching and developing solutions to customer issues. Acts as a technical point of contact and is repeatedly sought by others to provide specialty knowledge to assist them in their problem solving. Routinely monitors and develops knowledge assets to enable customer self-sufficiency. 


Responsibilities:

  • Provides complex technical support to customers, other ForeScout employees, and partners.
  • Makes collaborative effort within the team to resolve complex customer issues.
  • Participates in knowledge transfer with teammates through delivering formal team training sessions, brown bags and formal mentoring.
  • Creates and reviews knowledge base articles and notes.
  • Achieves a high level of expertise in all areas of the product.
  • Provides knowledge transfer with teammates through formal team training sessions, brown bags, and mentoring of other team members.
  • Capable of handling cases and escalations within guidelines.
  • Capable of independently solving customer issues on-site.
  • Liaison to Engineering on product issues including design, features, and defects.
  • Occasionally travels to customer sites in emergency situations to solve technical problems.

Technical Qualifications:

  • Understanding of enterprise computing environments, distributed applications, and a strong knowledge and understanding of TCP/IP networks to include ASA ,Palo Alto firewalls, and Cisco, Juniper, and Brocade switches
  • Experience with design and configuration of  ForeScout CounterAct is a plus
  • Hands on experience in both Windows and Linux, Mac OSX platforms with a solid understanding of networking principals and security best practices.
  • Understanding of the system hardening processes, tools, guidelines and benchmarks
  •  Industry Certifications such as CISSP, CASP, Security+, CEH, SANS (GCIA, GCIH, GREM, GPEN) is a plus
  • Advanced Administrator’s level of understanding of Operating Systems (Linux, Windows, Macintosh, and UNIX) is a plus
  • Computer Networking Systems Administrator’s level Knowledge of all protocol layers.
  • Strong knowledge of enterprise networking environments.
  • Expertise in debugging and root-cause analysis in complex systems and large environments.
  • Experience installing, implementing and debugging network access control security solutions is a plus.
  • Desired skills: VMware -VSphere, Microsoft Hyper-V, and PGSQL.
  • Understating of programming languages: C, Java, and Perl.

General Qualifications:

  • 3+ year’s technical experience in a support role (in an Enterprise-level support environment is a plus).
  • 2+ years’ experience troubleshooting hardware related issues.
  • Outstanding customer-facing skills.
  • Expert ability to assess situations and adapt according to customer needs.
  • Strong knowledge and experience working in a complex multi-team based technical support environment.
  • Ability to troubleshoot heterogeneous environments.
  • Capable of documenting problems and solution for internal as well external customers.
  • Model documentation and case management practices.

Education

  • Bachelor’s degree in Computer Science, Engineering or equivalent industry experience.
  • CISSP certification or equivalent is a plus.

Travel

  • Ability to travel domestically and internationally when required

Director of IT Security & Chief Information Security Officer

Director of IT Security & Chief Information Security Officer at Herman Miller

 

You can make a salary. Or you can make a difference. Or you can work as the Director of IT Security and Chief Information Security Officer at Herman Miller and make both.


About this Opportunity

As the Director of IT Security and Chief Information Security Officer, you'll be responsible for the planning and development of an enterprise information business risk strategy, including cyber security, information security, legislature requirements (SOX404, HIPPA, etc.), and business continuity. You will collaborate with key business and IT leaders to develop security and business continuance standards and best practices and coordinate resulting action plans. You'll maintain  strong relationships with the internal Business Risk Team, internal Physical Security Team, as well as the external Audit Team to ensure compliance to existing laws and regulations. You'll be responsible for maintaining a secure systems infrastructure environment, ensuring integrity and confidentiality without impacting availability. You'll also work in coordination with Senior IT Leadership to architect, recommend, and implement application and infrastructure solutions.


What You'll Do

You'll have opportunities to speak up, solve problems, lead others, and be an owner every day as you...

  • Build and maintain relationships with key senior leaders, informing them of risks and strategic plans.
  • Create and present quarterly reports to Senior Leadership.
  • Maintain current knowledge of new legislation, technologies, and vulnerabilities that have an impact on the business.
  • Manage the IT Security and IT Business Risk Teams.
  • Perform additional responsibilities as requested to achieve business objectives.
  • Take responsibility for constantly evaluating cyber threats and associated responses.
  • Take responsibility for creating and implementing strategic plans for IT Security and Business Continuity.
  • Take responsibility for ensuring tools and/or technologies are implemented to maintain a secure IT environment.
  • Take responsibility for leading all contract negotiations and reviews for IT Security and Business Continuity.
  • Work as an Application Architect Consultant, bringing knowledge around security to proposed solutions.


Sound Like You?

You might be just who we’re looking for if you have...

  • A Bachelor's degree in Business Information Systems, Computer Science, Computer Engineering, Business, or other related fields, or equivalent experience. A Master's degree is preferred.
  • A CISO Certification (preferred).
  • 10-15 years of professional level experience within Information Technology.
  • Three to five years of experience in cyber security strategy, tools, and vulnerabilities.
  • Three to five years of leadership experience leading multi-functional teams.
  • Prior auditing experience (helpful).
  • A demonstrated high level of written, verbal, and interpersonal skills to communicate information, ideas, procedures, and processes in a logical sequence and at a level appropriate to the audience, resulting in effective working relationships.
  • An expert ability to think strategically and execute tactically. You must also be financially literate and possess well-developed business acumen.
  • Demonstrated leadership competence as defined in Herman Miller's Leadership Competency Model.
  • Knowledge of wired and wireless technologies, standards, and protocols, as well as knowledge of point of sales solutions and vulnerabilities.
  • Proficiency in Software, Storage, Data and Network Virtualization (Hypervisors, NFV, multi-tenancy, and Public/Private/Hybrid Cloud, Orchestration).
  • Experience in the design, integration, and implementation of IaaS, PaaS, and SaaS.
  • Knowledge in Storage and Content/Application Delivery Networks.
  • Proficiency in voice, video, and application technologies, standards, and protocols.
  • The ability to perform all essential job functions of the position with or without accommodations.


Who We Are

At Herman Miller, our unique culture represents the collective attitudes, ideas, and experiences of the people who work here. We focus on protecting the environment, impacting our communities, exceeding the expectations of our customers through high quality products, and championing diversity in all areas of the business, and together we are on a journey toward a better world. We support the well-being of our employees in and outside of work by providing a variety of opportunities including award-winning work-life integration resources, development programs, complex health and wellness offerings, and much more.

Herman Miller is a globally recognized provider of furnishings and related technologies and services. Headquartered in West Michigan, we have relied on innovative design for over 100 years to solve problems for people wherever they work, live, learn, and heal.

Herman Miller is committed to diversity and inclusion. We are an equal opportunity employer including veterans and people with disabilities.

2019 CONGRESSIONAL INNOVATION FELLOWSHIP

2019 CONGRESSIONAL INNOVATION FELLOWSHIP at TechCongress

 

APPLICATIONS FOR THE 2019 CONGRESSIONAL INNOVATION FELLOWS PROGRAM ARE NOW OPEN!  

TechCongress is building 21st century government with technology talent through our Congressional Innovation Fellowships. We are bridging the divide between Congress and the technology sector by placing tech savvy individuals like you to work with Members of Congress and Congressional Committees in order to build capacity in Congress, train cross-sector leaders -- who can understand the challenges of government and in the technology community -- and keep Congress up to date about the latest challenges and opportunities relating to technology.

As a Congressional Innovation Fellow you will:

  • Work with TechCongress to choose a placement with a Member or Congress or Congressional Committee and report directly to a senior staffer (like a Chief of Staff or Staff Director) in that office from January 2019 to December 2019.
  • Perform duties similar to other Congressional staff by applying your experience in technology to a variety of work, including:
    • Researching relevant policymaking (on issues like encryption, autonomous vehicle regulations, health IT, government hacking, privacy, open data, cyber/data security and many others)
    • Helping educate Members and staff about these issues.
    • Researching legislation.
    • Preparing for and organizing Committee hearings, markups, or investigations.
    • Building coalitions with partners and other groups.
  • Develop and produce a fellowship project on an issue of your choosing. Past projects include writing and introducing legislation, and organizing an association of tech staffers.
  • Support TechCongress by writing about and presenting on your experience periodically, and represent TechCongress and the Congressional Innovation Fellows at meetings or events.

What we’re looking for in our Fellows:

  • A technical background or ability, with experience working in or studying the technology sector.  Training can be formal (college, graduate school, the military) or informal (self-trained). 
  • Great interpersonal and communications skills. 
  • Ability to explain technology to those that aren’t as familiar with technology tools or concepts.
  • Track record of success taking initiative and working with others.
  • Ability to thrive in a fast-paced, collaborative environment.
  • Committed to helping get Members of Congress and Congressional staff up to speed on technology issues.  

No experience working in or with government? Great! We're not looking for that. The Congressional Innovation Fellowship program is an opportunity to expose technology leaders like you to Capitol Hill. It is first and foremost and educational experience, giving you a one-of-its-kind education into how Congress and the government works. 

About TechCongress

TechCongress is a three-year-old startup non-profit, incubated at the Open Technology Institute at New America. We've got great staff and advisors doing all we can to bridge the gap between government and the technology community. We are nonpartisan and work with a diverse set of political voices, and do not take positions on issues. We work hard in an intentional and productive manner, and have fun while we do it. We are building a new generation of technology leaders, and support our staff and fellows with professional development, networking, and freedom to tinker and test new ideas. Above all, we are vigilantly focused on adding value—to our people, our institutions and our society.

The first set of Congressional Innovation Fellows served with two of the most influential members of Congress—Rep. Sander Levin (D-Mich.), former Ranking Member on the House Committee on Ways and Means, and Rep. Jason Chaffetz (R-Utah), former Chairman of the House Oversight Committee—and shaped the conversation on issues ranging from modernizing healthcare with technology to the Apple/FBI encryption debate.

The second and thirds sets of Congressional Innovation Fellows have served in bipartisan placements in the Congress including with Senator Kirsten Gillibrand (D-New York), Senator Cory Gardner (R-Colorado), Senator Ron Wyden (D-Oregon), and Senator Rand Paul (R-Kentucky).  Congressional Innovation Fellows are tackling issues from the economic implications of emerging technologies like AI and automation to cybersecurity, election security and data privacy.  Please visit our fellows pagefor information about where all of our fellows are serving. 

We are an Equal Employment Opportunity Employer

TechCongress values an inclusive and diverse workplace. We are an equal opportunity employer committed to hiring a diverse workforce at all levels of the organization thereby creating a culture that allows us to better serve our clientele, our employees, and our communities. We value and encourage the contributions of our employees and fellows and strive to create an environment where everyone can reach their full potential and drive outstanding results. All qualified applicants will receive consideration without regard to race, national origin, age, sex, religion, disability, sexual orientation, marital status, veteran status, gender identity or expression, or any other basis protected by local, state, or federal law. This policy applies with regard to all aspects of one’s employment and fellowship, including hiring, transfer, promotion, compensation, eligibility for benefits, and termination.

You can read more about our efforts to build an inclusive fellowship, especially by working with veterans and underrepresented minorities, on our blog.  

Associate Foundation Program Specialist

Associate Foundation Program Specialist at Harvard Pilgrim Health Care

 

Are you interested in becoming part of a dynamic team that is looking to innovate and improve?

Would you like to work for a company that has been rated by the BBJ (15+yrs) as one of the best places to work?

Do you want to be part of a company that is committed to giving back to the community?

Harvard Pilgrim Health Care is currently seeking a highly motivated individual to join our organization as an Associate Foundation Program Specialist.  This critical role is responsible for supporting the administrative aspects of the Foundation’s key service and giving program initiative as well as a number of critical administrative functions including the 9/11 Community Spirit Mini-Grant Program. This position supports program goals to engage employees in service and giving initiatives to improve local communities and help achieve Harvard Pilgrim’s corporate goal of being a good corporate citizen.

 

WHAT YOU WILL BE DOING:

  • Program management for all service and giving corporate service events. 
  • Assist in the day-to-day management of key service and giving programs including: corporate service days in regional markets, department/ team service days and annual backpack drive.
  • Support the management and administration of the 9/11 Community Spirit Mini-Grant program.  Ensure a high quality, user-friendly 9/11 Mini-Grant experience while meeting the annual application goals including the mini-grant oversight committee.
  • Provide program management support for the Director of Service and Giving
  • Provides relationship management with external community partners and non-profits as well as internal Harvard Pilgrim staff
  • Perform out-of-the-box thinking, collaborate with others, and make a difference every day!

 

WHAT YOU NEED:

  • College degree or equivalent in Non-Profit Management, Communications, Marketing or similar concentration preferred.
  • 2-3 years experience in Community Relations, Event Planning, Public Relations, Nonprofit or related fields. 
  • Resilient, collaborative, flexible, innovative.

  

WHAT MAKES US STAND OUT:

  • Work-Life-Flexibility        
  •  Paid volunteer time off (up to 3 days annually)
  •  Annual Mini-Grant of $500 donated to a non-profit organization of the employee’s choice
  •  Educational Reimbursement

 

WORKING ENVIRONMENT:

Office environment, with ability to commute to all Harvard Pilgrim facilities and be present on location at ongoing service events in the region.