An Introduction to Primer

Primer is the unified infrastructure for global payments. We give finance and payments teams the visibility and control to reduce complexity, improve performance, and capture more revenue - all from a single platform.

Backed by Sofina, Peak XV Partners, ICONIQ, Tencent, Accel, and Balderton, we’re building the payments layer the world’s best companies rely on.

Watch our showcase >

Read up on our $100m Series C

Learn more about our culture >

Which team will you be joining?

You’ll help build the entire product security surface for a company processing payments at scale: threat modelling, security review, compliance, incident escalation, and the multi-year AppSec roadmap. You’d be the second hire, and the person that function finally gets to share the work with.

This is a hands-on delivery role, and a genuinely formative one. You’ll help set the security strategy and architecture; you take real ownership of the work that turns it into reality, reviews, research, automation, and the day-to-day partnership with engineering teams. You’ll have a clear direction to work within and someone senior to learn from, while still owning your projects end to end.

Security at Primer sits close to the engineering teams it protects rather than off to one side, so you’ll spend real time embedded with the people building Cloud, Infra, and product. For someone who wants to go deep in product security with room to grow, there are few better seats than being the second engineer in a function that’s only now scaling.

What will you be doing?

• Running security reviews and threat modelling on features and systems across Primer’s product, and turning findings into clear, actionable guidance for the teams shipping them

• Independently planning and delivering your own security projects, from initial design through to rollout

• Building tooling and automation that makes future reviews faster and cheaper to run

• Coordinating penetration testing and tracking remediation through to closure

• Supporting the recurring compliance work (SOC2, PCI), including evidence collection and remediation tracking against fixed audit windows

• Contributing to AppSec roadmap initiatives across areas like application threats, AI security, supply chain security, and ASPM

• Picking up proactive security work, threat research and hands-on investigation, that a one-person function has never had the capacity for

• Working alongside Cloud, Infra, and GRC on the security aspects of their projects

What we’re looking for

• Working experience in product or application security: you’ve done security reviews or threat modelling and can spot the risks that matter

• The ability to read and write code, not just review it. You’re comfortable building small tools and automation rather than only filing findings

• Sound judgement about risk. You can weigh a real threat against a theoretical one and explain your reasoning clearly

• The ability to plan and deliver your own work independently once you understand the direction, while knowing when to pull in the senior engineer

• Clear communication with engineers who aren’t security specialists, since most of your impact lands through their work

Nice to have:

• Exposure to compliance frameworks like SOC2 or PCI, or genuine appetite to learn them

• Background in payments, fintech, or another regulated, high-stakes domain

• Interest in areas like supply chain security, detection engineering, or AI security

You may not like it here

• It’s remote-first and high autonomy. You’ll get direction, but nobody checks your progress daily. If you need close structure, this will be uncomfortable

• You’ll move between proactive project work and reactive BAU, and priorities will shift as audits and incidents land. Tolerating that change is part of the role.

✅ A typical interview process

• An initial intro call with a Talent Partner

• An interview with the Hiring Manager

• Challenge Stage - Contextualised to the role

• A final, values-alignment interview

What’s the culture like at Primer?

We’re building a culture where people can do their best work and be proud of the impact they have. You’ll be working with people who are mission-driven, smart, and reflective, and who are genuinely invested in building exceptional products and delivering success for our merchants.

We work remotely, and have done since day one. We believe that building a successful, profitable company goes beyond proximity. We invest in our relationships through great remote working practices and thoughtfully designed face-to-face time, including workations, our annual company retreat, and co-working space access worldwide.

The work is challenging. Scaleups are a challenge, and building category-defining products is a challenge. But there’s a meaningful difference between a challenge and a struggle. At Primer, the right challenge comes with the right support: strong onboarding, a collaborative environment, and a team that is genuinely invested in your success. It’s never something you face alone.

Our benefits

🌍 We are fully remote and globally distributed; and have been since day one

💰 Competitive share options

🌴 Uncapped holiday, with 25 days minimum to be taken

🗣️ Co-working space access

📅 Workations & Company Retreat

💻 The best equipment for your role

🏠 £500 towards your home office setup

🔎 Generous learning budget

🏥 Private Medical Insurance

📈 A broad set of additional perks and benefits ( depending on location)

Don’t meet every single requirement?

At Primer, we’re dedicated to building a diverse, inclusive, and authentic workplace. If you’re excited about this role but your experience doesn’t align perfectly with every qualification listed, we encourage you to apply. You may be the right candidate for this or other roles.

Primer is committed to the equal treatment of all current and prospective employees and adopts a zero-tolerance approach to discrimination, regardless of age, disability, sex, sexual orientation, pregnancy and maternity, race or ethnicity, religion or belief, gender identity, marriage and civil partnership, or any other background or belief.

An Introduction to Primer

Primer is the unified infrastructure for global payments. We give finance and payments teams the visibility and control to reduce complexity, improve performance, and capture more revenue - all from a single platform.

Backed by Sofina, Peak XV Partners, ICONIQ, Tencent, Accel, and Balderton, we’re building the payments layer the world’s best companies rely on.

Watch our showcase >

Read up on our $100m Series C

Learn more about our culture >

Which team will you be joining?

You’ll help build the entire product security surface for a company processing payments at scale: threat modelling, security review, compliance, incident escalation, and the multi-year AppSec roadmap. You’d be the second hire, and the person that function finally gets to share the work with.

This is a hands-on delivery role, and a genuinely formative one. You’ll help set the security strategy and architecture; you take real ownership of the work that turns it into reality, reviews, research, automation, and the day-to-day partnership with engineering teams. You’ll have a clear direction to work within and someone senior to learn from, while still owning your projects end to end.

Security at Primer sits close to the engineering teams it protects rather than off to one side, so you’ll spend real time embedded with the people building Cloud, Infra, and product. For someone who wants to go deep in product security with room to grow, there are few better seats than being the second engineer in a function that’s only now scaling.

What will you be doing?

• Running security reviews and threat modelling on features and systems across Primer’s product, and turning findings into clear, actionable guidance for the teams shipping them

• Independently planning and delivering your own security projects, from initial design through to rollout

• Building tooling and automation that makes future reviews faster and cheaper to run

• Coordinating penetration testing and tracking remediation through to closure

• Supporting the recurring compliance work (SOC2, PCI), including evidence collection and remediation tracking against fixed audit windows

• Contributing to AppSec roadmap initiatives across areas like application threats, AI security, supply chain security, and ASPM

• Picking up proactive security work, threat research and hands-on investigation, that a one-person function has never had the capacity for

• Working alongside Cloud, Infra, and GRC on the security aspects of their projects

What we’re looking for

• Working experience in product or application security: you’ve done security reviews or threat modelling and can spot the risks that matter

• The ability to read and write code, not just review it. You’re comfortable building small tools and automation rather than only filing findings

• Sound judgement about risk. You can weigh a real threat against a theoretical one and explain your reasoning clearly

• The ability to plan and deliver your own work independently once you understand the direction, while knowing when to pull in the senior engineer

• Clear communication with engineers who aren’t security specialists, since most of your impact lands through their work

Nice to have:

• Exposure to compliance frameworks like SOC2 or PCI, or genuine appetite to learn them

• Background in payments, fintech, or another regulated, high-stakes domain

• Interest in areas like supply chain security, detection engineering, or AI security

You may not like it here

• It’s remote-first and high autonomy. You’ll get direction, but nobody checks your progress daily. If you need close structure, this will be uncomfortable

• You’ll move between proactive project work and reactive BAU, and priorities will shift as audits and incidents land. Tolerating that change is part of the role.

✅ A typical interview process

• An initial intro call with a Talent Partner

• An interview with the Hiring Manager

• Challenge Stage - Contextualised to the role

• A final, values-alignment interview

What’s the culture like at Primer?

We’re building a culture where people can do their best work and be proud of the impact they have. You’ll be working with people who are mission-driven, smart, and reflective, and who are genuinely invested in building exceptional products and delivering success for our merchants.

We work remotely, and have done since day one. We believe that building a successful, profitable company goes beyond proximity. We invest in our relationships through great remote working practices and thoughtfully designed face-to-face time, including workations, our annual company retreat, and co-working space access worldwide.

The work is challenging. Scaleups are a challenge, and building category-defining products is a challenge. But there’s a meaningful difference between a challenge and a struggle. At Primer, the right challenge comes with the right support: strong onboarding, a collaborative environment, and a team that is genuinely invested in your success. It’s never something you face alone.

Our benefits

🌍 We are fully remote and globally distributed; and have been since day one

💰 Competitive share options

🌴 Uncapped holiday, with 25 days minimum to be taken

🗣️ Co-working space access

📅 Workations & Company Retreat

💻 The best equipment for your role

🏠 £500 towards your home office setup

🔎 Generous learning budget

🏥 Private Medical Insurance

📈 A broad set of additional perks and benefits ( depending on location)

Don’t meet every single requirement?

At Primer, we’re dedicated to building a diverse, inclusive, and authentic workplace. If you’re excited about this role but your experience doesn’t align perfectly with every qualification listed, we encourage you to apply. You may be the right candidate for this or other roles.

Primer is committed to the equal treatment of all current and prospective employees and adopts a zero-tolerance approach to discrimination, regardless of age, disability, sex, sexual orientation, pregnancy and maternity, race or ethnicity, religion or belief, gender identity, marriage and civil partnership, or any other background or belief.

An Introduction to Primer

Primer is the unified infrastructure for global payments. We give finance and payments teams the visibility and control to reduce complexity, improve performance, and capture more revenue - all from a single platform.

Backed by Sofina, Peak XV Partners, ICONIQ, Tencent, Accel, and Balderton, we’re building the payments layer the world’s best companies rely on.

Watch our showcase >

Read up on our $100m Series C

Learn more about our culture >

Which team will you be joining?

You’ll help build the entire product security surface for a company processing payments at scale: threat modelling, security review, compliance, incident escalation, and the multi-year AppSec roadmap. You’d be the second hire, and the person that function finally gets to share the work with.

This is a hands-on delivery role, and a genuinely formative one. You’ll help set the security strategy and architecture; you take real ownership of the work that turns it into reality, reviews, research, automation, and the day-to-day partnership with engineering teams. You’ll have a clear direction to work within and someone senior to learn from, while still owning your projects end to end.

Security at Primer sits close to the engineering teams it protects rather than off to one side, so you’ll spend real time embedded with the people building Cloud, Infra, and product. For someone who wants to go deep in product security with room to grow, there are few better seats than being the second engineer in a function that’s only now scaling.

What will you be doing?

• Running security reviews and threat modelling on features and systems across Primer’s product, and turning findings into clear, actionable guidance for the teams shipping them

• Independently planning and delivering your own security projects, from initial design through to rollout

• Building tooling and automation that makes future reviews faster and cheaper to run

• Coordinating penetration testing and tracking remediation through to closure

• Supporting the recurring compliance work (SOC2, PCI), including evidence collection and remediation tracking against fixed audit windows

• Contributing to AppSec roadmap initiatives across areas like application threats, AI security, supply chain security, and ASPM

• Picking up proactive security work, threat research and hands-on investigation, that a one-person function has never had the capacity for

• Working alongside Cloud, Infra, and GRC on the security aspects of their projects

What we’re looking for

• Working experience in product or application security: you’ve done security reviews or threat modelling and can spot the risks that matter

• The ability to read and write code, not just review it. You’re comfortable building small tools and automation rather than only filing findings

• Sound judgement about risk. You can weigh a real threat against a theoretical one and explain your reasoning clearly

• The ability to plan and deliver your own work independently once you understand the direction, while knowing when to pull in the senior engineer

• Clear communication with engineers who aren’t security specialists, since most of your impact lands through their work

Nice to have:

• Exposure to compliance frameworks like SOC2 or PCI, or genuine appetite to learn them

• Background in payments, fintech, or another regulated, high-stakes domain

• Interest in areas like supply chain security, detection engineering, or AI security

You may not like it here

• It’s remote-first and high autonomy. You’ll get direction, but nobody checks your progress daily. If you need close structure, this will be uncomfortable

• You’ll move between proactive project work and reactive BAU, and priorities will shift as audits and incidents land. Tolerating that change is part of the role.

✅ A typical interview process

• An initial intro call with a Talent Partner

• An interview with the Hiring Manager

• Challenge Stage - Contextualised to the role

• A final, values-alignment interview

What’s the culture like at Primer?

We’re building a culture where people can do their best work and be proud of the impact they have. You’ll be working with people who are mission-driven, smart, and reflective, and who are genuinely invested in building exceptional products and delivering success for our merchants.

We work remotely, and have done since day one. We believe that building a successful, profitable company goes beyond proximity. We invest in our relationships through great remote working practices and thoughtfully designed face-to-face time, including workations, our annual company retreat, and co-working space access worldwide.

The work is challenging. Scaleups are a challenge, and building category-defining products is a challenge. But there’s a meaningful difference between a challenge and a struggle. At Primer, the right challenge comes with the right support: strong onboarding, a collaborative environment, and a team that is genuinely invested in your success. It’s never something you face alone.

Our benefits

🌍 We are fully remote and globally distributed; and have been since day one

💰 Competitive share options

🌴 Uncapped holiday, with 25 days minimum to be taken

🗣️ Co-working space access

📅 Workations & Company Retreat

💻 The best equipment for your role

🏠 £500 towards your home office setup

🔎 Generous learning budget

🏥 Private Medical Insurance

📈 A broad set of additional perks and benefits ( depending on location)

Don’t meet every single requirement?

At Primer, we’re dedicated to building a diverse, inclusive, and authentic workplace. If you’re excited about this role but your experience doesn’t align perfectly with every qualification listed, we encourage you to apply. You may be the right candidate for this or other roles.

Primer is committed to the equal treatment of all current and prospective employees and adopts a zero-tolerance approach to discrimination, regardless of age, disability, sex, sexual orientation, pregnancy and maternity, race or ethnicity, religion or belief, gender identity, marriage and civil partnership, or any other background or belief.

ECS is seeking an experienced Cyber Infrastructure System Administrator to work remotely providing infrastructure support for the work performed under this contract for NIH NIAID Enabling and Advancing Technologies (NEAT). All other tasks...

ECS is seeking an experienced Computer Security System Specialist to work remotely providing cybersecurity support for the work performed under this contract for NIH NIAID Enabling and Advancing Technologies (NEAT). All other tasks...

Work with a Top 20 CPA and advisory firm that Accounts for Anything.  Aprio has 40 U.S. office locations, as well as international office locations and more than 3,200 team members that speak 60+ languages across the globe.  By bringing together proven expertise, deep understanding, and strategic foresight for fast-growing industries, Aprio ensures clients are prepared for wherever life or business may take them. Discover a top-rated culture, vast growth opportunities and your next big career move with Aprio.

Join Aprio’s Information Technology team and you will help clients maximize their opportunities.  Aprio is a progressive, fast-growing firm looking for a Cybersecurity Engineer to join their dynamic team.

Aprio’s Cybersecurity Engineering team builds and operates the controls that protect the firm — identity, network segmentation, cloud security baselines, endpoint, monitoring, encryption, and vulnerability management. The Cybersecurity Engineer is the mid-tier individual contributor on that team: the engineer trusted to take a well-scoped project, run it end-to-end, and deliver a clean, documented, operational result. This role is hands-on and execution-focused, with a growing depth in one or two control domains and a clear path toward Senior Engineer.

This position supports U.S. Government engagements that may involve Controlled Unclassified Information (CUI) and requires access to export‑controlled technical data. In accordance with CUI and U.S. export control regulations, this position is limited to ‘U.S. persons’ (including U.S. citizens, lawful permanent residents, and certain protected individuals) as defined in 22 C.F.R. § 120.62. These requirements are only tied to this specific job posting. We are an equal opportunity employer and all Aprio employment decisions are made in accordance with applicable laws.

What You’ll Do

• You will own small-to-medium engineering projects end-to-end, configure and operate control sets without direct oversight, and partner closely with Senior and Principal engineers on the larger initiatives that cross multiple domains.
• You’re the engineer who can pick up a control implementation, deliver it, document it, and hand it off cleanly to operations.
• You’ll start to grow real depth in a domain you care about — identity, endpoint, vulnerability, cloud security, or logging — and you’ll be a working partner to Associate engineers on day-to-day execution.

Key Responsibilities

• Project ownership: Take small-to-medium engineering projects end-to-end — scoping, design partnership with a Senior, build, test, deploy, document, and hand off to operations. Deliver them on time without surprises.
• Control implementation and operation: Configure and operate security controls across identity, network, cloud, endpoint, logging/monitoring, encryption/key management, and vulnerability management. Execute against approved patterns and standards.
• Domain depth: Develop deepening expertise in at least one control domain (e.g., endpoint, identity, vulnerability management, cloud security, IAM, monitoring). Become a real go-to on that domain for the team.
• Vulnerability and patch operations: Run vulnerability and patch workflows — scan, prioritize, remediate, validate. Track remediation against SLA and close the loop.
• Change support: Participate in change reviews, assess security impact for in-scope systems, implement approved changes, and validate post-change posture.
• Evidence and documentation: Produce clean operational documentation — runbooks, change records, evidence artifacts — that holds up under audit and peer review.
• Detection and response support: Partner with the SOC and Detection Engineering on logging coverage, telemetry quality, and the engineering pieces of response (access tooling, isolation capabilities, evidence capture).
• Associate mentorship: Pair with Associate engineers on day-to-day execution. Review their tickets, walk them through the toolset, and grow them toward independence.
• Automation and tooling: Contribute scripts and automation to reduce manual toil (validation checks, evidence collection, repeatable deployments) under the guidance of Senior+ engineers.

What Success Looks Like

First 30–60 days: Tooling and tenant familiarity is complete. You’re executing standard tasks (access requests, configuration changes, vuln workflows, evidence collection) on your own and logging clean work.

By 90 days: You’ve owned at least one small-to-medium project end-to-end — a vulnerability project, a hardening change, a logging coverage gap, or a tool configuration — and the result is documented, evidenced, and handed off cleanly.

By 6–12 months: You’re the go-to on at least one domain, you’re trusted to execute approved patterns without close oversight, Associate engineers are routinely paired with you, and you’re a working partner on at least one cross-team initiative led by a Senior or Principal engineer.

Required Qualifications

• 3+ years in security engineering, cloud engineering, or security operations with hands-on responsibility for implementing controls.
• Strong fundamentals in at least one of: identity and access management, network segmentation, vulnerability management, cloud security, endpoint security, centralized logging.
• Experience with at least one major cloud platform (Azure, AWS, GCP) in an engineering capacity.
• Comfortable executing vulnerability and patch workflows (scan, prioritize, remediate, validate).
• Ability to write clear operational documentation — runbooks, evidence artifacts, change records.
• Strong collaboration skills across Security, IT, and delivery teams.
• Comfortable mentoring Associate Engineers on day-to-day work

Preferred Qualifications

• Regulated-environment exposure (CMMC, NIST 800-171, FedRAMP-aligned, SOC 2, ISO 27001).
• Scripting / automation experience (Python, PowerShell, Bash); infrastructure-as-code familiarity a plus.
• Security certifications (Security+, SSCP, GSEC, AZ-500, AWS Security Specialty, or cloud/security engineering equivalents).
• Familiarity with incident-response procedures and evidence handling.
• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field — or equivalent applicable years of experience

$80,000 - $90,000 a year

The salary range for this opportunity is stated above. As such, an actual salary may fall closer to one or the other end of the range, and in certain circumstances, may wind up being outside of the listed salary range.

The application window is anticipated to close on July 27th and may be extended as needed.

Why work for Aprio:

Whether you are just starting out, looking to advance into management or searching for your next leadership role, Aprio offers an opportunity to grow with a future-focused, innovative firm.

Perks/Benefits we offer for full-time team members:

- Medical, Dental, and Vision Insurance on the first day of employment

- Flexible Spending Account and Dependent Care Account

- 401k with Profit Sharing

- 9+ holidays and discretionary time off structure

- Parental Leave – coverage for both primary and secondary caregivers

- Tuition Assistance Program and CPA support program with cash incentive upon completion

- Discretionary incentive compensation based on firm, group and individual performance

- Incentive compensation related to origination of new client sales

- Top rated wellness program

- Flexible working environment including remote and hybrid options

What’s in it for you:

- Working with an industry leader: Be part of a high-growth firm that is passionate for what’s next.

- An awesome culture: Thirty-one fundamental behaviors guide our culture every day ensuring we always deliver an exceptional team-member and client experience.  We call it the Aprio Way.  This shared mindset creates lasting relationships between team members and with clients.

- A great team: Work with a high-energy, passionate, caring and ambitious team of professionals in a collaborative culture.

- Entrepreneurship: Have the freedom to innovate and bring your ideas to help us grow to become the CPA firm of choice nationally.

- Growth opportunities: Grow professionally in an environment that fosters continuous learning and advancement.

- Competitive compensation: You will be rewarded with competitive compensation, industry-leading benefits and a flexible work environment to enjoy work/life balance.

EQUAL OPPORTUNITY EMPLOYER

Aprio is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race; color; religion; national origin; sex; pregnancy; sexual orientation; gender identity and/or expression; age; disability; genetic information, citizenship status; military service obligations or any other category protected by applicable federal, state, or local law.

Aprio, LLP and Aprio Advisory Group, LLC, operate in an alternative business structure, with Aprio Advisory Group, LLC providing non-attest tax and consulting services, and Aprio, LLP providing CPA firm services.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Company Description

Founded and headquartered in Switzerland, Avaloq is continuously expanding its global footprint with around 2,500 colleagues in 10 countries, and more than 160 clients in 35 countries. We are an industry-leading provider of wealth management technology and services for financial institutions around the world, including private banks and wealth managers, investment managers, as well as retail and neo banks. Our research led approach and continual innovation is powered by the passion and creativity of our colleagues.

We are always looking for talented people to join us on our mission to orchestrate the financial ecosystem and democratize access to wealth management. Avaloq offers the opportunity to work closely with some of the world’s leading financial institutions as we jointly develop and shape careers. Championing a collaborative, supportive and flexible work environment empowers our colleagues to reach their full potential.

Job Description

The Avaloq Security team is an international team of analysts, senior and expert software engineers and architects. The Avaloq Security team develops and maintains central application security frameworks and tools for all companywide technology stacks and consults the business teams on best practice implementations for context specific security requirements. It furthermore operates the group-wide application security assessments, monitors the security vulnerabilities and supports the business teams in related risk mitigation plans.

Your key tasks

• Analyse, design, and develop requirements in collaboration with Product Development, customers, business analysts, and software partners.
• Design, implement, and maintain internal CI/CD pipelines and automated tools to support vulnerability management, security reporting, and efficient development workflows.
• Contribute to and collaborate across departments on cross-functional projects.
• Check and maintain the daily automated build process, analysing security warnings and providing guidance or fixes as required.
• Monitor third-party library enrolment, updates, and removals using in-house tools and Mend (or similar solutions).
• Evaluate and validate detected vulnerabilities, assess exploitability, provide expert analysis on false positives, and develop potential fixes.
• Maintain configuration control and ensure accuracy of the release baseline.
• Coordinate security-related actions across multiple teams to ensure the high quality and security of Avaloq products.
• Prepare and distribute documentation and reports related to security risks, findings, and remediation progress.
• Conduct periodic reviews to verify compliance with internal security policies, guidelines, and best practices.
• Participate in internal technical discussions, sharing knowledge on security implementation, vulnerabilities, and opportunities for improvement.

Qualifications

• University degree in IT, Mathematics, Physics, or a related technical discipline.
• Must have at least 3-5 years of relevant work experience
• Strong experience in designing, implementing, and maintaining internal CI/CD pipelines and automation tooling.
• Senior-level engineering expertise with hands-on skills in Python, Java, JavaScript, Gradle, Jenkins (or other CI/CD tools).
• Knowledge of containerized applications and experience with Kubernetes and/or OpenShift (or similar container orchestration platforms).
• Deep understanding of security concepts, industry standards, and best practices.
• Practical experience with vulnerability management tools and automated security scanning solutions.
• Ability to communicate technical information effectively to non-technical stakeholders.
• Exposure to financial markets and understanding of financial products is an advantage.
• Strong analytical capabilities, attention to detail, and commitment to delivering high-quality results.
• Positive, collaborative mindset with the ability to promote best practices across the organization.

Additional Information

We realize that managing work life balance is a challenge we all face in our daily lives and in order to support with this we are pleased to offer hybrid and flexible working for most of our Avaloqers to maintain work life balance and still continue our fantastic Avaloq culture in our global offices.

In Avaloq we are proud to embrace diversity and understand the success of our business is built on the power of different opinions, we are whole heartedly committed to fostering an equal opportunity environment and inclusive culture where you can be your true authentic self.

We hire, compensate and promote regardless of origin, age, gender identity, sexual orientation or any other fantastic traits that make us all unique, we have done our best to write this advert in an inclusive and neutral way.

Please be aware that we will not accept speculative CV submissions for any of our roles from recruitment agencies, and any unsolicited candidate submissions will be exempt from any payment expectations.

#LI-Hybrid

Work with a Top 20 CPA and advisory firm that Accounts for Anything.  Aprio has 40 U.S. office locations, as well as international office locations and more than 3,200 team members that speak 60+ languages across the globe.  By bringing together proven expertise, deep understanding, and strategic foresight for fast-growing industries, Aprio ensures clients are prepared for wherever life or business may take them. Discover a top-rated culture, vast growth opportunities and your next big career move with Aprio.

Join Aprio’s Information Technology team and you will help clients maximize their opportunities.  Aprio is a progressive, fast-growing firm looking for a Cybersecurity Engineer to join their dynamic team.

Aprio’s Cybersecurity Engineering team builds and operates the controls that protect the firm — identity, network segmentation, cloud security baselines, endpoint, monitoring, encryption, and vulnerability management. The Cybersecurity Engineer is the mid-tier individual contributor on that team: the engineer trusted to take a well-scoped project, run it end-to-end, and deliver a clean, documented, operational result. This role is hands-on and execution-focused, with a growing depth in one or two control domains and a clear path toward Senior Engineer.

This position supports U.S. Government engagements that may involve Controlled Unclassified Information (CUI) and requires access to export‑controlled technical data. In accordance with CUI and U.S. export control regulations, this position is limited to ‘U.S. persons’ (including U.S. citizens, lawful permanent residents, and certain protected individuals) as defined in 22 C.F.R. § 120.62. These requirements are only tied to this specific job posting. We are an equal opportunity employer and all Aprio employment decisions are made in accordance with applicable laws.

What You’ll Do

• You will own small-to-medium engineering projects end-to-end, configure and operate control sets without direct oversight, and partner closely with Senior and Principal engineers on the larger initiatives that cross multiple domains.
• You’re the engineer who can pick up a control implementation, deliver it, document it, and hand it off cleanly to operations.
• You’ll start to grow real depth in a domain you care about — identity, endpoint, vulnerability, cloud security, or logging — and you’ll be a working partner to Associate engineers on day-to-day execution.

Key Responsibilities

• Project ownership: Take small-to-medium engineering projects end-to-end — scoping, design partnership with a Senior, build, test, deploy, document, and hand off to operations. Deliver them on time without surprises.
• Control implementation and operation: Configure and operate security controls across identity, network, cloud, endpoint, logging/monitoring, encryption/key management, and vulnerability management. Execute against approved patterns and standards.
• Domain depth: Develop deepening expertise in at least one control domain (e.g., endpoint, identity, vulnerability management, cloud security, IAM, monitoring). Become a real go-to on that domain for the team.
• Vulnerability and patch operations: Run vulnerability and patch workflows — scan, prioritize, remediate, validate. Track remediation against SLA and close the loop.
• Change support: Participate in change reviews, assess security impact for in-scope systems, implement approved changes, and validate post-change posture.
• Evidence and documentation: Produce clean operational documentation — runbooks, change records, evidence artifacts — that holds up under audit and peer review.
• Detection and response support: Partner with the SOC and Detection Engineering on logging coverage, telemetry quality, and the engineering pieces of response (access tooling, isolation capabilities, evidence capture).
• Associate mentorship: Pair with Associate engineers on day-to-day execution. Review their tickets, walk them through the toolset, and grow them toward independence.
• Automation and tooling: Contribute scripts and automation to reduce manual toil (validation checks, evidence collection, repeatable deployments) under the guidance of Senior+ engineers.

What Success Looks Like

First 30–60 days: Tooling and tenant familiarity is complete. You’re executing standard tasks (access requests, configuration changes, vuln workflows, evidence collection) on your own and logging clean work.

By 90 days: You’ve owned at least one small-to-medium project end-to-end — a vulnerability project, a hardening change, a logging coverage gap, or a tool configuration — and the result is documented, evidenced, and handed off cleanly.

By 6–12 months: You’re the go-to on at least one domain, you’re trusted to execute approved patterns without close oversight, Associate engineers are routinely paired with you, and you’re a working partner on at least one cross-team initiative led by a Senior or Principal engineer.

Required Qualifications

• 3+ years in security engineering, cloud engineering, or security operations with hands-on responsibility for implementing controls.
• Strong fundamentals in at least one of: identity and access management, network segmentation, vulnerability management, cloud security, endpoint security, centralized logging.
• Experience with at least one major cloud platform (Azure, AWS, GCP) in an engineering capacity.
• Comfortable executing vulnerability and patch workflows (scan, prioritize, remediate, validate).
• Ability to write clear operational documentation — runbooks, evidence artifacts, change records.
• Strong collaboration skills across Security, IT, and delivery teams.
• Comfortable mentoring Associate Engineers on day-to-day work

Preferred Qualifications

• Regulated-environment exposure (CMMC, NIST 800-171, FedRAMP-aligned, SOC 2, ISO 27001).
• Scripting / automation experience (Python, PowerShell, Bash); infrastructure-as-code familiarity a plus.
• Security certifications (Security+, SSCP, GSEC, AZ-500, AWS Security Specialty, or cloud/security engineering equivalents).
• Familiarity with incident-response procedures and evidence handling.
• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field — or equivalent applicable years of experience

$80,000 - $90,000 a year

The salary range for this opportunity is stated above. As such, an actual salary may fall closer to one or the other end of the range, and in certain circumstances, may wind up being outside of the listed salary range.

The application window is anticipated to close on July 27th and may be extended as needed.

Why work for Aprio:

Whether you are just starting out, looking to advance into management or searching for your next leadership role, Aprio offers an opportunity to grow with a future-focused, innovative firm.

Perks/Benefits we offer for full-time team members:

- Medical, Dental, and Vision Insurance on the first day of employment

- Flexible Spending Account and Dependent Care Account

- 401k with Profit Sharing

- 9+ holidays and discretionary time off structure

- Parental Leave – coverage for both primary and secondary caregivers

- Tuition Assistance Program and CPA support program with cash incentive upon completion

- Discretionary incentive compensation based on firm, group and individual performance

- Incentive compensation related to origination of new client sales

- Top rated wellness program

- Flexible working environment including remote and hybrid options

What’s in it for you:

- Working with an industry leader: Be part of a high-growth firm that is passionate for what’s next.

- An awesome culture: Thirty-one fundamental behaviors guide our culture every day ensuring we always deliver an exceptional team-member and client experience.  We call it the Aprio Way.  This shared mindset creates lasting relationships between team members and with clients.

- A great team: Work with a high-energy, passionate, caring and ambitious team of professionals in a collaborative culture.

- Entrepreneurship: Have the freedom to innovate and bring your ideas to help us grow to become the CPA firm of choice nationally.

- Growth opportunities: Grow professionally in an environment that fosters continuous learning and advancement.

- Competitive compensation: You will be rewarded with competitive compensation, industry-leading benefits and a flexible work environment to enjoy work/life balance.

EQUAL OPPORTUNITY EMPLOYER

Aprio is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race; color; religion; national origin; sex; pregnancy; sexual orientation; gender identity and/or expression; age; disability; genetic information, citizenship status; military service obligations or any other category protected by applicable federal, state, or local law.

Aprio, LLP and Aprio Advisory Group, LLC, operate in an alternative business structure, with Aprio Advisory Group, LLC providing non-attest tax and consulting services, and Aprio, LLP providing CPA firm services.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

About the TeamEnterprise Security is the primary point of contact for employee-focused security across DoorDash, Wolt, and Deliveroo. We deliver secure-by-default systems, processes, and controls for everyone who works here,...

Company Description

CREATIVITY IS OUR SUPERPOWER. It’s our heritage and it’s also our future. Because we don’t just make toys. We create innovative products and experiences that inspire fans, entertain audiences and develop children through play. Mattel is at its best when every member of our team feels respected, included, and heard—when everyone can show up as themselves and do their best work every day. We value and share an infinite range of ideas and voices that evolve and broaden our perspectives with a reach that extends into all our brands, partners, and suppliers.

Job Description

About the Role

The Security Engineer – Endpoint & Identity Threat Protection (EDR / ITP) is responsible for implementing, maintaining, and optimizing advanced endpoint detection and identity threat protection capabilities across Mattel’s global environment. This mid-level role focuses on enhancing detection accuracy, improving response efficiency, and strengthening the organization’s overall cyber defense posture. The engineer will work closely with cross-functional teams to ensure endpoint and identity protection tools are effectively integrated, monitored, and tuned to safeguard enterprise systems and data from emerging threats.

Roles and Responsibilities

• Deploy, manage, and optimize Endpoint Detection and Response (EDR) and Identity Threat Protection (ITP) platforms across Mattel’s enterprise.
• Develop and fine-tune behavioral analytics, detection logic, and response rules to identify and mitigate malicious activity targeting endpoints and identities.
• Collaborate with Security Operations and Incident Response teams to investigate, contain, and remediate threats in a timely and coordinated manner.
• Integrate EDR and ITP technologies with SIEM, SOAR, and other enterprise systems to enhance threat detection, visibility, and automation.
• Contribute to the design and implementation of endpoint and identity threat protection controls aligned with Mattel’s cybersecurity strategy.
• Partner with IT, Infrastructure, and Security Architecture teams to support endpoint hardening, secure configuration management, and policy enforcement.
• Ensure compliance of endpoint and identity controls with internal security standards and external regulatory requirements.
• Perform ongoing analysis of endpoint telemetry, identity logs, and behavioral data to identify patterns and optimize detection efficacy.
• Collaborate with engineering teams to improve agent performance, health, and interoperability across platforms and systems.
• Maintain and update operational documentation, playbooks, and standard procedures for endpoint and identity threat protection workflows.
• Participate in post-incident reviews to identify root causes, improve detection coverage, and strengthen response processes.
• Evaluate and recommend emerging endpoint and identity protection tools, techniques, and automation strategies to enhance defense capabilities.

Qualifications

Skills and Qualifications

Required:

• 3–5+ years of experience in cybersecurity engineering, focusing on endpoint and identity threat protection solutions.
• Hands-on experience managing enterprise-grade EDR and ITP platforms such as CrowdStrike, SentinelOne, Defender for Endpoint, or similar.
• Proficiency in detection engineering — developing custom detection logic, correlation rules, and behavioral analytics for endpoint and identity-based threats.
• Strong understanding of endpoint operating systems (Windows, macOS, Linux) and common adversary tactics including privilege escalation and lateral movement.
• Experience integrating endpoint and identity controls with SIEM, SOAR, and automation workflows to improve operational efficiency.
• Knowledge of identity and access management frameworks such as Azure AD, Okta, SSO, and MFA.
• Experience performing threat analysis using IOC/IOA data, event correlation, and telemetry investigation.
• Proficiency in scripting or automation (Python, PowerShell, or equivalent) for detection tuning, enrichment, or response orchestration.
• Solid understanding of endpoint policy management, application allowlisting, device control, and system hardening best practices.
• Excellent analytical and communication skills with the ability to collaborate effectively across technical and non-technical teams.

Preferred:

• Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience).
• Certifications such as ISC2 CC, GIAC GSEC, GCED, GCIA, or CompTIA CySA+.
• Experience with hybrid endpoint environments spanning on-premises, cloud, and virtual infrastructure (AWS, Azure, GCP).
• Familiarity with the MITRE ATT&CK framework for mapping detections and validating coverage.
• Hands-on experience with SOAR or automation frameworks to streamline response processes.
• Experience contributing to detection and response process improvement initiatives in global enterprises.

Shift Timings:

This position operates during 10:00 – 18:00 PST (22:30 – 06:30 IST), Monday through Friday, with emergency on-call duties as required.

Additional Information

Don’t meet every single requirement? At Mattel, we are dedicated to an inclusive workplace and a culture of belonging. If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we still encourage you to apply. You may be just the right candidate for this or other roles.

How We Work:

We are a purpose driven company aiming to empower generations to explore the wonder of childhood and reach their full potential. We live up to our purpose employing the following behaviors:

• We collaborate: Being a part of Mattel means being part of one team with shared values and common goals. Every person counts and working closely together always brings better results. Partnership is our process and our collective capabilities is our superpower.
• We innovate: At Mattel we always aim to find new and better ways to create innovative products and experiences. No matter where you work in the organization, you can always make a difference and have real impact. We welcome new ideas and value new initiatives that challenge conventional thinking.
• We execute: We are a performance-driven company. We strive for excellence and are focused on pursuing best-in-class outcomes. We believe in accountability and ownership and know that our people are at their best when they are empowered to create and deliver results.

Our Approach to Flexible Work:

We embrace a flexible work model designed to empower a culture of growth, optimism, and wellbeing, where every employee can reach their full potential. Combining purposeful in-person collaboration with flexibility, our focus is to optimize performance and drive connection for moments that matter.

Who We Are:

Mattel is a leading global toy and family entertainment company and owner of one of the most iconic brand portfolios in the world. We engage consumers and fans through our franchise brands, including Barbie, Hot Wheels, Fisher-Price, American Girl, Thomas & Friends, UNO, Masters of the Universe, Matchbox, Monster High, MEGA and Polly Pocket, as well as other popular properties that we own or license in partnership with global entertainment companies. Our offerings include toys, content, consumer products, digital and live experiences. Our products are sold in collaboration with the world’s leading retail and ecommerce companies. Since its founding in 1945, Mattel is proud to be a trusted partner in empowering generations to explore the wonder of childhood and reach their full potential.

Mattel’s award-winning workplace culture has been recognized by Forbes, Fast Company, Newsweek, Great Place to Work, TIME, and more.

Visit us at https://jobs.mattel.com/ and www.instagram.com/MattelCareers.

Mattel is an Equal Opportunity Employer where we want you to bring your authentic self to work every day. We welcome all job seekers, and all applicants will receive consideration for employment.

Videos to watch:

The Culture at Mattel

Corporate Philanthropy

Credit Acceptance is proud to be an award-winning company recognized both locally and nationally across multiple workplace categories.

About ProArch:

At ProArch, we partner with businesses around the world to turn big ideas into better outcomes through IT services that span cybersecurity, cloud, data, AI, and app development.

We’re 400+ team members strong across 3 countries (we call ourselves ProArchians)—and here’s what connects us all:

• A love for solving real business problems
• A belief in doing what’s right

What’s it like to work here?

• You’ll keep growing. You’ll work alongside domain experts who love to share what they know.
• You’ll be supported, heard, and trusted to make an impact.
• You’ll take on projects that touch industries, communities, and lives.
• You’ll have the time to focus on what matters most in your life outside of work.

At ProArch, you’ll be part of teams that design and deliver technology solutions solving real business challenges for our clients. With services spanning AI, Data, Application Development, Cybersecurity, Cloud & Infrastructure, and Industry Solutions, your work may involve building intelligent applications, securing business‑critical systems, or supporting cloud migrations and infrastructure modernization.

Every role here contributes to shaping outcomes for global clients and driving meaningful impact. You’ll collaborate with experts across data, AI, engineering, cloud, cybersecurity, and infrastructure—solving complex problems with creativity, precision, and purpose. You’ll join a culture rooted in technology, curiosity, and continuous learning. A place where we move fast, trust you to make an impact, encourage innovation, and support your growth.

Position Overview

ProArch IT Solutions is seeking a highly motivated and technically skilled Security / SOAR Automation Engineer to join our global cybersecurity operations team supporting a fast-paced Managed Security Services Provider (MSSP) environment. The ideal candidate will possess strong hands-on experience in cybersecurity automation, SOAR platform engineering, SOC workflow orchestration, and security integrations across modern security ecosystems.

This role is heavily focused on designing, implementing, optimizing, and scaling SOC automation capabilities to improve operational efficiency, incident response, alert enrichment, triage automation, threat intelligence utilization, and AI-driven security operations enhancements.

The Engineer will work closely with SOC Operations, Security Engineering, Security Consulting, and Leadership teams to deliver automation initiatives and operational improvements while supporting a globally distributed security environment.

This is a permanently remote opportunity for candidates based in India, aligned primarily to USA Eastern Time (ET) business hours, with flexibility depending on operational requirements.

Key Responsibilities:

• SOAR Engineering & Automation

• Design, develop, implement, and maintain SOAR playbooks and automation workflows for SOC operations.

• Build scalable security orchestration workflows for:

• Alert triage

• Automated enrichment

• Threat intelligence correlation

• Incident response

• Containment workflows

• Identity-based investigations

• Case management

• Reporting automation

• Reporting automation

• Implement and maintain integrations between SOAR platforms and various security technologies using APIs, webhooks, SDKs, and custom connectors.

• Develop automation logic to improve SOC efficiency, reduce analyst fatigue, and accelerate Mean Time to Respond (MTTR) and Mean Time to Resolve.

• Support SOAR platform lifecycle management including upgrades, change management, testing, governance, RBAC, and operational maintenance.

• Assist with SOAR platform administration, identity & access management, and environment hardening.

Security Platform Integrations

Hands-on experience integrating and automating workflows involving:

• Microsoft Defender for Endpoint (MDE)
• Microsoft Defender XDR
• Microsoft Defender for Identity (MDI)
• Microsoft Defender for Office 365 (MDO)
• Microsoft Defender for Cloud Apps (MDCA)
• Microsoft Purview
• Microsoft Identity Protection / Entra ID
• CrowdStrike Falcon
• Threat Intelligence platforms
• (Must have) SIEM platforms (Microsoft Sentinel & Defender XDR)
• Graph API
• Ticketing platforms (Datto Autotask preferred)
• Email security solutions
• Endpoint detection & response platforms
• Identity and authentication platforms
• Cloud security solutions

SOC Operations Enhancement

• Work collaboratively with SOC Managers, SOC Team Leads, Analysts, and Security Consultants to identify automation opportunities.
• Create operational enhancements to improve detection engineering, investigation workflows, escalation efficiency, and reporting.
• Assist with scaling SOC operations using automation and AI-driven initiatives.
• Support operational maturity improvements within the SOC environment.
• Participate in incident response automation strategy discussions and implementation planning.
• Contribute to SOC transformation initiatives focused on operational scalability and service optimization.

AI & Advanced Security Operations

• Contribute to AI-enabled SOC initiatives and intelligent automation projects.
• Assist in implementing AI orchestration and automation use cases within security operations.
• Research and evaluate emerging AI and automation technologies relevant to cybersecurity operations.
• Support initiatives focused on autonomous investigation workflows, enrichment intelligence, and analyst assistance capabilities.

Collaboration & Project Coordination

• Coordinate automation initiatives with internal stakeholders and external vendors.
• Work closely with SOAR vendors for implementation support, troubleshooting, optimization, and feature enablement.
• Participate in project planning, implementation tracking, testing, and deployment activities.
• Maintain technical documentation, workflow diagrams, integration references, and operational runbooks.
• Support cross-functional cybersecurity projects and operational improvements

Experience

• Bachelor’s Degree / Graduation in Computer Science, Information Technology, Cybersecurity, Engineering, or a related technical field is mandatory.
• Relevant cybersecurity certifications and automation-focused certifications will be considered an added advantage.
• 3–5 years of overall cybersecurity experience.
• Proven hands-on experience with SOAR platforms in enterprise or MSSP environments.
• Strong experience designing and implementing automation workflows from scratch.
• Experience supporting Security Operations Center (SOC) environments.
• Prior SOC Analyst experience is highly preferred.
• Experience working within Managed Security Services Provider (MSSP) environments preferred.
• Experience supporting or collaborating with US-based teams/vendors preferred.

Technical Skills

• Strong hands-on experience with SOAR technologies.
• Experience with Torq SOAR preferred.

Strong understanding of:

• Incident response workflows
• SOC operations
• Detection engineering
• Security orchestration
• Threat intelligence
• API integrations
• Authentication mechanisms
• Identity-based security workflows
• Experience integrating security tools using:
• REST APIs
• JSON
• Webhooks
• Python
• PowerShell
• Scripting/automation frameworks
• Familiarity with SIEM platforms and alert correlation logic.
• Experience with ticketing systems, preferably Datto Autotask.
• Understanding endpoints, cloud, identity, and email security ecosystems.

Preferred Qualifications

• Experience implementing AI-driven SOC workflows.
• Exposure to AI orchestration in cybersecurity operations.
• Knowledge of security operations metrics and optimization strategies.
• Experience with security automation governance and change management.
• Exposure to cloud security platforms and SaaS security controls.
• Familiarity with DevSecOps or infrastructure automation concepts.
• Relevant cybersecurity certifications are advantageous like Security+, CySA+, GCIH, SC-200, AZ-500, SOAR platform certifications, Splunk / Microsoft certifications

Soft Skills & Work Style

• Strong verbal and written communication skills with the ability to work effectively across technical and non-technical teams.
• • Excellent collaboration and stakeholder coordination skills across SOC Operations, Engineering, Consulting, Vendors, and Leadership teams.
• Strong documentation and technical writing capabilities for workflows, SOPs, and operational procedures.
• Ability to work independently in a remote-first, multicultural, and fast-paced MSSP environment.
• Self-driven, proactive, and highly organized with strong ownership and accountability.
• Strong analytical, troubleshooting, and problem-solving skills.
• Comfortable managing multiple projects, priorities, and operational initiatives simultaneously.
• Team-oriented mindset with the ability to operate effectively as an individual contributor.
• Professional communication and coordination skills for working with US-based teams and vendors.
• Adaptable and flexible to evolving operational and business requirements.

Work Schedule & Environment

• Primary alignment with USA Eastern Time (ET) business hours.
• Permanent remote working opportunity within India.
• Flexible working model based on operational requirements and project demands.
• Fast-paced MSSP and cybersecurity operations environment.

What Success Looks Like in This Role

• Successful deployment and optimization of SOC automation workflows.
• Measurable reduction in manual SOC effort and alert fatigue.
• Improved operational efficiency and response timelines.
• Reliable integration and orchestration across security ecosystems.
• Contribution toward scalable, AI-enabled cybersecurity operations.
• Strong collaboration with SOC leadership, analysts, engineering, and consulting teams.
• Continuous innovation and operational enhancement within the security operations function.

Life @ ProArch

• At ProArch, we believe our people are the key to our success. That’s why we foster an environment where every employee—known proudly as a ProArchian—can grow, thrive, and make a meaningful impact.
• We empower employees to develop at their own pace through Career Pathways, a clear and supportive guide to professional progression.
• Our culture is one of positivity, inclusivity, and respect. Titles don’t define how we treat each other— every ProArchian is valued equally, and collaboration across roles and teams is the norm.
• We understand that great work starts with balance. That’s why we prioritize work-life harmony, offering flexible work schedules and encouraging time for what matters most.
• Beyond the workplace, ProArchians actively give back—organizing volunteer efforts and charitable initiatives that empower the communities we call home.
• And because we know that extraordinary efforts deserve recognition, we celebrate those who go above and beyond with appreciation programs.
• At ProArch, we’re not just using technology to transform businesses— we’re using it to create a better experience for our people, our clients, and our communities.

Company Overview

Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting-edge technology and client commitment.

IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.

Barron’s has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.

About the Role

We are looking for an Application Security Engineer who lives at the intersection of security and engineering. This is not a policy role — you will be hands-on building, tuning, and scaling the security scanning infrastructure that protects our software delivery pipeline. You will own SAST, DAST, and SCA tooling end to end, drive false positive reduction, and embed security gates directly into CI/CD workflows across engineering teams. A deep understanding of how vulnerabilities actually work — not just what scanners report — is fundamental to success in this role.

The Problem We’re Solving

We operate in a complex, regulated environment — multiple languages, layered network boundaries, and delivery velocity that cannot be sacrificed for security theater. We are building a scanning program that works in that reality. Tuned, automated, trusted — coverage that is measurable and findings that engineers actually act on. This role exists to solve that problem.

What You’ll Do

• Own and operate static, dynamic, and software composition analysis scanning platforms across all engineering pipelines — onboarding new repositories, tuning rulesets, and maintaining coverage metrics

• Build and maintain CI/CD security gates that enforce scan policies at pull request, merge, and release stages across engineering workflows

• Write custom detection rules tailored to the organization’s tech stack and threat model — covering vulnerability classes specific to the languages and frameworks in use

• Triage and prioritize scan findings with a deep understanding of actual exploitability — distinguish true positives from noise, explain the real-world impact of each finding, and build suppression workflows that reduce false positive rates without creating blind spots

• Develop automation to ticket, deduplicate, and route findings to the right engineering teams with enough context for developers to understand and act on them

• Integrate dynamic scanning into pre-production environments with authenticated coverage — understanding what attack surface is actually reachable versus what scanners miss

• Partner with engineering teams on remediation — provide exploit context, reproduce findings where necessary, and give concrete fix guidance grounded in how the vulnerability actually works

• Support software composition analysis and dependency security programs — tying third-party vulnerabilities back to actual reachability and exploitability in the codebase rather than treating every CVE as equal severity

• Contribute to the security champions program — help developers understand not just what is flagged but why it matters and how an attacker would use it

• Run structured evaluations of new tooling and drive buy vs build decisions with documented PoC results

What We’re Looking For

These areas are the capabilities we are looking for. Strong candidates will not check every box. If you are strong in either of the below, we want to hear from you. Depth in one area with curiosity about other matters more than surface-level familiarity across all of them.

• 5-7 years in application security, DevSecOps, or a security engineering role with tooling focus

• Strong foundational knowledge of how web application vulnerabilities work at a technical level — injection classes, broken authentication patterns, insecure deserialization, XXE, SSRF, IDOR, race conditions, and business logic flaws — not just awareness of their names

• Ability to read a scan finding and independently reason about whether it is exploitable in context — understanding data flow, trust boundaries, and what an attacker would actually need to trigger it

• Hands-on experience deploying and tuning SAST platforms — writing or modifying rules, understanding AST-based and dataflow analysis, and knowing where static analysis fundamentally cannot reach

• Experience integrating security tooling into CI/CD pipelines and enforcing policy at key delivery gates

• Proficiency in at least one scripting language — Python or Go strongly preferred — for automation and tooling development

• Experience with DAST tooling in authenticated scan configurations — understanding what authenticated coverage requires and how session handling, CSRF tokens, and multi-step flows affect scan fidelity

• Familiarity with SCA concepts — dependency graphs, transitive vulnerabilities, license risk, reachability analysis, and SBOM formats including CycloneDX and SPDX

• Ability to read and reason about code across multiple languages

Nice to Have

• Development background — candidates who have written production code and personally addressed security vulnerabilities in a codebase bring a fundamentally different perspective to this role; they understand why developers make the choices they do, where fixes break things, and how to give remediation guidance that engineers will actually implement

• Background that spans both sides of the SDLC — having sat in a developer role before moving into security means stronger partnerships with engineering teams and more credible guidance during code review and triage conversations

• Experience writing custom detection logic for organization-specific vulnerability patterns beyond out-of-the-box scanner coverage

Company Benefits & Perks:

• Competitive salary package.
• Performance based annual bonus ( cash and stocks).
• Hybrid working model (3 days office/week).
• Group Medical & Life Insurance.
• Modern offices with free amenities & fully stocked cafeterias.
• Monthly food card & company paid snacks.
• Hardship/shift allowance with company provided pickup & drop facility*
• Attractive employee referral bonus.
• Frequent company sponsored team building events and outings.

\* Depending upon the shifts.

** The benefits package is subject to change at the management’s discretion.

Company Overview

Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting-edge technology and client commitment.

IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.

Barron’s has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.

Security Engineer -Bug Bounty

About the Role

We are looking for a Security Engineer focused on Bug Bounty who treats researcher reports as security data, not support tickets. This is not a coordination role — you will be hands-on validating vulnerabilities, reproducing exploits, and working directly with engineering teams to drive fixes. You will own the full lifecycle of the program: scope design, triage, researcher relations, remediation tracking, and the upstream feedback that turns external findings into internal controls.

The other half of this role is developer partnership. Findings that sit in a backlog do not improve security. You will reduce the friction that keeps confirmed vulnerabilities from being fixed — translating researcher reports into clear remediation guidance, removing ambiguity that slows engineers down, and identifying the process or tooling gaps that let the same vulnerability class appear repeatedly.

A deep understanding of how vulnerabilities actually work — not just how to classify them — is fundamental to success here.

What You’ll Do

• Own day-to-day operations of the bug bounty program on the managed platform, including report triage, severity assessment, researcher communication, and payout decisions — maintaining SLA compliance across all inbound volume

• Reproduce and technically validate submitted vulnerabilities across web, API, mobile, and trading infrastructure attack surfaces — reason independently about exploitability in context, not just what the report claims

• Classify findings using CVSS, OWASP, and business impact criteria; distinguish genuine risk from theoretical severity; escalate critical issues into incident response workflows with enough context for engineering leadership to act immediately

• Act as a remediation partner, not just a reporter — work directly with developers to clarify findings, provide exploit context, reproduce issues where needed, and give fix guidance grounded in how the vulnerability actually works; track what slows remediation and fix it

• Identify recurring vulnerability classes across inbound reports and feed patterns back into AppSec initiatives — SAST rule tuning, developer training, design review checklists — closing the loop from external discovery to internal prevention

• Maintain program scope, out-of-scope guidance, and rules of engagement; adjust based on surface area changes, new products, and program maturity signals

• Coordinate with legal, compliance, and communications on responsible disclosure edge cases, researcher disputes, and public disclosure timelines

• Produce monthly and quarterly program metrics for security leadership — coverage, triage velocity, remediation cycle times, finding trends — with enough analytical depth to drive program decisions

• Evaluate attack surface expansions — new APIs, products, acquisitions — for readiness to enter program scope

What We’re Looking For

These are the capabilities that matter for this role. Strong candidates will not check every box. Depth in vulnerability validation and developer partnership matters more than broad platform familiarity. If you have operated on both sides of the researcher-developer relationship, we want to hear from you.

• 2–5 years in application security, penetration testing, bug bounty operations, or a security engineering role with hands-on validation focus

• Strong foundational knowledge of how web application vulnerabilities work at a technical level — SSRF, IDOR, auth bypass, injection classes, business logic flaws, API authorization failures, OAuth misconfigurations — not just awareness of their names

• Ability to read a researcher report and independently reason about exploitability in the specific context of the application — understand trust boundaries, data flow, and what an attacker would actually need to trigger the finding

• Experience operating a bug bounty or vulnerability disclosure program on a managed platform — Bugcrowd, HackerOne, or equivalent — with ownership of triage decisions and researcher communication

• Strong written communication under pressure — you will be writing triage decisions to elite researchers and remediation guidance to developers simultaneously; both audiences require clarity and credibility

• Familiarity with REST and GraphQL API security, OAuth 2.0 flows, session management, and web application architecture at the level needed to validate findings without relying on the researcher’s reproduction steps alone

• Ability to work cross-functionally with engineering teams — translate security findings into actionable, developer-friendly guidance that engineers will actually implement rather than defer

Nice to Have

• Active bug bounty participation as a researcher — candidates who have filed reports themselves understand what makes a finding credible, what frustrates researchers about triage decisions, and how to run a program that retains high-signal contributors

• Development background — candidates who have written production code and personally addressed security vulnerabilities bring a fundamentally different perspective to remediation partnership; they understand why developers make the choices they do, where fixes break things, and how to give guidance that engineers will actually act on

• Experience in financial services or a similarly regulated environment — understanding the compliance overlay on remediation timelines and disclosure decisions changes how you prioritize and escalate

• Scripting ability in Python or Bash — for triage automation, scope monitoring, duplicate detection, or metrics extraction from platform APIs

• Familiarity with DAST tooling (Burp Suite Pro, Nuclei, ZAP) — candidates who can independently reproduce and extend researcher findings without relying solely on the submitted reproduction steps are significantly more effective in this role

Company Benefits & Perks:

• Competitive salary package.
• Performance based annual bonus ( cash and stocks).
• Hybrid working model (3 days office/week).
• Group Medical & Life Insurance.
• Modern offices with free amenities & fully stocked cafeterias.
• Monthly food card & company paid snacks.
• Hardship/shift allowance with company provided pickup & drop facility*
• Attractive employee referral bonus.
• Frequent company sponsored team building events and outings.

\* Depending upon the shifts.

** The benefits package is subject to change at the management’s discretion.

Company Description

Tech native for over 30 years, Devoteam guides businesses through sustainable digital transformation to deliver value.

With over 11,000 tech architects in more than 25 countries across Europe, the Middle East, and Africa, Devoteam is committed to using technology to serve people.

Devoteam has been a ServiceNow Elite Partner since 2019. In 2026, it was recognised as ServiceNow Partner of the Year for the fourth consecutive year.

Job Description

Looking to take your IT security consulting career to the next level? Our ServiceNow Cyber & Risk team is seeking a Consultant with an innovative, can-do attitude and a passion for making a difference. You’ll be based in our Prague office and work with global companies from across Europe.

With us, you’ll have the chance to do the job of your dreams - the one you didn’t even know you wanted yet. Here’s what you can expect:

• Leading the implementations of key ServiceNow IRM and SecOps projects within Devoteam Group.
• Technical leadership of the team - training, presentations, knowledge sharing.
• Pre-sales  and delivering product demos to potential customers, proposals preparations, projects estimations.
• Working on a variety of projects focused on advisory and implementation of Security Operations, Risk and Compliance using ServiceNow SecOps and IRM product suites.

Qualifications

You will be a great fit for this role if you have…

• 3+ years of consulting or implementation work experience in the field of IT security, risk or compliance.
• Knowledge of security trends and their application to address cyber security issues.
• An understanding of security, risk, and privacy standards and frameworks such as ISO2700x family, NIST CSF, DORA, NIS2, GDPR, and others.
• Analytical mindset and a can-do attitude.
• Fluent English communication skills.
• Soft skills such as communication and presentation.

Want to be head of the pack? We’d definitely welcome…

• Experience with international security projects is an advantage.
• Experience using/implementing ServiceNow IRM or SecOps is an advantage.
• A degree in Information Technologies (ideally with a focus on cyber security) is an advantage.
• Knowledge of the German language is an advantage

What will you get apart from the salary?

• 5 weeks of vacation per year (= 1 week extra)
• 4 My Days per year
• Hybrid office
• Flexible working hours
• Career Management, training and certifications in the best breed of technologies - focused on technical skills (ServiceNow, Google), Project Management methodology etc., including Udemy for business account.
• Meal allowance up to 28.000 CZK/year (123,90 CZK/day)
• Cafeteria 1000 CZK/month (MultiSport Card available)
• Phone tariff (unlimited calls, texts messages within the EU, 20GB of Internet)
• Employee Referral Program
• Sabbatical leave
• Repurchase of hardware

Moreover, we offer:

• Foreign business trips
• Above standard working equipment
• Company Mobile Phone (selection from Android/iPhone)
• Company Laptop (Windows/macOS)
• Coffee, tea, snacks and breakfasts in the office
• Company events and teambuildings
• Gifts for work anniversaries, promotion or childbirth
• Friendly and open culture

And last but not least, you can rely on:

• Transparent framework for career growth, reinforced by annual performance evaluations
• Trust and autonomy, with no micro-management
• Learning from senior colleagues and opportunities to collaborate with professionals from various industries
• Opportunities to attend conferences to keep skills up-to-date
• Working on a variety of projects for a broader range of experience
• Adoption and utilization of evolving IT technologies
• Usage of AI tools and access to elaborate, tailored AI training

Additional Information

Benefits:

• 5 weeks of vacation per year (= 1 week extra)
• 4 “My Days” per year
• Hybrid office
• Flexible working hours
• Udemy for business account
• Meal allowance up to 32.000 CZK/year (129,50 CZK/day)
• Cafeteria 1200 CZK/month (MultiSport Card available)
• Phone tariff (unlimited calls, texts messages within the EU, 20GB of Internet)
• Employee Referral Program
• Sabbatical leave
• Repurchase of hardware

Moreover, we offer:

• Above standard working equipment
• Company mobile phone (selection from Android/iPhone)
• Company laptop (Windows/macOS)
• Coffee, tea, snacks and breakfasts in the office
• Company events and team buildings
• Gifts for work anniversaries, promotion or childbirth
• Friendly and open culture

And last but not least, you can rely on:

• Transparent framework for career growth, reinforced by annual performance evaluations
• Trust and autonomy, with no micro-management
• Learning from senior colleagues and opportunities to collaborate with professionals from various industries
• Opportunities to attend conferences to keep skills up-to-date
• Usage of AI tools and access to elaborate, tailored AI training

At NiCE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

Information Security Engineer

At NICE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

So, what’s the role all about?

The Information Security Engineer will assist in implementing and administering initiatives implemented by InfoSec, including security initiatives mandated by regulatory and compliance requirements. This position will be responsible for ensuring that regular housekeeping activities are performed to maintain and monitor processes and systems.

The role ensures that both Corporate and Production services are managed according to company policies, processes, and compliance and regulatory requirements.

How will you make an impact?

• Create, manage, and respond to security incidents and conduct analysis in accordance with existing processes and company security policies
• Installation, configuration, and administration of information security tools such as, but not limited to, endpoint protection, SIEM, XDR, WAF, vulnerability scanners, and DLP
• Troubleshoot and resolve technical issues related to security tools and security processes
• Coordinate with third-party vendors
• Assist with internal and external audits associated with regulatory and compliance requirements
• Provide formal notification to Information Security leadership when changes are planned that may impact the approved security posture of NICE CX or the associated certification and accreditation
• Review and recommend improvements to information security processes
• Ensure regular housekeeping activities are performed to maintain system integrity and monitoring

Have you got what it takes?

• Knowledge of basic information security principles and theories
• A minimum of 3 years working in IT and data networks
• A minimum of 3 years working in Security Operations
• Good English communication skills
• Proven track record of solving problems
• Good organization and project management skills
• Advanced computer skills in desktop applications
• Possess excellent analytic skills including numbers, patterns, processes, and data flow
• Self-starter who can function without constant oversight

You will have an advantage if you also have:

• Proficient with Microsoft Applications
• Holder of COMPTIA Security+, CISA, CISSP, SSCP, CCSK, or related certification
• Knowledge of GDPR, PCI, SOC 2, FedRAMP, IRAP, and HIPAA compliance regulations

What you need to know

• This job is not intended to be all-inclusive, and employees will also perform other reasonable related business duties as assigned
• This organization reserves the right to revise or change job duties as the need arises
• This job may require overtime, including nighttime, early morning, and weekend hours
• This job may require on-call availability

What’s in it for you?

Learn more about the Benefits at NICE

Join an ever-growing, market-disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!

About NICE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime, and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud, and digital, NICE is consistently recognized as the market leader, with over 8,500 employees across 30+ countries.

NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation, or any other category protected by law.

#LI-Hybrid

Requisition ID: 10994 Reporting into: Manager, Information Security, CX

Role Type: Individual Contributor

About NiCE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NiCE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.

NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

At NiCE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

Information Security Engineer

At NICE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

So, what’s the role all about?

The Information Security Engineer will assist in implementing and administering initiatives implemented by InfoSec, including security initiatives mandated by regulatory and compliance requirements. This position will be responsible for ensuring that regular housekeeping activities are performed to maintain and monitor processes and systems.

The role ensures that both Corporate and Production services are managed according to company policies, processes, and compliance and regulatory requirements.

How will you make an impact?

• Create, manage, and respond to security incidents and conduct analysis in accordance with existing processes and company security policies
• Installation, configuration, and administration of information security tools such as, but not limited to, endpoint protection, SIEM, XDR, WAF, vulnerability scanners, and DLP
• Troubleshoot and resolve technical issues related to security tools and security processes
• Coordinate with third-party vendors
• Assist with internal and external audits associated with regulatory and compliance requirements
• Provide formal notification to Information Security leadership when changes are planned that may impact the approved security posture of NICE CX or the associated certification and accreditation
• Review and recommend improvements to information security processes
• Ensure regular housekeeping activities are performed to maintain system integrity and monitoring

Have you got what it takes?

• Knowledge of basic information security principles and theories
• A minimum of 3 years working in IT and data networks
• A minimum of 3 years working in Security Operations
• Good English communication skills
• Proven track record of solving problems
• Good organization and project management skills
• Advanced computer skills in desktop applications
• Possess excellent analytic skills including numbers, patterns, processes, and data flow
• Self-starter who can function without constant oversight

You will have an advantage if you also have:

• Proficient with Microsoft Applications
• Holder of COMPTIA Security+, CISA, CISSP, SSCP, CCSK, or related certification
• Knowledge of GDPR, PCI, SOC 2, FedRAMP, IRAP, and HIPAA compliance regulations

What you need to know

• This job is not intended to be all-inclusive, and employees will also perform other reasonable related business duties as assigned
• This organization reserves the right to revise or change job duties as the need arises
• This job may require overtime, including nighttime, early morning, and weekend hours
• This job may require on-call availability

What’s in it for you?

Learn more about the Benefits at NICE

Join an ever-growing, market-disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!

About NICE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime, and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud, and digital, NICE is consistently recognized as the market leader, with over 8,500 employees across 30+ countries.

NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation, or any other category protected by law.

#LI-Hybrid

Requisition ID: 10995 Reporting into: Manager, Information Security, CX

Role Type: Individual Contributor

About NiCE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NiCE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.

NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

At NiCE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

At NICE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

So, what’s the role all about?

The Information Security Analyst is primarily responsible for ensuring compliance with information security frameworks such as Cyber Essentials, Cyber Essentials Plus, ISO 27001, ISO 27701, ISO 42001, GDPR, and DORA. This role focuses on internal audits, regulatory compliance, and readiness for external audits while also contributing to Cybersecurity Operations Center (CSOC) activities, including incident monitoring and response.

How will you make an impact?

• Internal Audit Execution: Conduct internal audits to evaluate and enhance IT controls, compliance with standards, and risk management processes.
• Audit Preparation: Assist internal control owners in scoping appropriate evidence and preparing for external audits.
• Gap Assessments: Facilitate and/or conduct internal gap assessments and audit readiness evaluations for frameworks such as ISO 27001, GDPR, and DORA.
• Framework Tracking: Monitor updates to Cyber Essentials, ISO, and regulatory frameworks and ensure internal alignment.
• Control Documentation: Develop and maintain control narratives, walkthroughs, and documentation of compliance processes.
• Audit Findings: Identify control deficiencies and work with stakeholders to recommend cost-effective, value-added remediation actions.
• Compliance Reporting: Draft audit reports and present findings to management during status updates and closing meetings.
• External Audit Coordination: Collaborate with external audit teams to streamline processes and provide requested documentation and evidence.
• Security Monitoring: Use tools such as Rapid7 InsightIDR or other SIEM solutions to assist with security monitoring and incident detection.
• Incident Response Support: Participate in incident response efforts, documenting security incidents and assisting in containment and recovery actions.
• Threat Identification: Contribute to analyzing cybersecurity threats and implementing recommendations to improve the security posture.
• Policy and Procedure Development: Assist in creating and refining cybersecurity policies and operational procedures to align with audit and compliance objectives.
• Vulnerability Management: Support the tracking and remediation of vulnerabilities in coordination with IT and Security Operations teams.

Have you got what it takes?

• Strong expertise in audit and compliance frameworks, including ISO 27001, ISO 27701, ISO 42001, GDPR, DORA, Cyber Essentials, and Cyber Essentials Plus.

• Familiarity with CSOC tools such as Rapid7 InsightIDR or other SIEM solutions.

• Hands-on experience in internal and external audits, compliance assessments, and process improvement.

• Basic understanding of incident response frameworks and cybersecurity best practices.

• Exceptional analytical, organizational, and communication skills.

• Commitment to continuous learning and professional development in audit, compliance, and security.

You will have an advantage if you also have:

• A Master’s degree in Cybersecurity, Risk Management, or related fields is a plus.

• Certifications (preferred or required):

• Certified Information Systems Auditor (CISA)

• Certified Information Security Manager (CISM)

• Certified Information Systems Security Professional (CISSP)

• ISO 27001 Lead Auditor or Implementer

• Cyber Essentials Assessor (or equivalent)

• GIAC certifications (e.g., GIAC Certified Incident Handler - GCIH or GIAC Security Essentials - GSEC)

What’s in it for you?

Join an ever-growing, market disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!

Enjoy NICE-FLEX!

At NICE, we work according to the NICE-FLEX hybrid model, which enables maximum flexibility: 2 days working from the office and 3 days of remote work, each week. Naturally, office days focus on face-to-face meetings, where teamwork and collaborative thinking generate innovation, new ideas, and a vibrant, interactive atmosphere.

About NICE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud and digital, NICE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.

NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

Requisition ID: 10993

Reporting into: Director Information

Role Type: Individual Contributor

About NiCE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NiCE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.

NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

At NiCE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

Information Security Engineer

At NICE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

So, what’s the role all about?

The Information Security Engineer will assist in implementing and administering initiatives implemented by InfoSec, including security initiatives mandated by regulatory and compliance requirements. This position will be responsible for ensuring that regular housekeeping activities are performed to maintain and monitor processes and systems.

The role ensures that both Corporate and Production services are managed according to company policies, processes, and compliance and regulatory requirements.

How will you make an impact?

• Create, manage, and respond to security incidents and conduct analysis in accordance with existing processes and company security policies
• Installation, configuration, and administration of information security tools such as, but not limited to, endpoint protection, SIEM, XDR, WAF, vulnerability scanners, and DLP
• Troubleshoot and resolve technical issues related to security tools and security processes
• Coordinate with third-party vendors
• Assist with internal and external audits associated with regulatory and compliance requirements
• Provide formal notification to Information Security leadership when changes are planned that may impact the approved security posture of NICE CX or the associated certification and accreditation
• Review and recommend improvements to information security processes
• Ensure regular housekeeping activities are performed to maintain system integrity and monitoring

Have you got what it takes?

• Knowledge of basic information security principles and theories
• A minimum of 3 years working in IT and data networks
• A minimum of 3 years working in Security Operations
• Good English communication skills
• Proven track record of solving problems
• Good organization and project management skills
• Advanced computer skills in desktop applications
• Possess excellent analytic skills including numbers, patterns, processes, and data flow
• Self-starter who can function without constant oversight

You will have an advantage if you also have:

• Proficient with Microsoft Applications
• Holder of COMPTIA Security+, CISA, CISSP, SSCP, CCSK, or related certification
• Knowledge of GDPR, PCI, SOC 2, FedRAMP, IRAP, and HIPAA compliance regulations

What you need to know

• This job is not intended to be all-inclusive, and employees will also perform other reasonable related business duties as assigned
• This organization reserves the right to revise or change job duties as the need arises
• This job may require overtime, including nighttime, early morning, and weekend hours
• This job may require on-call availability

What’s in it for you?

Learn more about the Benefits at NICE

Join an ever-growing, market-disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!

About NICE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime, and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud, and digital, NICE is consistently recognized as the market leader, with over 8,500 employees across 30+ countries.

NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation, or any other category protected by law.

#LI-Hybrid

Requisition ID: 10994 Reporting into: Manager, Information Security, CX

Role Type: Individual Contributor

About NiCE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NiCE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.

NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

At NiCE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

Information Security Engineer

At NICE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

So, what’s the role all about?

The Information Security Engineer will assist in implementing and administering initiatives implemented by InfoSec, including security initiatives mandated by regulatory and compliance requirements. This position will be responsible for ensuring that regular housekeeping activities are performed to maintain and monitor processes and systems.

The role ensures that both Corporate and Production services are managed according to company policies, processes, and compliance and regulatory requirements.

How will you make an impact?

• Create, manage, and respond to security incidents and conduct analysis in accordance with existing processes and company security policies
• Installation, configuration, and administration of information security tools such as, but not limited to, endpoint protection, SIEM, XDR, WAF, vulnerability scanners, and DLP
• Troubleshoot and resolve technical issues related to security tools and security processes
• Coordinate with third-party vendors
• Assist with internal and external audits associated with regulatory and compliance requirements
• Provide formal notification to Information Security leadership when changes are planned that may impact the approved security posture of NICE CX or the associated certification and accreditation
• Review and recommend improvements to information security processes
• Ensure regular housekeeping activities are performed to maintain system integrity and monitoring

Have you got what it takes?

• Knowledge of basic information security principles and theories
• A minimum of 3 years working in IT and data networks
• A minimum of 3 years working in Security Operations
• Good English communication skills
• Proven track record of solving problems
• Good organization and project management skills
• Advanced computer skills in desktop applications
• Possess excellent analytic skills including numbers, patterns, processes, and data flow
• Self-starter who can function without constant oversight

You will have an advantage if you also have:

• Proficient with Microsoft Applications
• Holder of COMPTIA Security+, CISA, CISSP, SSCP, CCSK, or related certification
• Knowledge of GDPR, PCI, SOC 2, FedRAMP, IRAP, and HIPAA compliance regulations

What you need to know

• This job is not intended to be all-inclusive, and employees will also perform other reasonable related business duties as assigned
• This organization reserves the right to revise or change job duties as the need arises
• This job may require overtime, including nighttime, early morning, and weekend hours
• This job may require on-call availability

What’s in it for you?

Learn more about the Benefits at NICE

Join an ever-growing, market-disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!

About NICE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime, and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud, and digital, NICE is consistently recognized as the market leader, with over 8,500 employees across 30+ countries.

NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation, or any other category protected by law.

#LI-Hybrid

Requisition ID: 10995 Reporting into: Manager, Information Security, CX

Role Type: Individual Contributor

About NiCE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NiCE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.

NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.