8,945 Database Security jobs in the United States

A national bank is looking for a Database Security Analyst to join their growing team! supply-chain logistics company is looking for a Truckmate Configuration Analyst. You'll work with Imperva, specifically DAM and Securesphere to ensure the security of their enterprise databases. You'll help protect their databases, identify vulnerabilities, implement security measures, and monitor threats utilizing Imperva security products.

This role has the ability to be fully remote, though local candidates in the Houston, TX area are preferred. Required Skills & Experience

• 2+ years of experience with database security
• Experience working in financial institutions or enterprise environments
• Experience with Imperva, ideally DAM, Securesphere, or Data Security Fabric
• Strong communication and collaboration skills

• You will receive the following benefits:
• Medical, Dental, and Vision Insurance
• Vacation Time
• More

• System Administration

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.

Job Summary

The Database Security Engineer Lead is responsible for implementing and maintaining security systems that provide detection, prevention, containment and deterrence mechanisms to protect the integrity of relational database systems, AWS cloud native databases, NoSQL and big data platforms, and the data they contain. Using security principles and best practice, the engineer will work with a team of other security professionals to provide guidance and support to operational, business and regulatory teams and will perform expert level database security incident response and investigation.

The Database Security Engineer Lead is a key position for providing protection and assurance on the controls safeguarding the bank's information assets.

Major Responsibilities

• Designing, developing, testing, documenting, monitoring, and implementing information and database security solutions to enforce security strategies and support to new/existing systems in accordance with policies, standards, guidelines and procedures.

• Serve as a trusted partner to business, operations, development, risk and compliance teams providing database security subject matter expert (SME) guidance and analysis.

• Managing a database activity monitoring (DAM) platform for security and audit compliance, including policy creation, event and trend analysis, performance monitoring and infrastructure maintenance.

• Developing and maintaining database security standards, guidelines and procedures for hardening database configurations, users and roles, profiles, etc.

• Refining and enhancing existing controls, policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of data.

• Evaluating updates to new/existing database security controls by determining the strengths/weaknesses and coordinate the testing and implementation of the new/enhanced controls with all business partners that are affected.

• Identifying weak links in information security products and determine how to mitigate the control deficiencies.

• Enhancing preventive systems used to stop and/or deter security breaches.

• Evaluating database security patches from vendors and assesses potential risk and work with stakeholders to address vulnerabilities.

• Respond to security Incidents and assist with Tier-1 and Tier-2 incident investigations.

• Performing root cause analysis of security violations to determine if they are the result of misconfiguration or malfunction or if they are malicious, and taking appropriate action depending on circumstances.

• Serve as technical lead on projects within area of responsibility.

• Working with database custodians at different levels of the organization to understand their respective security needs and assist with implementing practices and procedures consistent with the bank information security policy.

• Working with internal and external auditors to demonstrate and provide evidence of security controls are adherence to regulatory compliance.

• Executing and enhancing monitoring systems used to detect and report security violations.

• Identify weak links in information security products and determine how to mitigate the control deficiencies.

• Maintain familiarity with industry trends and current security practices.

• Demonstrate ability to manage complex projects in an effective manner. This includes the ability to prepare detailed task plans outlining all requirements to complete the given assignment.

• Evaluate business process and application software, which effect the integrity, functionality, and reliability of the Bank's network and systems.

Qualifications

• Degree or equivalent work experience equally preferable

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or Related Fields or relevant industry certifications and comparable experience

• Master's Degree (preferred)

• 5-7+ years of technical experience in cybersecurity, insider threat, incident response, security operations, or related information security field

• Experience in the banking or finance industries preferred

• Database security, monitoring and protection

• Database activity monitoring platforms such as Imperva Data Security and Data Risk Analytics (DRA) and Imperva Data Security Fabric (DSF / Sonar)

• Imperva Data Security Specialist (IDSS) certification strongly preferred

• In-depth working knowledge of databases and database technologies

• Familiarity with AWS technologies and methods including RDS (Relational Database Service)

• Data protection especially with regard to cybersecurity tools and methods

• Database Firewall, Data Classification

• Vulnerability detection and mitigation

• Cybersecurity experience in regulated banking or financial environment

• Penetration testing and attack forensics

• IS audit

• GRC Tools & Processes

• Ability to understand security risks and controls, to analyze various methods of controlling information security problems, determine the strengths and weaknesses of each method and implement the best cost-justified solution.

• Advanced experience with DAM, SIEM, UEBA and related tools.

• Detailed knowledge of major database platforms such as Oracle, SQLSERVER, MySQL, etc.

• Working knowledge of at least two or more operating systems and corresponding security systems (Linux, Unix, Windows, etc.)

• Proficient with development of documentation, presentations and architecture diagrams.

• Working knowledge of regulatory requirements affecting data integrity, protection and monitoring, such as GLBA, SOX, PCI, etc.

• These certification are a plus - Imperva Database Security Specialist (IDSS),Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified in Governance, Risk and Compliance (CGRC), formerly Certified Authorization Professional (CAP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)

The typical base pay range for this role is between $137K - $176K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.

MUFG Benefits Summary (

We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual's associates or relatives that is protected under applicable federal, state, or local law.

At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!

Our Culture Principles

• Client Centric

• People Focused

• Listen Up. Speak Up.

• Innovate & Simplify

• Own & Execute

As a Principal Cybersecurity Architect at JPMorganChase within the Cybersecurity and Technology Controls line of business, you provide expertise to enhance and develop architecture platforms based on modern cloud-based technologies as well as support the adoption of strategic global solutions. Leverage your advanced architecture capabilities to identify, communicate, and mitigate risk, and collaborate with colleagues across the organization to drive best-in-class outcomes.

This role serves as a Product Security Lead (PSL) for the database product line, you will work proactively with your technology and business colleagues to identify and quantify security issues within their products and empower them to take decisive risk decisions at speed and scale. You are a security expert with a strong mix of database technology and communication skills and are passionate about enabling safe and secure innovation to make database products secure. You will work with some of the best and brightest cybersecurity and technology engineers to solve complex problems which will both challenge you and help you develop your skills in one of the most innovative and respected companies in the world.

Job responsibilities

• Cultivate security culture. Products that have the right security culture will strive to prioritize sustainable controls and driving real risk reduction outcomes.
• Embed threat modeling, security architecture, secure code review into product and application teams so they adopt our control products and create products that are secure from the start.
• Know database products across their breadth and depth. Be fluent in your product's strategy and roadmap as well as its key investment programs.
• Be your product's security thought leader. Learn from your product and cybersecurity teams and share best practice in both directions. Be recognized in your product as the clear point of escalation and subject matter expert for IT Risk and Cyber domains.
• Proactively monitor Key Risk Indicators to ensure issues are identified, quantified, communicated, and managed in a timely manner, including recommendations for resolution, and identifying the root cause
• Work collaboratively with product, technology, and business colleagues on an on-going basis for business-as-usual audit and regulatory engagements, risk activities and project initiatives.
• Advises cross-functional teams on technology selections and decisions to achieve target state cybersecurity on improvements to current cybersecurity parameters
• Develops multi-year roadmaps aligned with business and architecture strategy and priorities
• Serves as the function's go-to subject matter expert and drives thought leadership within the product line
• Contributes to the development of technical methods in cybersecurity in line with the latest product development methodologies
• Participates in the firm's culture of diversity, opportunity, inclusion, and respect

Required qualifications, capabilities, and skills

• Formal training or certification on cybersecurity architecture concepts and 10+ years applied experience
• Experience in a successful security and risk organization with strong security and technical skills. Experience of operating in a regulated organization with a 3LoD (Line of defense) model is also needed
• Delivery excellence mixed with strategic vision.
• Able to communicate effectively and authoritatively with technical and non-technical stakeholders at all levels of the organization.and clearly explain complex technical concepts in simple terms.
• Demonstrated success in influencing peers inside and outside your department.
• Ability to drive change across organizations, collaborating with partners across Global Tech and other Lines of Business,identify challenges and engage resources across all roles and levels to identify and implement innovative solutions, and quickly digest new information/technologies and apply diverse experience and principles to be able to quickly come up to speed and add value in product security discussions.
• Demonstrated experience / understanding with platform technologies including but not limited to: 1) A detailed, technical understanding of Public Cloud computing (GCP/AWS). Especially how Public Cloud services are hardened, and controls are applied to secure data, ensure resiliency/availability as well as prevent unauthorized access. 2) APIs/ micro-services 3) Database Technology 4) Identity & Access Management as well as Secrets Management, 5) Securing Software as a Service (SaaS) tool, 6) Securing Containerized workloads at build and runtime
• Advanced knowledge of cybersecurity architecture, applications, and technical processes with considerable, in-depth knowledge in one or more technical disciplines (e.g., public cloud, artificial intelligence, machine learning, mobile, etc.)
• Experience applying expertise and new methods to determine solutions for complex architecture problems in one or more technical disciplines
• Ability to present and effectively communicate with senior leaders and executives
• Understanding of the business and knowledgeable of latest risk trends in the internal and external environments

Preferred qualifications, capabilities, and skills

• Demonstrated ability to collaborate on, and/or lead, ad hoc teams for control architecture and design.
• Experience within Line of Business teams with ability to leverage business perspectives when solving technology challenges
• Experience fulfilling audit requests, challenging observations/findings and driving successful outcomes in technology audits
• Proven ability to drive change in policy and control requirements at a firmwide level
• Experience translating firmwide policy or regulatory requirements into control design and definition for Software Engineers and Solutions Architects
• Experience in financial services consumer businesses (i.e., Mortgages, Cards or Digital) preferred but not required
• Thinks in terms of risks and outcomes, and able to translate those into actions required to achieve business and technology goals. Proven experience of upskilling and learning modern technologies.

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

***Must sit in Charlotte, NC, but will be remote!***

Position: Information Security Engineer

Duration: FTE

Compensation: 90-100k with 7.5% bonus

Location: REMOTE but must sit in Charlotte, NC

Summary:

The Information Security Engineer will conduct vulnerability assessments, threat hunting activities, and evaluate deviations from security configurations or policies. The team member also develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.

Essential Functions:

Expertise in Information Security Programs

• Conduct Vulnerability Assessments
• Company Security Policy and Procedure Upkeep
• Risk Assessments
• Threat Hunting
• Security Awareness Training
• Operational Security Oversight

Desired Qualifications:

• Degree in Computer Science or related work experience
• 2 years in direct related work experience
• Passion and vision
• Strong communication and presentation skills

Desired Experience:

• Intermediate knowledge of risk management processes
• Intermediate knowledge of information security regulations
• Intermediate knowledge of information technology (IT) supply chain security/risk management policies, requirements, and procedures.
• Experience in Payment Card Industry, Data Security Standards (PCI-DSS), Graham Leach Bliley (GLBA), Healthcare Insurance Portability and Accounting and Accounting Act (HIPAA), Sarbanes-Oxley (SOX)
• Demonstrated real world experience performing grey and black box penetration testing as well as cyber threat emulation services (opposing force)
• Have an understanding of common Web Application vulnerabilities like XSS, CSRF, and others.
• Must be proficient in several of the following tools: PowerShell, Metasploit Framework/Pro, Nexpose, Burp, and the Social Engineering Toolkit
• Must have solid working experience and knowledge of Windows and Unix/Linux operating system, mobile platforms a plus
• Firm understanding of networks, systems and data center architecture
• (Certified Ethical Hacker (CEH)) and (Licensed Penetration Tester (LPT), GIAC Penetration Tester (GPEN), Certified Penetration Tester (CPT)) OSCP or equivalent desired

MUST HAVES

• Azure and/or AWS
• Cloud Incident Response

Role Overview

The Information Security Engineer II – Cloud Incident Responder tackles moderately complex security engineering challenges within their domain. They maintain and enhance existing security controls while actively participating in the design and development of new solutions. They proactively identify and address vulnerabilities or deficiencies within their domain, develop and implement robust controls to mitigate these risks, create detailed documentation, and implement mechanisms to ensure the effectiveness of solutions.

The Engineer II – Cloud Incident Responder will focus on building and operationalizing cloud-specific incident response processes, playbooks, and procedures across Azure, AWS, and GCP environments. This role requires strong technical expertise in cloud security and incident response, and will be instrumental in improving MGB’s ability to detect, respond to, and recover from cloud-based threats.

The Engineer II – Cloud Incident Responder is expected to work independently on moderately complex problems within their domain and provide guidance to junior team members to support their development. They will regularly engage with external stakeholders and partners to support the development of effective solutions.

Responsibilities

• Takes ownership of specific modules or components within projects or tools, from design to implementation.
• Reviews and provides constructive feedback on build/code contributions from team members.
• Participates in architectural discussions and contributes to the design of complex solutions.
• Proactively identifies and optimizes improvement in existing processes.
• Mentors junior team members, sharing knowledge and best practices.
• Cross-Functional collaboration with other teams to ensure successful solution delivery.
• Designs and maintains cloud incident response playbooks tailored to Azure, AWS, and GCP environments.
• Develops and documents cloud-specific IR procedures, including detection, triage, containment, eradication, and recovery workflows.
• Collaborates with cloud engineering, SOC, and threat intelligence teams to ensure alignment of IR capabilities with cloud architecture and threat landscape.
• Participates in tabletop exercises and simulations to validate cloud IR readiness and improve response capabilities.
• Implements automation and orchestration for cloud incident response using native and third-party tools.

Qualifications

• Bachelor’s or Associate’s Degree or requisite experience
• 3+ years of relevant experience
• Experience in cloud security and incident response across Azure, AWS, and GCP
• Certifications such as AWS Certified Security – Specialty, Azure Security Engineer Associate, or Google Professional Cloud Security Engineer are preferred

Skills / Abilities / Competencies

• Strong understanding of cybersecurity concepts within their domain
• High proficiency with the tools and solutions supported by the team
• Solid understanding of system architecture and design
• Strong problem solving skills and analytical thinking to identify solutions to complex problems, and to optimize existing solutions
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
• Excellent communication and teamwork skills to share knowledge, present ideas, and lead discussions
• Proficiency in cloud-native security tools such as AWS GuardDuty, Azure Sentinel, and GCP Security Command Center
• Experience with SIEM, SOAR, and EDR platforms in cloud environments
• Ability to analyze cloud logs and telemetry for threat detection and investigation
• Strong understanding of cloud architecture, IAM, and network security principles

COMPANY OVERVIEW

Pattern Energy Group is an independent, fully integrated energy company that develops, constructs, owns and operates renewable energy projects and transmission assets across North America, Japan, and parts of Latin America.  The company focuses primarily on wind, solar and transmission. The Pattern Energy Group team has a history as one of the top North American renewable energy and transmission providers in the industry. The team is dedicated to delivering the highest value for its customers, partners, financial supporters and the communities in which it works, while exhibiting a strong commitment to promoting environmental stewardship and corporate responsibility.

Pattern Energy Group operates in the United States, Canada, Japan, and Mexico with offices in San Francisco, Houston, San Diego, New York, Tokyo, and Toronto.  Pattern Energy Group’s corporate headquarters is in San Francisco.

JOB PURPOSE

As Pattern continues to expand, this newly created role is essential to strengthening our cybersecurity posture. The Security Engineer or Senior Security Engineer (based on experience) will play a critical role in minimizing the likelihood of a material impact to Pattern’s business due to cyber incidents. This position requires expertise in securing both Information Technology (IT) and Operational Technology (OT) environments and will work closely with cross-functional teams to enhance our cybersecurity defenses.

Key Accountabilities

Security Monitoring & Incident Response:

• Monitor, analyze, and investigate security alerts and incidents to mitigate potential threats.
• Act as a key member of the Cybersecurity Incident Response Team (CIRT) to contain and remediate threats.

Endpoint & Server Protection:

• Manage and monitor Microsoft Defender for Endpoint (Windows & macOS).
• Manage and monitor Microsoft Defender for Server P2 for enhanced threat detection.

Identity & Access Management (IAM):

• Manage and monitor Microsoft Entra and AD to enforce secure authentication and authorization policies.

Security Information and Event Management (SIEM):

• Manage and monitor SIEM solutions for threat detection, correlation, and response.
• Experience with Exabeam SIEM is a plus.

Compliance & Risk Management:

• Ensure compliance with NERC CIP security standards.
• Apply cybersecurity best practices following NIST CSF guidelines.

Collaboration & Communication:

• Work closely with both IT and OT teams to implement security controls.
• Provide clear written and verbal communication to technical and non-technical stakeholders.

Security Training & Awareness:

• Conduct cybersecurity training and awareness programs (Cybersecurity instructor experience is a plus).

Experience/Qualifications/Education Required

Educational Experience

Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience.

Required and Preferred Work Experience

• Minimum of five years of experience on an Information Security team.
• Strong knowledge of cybersecurity monitoring and incident investigation.
• Hands-on experience with Microsoft Defender security tools.
• Experience working with SIEM platforms (Exabeam experience is a plus).
• Knowledge of NERC CIP requirements and their impact on security operations.
• Hands-on experience protecting, monitoring and investigating II and OT environments.
• Excellent written and verbal communication skills.
• Experience responding as a member of a CIRT (Cyber Incident Response Team).

Additional Requirements

• Experience with NIST Cybersecurity Framework (CSF) .
• Familiarity with Jamf for macOS and Microsoft MDM for Windows mobile device management.
• Cybersecurity certifications such as CompTIA Security+, CISSP, CISA are a plus.

The expected starting pay range for this role is $90,000 - $122,000 USD. This range is an estimate and base pay may be above or below the ranges based on several factors including but not limited to location, work experience, certifications, and education. In addition to base pay, Pattern’s compensation program includes a bonus structure for full-time employees of all levels. We also provide a comprehensive benefits package which includes medical, dental, vision, short and long-term disability, life insurance, voluntary benefits, family care benefits, employee assistance program, paid time off and bonding leave, paid holidays, 401(k)/RRSP retirement savings plan with employer contribution, and employee referral bonuses.

Pattern Energy Group is an Equal Opportunity Employer.

#LI-AN1