12,471 Information Security jobs in the United States

We are a forward-thinking company dedicated to safeguarding our digital assets and ensuring the highest level of security for our operations and clients. Our team is composed of innovative professionals who are passionate about technology and information security. We are seeking a skilled Information Security Analyst to join our remote team and help us fortify our security posture.

Job Summary:
As a Remote Information Security Analyst, you will be responsible for monitoring, analyzing, and protecting our organization's information systems from security threats. You will collaborate with various teams to implement security measures, conduct risk assessments, and respond to security incidents. Your expertise will be crucial in creating a secure environment for our critical data and systems.

Key Responsibilities:
- Monitor network traffic and security events to identify potential security incidents.
- Conduct vulnerability assessments and penetration testing to identify weaknesses in systems and applications.
- Develop and implement security policies, standards, and procedures.
- Assist in incident response and investigation of security breaches and threats.
- Collaborate with IT and development teams to ensure security best practices are integrated into new projects and systems.
- Provide security awareness training to employees and stakeholders.
- Stay updated on the latest cybersecurity trends, threats, and technologies.
- Prepare reports on security incidents, vulnerabilities, and compliance with regulations.
- Participate in audits and compliance assessments to ensure adherence to security standards.

Qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or equivalent experience).
- Proven experience as an Information Security Analyst or similar role.
- Strong understanding of network security protocols, firewalls, and intrusion detection/prevention systems.
- Familiarity with security frameworks and standards (e.g., NIST, ISO 27001, CIS Controls).
- Experience with security tools such as SIEM, antivirus, and endpoint protection solutions.
- Knowledge of risk assessment methodologies and vulnerability management.
- Excellent problem-solving skills and attention to detail.
- Strong verbal and written communication skills.
- Relevant certifications (e.g., CISSP, CISM, CEH) are a plus.

What We Offer:
- Competitive salary and benefits package.
- Flexible work hours and a fully remote work environment.
- Opportunities for professional development and training.
- A supportive and collaborative team culture.
- Work-life balance and wellness programs.

How to Apply:
If you are passionate about cybersecurity and ready to make a difference, we want to hear from you! Please submit your resume.

Join us in our mission to protect our digital world!

Job Description:

Enterprise Cybersecurity (ECS) is seeking a Principal Cybersecurity Consultant to join the IAM Adoption Team. This role blends cybersecurity risk and data analysis with a focus on access controls, stakeholder collaboration, and proactive problem-solving. You will join a team of analysts tasked with strengthening Fidelity's access ecosystem by identifying control risks, expanding control coverage, and delivering actionable insights. We are looking for a critical thinker and clear communicator who can combine technical fluency (SQL, data visualization, IAM/PAM experience) with strategic execution in a complex environment.

The Expertise You Have and The Skills You Bring

• 8+ years of experience in a data-focused role within cybersecurity, risk, or access management

• Advanced proficiency in SQL, data visualization tools (PowerBI, Tableau), Excel, Confluence, and SharePoint

• In-depth experience with IAM/PAM concepts and platforms such as SailPoint, Azure AD, AWS IAM, Okta, CyberArk, HashiCorp, Delinea, BeyondTrust, or similar

• Proven ability to work independently, manage competing priorities, and engage with senior stakeholders

• Excellent written and verbal communication skills, with an ability to translate complex, technical data to diverse audiences

• Skilled in building repeatable, scalable data queries and dashboards that accelerate access remediation and improve visibility into control posture

• Experience in regulated industries such as financial services, healthcare, or banking

• Proven success in roles that required both technical execution (e.g., SQL, dashboarding, data validation) and strategic communication with cybersecurity and business leaders

• Background in audit readiness, control assurance, and/or risk quantification is a plus

• Bachelor's or Master's in a related field (Information Systems, Data Science, Cybersecurity, or similar)

• Identify and remediate access risks and control gaps by analyzing large datasets across IAM and PAM platforms

• Use SQL and other data tools to query systems, validate data quality, and evidence control coverage and gaps

• Leverage strong critical thinking with experience assessing platform designs for IAM compliance and identifying risks and solutions in non-standard implementations

• Design and optimize complex SQL queries and ETL pipelines to support large-scale data ingestion, transformation, and validation across diverse IAM/PAM systems

• Build dashboards and reports that communicate access risk posture, control coverage, and key metrics to cybersecurity and business leaders

• Collaborate with cybersecurity, operations, internal audit, product delivery, and application teams to translate and resolve control coverage findings

• Serve as a subject matter expert on access controls, privileged access, and identity governance data flows

• Drive continuous improvement by documenting current/future states and mentoring junior analysts

• Lead requirements gathering and write well-defined epics and stories with value-driven acceptance criteria

• Ask the right questions, challenge assumptions, and drive clarity in complex technical and business environments

Related Certifications

• Relevant certifications include CIAM, CISSP, CISA, CISM, and CRISC

• Platform-specific credentials from SailPoint, CyberArk, or BeyondTrust are a plus

• Certifications such as CSPO, CSM, IIBA (CCBA, CBAP, POA) are a plus

Fidelity's hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.

Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.

Job Description:

Enterprise Cybersecurity (ECS) is seeking a Principal Cybersecurity Consultant to join the IAM Adoption Team. This role blends cybersecurity risk and data analysis with a focus on access controls, stakeholder collaboration, and proactive problem-solving. You will join a team of analysts tasked with strengthening Fidelity's access ecosystem by identifying control risks, expanding control coverage, and delivering actionable insights. We are looking for a critical thinker and clear communicator who can combine technical fluency (SQL, data visualization, IAM/PAM experience) with strategic execution in a complex environment.

The Expertise You Have and The Skills You Bring

• 8+ years of experience in a data-focused role within cybersecurity, risk, or access management

• Advanced proficiency in SQL, data visualization tools (PowerBI, Tableau), Excel, Confluence, and SharePoint

• In-depth experience with IAM/PAM concepts and platforms such as SailPoint, Azure AD, AWS IAM, Okta, CyberArk, HashiCorp, Delinea, BeyondTrust, or similar

• Proven ability to work independently, manage competing priorities, and engage with senior stakeholders

• Excellent written and verbal communication skills, with an ability to translate complex, technical data to diverse audiences

• Skilled in building repeatable, scalable data queries and dashboards that accelerate access remediation and improve visibility into control posture

• Experience in regulated industries such as financial services, healthcare, or banking

• Proven success in roles that required both technical execution (e.g., SQL, dashboarding, data validation) and strategic communication with cybersecurity and business leaders

• Background in audit readiness, control assurance, and/or risk quantification is a plus

• Bachelor's or Master's in a related field (Information Systems, Data Science, Cybersecurity, or similar)

• Identify and remediate access risks and control gaps by analyzing large datasets across IAM and PAM platforms

• Use SQL and other data tools to query systems, validate data quality, and evidence control coverage and gaps

• Leverage strong critical thinking with experience assessing platform designs for IAM compliance and identifying risks and solutions in non-standard implementations

• Design and optimize complex SQL queries and ETL pipelines to support large-scale data ingestion, transformation, and validation across diverse IAM/PAM systems

• Build dashboards and reports that communicate access risk posture, control coverage, and key metrics to cybersecurity and business leaders

• Collaborate with cybersecurity, operations, internal audit, product delivery, and application teams to translate and resolve control coverage findings

• Serve as a subject matter expert on access controls, privileged access, and identity governance data flows

• Drive continuous improvement by documenting current/future states and mentoring junior analysts

• Lead requirements gathering and write well-defined epics and stories with value-driven acceptance criteria

• Ask the right questions, challenge assumptions, and drive clarity in complex technical and business environments

Related Certifications

• Relevant certifications include CIAM, CISSP, CISA, CISM, and CRISC

• Platform-specific credentials from SailPoint, CyberArk, or BeyondTrust are a plus

• Certifications such as CSPO, CSM, IIBA (CCBA, CBAP, POA) are a plus

Fidelity's hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.

Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.

Job Description:

Enterprise Cybersecurity (ECS) is seeking a Principal Cybersecurity Consultant to join the IAM Adoption Team. This role blends cybersecurity risk and data analysis with a focus on access controls, stakeholder collaboration, and proactive problem-solving. You will join a team of analysts tasked with strengthening Fidelity's access ecosystem by identifying control risks, expanding control coverage, and delivering actionable insights. We are looking for a critical thinker and clear communicator who can combine technical fluency (SQL, data visualization, IAM/PAM experience) with strategic execution in a complex environment.

The Expertise You Have and The Skills You Bring

• 8+ years of experience in a data-focused role within cybersecurity, risk, or access management

• Advanced proficiency in SQL, data visualization tools (PowerBI, Tableau), Excel, Confluence, and SharePoint

• In-depth experience with IAM/PAM concepts and platforms such as SailPoint, Azure AD, AWS IAM, Okta, CyberArk, HashiCorp, Delinea, BeyondTrust, or similar

• Proven ability to work independently, manage competing priorities, and engage with senior stakeholders

• Excellent written and verbal communication skills, with an ability to translate complex, technical data to diverse audiences

• Skilled in building repeatable, scalable data queries and dashboards that accelerate access remediation and improve visibility into control posture

• Experience in regulated industries such as financial services, healthcare, or banking

• Proven success in roles that required both technical execution (e.g., SQL, dashboarding, data validation) and strategic communication with cybersecurity and business leaders

• Background in audit readiness, control assurance, and/or risk quantification is a plus

• Bachelor's or Master's in a related field (Information Systems, Data Science, Cybersecurity, or similar)

• Identify and remediate access risks and control gaps by analyzing large datasets across IAM and PAM platforms

• Use SQL and other data tools to query systems, validate data quality, and evidence control coverage and gaps

• Leverage strong critical thinking with experience assessing platform designs for IAM compliance and identifying risks and solutions in non-standard implementations

• Design and optimize complex SQL queries and ETL pipelines to support large-scale data ingestion, transformation, and validation across diverse IAM/PAM systems

• Build dashboards and reports that communicate access risk posture, control coverage, and key metrics to cybersecurity and business leaders

• Collaborate with cybersecurity, operations, internal audit, product delivery, and application teams to translate and resolve control coverage findings

• Serve as a subject matter expert on access controls, privileged access, and identity governance data flows

• Drive continuous improvement by documenting current/future states and mentoring junior analysts

• Lead requirements gathering and write well-defined epics and stories with value-driven acceptance criteria

• Ask the right questions, challenge assumptions, and drive clarity in complex technical and business environments

Related Certifications

• Relevant certifications include CIAM, CISSP, CISA, CISM, and CRISC

• Platform-specific credentials from SailPoint, CyberArk, or BeyondTrust are a plus

• Certifications such as CSPO, CSM, IIBA (CCBA, CBAP, POA) are a plus

Fidelity's hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.

Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.

Job Description:

The mission of the penetration testing team is to protect Fidelity's assets and our customers' livelihoods from the threat of exploitation by malicious adversaries. The penetration testing team does this by proactively identifying vulnerabilities in our systems and serving as subject matter experts to enable the business units to mitigate them in a positive, collaborative, innovative manner.

• Lead testing efforts on Fidelity's web and mobile applications and supporting systems.

• Replicate the actual techniques and tools used by malicious attackers in an effort to model potential external threats.

• Upon completion of the assessment, you will prepare reports and present the results to application owners, developers, and business unit information security teams.

• Analyze test results, draw conclusions from results, and develop targeted exploit examples.

• Consult with operations and software development teams to ensure potential weaknesses are addressed.

• Contribute to the research or development of tools to assist in the vulnerability discovery process.

• Collaborate with other teams within Enterprise Cybersecurity to improve the overall security of Fidelity's applications and infrastructure.

• Stay current on security best practices and vulnerabilities.

The Expertise You Have and The Skills You Bring

• Bachelors degree or equivalent experience

• 5+ years of IT experience

• Preferred 3+ years of hands-on web application penetration testing / ethical hacking experience

• Preferred: OSCP, GWAPT, GXPN, GPEN, LPT, CEH, CISSP or other industry security certifications.

• Ability to demonstrate manual testing experience including all of OWASP Top 10

• Intermediate knowledge of application security mechanisms such as authentication and authorization techniques, data validation, and the proper use of encryption

• Technical knowledge of, and the ability to recognize, various types of application security vulnerabilities.

• Demonstrated experience with common penetration testing and vulnerability assessment tools such as nmap, Wireshark, Nessus, NeXpose, BackTrack, Metasploit, AppScan, WebInspect, Burp Suite Professional, Acunetix, Arachni, w3af, NTOSpider

• Intermediate knowledge of a programming or scripting language such a C, C#, Python, Objective C, Java, Javascript, SQL,

• Intermediate knowledge of Web Services technologies such as XML, JSON, SOAP, REST, and AJAX

• Intermediate knowledge of web frameworks, including XML, SOAP, J2EE, JSON and Ajax

• Experience with Enterprise Java or .NET web application frameworks, including Struts and Spring

• Proven analytical and problem-solving skills, as well as the desire to assist others in solving issues

• Excellent interpersonal skills with a strong interest in the application security domain

• Excellent communication and presentation skills and a proven ability to communicate threats and facilitate progress towards long-term remediation.

• Highly motivated with the willingness to take ownership / responsibility for their work and the ability to work alone or as part of a team.

The Team

The Penetration Testing team forms part of Security Assessment group within Enterprise Cybersecurity (ECS). The goal of the Security Assessment group is to proactively identify and remediate vulnerabilities in Fidelity's applications and infrastructure. We work very closely with all of the key Business Units to ensure that they remain secure while they deliver key projects to advance the firm.

Fidelity's hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.

Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.

Job Description:

Director, Cloud Network and Security Engineer (Individual Contributor)

The Role:

We are looking for a hands-on Cloud Network and Security Engineer. The position will be part of the Network team within the Fidelity Architecture and Engineering (FAE) organization, which is responsible for the network design, implementation, and operation of the virtual network constructs within various cloud service providers (CSPs) such as AWS (4,000+ VPCs) and Azure. The ideal candidate should have a deep understanding of fundamental networking technologies, infrastructure as code, software-defined networking, extensive experience in AWS, as well as modern development practices using CI/CD pipelines. The position will be based in Westlake, TX or Merrimack, NH. In this role you will be:

• Working across the organization to define requirements and deliver solutions
• Designing and implementing network and security technologies within the public clouds
• Designing and building comprehensive network and security controls to enforce policy
• Participating in the design of APIs to enable self-service at the network and security layers
• Providing operational support and participating in the on-call rotation
• Providing guidance and support to business unit technologists deploying to the public cloud
• Troubleshooting issues within the CSPs as well as connectivity to/from the Fidelity network
• The ultimate owner for problem resolution and root cause analysis
• Mentoring network engineers in modern cloud networking best practices

The Skills and Expertise You Bring

• Expertise in cloud networking and security constructs
• In-depth knowledge of AWS networking at scale
• Knowledge of IP routing, firewalls, load balancers, proxies, and DNS
• Advocate for and practitioner of infrastructure-as-code
• Python programming experience and modern CI/CD software development practices
• Linux system administration
• Excellent problem-solving and troubleshooting skills
• Strong data analysis and data mining skills
• Strong oral and written communication skills
• Squid and HAProxy operation and performance tuning preferred
• 10+ years of experience in IT infrastructure, security, and architecture
• Experience managing AWS VPCs at scale
• Security-focused approach to cloud networking
• Infrastructure automation skills with Python
• Experience with virtual network and security constructs of AWS
• Experience implementing infrastructure-as-code concepts and technologies (CloudFormation)

The Team
Fidelity's Architecture and Engineering's (FAE) mission is to enable Fidelity application development to go faster. Modern computing paradigms, cloud computing and open-source software offer tremendous potential to accelerate development and drive down costs. You will leverage your expertise in cloud networking and security to ensure the stability, scalability, and efficiency of our CSP networks. Your contributions will be pivotal in maintaining a robust network infrastructure, enabling other teams to develop applications faster and more securely.

Fidelity's hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.

Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.