5,113 Security Engineering jobs in the United States

Tech Risk – Global Cyber Defense & Intelligence – Application Security Engineer – Bug Bounty – Associate location_on Dallas, Texas, United States Opportunity Overview sitemap_outline CORPORATE TITLE Associate language OFFICE LOCATION(S) Dallas assignment JOB FUNCTION Security Engineering account_balance DIVISION Engineering Division WHO WE ARE Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, the Global Cyber Defense & Intelligence (GCDI) identifies malicious activity, manage the lifecycle of vulnerabilities within GS technologies, and investigates and manages threats across the firm. We are a team of security, software, and product engineers that allow the firm to respond appropriately to firm risks through the use of detection models, security architecture, and cutting-edge cyber threat analysis to manage internal and external threats against the firm. The Bug Bounty team within GCDIperforms one of the most important security and risk functions at the firm – working with external security researchers to detect vulnerabilities in our technology and ensuring their remediation before they can be exploited by malicious hackers. The Goldman Sachs has one of the most progressive Technology Risk teams in the industry and is continuing to push the development of risk in preference to security within technology and the business. Year on year success has led the team to work deeper into the organization and gain valuable insights into how technology needs to function, what its risk really is and how this impacts the business. YOUR IMPACT You will be a key addition to the Bug Bounty team, which continuously strives to contribute immensely to the improvement of the overall security posture of the organization. This role will offer you a great platform to apply your knowledge and skills as well as opportunity to engage with key stakeholders within the organization to consistently improve the program through various functions such as vulnerability discovery, risk assessment, tracking and reporting. HOW YOU WILL FULFILL YOUR POTENTIAL In this role, you will be a part of the Bug Bounty team operating one of the top Bug Bounty programs in the industry, and you will be directly responsible for driving various activities to ensure the successful detection, review, and remediation of vulnerabilities. This includes applying your analytical, reasoning & specialized technical security expertise to investigate, isolate and track network and security vulnerabilities, false positive identification, and engagement with various teams for remediation process. This role will also give you the opportunity to work with and learn from some of the best security researchers around the world. The ideal candidate should have strong technical experience performing penetration tests and vulnerability assessments across application and network targets for large enterprises. The candidate will also have deep expertise in understanding root causes of vulnerabilities, triaging and guiding, driving remediation of vulnerabilities. Responsibilities Execute and support the firm’s global Bug Bounty program as part of the team within Technology Risk. Triage vulnerability reports submitted to our Bug Bounty program – includes tracking and responding to submissions, reproducing and chaining vulnerabilities, coordinating with teams to triage and resolve issues, and providing feedback to security researchers. Assess vulnerability impact, risk, and escalate possible security incidents. Work directly with project teams to help them understand the risk of vulnerabilities and provide remediation guidance. Collaborate extensively with the firm’s engineering teams and adjacent advisory and vulnerability management teams to track remediation timelines and ensure vulnerabilities fixes are scheduled and implemented in a timely manner. Develop tooling to help automate vulnerability discovery and scanning for issues at scale. Leverage learnings from the program to identify vulnerabilities in software applications and software designing processes to reduce security risks. Share learnings from the bug bounty program with adjacent security teams within the Firm as needed. Stay up to date with new technologies and assist engineers in assessing risk. Enable a world-class cyber defense program by working closely with other technical, incident management, and forensic personnel to develop a fuller understanding of activity of cyber threat actors. Basic Qualifications At least 2 years of hands-on application, infrastructure, or cloud security experience, including penetration testing, application/network assessments and risk assessments. Strong practical understanding of web, network, and mobile application security vulnerabilities such as OWASP Top 10 Python and Bash scripting skills for building basic automations is a must Experience conducting root cause analysis of vulnerabilities and determining feasible technical solutions Experience using industry standard vulnerability assessment and management tools and interpreting, analyzing and assessing their data output. Clear communication skills, both verbal and in writing, including the ability to clearly articulate technical vulnerabilities and associated risks to both technical and non-technical audiences Experience working within a vulnerability management or related program in a complex and diverse global environment. A passion for, and deep understanding of, the technical aspects of information security with particular focus on vulnerability and threat management Preferred Experience/Qualifications Prior experience managing or hunting on Bug Bounty programs. Bachelor’s degree or higher in Computer Science, Information Systems, Cyber Security or a related field is preferred. CEH, OSCP or equivalent certification Hands on experience with programming in python Experience working as part of a global team Note: Once hired into the role, participation in Bug Bounty programs for monetary renumeration is not permitted #TechRiskCybersecurity ABOUT GOLDMAN SACHS At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world. We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people atGS.com/careers . We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: We offer a wide range of health and welfare programs that vary depending on office location. These generally include medical, dental, short-term disability, long-term disability, life, accidental death, labor accident and business travel accident insurance. We offer competitive vacation policies based on employee level and office location. We promote time off from work to recharge by providing generous vacation entitlements and a minimum of three weeks expected vacation usage each year. Financial Wellness & Retirement We assist employees in saving and planning for retirement, offer financial support for higher education, and provide a number of benefits to help employees prepare for the unexpected. We offer live financial education and content on a variety of topics to address the spectrum of employees’ priorities. Health Services We offer a medical advocacy service for employees and family members facing critical health situations, and counseling and referral services through the Employee Assistance Program (EAP). We provide Global Medical, Security and Travel Assistance and a Workplace Ergonomics Program. We also offer state-of-the-art on-site health centers in certain offices. Fitness To encourage employees to live a healthy and active lifestyle, some of our offices feature on-site fitness centers. For eligible employees we typically reimburse fees paid for a fitness club membership or activity (up to a pre-approved amount). Child Care & Family Care We offer on-site child care centers that provide full-time and emergency back-up care, as well as mother and baby rooms and homework rooms. In every office, we provide advice and counseling services, expectant parent resources and transitional programs for parents returning from parental leave. Adoption, surrogacy, egg donation and egg retrieval stipends are also available. Benefits at Goldman Sachs Read more about the full suite of class-leading benefits our firm has to offer. #J-18808-Ljbffr

• Paid Time Off (PTO)
• Tuition Reimbursement
• Retirement Plans
• Medical, Dental and Vision
• Wellness Program
• Volunteer Time Off (VTO)

V2Soft is a global leader in IT services and business solutions, delivering innovative and cost-effective technology solutions worldwide since 1998. We have headquarteerd in Bloomfiled Hills, MI and have 16 offices spread across six countries. We partner with Fortune 500 companies to address complex business challenges. Our services span AI, IT staffing, cloud computing, engineering, mobility, testing, and more. Certified with CMMI Level 3 and ISO standards, V2Soft is committed to quality and security. Beyond our work, we actively support local communities and non-profits, reflecting our core values. Join us to be part of a dynamic and impactful global company!
Please visit us at to know more .

V2Soft is a global leader in IT services and business solutions, delivering innovative and cost-effective technology solutions worldwide since 1998. We have headquartered in Bloomfield Hills, MI and have 16 offices spread across six countries. We partner with Fortune 500 companies to address complex business challenges. Our services span AI, IT staffing, cloud computing, engineering, mobility, testing, and more. Certified with CMMI Level 3 and ISO standards, V2Soft is committed to quality and security. Beyond our work, we actively support local communities and non-profits, reflecting our core values. Join us to be part of a dynamic and impactful global company!
Please visit us at to know more

Onsite in Charlotte for Hybrid model - 3 days a week.

The ideal candidate for this role will have a strong technical foundation in system administration (Unix or Windows), familiarity with networking and cyber security; API; Infrastructure as code - Terraform; Scripting language - RegEx Python.
Experience with enterprise vulnerability management.

V2Soft is an Equal Opportunity Employer (EOE). We welcome applicants from all backgrounds, including individuals with disabilities and veterans.
- to view all of our open opportunities and to learn more about our benefits

V2Soft is an Equal Opportunity Employer ( EOE). We welcome applicants from all backgrounds, including individuals with disabilities and veterans.
- to view all of our open opportunities and to learn more about our benefits.

Job Title

Job Description

I. Job Summary

Dotdash Meredith is seeking a Director of Security Engineering to lead the Security Engineering organization. You'll be responsible for maintaining (and raising) the security posture across our on prem & cloud infrastructure, and end user SaaS applications and endpoints, securing web sites that millions of users visit daily, designing and implementing enterprise security solutions, and reducing toil through automation.

As a highly visible leader within the Security team, you will be responsible for setting the technical direction for security, managing multiple, complex technical projects, and partnering with other groups within the organization to deliver tools and services that align with our security roadmaps as well as be responsible for managing a small team of security engineers.

II. Essential Job Functions | Accountabilities, Actions and Expected Measurable Results

• Lead and manage a team of security engineers and engineering managers

• Develop and implement the organization's security architecture and strategy

• Design and implement security controls to protect the organization's assets

• Manage and maintain security tools and technologies

• Stay up-to-date on the latest security threats and trends

• Comply with all applicable security regulations and standards including PCI-DSS and SOX

• Work closely with other Engineering teams to ensure the integration of security into all aspects of Product Development
  

III. Minimum Qualifications and Job Requirements |All must be met to be considered.

Education: Bachelor's degree in computer science, information systems, or a related field

Experience:

• 10+ years of experience in information security, with a focus on security architecture, design, and implementation

• 5+ years of experience managing a team of security engineers

• Strong understanding of security best practices, including NIST, ISO, and CIS benchmarks

• Experience with security tools and technologies, such as firewalls, intrusion detection systems, and vulnerability scanners

• Experience with security assessment and audit methodologies

• Experience with security incident investigation and response

• Excellent communication and interpersonal skills

• Ability to work independently and as part of a team

Remote or Hybrid 3x a month

In-office Expectations: This position offers remote work flexibility; however, if you reside within a commutable distance to one of our offices in New York, Des Moines, Birmingham, Los Angeles, Chicago, or Seattle, the expectation is to work from the office three times per month

It is the policy of Dotdash Meredith to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, the Company will provide reasonable accommodations for qualified individuals with disabilities.Accommodation requests can be made by emailing

The Company participates in the federal E-Verify program to confirm the identity and employment authorization of all newly hired employees. For further information about the E-Verify program, please click here:

Pay Range

The pay range above represents the anticipated low and high end of the pay range for this position and may change in the future. Actual pay may vary and may be above or below the range based on various factors including but not limited to work location, experience, and performance. The range listed is just one component of Dotdash Meredith's total compensation package for employees. Other compensation may include annual bonuses, and short- and long-term incentives.In addition,Dotdash Meredith provides to employees (and their eligible family members) a variety of benefits, including medical, dental, vision, prescription drug coverage, unlimited paid time off (PTO), adoption or surrogate assistance, donation matching, tuition reimbursement, basic life insurance, basic accidental death & dismemberment, supplemental life insurance, supplemental accident insurance, commuter benefits, short term and long term disability, health savings and flexible spending accounts, family care benefits, a generous 401K savings plan with a company match program, 10-12 paid holidays annually, and generous paid parental leave (birthing and non-birthing parents), all of which may vary depending on the specific nature of your employment with Dotdash Meredith and your work location. We also offer voluntary benefits such as pet insurance, accident, critical and hospital indemnity health insurance coverage, life and disability insurance.

• Leadership and Management: Lead and mentor a team of security engineers, fostering a culture of continuous learning and innovation. Build and scale a global team to meet organizational needs.
• Architecting Security Solutions: Assist teams in designing and implementing advanced security solutions, including cloud security, privilege access management and application/system security.
• Collaboration: Partner with software development, infrastructure, and operations teams to embed security into the development lifecycle and operational processes.
• Performance Optimization: Regularly evaluate and optimize existing security tools and technologies to ensure maximum efficacy and efficiency.
• Training and Knowledge Sharing: Develop and deliver technical security training to engineers and other staff, ensuring a strong organizational security posture.
• Documentation and Reporting: Create detailed documentation for security systems and processes, and provide regular project reports senior management.

• Experience (3+ year) in people leadership roles, nurturing security engineers into high-performing teams.
• Experience (5+ years) in a security engineering role, focusing on designing and implementing security solutions and managing security infrastructure, both on-premise and cloud.
• Experience working with privilege and identity management solutions.
• Experience with operating system security and system hardening.
• Knowledge of network security principles, protocols, and technologies.
• Strong analytical and problem-solving skills, with the ability to assess risks and develop appropriate security controls.
• Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
• Ability to work independently, prioritize tasks, and manage multiple projects simultaneously.
• Strong leadership skills, with the ability to mentor and guide junior team members.

• A bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is a plus.
• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM) are highly desirable.
• Linux security experience
• Familiarity with DevSecOps and integrating security into CI/CD pipelines.
• Scripting experience.

Who are we looking for?

Choice Hotels, one of the world’s largest lodging franchisors, has an exciting new opportunity as the Director, Information Security in the Information Security team. The Information Security team proactively addresses security, and your role will be to work with our business and technology partners to integrate and maintain security best practices into the software development lifecycle. As a key member of Information Security, you will lead the application security program, penetration testing efforts, and build cybersecurity reliability engineering initiatives to mitigate risks, enhance resilience, and align to our business objectives and standards.

Do you want to lead the way in how Information Security is implemented and maintained at Choice Hotels? Are you a leader who embraces DevSecOps, mentors your team, and partners across the organization to implement security concepts? We invite you to apply for our Director – Information Security role today and #MakeItYourChoice.

Your Responsibilities

• Serve as a catalyst for innovation within the organization, drive new security initiatives and encourage a culture of continuous improvement

• Develop and implement a comprehensive application security strategy to secure software applications across the enterprise

• Establish and lead penetration testing (pen testing) programs to proactively identify and remediate security vulnerabilities across applications, infrastructure, and cloud environments

• Develop automated and manual testing strategies, including web applications, API, mobile, and network penetration testing

• Establish Cybersecurity Reliability Engineering principles to ensure the availability, integrity, and resilience of critical security functions and applications

Your Experience, Skills & Competencies

• Bachelor’s degree in computer science, Management Information Systems, or equivalent experience

• Master’s degree in related field preferred but not required

• At least 10 years’ experience in information security or software development

• Experience with Amazon Web Services, CI/CD pipelines, and related tools, Snyk, Jenkins, Terraform, Harness, CloudFormation

• Demonstrates the ability to collaborate cross functionally, lead a cross functional discipline, and partner with IT work to deliver quality, secure, and efficient software products

Your Team

This is a leadership role that will report to the Senior Director Information Security. You will have 4 direct report(s) and collaborate with cross functional departments on a regular basis.

Your Work Location

As our Director – Information Security, you will be based in our beautiful, state-of-the-art technology hub in Scottsdale, AZ. In October 2021, Choice opened a newly constructed world class technology center.

About Choice

Choice Hotels International, Inc. (NYSE: CHH) is one of the largest lodging franchisors in the world. With nearly 7,500 hotels, representing nearly 630,000 rooms, in 46 countries and territories, with a range of high-quality lodging options from limited service to full-service hotels in the upper upscale, upper mid-scale, midscale, extended-stay, and economy segments. We’re the hotel company for those who choose to bet on themselves – the underdog, the dreamer, the entrepreneur – because that’s who we are, too.

At Choice, we are united by the simple belief that tomorrow will be even better than today – for associates, our company, and our franchisees. At our worldwide corporate headquarters in North Bethesda, MD and St. Louis Park, MN as well as our technology center in Scottsdale, AZ, and through our associates around the globe, every voice is heard, and every idea is listened to, no matter what area of the company they come from. We are united in supporting the entrepreneurial dreams of our more than 18,000 franchise owners, which propels us forward – giving our work at Choice a purpose larger than our business.

Ability to model Choice’s Cultural Values: Welcome and Respect Everyone, Be Bold, Be Quick, Listen, Be Curious and Show Integrity.

• Develop and maintain detection rules and logic across SIEM and other monitoring tools.
• Build automation workflows for vulnerability scanning, triage, and ticketing processes.
• Support incident response by providing detection insights and automating evidence collection.
• Monitor and tune detection use cases to minimize false positives and improve signal fidelity.
• Contribute to the continuous improvement of the vulnerability management lifecycle.
• Create dashboards and reports for threat detection metrics and vulnerability trends.
• Stay current with emerging threats, vulnerabilities, and security best practices.
• Analyze critical systems to understand both how to break them and defend them against attack.
• Orchestrate and automate the enrichment, triage and response steps required to respond to security related alerts.
• Partner with internal FanDuel teams to provide recommendations for improving security posture across infrastructure, processes, and software.
• Collaborate with other security teams across the organization to continually improve cyber resilience.
• Track and manage technical documentation related to your scope of work. Ensure relevant parties are regularly updated on relevant documentation.

• Empathetic contributor who has experience operating effectively across teams and disciplines in highly ambiguous and rapidly changing environments and has successfully executed on ambitious projects.
• Experience with security tools and scripting, and a passion for building scalable solutions that reduce risk and improve response times.
• Ability to develop in languages such as Python, Java, GO, C++, JavaScript, Rust, SQL, or Typescript and are skilled at querying appropriate data to extract meaningful insights with interest in Data Science.
• Comprehensive understanding of a broad range of security tools and their applicable controls in modern environments such as CloudTrail, Security Hub, Semgrep, EDR, Network Traffic Analysis, Email Security Gateway, Web Application Firewalls, etc.
• Experienced in threat hunting, using threat intelligence to proactively and iteratively investigate potential risks and finding suspicious behavior in the environment.
• Deep knowledge of attacker methodologies and techniques and corresponding incident response methodologies.