3,021 Security Incidents jobs in the United States

Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 114,000 colleagues serve people in more than 160 countries.

Working at Abbott

At Abbott, you can do work that matters, grow, and learn, care for yourself and your family, be your true self, and live a full life. You’ll also have access to:

• Career development with an international company where you can grow the career you dream of.

• Employees can qualify for free medical coverage in our Health Investment Plan (HIP) PPO medical plan in the next calendar year.

• An excellent retirement savings plan with a high employer contribution.

• Tuition reimbursement, the Freedom 2 Save ( student debt program, and FreeU ( education benefit - an affordable and convenient path to getting a bachelor’s degree.

• A company recognized as a great place to work in dozens of countries worldwide and named one of the most admired companies in the world by Fortune.

• A company that is recognized as one of the best big companies to work for as well as the best place to work for diversity, working mothers, female executives, and scientists.

The Opportunity

Abbott is actively seeking a Senior Cybersecurity Security Operations & Threat

Management Engineer to join the team developing Lingo, their continuous glucose monitoring (CGM) product designed for general wellness use. Lingo, a biowearable technology developed by Abbott, provides continuous glucose monitoring and personalized coaching to help users understand their glucose responses and build healthier habits. It was recently recognized as one of Fast Company's Next Big Things in Tech 2024. Lingo aims to transform traditional healthcare into a proactive, user-empowering experience, making metabolic health accessible and understandable.

This position focuses on enhancing Lingo's cybersecurity program through automation and the creation of robust technical controls.

The Senior Cybersecurity Engineer develops and maintains Security Operations & Threat Management procedures—including signal handling, threat intelligence, incident response, and disaster recovery—while ensuring regulatory compliance and assisting stakeholders with regulatory insights. The Senior Cybersecurity Engineer position can work remotely in the U.S.

What You’ll Work On

1. Lead the development and improvement of Security Operations processes,

including creating/modifying Standard Operating Procedures (SOPs), Playbooks, and Standards.

1. Leverage security technologies and tools, such as SIEM, SOAR, and Cyber Threat Intelligence (CTI) tools to monitor and analyze security logs to identify potential cyber threats and vulnerabilities across Lingo's ecosystem.

2. Develop metrics to measure the effectiveness of SIEM efforts and provide timely and accurate reports on the status of cybersecurity measures.

3. Collaborate with cross-functional teams to establish cybersecurity event reporting and disclosure processes, ensuring security is embedded across the organization.

4. Support the advancement of Lingo's cyber threat intelligence to ensure consistent detection, analysis, response, and monitoring of cybersecurity threats, events, and incidents.

5. Develop and maintain incident response plans, playbooks, and documentation to support the Cybersecurity function.

6. Perform assessment of cybersecurity incidents to identify the root cause, respond, and recover the environment.

7. Develop threat detections using frameworks such as MITRE ATT&CK, MITRE SHIELD, Cyber Kill Chain, Diamond Model, NIST CSF, OWASP Top Ten, Unified Kill Chain, etc.

8. Collaborate across teams to align security goals with technical requirements and support implementation of security projects.

9. Continuously monitor and analyze security signals from various sources, prioritize and triage alerts based on risk and impact.

10. Stay abreast of industry trends and emerging technologies to recommend security enhancements and strengthen Lingo’s cybersecurity posture against evolving threats and compliance requirements.

11. Develop and deploy threat detections using intelligence, hunting, and incident response insights; conduct threat analysis and malware triage to support investigations and response efforts.

12. Support the design and execution of executive-level tabletop exercises and track remediation efforts to strengthen incident preparedness.

13. Participate in conducting regular training and awareness programs for Lingo's employees to promote a culture of cybersecurity awareness and compliance.

Summary of Key Focus Areas:

1. Lead, design, implement, and optimize SIEM solutions.

2. Ensure comprehensive log source integration and data quality.

3. Develop and tune correlation rules, dashboards, and alerts.

4. Collaborate with cross-functional teams to establish cybersecurity event reporting.

5. Support the advancement of Lingo's cyber threat intelligence.

6. Maintain and improve incident response playbooks and escalation procedures.

7. Conduct post-incident reviews and root cause analyses.

8. Develop threat detections using attack and defense frameworks.

9. Collaborate with teams to align security goals/projects with technical requirements.

10. Monitor and analyze security signals from various sources.

11. Assist with tracking emerging threats and vulnerabilities across Lingo’s landscape.

12. Prioritize and triage alerts based on risk and impact.

13. Collaborate on disaster recovery planning and conduct regular tabletop exercises and simulations to validate preparedness and response capabilities.

14. Embed cybersecurity into business continuity strategies and organizational culture.

Required Qualifications:

• Bachelor’s degree in Cybersecurity, Computer Science, Engineering, Information Technology or threat and risk management related disciplines

• 5+ years of experience in cybersecurity operations, incident response, or related field

• Strong hands-on experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar)

• Familiarity with MITRE ATT&CK framework, NIST, and other cybersecurity standards

• Excellent analytical, communication, problem-solving skills and interpersonal skills

• Up-to-date understanding of a wide range of incident response, system

configuration, vulnerability management and hardening guidelines.

• Understanding of ISO 27001, HITRUST CSF and NIST cybersecurity frameworks.

• Strong understanding of security concepts and best practices

• Ability to work effectively in a team environment

Preferred Qualifications :

• Relevant certifications (e.g., CISSP, CSSLP, CEH, GCIA, GCIH)

Learn more about our health and wellness benefits, which provide the security to help you and your family live full lives: (

Follow your career aspirations to Abbott for diverse opportunities with a company that can help you build your future and live your best life. Abbott is an Equal Opportunity Employer, committed to employee diversity.

Connect with us at , on Facebook at , and on Twitter @AbbottNews.

The base pay for this position is $85,300.00 – $170,700.00. In specific locations, the pay range may vary from the range posted.

An Equal Opportunity Employer

Abbot welcomes and encourages diversity in our workforce.

We provide reasonable accommodation to qualified individuals with disabilities.

To request accommodation, please call or email

Our Deloitte Enterprise Performance team is at the forefront of enterprise technology, working across finance, supply chain, and IT operations to deliver holistic performance improvement and digital transformation. Join our team of strategic advisers and architects, differentiated by our industry depth to collaborate with leading solution providers and leverage your experience in strategy, process design, technology enablement, and operational services to enable heart-of-the-business solutions.
Work You'll Do
As a Project Delivery Senior Analyst on the project, you will:
+ Prepare read-ahead materials, talking points, and communications for leadership.
+ Compile weekly activity reports and manage records, contact lists, distribution lists, and strategic plans.
+ Support congressional reporting, legislative review, audit responses, and maintain website and social media presence.
+ Maintain and update policies and issuances; analyze and draft proposed changes; conduct policy research; manage policy development and provide monthly status reports.
+ Develop and maintain enterprise architecture and end-to-end process maps; ensure process compliance and regularly review/update documentation.
+ Draft correspondence, reports, and presentations; manage tasks in CATMS; create project plans and timelines; support audits; maintain SharePoint/MS Teams sites; support committees; conduct research and analysis.
+ Analyze and draft internal and external policy updates; ensure compliance with applicable laws; implement approved changes and align with process mapping efforts.
The Team
Deloitte's Government & Public Services (GPS) practice - our people, ideas, technology and outcomes - is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.
Our Supply Chain & Network Operations offering advises, implements, and operates transformational solutions that bring world class supply network capabilities.
The Project Delivery Talent Model is designed for professionals with specialized skills that align to a current client need. Team members focus on delivering services to clients, without additional expectations related to business development or promotion. Their employment is tied to their role on a project, and they are eligible for a benefits package that is competitive for project delivery-focused professionals.
Qualifications
Required:
+ Bachelor's Degree Required
+ Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
+ Must be willing to go on-site in Alexandria up to 5 days a week
+ Top Secret Clearance required
+ 2+ years' experience in Industrial base or logistics policy
+ 2+ years experience creating talking points, briefings, and materials for senior leadership
+ 2+ years experience in Vendor Threat Mitigation (VTM), Operational Contract Support (OCS), ATFP, and/or OSCID
Preferred qualifications:
+ Strong written and verbal communication skills for engagement with senior leadership and organizational stakeholders.
+ Highly organized with the ability to manage multiple priorities effectively.
+ Proven experience creating talking points, briefings, and materials for senior leadership.
+ Data analysis and governance experience in a defense or logistics context
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $80,600 to $134,300.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
Information for applicants with a need for accommodation: l
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Our Deloitte Enterprise Performance team is at the forefront of enterprise technology, working across finance, supply chain, and IT operations to deliver holistic performance improvement and digital transformation. Join our team of strategic advisers and architects, differentiated by our industry depth to collaborate with leading solution providers and leverage your experience in strategy, process design, technology enablement, and operational services to enable heart-of-the-business solutions. Work You'll Do As a Project Delivery Senior Analyst on the project, you will: + Prepare read-ahead materials, talking points, and communications for leadership. + Compile weekly activity reports and manage records, contact lists, distribution lists, and strategic plans. + Support congressional reporting, legislative review, audit responses, and maintain website and social media presence. + Maintain and update policies and issuances; analyze and draft proposed changes; conduct policy research; manage policy development and provide monthly status reports. + Develop and maintain enterprise architecture and end-to-end process maps; ensure process compliance and regularly review/update documentation. + Draft correspondence, reports, and presentations; manage tasks in CATMS; create project plans and timelines; support audits; maintain SharePoint/MS Teams sites; support committees; conduct research and analysis. + Analyze and draft internal and external policy updates; ensure compliance with applicable laws; implement approved changes and align with process mapping efforts. The Team Deloitte's Government & Public Services (GPS) practice - our people, ideas, technology and outcomes - is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise. Our Supply Chain & Network Operations offering advises, implements, and operates transformational solutions that bring world class supply network capabilities. The Project Delivery Talent Model is designed for professionals with specialized skills that align to a current client need. Team members focus on delivering services to clients, without additional expectations related to business development or promotion. Their employment is tied to their role on a project, and they are eligible for a benefits package that is competitive for project delivery-focused professionals. Qualifications Required: + Bachelor's Degree Required + Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future + Must be willing to go on-site in Alexandria up to 5 days a week + Top Secret Clearance required + 2+ years' experience in Industrial base or logistics policy + 2+ years experience creating talking points, briefings, and materials for senior leadership + 2+ years experience in Vendor Threat Mitigation (VTM), Operational Contract Support (OCS), ATFP, and/or OSCID Preferred qualifications: + Strong written and verbal communication skills for engagement with senior leadership and organizational stakeholders. + Highly organized with the ability to manage multiple priorities effectively. + Proven experience creating talking points, briefings, and materials for senior leadership. + Data analysis and governance experience in a defense or logistics context The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $80,600 to $134,300. You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance. Information for applicants with a need for accommodation: l All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Our Deloitte Enterprise Performance team is at the forefront of enterprise technology, working across finance, supply chain, and IT operations to deliver holistic performance improvement and digital transformation. Join our team of strategic advisers and architects, differentiated by our industry depth to collaborate with leading solution providers and leverage your experience in strategy, process design, technology enablement, and operational services to enable heart-of-the-business solutions.
Work You'll Do
As a Project Delivery Senior Analyst on the project, you will:
+ Prepare read-ahead materials, talking points, and communications for leadership.
+ Compile weekly activity reports and manage records, contact lists, distribution lists, and strategic plans.
+ Support congressional reporting, legislative review, audit responses, and maintain website and social media presence.
+ Maintain and update policies and issuances; analyze and draft proposed changes; conduct policy research; manage policy development and provide monthly status reports.
+ Develop and maintain enterprise architecture and end-to-end process maps; ensure process compliance and regularly review/update documentation.
+ Draft correspondence, reports, and presentations; manage tasks in CATMS; create project plans and timelines; support audits; maintain SharePoint/MS Teams sites; support committees; conduct research and analysis.
+ Analyze and draft internal and external policy updates; ensure compliance with applicable laws; implement approved changes and align with process mapping efforts.
The Team
Deloitte's Government & Public Services (GPS) practice - our people, ideas, technology and outcomes - is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.
Our Supply Chain & Network Operations offering advises, implements, and operates transformational solutions that bring world class supply network capabilities.
The Project Delivery Talent Model is designed for professionals with specialized skills that align to a current client need. Team members focus on delivering services to clients, without additional expectations related to business development or promotion. Their employment is tied to their role on a project, and they are eligible for a benefits package that is competitive for project delivery-focused professionals.
Qualifications
Required:
+ Bachelor's Degree Required
+ Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
+ Must be willing to go on-site in Alexandria up to 5 days a week
+ Top Secret Clearance required
+ 2+ years' experience in Industrial base or logistics policy
+ 2+ years experience creating talking points, briefings, and materials for senior leadership
+ 2+ years experience in Vendor Threat Mitigation (VTM), Operational Contract Support (OCS), ATFP, and/or OSCID
Preferred qualifications:
+ Strong written and verbal communication skills for engagement with senior leadership and organizational stakeholders.
+ Highly organized with the ability to manage multiple priorities effectively.
+ Proven experience creating talking points, briefings, and materials for senior leadership.
+ Data analysis and governance experience in a defense or logistics context
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $80,600 to $134,300.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
Information for applicants with a need for accommodation: l
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

NO THIRD PARTY H1B OR C2C!

Project Overview

Cybersecurity Contractor – SIEM, SOC, and Incident Response Support

The selected contractor will support key cybersecurity initiatives including SIEM operations, automation, incident response processes, and integration of security tools. This role is critical to advancing our security operations and maturity.

Highlighted Requirements

• 2+ years of SIEM experience , preferably with Azure Sentinel and Kusto Query Language (KQL)
• Multi-year, direct experience in Incident Response , ideally in an Incident Response Team or MSSP setting for medium to large organizations
• Practical experience with tools within the Microsoft security stack

Key Skills

• Cyber Incident Response
• KQL – Deep understanding and hands-on experience
• SOC Analyst / Operations – Level 1, 2, and 3 (Triage, Escalation)
• SIEM Administration – Managing, maintaining, creating custom detections/logging
• SentinelOne – In-depth knowledge for incident handling, hunting, queries, and detections
• Linux Administration – Comfortable with navigation, configuration, and server management
• Microsoft Cloud Security Tools – Understanding of architecture and platform use

Additional Skills

• Data analysis and reporting

Education

• Required: High School diploma or GED equivalent
• Preferred: Bachelor’s degree or currently pursuing a degree in Information Systems, Information Assurance, Cybersecurity, IT, Computer Science, or a related field

Certifications

• Required/Preferred:
• CompTIA Security+
• CompTIA Network+
• Other relevant industry certifications

Experience

• Minimum of 5 years of progressive work experience in Information Security, IT, Computer Science, or a related field

Role and Responsibilities

• Contribute to the development of cybersecurity strategies, objectives, and project plans
• Assist with design and implementation of improved cybersecurity processes and services
• Administer and maintain cybersecurity technology platforms
• Fulfill customer requests and support daily security operations, including incident monitoring, analysis, and response
• Analyze cybersecurity threats and vulnerabilities and develop appropriate mitigation strategies
• Create documentation including procedures, job aids, reports, metrics, and presentations
• Participate in Cybersecurity Incident Response Team (CIRT) investigations and activities

Scheduled Milestones & Deliverables

• Enhance maturity of SIEM, SOC, and Incident Response processes
• Integrate automation best practices
• Improve Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)

Performance Metrics

• Completion of projects related to SIEM and other security platforms (e.g., incidents, alerts, tickets)
• Availability and uptime of systems
• SOC effectiveness
• Compliance with defined processes and procedures

Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 114,000 colleagues serve people in more than 160 countries.

Working at Abbott

At Abbott, you can do work that matters, grow, and learn, care for yourself and your family, be your true self, and live a full life. Youll also have access to:

• Career development with an international company where you can grow the career you dream of.
• Employees can qualify for free medical coverage in our Health Investment Plan (HIP) PPO medical plan in the next calendar year.
• An excellent retirement savings plan with a high employer contribution.
• Tuition reimbursement, the Freedom 2 Save student debt program, and FreeU education benefit - an affordable and convenient path to getting a bachelors degree.
• A company recognized as a great place to work in dozens of countries worldwide and named one of the most admired companies in the world by Fortune.
• A company that is recognized as one of the best big companies to work for as well as the best place to work for diversity, working mothers, female executives, and scientists.

The Opportunity

Abbott is actively seeking a Senior Cybersecurity Security Operations & Threat
Management Engineer to join the team developing Lingo, their continuous glucose monitoring (CGM) product designed for general wellness use. Lingo, a biowearable technology developed by Abbott, provides continuous glucose monitoring and personalized coaching to help users understand their glucose responses and build healthier habits. It was recently recognized as one of Fast Company's Next Big Things in Tech 2024. Lingo aims to transform traditional healthcare into a proactive, user-empowering experience, making metabolic health accessible and understandable.

This position focuses on enhancing Lingo's cybersecurity program through automation and the creation of robust technical controls.

The Senior Cybersecurity Engineer develops and maintains Security Operations & Threat Management proceduresincluding signal handling, threat intelligence, incident response, and disaster recoverywhile ensuring regulatory compliance and assisting stakeholders with regulatory insights. The Senior Cybersecurity Engineer position can work remotely in the U.S.

What Youll Work On
1. Lead the development and improvement of Security Operations processes,
including creating/modifying Standard Operating Procedures (SOPs), Playbooks, and Standards.
2. Leverage security technologies and tools, such as SIEM, SOAR, and Cyber Threat Intelligence (CTI) tools to monitor and analyze security logs to identify potential cyber threats and vulnerabilities across Lingo's ecosystem.
3. Develop metrics to measure the effectiveness of SIEM efforts and provide timely and accurate reports on the status of cybersecurity measures.
4. Collaborate with cross-functional teams to establish cybersecurity event reporting and disclosure processes, ensuring security is embedded across the organization.
5. Support the advancement of Lingo's cyber threat intelligence to ensure consistent detection, analysis, response, and monitoring of cybersecurity threats, events, and incidents.
6. Develop and maintain incident response plans, playbooks, and documentation to support the Cybersecurity function.
7. Perform assessment of cybersecurity incidents to identify the root cause, respond, and recover the environment.
8. Develop threat detections using frameworks such as MITRE ATT&CK, MITRE SHIELD, Cyber Kill Chain, Diamond Model, NIST CSF, OWASP Top Ten, Unified Kill Chain, etc.
9. Collaborate across teams to align security goals with technical requirements and support implementation of security projects.
10. Continuously monitor and analyze security signals from various sources, prioritize and triage alerts based on risk and impact.
11. Stay abreast of industry trends and emerging technologies to recommend security enhancements and strengthen Lingos cybersecurity posture against evolving threats and compliance requirements.
12. Develop and deploy threat detections using intelligence, hunting, and incident response insights; conduct threat analysis and malware triage to support investigations and response efforts.
13. Support the design and execution of executive-level tabletop exercises and track remediation efforts to strengthen incident preparedness.
14. Participate in conducting regular training and awareness programs for Lingo's employees to promote a culture of cybersecurity awareness and compliance.

Summary of Key Focus Areas:
1. Lead, design, implement, and optimize SIEM solutions.
2. Ensure comprehensive log source integration and data quality.
3. Develop and tune correlation rules, dashboards, and alerts.
4. Collaborate with cross-functional teams to establish cybersecurity event reporting.
5. Support the advancement of Lingo's cyber threat intelligence.
6. Maintain and improve incident response playbooks and escalation procedures.
7. Conduct post-incident reviews and root cause analyses.
8. Develop threat detections using attack and defense frameworks.
9. Collaborate with teams to align security goals/projects with technical requirements.
10. Monitor and analyze security signals from various sources.
11. Assist with tracking emerging threats and vulnerabilities across Lingos landscape.
12. Prioritize and triage alerts based on risk and impact.
13. Collaborate on disaster recovery planning and conduct regular tabletop exercises and simulations to validate preparedness and response capabilities.
14. Embed cybersecurity into business continuity strategies and organizational culture.

Required Qualifications:
Bachelors degree in Cybersecurity, Computer Science, Engineering, Information Technology or threat and risk management related disciplines
5+ years of experience in cybersecurity operations, incident response, or related field
Strong hands-on experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar)
Familiarity with MITRE ATT&CK framework, NIST, and other cybersecurity standards
Excellent analytical, communication, problem-solving skills and interpersonal skills
Up-to-date understanding of a wide range of incident response, system
configuration, vulnerability management and hardening guidelines.
Understanding of ISO 27001, HITRUST CSF and NIST cybersecurity frameworks.
Strong understanding of security concepts and best practices
Ability to work effectively in a team environment

Preferred Qualifications:
Relevant certifications (e.g., CISSP, CSSLP, CEH, GCIA, GCIH)

Learn more about our health and wellness benefits, which provide the security to help you and your family live full lives:

Follow your career aspirations to Abbott for diverse opportunities with a company that can help you build your future and live your best life. Abbott is an Equal Opportunity Employer, committed to employee diversity.

Connect with us at , on Facebook at , and on Twitter @AbbottNews.

The base pay for this position is $85,300.00 $170,700.00. In specific locations, the pay range may vary from the range posted.

**Additional Information**
**Job Number**
**Job Category** Information Technology
**Location** Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United States, 20814VIEW ON MAP ( Full Time
**Located Remotely?** Y
**Position Type** Management
**Expiration Date:** 10/15/2025
This is a temporary position.
JOB SUMMARY
Responsible for establishing and maintaining a framework for insider risk analysis responsible for supporting the Global Insider Threat Management Program. Duties will include incident response to insider incidents and collaborating with multiple areas of the business, including human resources, business data owners, legal, physical security, SOC/CIRT, software development and information technology groups. The Sr. Manager will act as a technical subject matter expert to enhance adjacent programs such as threat intelligence, cybersecurity incident response, risk management, audit, ethics, etc. He/She will track and manage cradle-to-grave incident management through mitigation. This includes overseeing program metrics (KPI/KRI) to ensure the advancement of the program across the enterprise, while mitigating human risk to the organization.
CANDIDATE PROFILE
Education and Experience Required:
+ Bachelor's degree in Computer Science, MIS, or related field or equivalent experience/certification 7+ years' experience in insider threat/risk, or information security that includes cross-functional incident response, risk assessments, threat mitigation, and/or investigative support. 3+ years' SIEM, EDR, and/or DLP experience
Preferred:
+ Current certifications, including Certified Insider Threat Program Manager, Certified Threat Manager, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Project management skills Excellent communication skills and problem-solving ability
+ Demonstrated ability to work independently and with others Ability to manage the details and compliance with standards and expectations
CORE WORK ACTIVITIES
Insider Threat Management & Response
+ Establish a framework for researching, documenting, and integrating assessments.
+ Responsible for gathering relevant intelligence regarding attacker tactics, techniques, and procedures.
+ Work as needed with the incident response team to triage alerts triggered by suspicious or malicious activity.
+ Act as a technical subject matter expert to enhance adjacent programs such as incident response, threat hunting, and custom detection development.
+ Develop and report on key metrics of the insider threat management program.
+ Utilize the corporate Endpoint Detection and Response tool and SIEM to identify anomalous activity and potential threats to the enterprise infrastructure.
+ Perform analysis of adversary tradecraft, malicious code, and capabilities for hunt pivoting purposes.
+ Manage the analysis of artifacts to determine potential specific adversary and motives.
+ Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats and comply with relevant data breach laws.
+ Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize safety and security of systems, preservation of intellectual property, and information security.
+ Investigates and analyzes all relevant security and privacy response activities.
+ Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations or enterprise or local policy, assesses the level of risk, and develops and/or recommends and operationalizes appropriate mitigation countermeasures.
+ Identifies and assesses the capabilities and activities of; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.
+ Analyzes threat information from multiple sources, disciplines, and agencies across industry and regulatory organizations.
+ Synthesizes and places regulatory and intelligence information in context; draws insights about the possible implications
Maintaining Goals
+ Submits reports in a timely manner, ensuring delivery deadlines are met.
+ Promotes the documenting of project progress accurately.
+ Provides input and assistance to other teams regarding projects.
+ Managing Work, Projects, and Policies Manages and implements work and projects as assigned.
+ Generates and provides accurate and timely results in the form of reports, presentations, etc.
+ Analyzes information and evaluates results to choose the best solution and solve problems.
+ Provides timely, accurate, and detailed status reports as requested.
Demonstrating and Applying Discipline Knowledge
+ Provides technical expertise and support to persons inside and outside of the department.
+ Demonstrates knowledge of job-relevant issues, products, systems, and processes.
+ Demonstrates knowledge of function-specific procedures. Keeps up-to-date technically and applies new knowledge to job.
The pay range for this position is $47.30 to $80.24 per hour.
Washington Applicants Only: Employees will accrue 0.0334 PTO balance for every hour worked and eligible to receive minimum of 9 holidays annually.
FLEX opportunities offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.
Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.
The application deadline for this position is 50 days after the date of this posting, August 25, 2025.
_At Marriott International, we are dedicated to being an equal opportunity employer, welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and celebrated. Our greatest strength lies in the rich blend of culture, talent, and experiences of our associates.  We are committed to non-discrimination on any protected basis, including disability, veteran status, or other basis protected by applicable law._
Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. **Be** where you can do your best work, **begin** your purpose, **belong** to an amazing global team, and **become** the best version of you.

Global Security (GS) protects the firm's employees and assets throughout the world. This responsibility includes the development of security and safety policies and procedures, regulatory and legislative compliance, security guard management and alarm response, crisis management, ATM, branch and corporate building security, customer safety, physical crime investigations, workplace violence, fire and life safety, executive protection, due diligence, pre-employment screening, security operations globally, fraud investigations, and cyber security.
As a Senior Threat Associate within Global Security, you will provide continued support to employees through partnership with other key cross-functional partners as required. You will utilize your strong technical skills to help enhance the global team's risk and controls initiatives. You will be aligned to a particular function within the Threat Management organization but will be available to support other functions based on business needs. Your primary role will be to provide support functions for escalated threat cases throughout their entire lifecycle, including information gathering, initial threat assessment, consultation of stakeholders, incorporation of mitigation strategies, continued monitoring, and regular reviews of persons of concern.
**Job responsibilities**
+ Actively respond, manage and maintain cases of all case-types to include report writing and record retention
+ Conduct witness interviews and provide assessments as required
+ Provide program support for other GS/TM partners (Global Intelligence, Insider Risk)
+ Serve as liaison support for cross-functional partners
+ Provide case support for peer TMs as needed and based on caseload/on-call support
+ Support the development of best practice documents and standard response protocols
+ Utilize internal databases to execute long-term monitoring of persons of concern
+ Leverage partnerships to continuously monitor persons of concern
+ Support data integrity, TM case metrics, and trends analysis
Leverage technical skills (Microsoft office suite, ServiceNow, ArcGIS, Sales Force, Pega, Tableau, Power Bi, etc.) to enhance teams operational excellence
**Required qualifications, capabilities, and skills**
+ 3+ years' experience in a threat management, law enforcement, intelligence analysis, and/or corporate security role
+ BA or BS Degree in History, Criminal Justice, Intelligence, or Political Science or equivalent years of relevant experience
+ Proficiency in MS office suite
+ Ability to think quickly and make decisions while under pressure
+ Ability to work within a team environment and achieve buy-in from stakeholders
+ Strong communication skills
+ Strong organization skills
+ Available to travel 10%
+ Able to work extended hours to include nights, weekends, and on-call as needed
JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans
**Base Pay/Salary**
New York,NY $85,500.00 - $120,000.00 / year

Nightwing provides technically advanced full-spectrum cyber, data operations, systems integration and intelligence mission support services to meet our customers' most demanding challenges. Our capabilities include cyber space operations, cyber defense and resiliency, vulnerability research, ubiquitous technical surveillance, data intelligence, lifecycle mission enablement, and software modernization. Nightwing brings disruptive technologies, agility, and competitive offerings to customers in the intelligence community, defense, civil, and commercial markets.
Nightwing is seeking to hire a Cyber Threat Management Specialist.
The Tier 2 Analysts perform deep-dive incident analysis by correlating data from various sources and determines if a critical system or data set affected. Handle incidents as defined in Playbooks and SOPs. They also advise on remediation actions and provide input and analysis on how to leverage Artificial Intelligence, Machine Learning, and SOAR capabilities to improve CSOC efficiency and accuracy
Key Responsibilities:
+ Identification of Cybersecurity problems which may require mitigating controls
+ Analyze network traffic to identify exploit or intrusion related attempts
+ Recommend detection mechanisms for exploit and or intrusion related attempts
+ Provide subject matter expertise on network-based attacks, network traffic analysis, and intrusion methodologies
+ Escalate items which require further investigation to other members of the Threat Management team
+ Execute operational processes in support of response efforts to identified security incidents
+ Utilize AI/ML-based tools and techniques to detect anomalies, automate incident triage, and improve threat intelligence
+ Performing and analyzing threat intelligence to assess risk and adapt defenses using ML enhance tools
+ Manage email security using ProofPoint, monitor for threats, and promptly respond to attacks
+ Configure Splunk for log analysis, create alerts, and investigate security incidents diligently
+ Set up FirePower for network monitoring, analyze traffic patterns, and enforce robust security measures
+ Deploy Sentinel 1 agents efficiently, monitor alerts closely, and conduct thorough security assessments
+ Monitoring, reviewing, and responding to security alerts and incidents across multiple platforms including Microsoft Defender for Cloud Apps, Defender for Endpoint, Defender XDR, Defender for Office 365, Azure Entra ID, and Google Cloud Security Command Center (SCC)
+ Performing threat detection and analysis, investigating suspicious activity, coordinating incident response efforts, and implementing remediation actions
+ Tuning security policies, maintaining visibility into cloud and endpoint environments, and supporting continuous improvement of the organization's security posture
+ Stay current on the latest cybersecurity trends, threat actors, and AI/ML research relevant to the field
+ Identify and support automation use cases, including the use of AI/ML to enhance SOC capabilities.
+ Collaborate across Operations to provide SOC enhancement capabilities through the use of automation and AI.
Language Skills:
English
Educational Requirements:
+ BA or BS in Computer Science, Information Technology or related field
+ One or more relevant certifications such as GIAC Certified Enterprise Defender (GCED), GIAC Certified Security Essentials (GSEC), CISSP, or SSCP desired
Qualification Requirements:
+ 3+ years IT security experience with at least some exposure to AI/ML projects
+ 2+ years' experience in network traffic analysis
+ Strong working knowledge of:
+ Boolean Logic
+ TCP/IP Fundamentals
+ Network Level Exploits
+ Threat Management
+ Knowledge of Control Frameworks and Risk Management techniques
+ Excellent oral, written communication skills and excellent interpersonal and organizational skills
+ Strong understanding of IDS/IPS technologies, trends, vendors, processes and methodologies
+ Strong understanding of common IDS/IPS architectures and implementations
+ Strong understanding of IDS/IPS signatures, content creation and signature characteristics including both signature and anomaly-based analysis and detection
+ Experience with cloud security (AWS, Azure, GCP)
+ Hands-on experience with cybersecurity automation (e.g., SOAR platforms).
+ Proficiency in using machine learning frameworks to develop, train, and deploy models for anomaly detection, threat intelligence, and behavioral analysis in cybersecurity contexts.
+ Skills in data analysis and feature engineering, with the ability to preprocess and transform large datasets from various sources (e.g., logs, network traffic) to extract relevant features for machine learning models aimed at identifying security incidents and vulnerabilities.
+ Familiarity with the application of AI/ML techniques in cybersecurity, including but not limited to automated threat detection, incident response automation, and predictive analytics. Experience in evaluating the effectiveness of AI/ML solutions in a SOC environment is a plus.
+ Understanding and experience identifying and implementing automation use cases.
_At Nightwing, we value collaboration and teamwork. You'll have the opportunity to work alongside talented individuals who are passionate about what they do. Together, we'll leverage our collective expertise to drive innovation, solve complex problems, and deliver exceptional results for our clients._
_Thank you for considering joining us as we embark on this new journey and shape the future of cybersecurity and intelligence together as part of the Nightwing team._
_Nightwing is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class._