Information Security Engineer focusing on Identity & Access Management and SSO at Westfield. Design, operate, and mature enterprise authentication and federation capabilities.
About the role
- Salesforce Security Engineer and System Security Officer responsible for security compliance in Federal Government programs. Collaborating with teams to integrate security throughout the DevSecOps pipeline.
Responsibilities
- Provide subject matter expertise throughout the system development lifecycle and interface with multiple stakeholders through multiple touchpoints weekly.
- Manage coordination and response to agency security-related inquiries, compliance with agency policies, implementation of security controls, and maintenance of security documentation and artifacts.
- Lead Security Impact Analyses (SIAs), integrate automated security validation into CI/CD pipelines, and ensure tools are configured and tuned for maximum effectiveness.
- Champion the integration of automated security testing into the CI/CD pipeline to align with continuous delivery practices. Integrate security controls into CI/CD pipelines (GitHub Actions, Jenkins, Copado, Terraform, Kubernetes).
- Mentor product and engineering teams on secure development practices and continuous security; translate and tailor NIST 800-53 Rev 5 and CMS security controls into actionable tasks for DevSecOps teams.
Requirements
- A Bachelor’s degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline.
- Deep, practical knowledge of Salesforce security architecture, including Profiles vs Permission Sets, Permission Set Groups, Sharing Rules, Role Hierarchies, Record-Level Security, and Delegated Administration
- Minimum of 8 years experience implementing security controls and monitoring compliance for systems, in accordance with federal system security and privacy regulations.
- Strong understanding of continuous automated security practices applied to data and application engineering teams.
- Hands-on configuration and operation of security tools (Snyk, AppOmni, Tenable, Invicti, Splunk, AWS SecurityHub), including integration into CI/CD pipelines.
- Strong technical knowledge of Salesforce security best practices (roles, profiles, permission sets, OAuth/MFA, AppOmni).
Benefits
- Health insurance
- 401(k) matching
- Professional development opportunities
- Paid time off
- Flexible work arrangements
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Cyber Security Engineer responsible for operational support and development activities with Ping Identity. Collaborate with global teams to strengthen cybersecurity and improve customer satisfaction.
Application Security Specialist focusing on security in software development lifecycle at Insight Investment in Manchester, driving DevSecOps practices across teams.
Cyber Security Engineer supporting mission - critical DoD contract at CACI. Involves reviewing infrastructure changes and implementing security measures in a cloud - based environment.
Security Incident Management Analyst coordinating information security incidents. Overseeing cyber incident response and providing guidance to senior management within a leading industrial software company.
Customer Security Engineer managing end - to - end pentesting services at Aikido Security. Ensuring customer value and addressing vulnerabilities for a developer - first security product.
Cybersecurity GRC Specialist developing compliance standards across IT environments at Axpo Group. Collaborate with teams to safeguard critical systems and implement cybersecurity policies in energy sector.
Lead Cybersecurity Specialist managing enterprise cybersecurity programs at NexThreat. Overseeing cybersecurity research, engineering, and technical services while ensuring federal compliance.
Manager overseeing Netflix's global physical security technology design and build programs across multiple business verticals. Leading a team to ensure best - in - class security systems and vendor management.
Information System Security Officer liaising between Cybersecurity Group and information owners. Ensuring compliance and security posture for national security IT systems in a hybrid environment.