Who we are At Fortis Games we aspire to make great games that bring people together while redefining how game companies work. We believe in building a sense of belonging...

deine mission • Komplexe Security Incidents landen bei dir - du gehst in die Tiefe, analysierst sauber und triffst fundierte Entscheidungen • Als Eskalationsinstanz bringst du Ruhe in kritische Situationen und hältst die Kommunikation zwischen Kund:innen und internen Teams klar und strukturiert • In Kundenterminen (z.

Work with a Top 20 CPA and advisory firm that Accounts for Anything.  Aprio has 40 U.S. office locations, as well as international office locations and more than 3,200 team members that speak 60+ languages across the globe.  By bringing together proven expertise, deep understanding, and strategic foresight for fast-growing industries, Aprio ensures clients are prepared for wherever life or business may take them. Discover a top-rated culture, vast growth opportunities and your next big career move with Aprio.

Join Aprio’s Information Technology team and you will help clients maximize their opportunities. Aprio is a progressive, fast-growing firm looking for a Senior Cybersecurity Engineer to join their dynamic team.

Aprio’s Cybersecurity Engineering team builds and operates the controls that make the firm defensible: identity, network segmentation, cloud security baselines, endpoint, monitoring, encryption, and vulnerability management. The Senior Cybersecurity Engineer is the senior individual contributor on that team — the engineer who takes a control domain from “documented” to “running cleanly in production,” sets the standard for how it’s done, and pulls the Mid and Associate engineers up with them. This is a hands-on engineering role that also leads cross-team initiatives.

This position supports U.S. Government engagements that may involve Controlled Unclassified Information (CUI) and requires access to export‑controlled technical data. In accordance with CUI and U.S. export control regulations, this position is limited to ‘U.S. persons’ (including U.S. citizens, lawful permanent residents, and certain protected individuals) as defined in 22 C.F.R. § 120.62. These requirements are only tied to this specific job posting. We are an equal opportunity employer and all Aprio employment decisions are made in accordance with applicable laws.

What You’ll Do:

• You will own the operational health of one or two engineering domains, lead cross-team initiatives that touch multiple control areas, and design the patterns the rest of the team executes against.
• You’re the engineer who can take a tool from “purchased” to “deployed, tuned, and instrumented,” the partner Cloud Ops and Identity call when they need a security pattern that actually works, and the senior who makes the Mid and Associate engineers better through pairing, code review, and clear standards.
• You’ll also be a senior voice in architecture and decision conversations alongside the Principal Engineer and the Manager.

Key Responsibilities:

• Domain ownership: Own the operational health of one or two engineering domains (identity, network/segmentation, cloud security baselines, monitoring/logging, encryption/key management, endpoint, vulnerability management, configuration management). Keep them measurably healthy and improving.
• Cross-team initiatives: Lead initiatives that span Security, IT, Identity, Cloud Operations, and delivery teams — controlled rollouts, control set hardening, tool migrations. Land them without breaking production.
• Architecture and standards: Design new control patterns and reference architectures. Write the decision records, runbooks, and standards the team executes against and the auditors review.
• Controlled rollouts: Lead the end-to-end deployment of new control sets (e.g., bringing a new EDR online, hardening a new cloud account, standing up new logging pipelines) — pilot, measure, expand, document.
• Mentorship: Pair with Mid and Associate engineers, run design reviews, give substantive code/config review, and grow the next tier. Quality of output from less senior engineers is part of your scope.
• Operational partnership: Be the senior partner Cloud Ops, Identity, IT Service Management, GRC, and the SOC call when they need security engineering input. Solve problems with them, not at them.
• Detection/response engineering support: Partner with Detection Engineering and the SOC on logging coverage, telemetry quality, and the engineering pieces of response (privileged access tooling, isolation capabilities, evidence capture).
• Evidence and audit readiness: Produce control evidence and architecture documentation that holds up under audit and peer review. Keep your domains’ evidence map current.
• Automation: Push toward repeatable, codified controls (IaC, policy-as-code, automated evidence collection) instead of one-off manual work.

What Success Looks Like:

First 30–60 days: You can operate your priority domains safely on Aprio’s tooling, you’ve assessed current control posture, and you’ve published a prioritized remediation backlog for at least one domain.

By 90 days: You’re leading at least one cross-team initiative, you’ve published or substantially revised at least one architecture pattern or decision record, and you’re an active mentor to the Mid and Associate engineers.

By 6–12 months: Your domains have measurably improved control health (less drift, cleaner evidence, faster remediation, fewer escalations). At least one controlled rollout has landed cleanly. Less senior engineers on the team are visibly better because of how you work with them.

Required Qualifications:

• 5+ years in security engineering, with hands-on responsibility for implementing controls across identity, network, cloud, endpoint, and/or monitoring.
• Strong fundamentals in IAM, network segmentation, encryption / key management, and centralized logging / monitoring.
• Experience with at least one major cloud platform (Azure, AWS, GCP) in a security-engineering capacity.
• Ability to produce clear architecture documentation, runbooks, and decision records that hold up under audit and peer review.
• Excellent written and verbal communication; able to explain tradeoffs across Security, IT, and delivery audiences in plain language.
• Comfortable mentoring less senior engineers and owning quality-of-output for one or more domains.

Preferred Qualifications

• Regulated-environment experience (CMMC, NIST 800-171, NIST 800-53, FedRAMP-aligned, SOC 2, ISO 27001, HIPAA, PCI).
• Infrastructure-as-code experience (Terraform, Bicep, Pulumi) and policy-as-code (Sentinel, OPA).
• Security tooling integration experience (SIEM, EDR, vulnerability scanning, IAM, secrets management).
• Industry certifications (one or more): CISSP, CCSP, GIAC (e.g., GCED, GPEN, GCWN), AZ-500, AWS Security Specialty.
• Experience supporting a SOC’s detection/response engineering needs.
• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field — or equivalent applicable years of experience

$100,000 - $125,000 a year

The salary range for this opportunity is stated above. As such, an actual salary may fall closer to one or the other end of the range, and in certain circumstances, may wind up being outside of the listed salary range.

The application window is anticipated to close on July 27th and may be extended as needed.

Why work for Aprio:

Whether you are just starting out, looking to advance into management or searching for your next leadership role, Aprio offers an opportunity to grow with a future-focused, innovative firm.

Perks/Benefits we offer for full-time team members:

- Medical, Dental, and Vision Insurance on the first day of employment

- Flexible Spending Account and Dependent Care Account

- 401k with Profit Sharing

- 9+ holidays and discretionary time off structure

- Parental Leave – coverage for both primary and secondary caregivers

- Tuition Assistance Program and CPA support program with cash incentive upon completion

- Discretionary incentive compensation based on firm, group and individual performance

- Incentive compensation related to origination of new client sales

- Top rated wellness program

- Flexible working environment including remote and hybrid options

What’s in it for you:

- Working with an industry leader: Be part of a high-growth firm that is passionate for what’s next.

- An awesome culture: Thirty-one fundamental behaviors guide our culture every day ensuring we always deliver an exceptional team-member and client experience.  We call it the Aprio Way.  This shared mindset creates lasting relationships between team members and with clients.

- A great team: Work with a high-energy, passionate, caring and ambitious team of professionals in a collaborative culture.

- Entrepreneurship: Have the freedom to innovate and bring your ideas to help us grow to become the CPA firm of choice nationally.

- Growth opportunities: Grow professionally in an environment that fosters continuous learning and advancement.

- Competitive compensation: You will be rewarded with competitive compensation, industry-leading benefits and a flexible work environment to enjoy work/life balance.

EQUAL OPPORTUNITY EMPLOYER

Aprio is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race; color; religion; national origin; sex; pregnancy; sexual orientation; gender identity and/or expression; age; disability; genetic information, citizenship status; military service obligations or any other category protected by applicable federal, state, or local law.

Aprio, LLP and Aprio Advisory Group, LLC, operate in an alternative business structure, with Aprio Advisory Group, LLC providing non-attest tax and consulting services, and Aprio, LLP providing CPA firm services.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

1086155

Manager, Security GRC - Compliance Onboarding & Readiness

Location: United States - Remote, Flex, or Office

About the Role

HubSpot is seeking a Manager, Security GRC on our Compliance Onboarding & Readiness team. This role is a critical part of how HubSpot approaches trust, security, and governance. Instead of focusing on reactive audit defense, our team acts as a proactive design and engineering partner. We shift compliance engineering “left” to ensure our rapidly expanding product surface, including usage-based billing systems, advanced AI capabilities, and scaling infrastructure, is fundamentally secure by design and audit-ready.

This is a hands-on, “player-coach” role. Reporting directly to the Senior Manager, you will lead and mentor a dedicated team of GRC professionals, while also acting as a high-impact individual contributor (IC). You are someone who loves to get into the weeds: executing proactive control designs, performing technical walkthroughs, mapping controls to complex cloud environments, and directly authoring robust control documentation alongside your team.

You will drive the day-to-day operationalization of our High-Risk Control Testing and Compliance Onboarding charters, moving HubSpot away from point-in-time evidence gathering and toward continuous compliance automated by telemetry.

What You’ll Do

Be an Active Player-Coach & Lead the Team

• Direct People Management: Lead, develop, and mentor a talented sub-team of GRC professionals. Evolve their capabilities in risk-based judgment and technical engineering partnership.
• Hands-on Execution (IC Work): Actively lead by example. You will personally conduct high-impact control walkthroughs, draft complex process narratives, design baseline control mappings for new architectures, and directly test our most critical systems.
• Stabilization & Backlog Burnout: Guide and support the team through its immediate operational maturity phases, and partnering cross-functionally to systematically burn down the legacy issues backlog.

Operationalize the Compliance “Front Door”

• Shift Compliance Left: Manage and scale our centralized compliance onboarding intake process. Partner early with Product, Engineering, and FinOps during the design and architecture stages (pre-coding) to embed security and compliance controls before production release.
• Minimize Friction: Maintain predictable, frictionless compliance paths for engineering stakeholders so compliance acts as an operational accelerator rather than a bottleneck.

Drive High-Risk Control Testing & Continuous Assurance

• Execute Deep-Dive Testing: Personally lead and oversee rigorous internal testing of HubSpot’s highest-risk controls, prioritizing Identity and Access Management (IAM), privileged access, data protection, change management, and AI governance.
• Continuous Monitoring Telemetry: Partner to design and build automated dashboards, transitioning the team’s evidence collection from manual spreadsheets to continuous data streams.
• Define Early-Warning Signals: Build out and monitor key control health indicators (OKIs/PKIs) to identify and remediate control degradation long before audit windows open.

Foster Collaborative Partnerships & Seamless Hand-offs

• Proactive Pre-Audit Alignment: Lead proactive reviews to validate control design, helping system owners address gaps collaboratively before audit cycles begin.
• Frictionless Partner Handoffs: Partner deeply with our Compliance Audit Execution team to transition ready, thoroughly vetted control packages for external testing, replacing traditional siloed boundaries with smooth, cooperative handoffs.
• Shared Posture Insights: Actively feed readiness metrics and testing signals into the broader Security Governance and Risk ecosystem to build a unified, transparent view of security health across HubSpot.

What We’re Looking For

Required Experience & Technical Rigor

• Demonstrated experience in Security GRC, IT Compliance, or IT Audit, ideally within a fast-paced, public SaaS environment.
• Hands-On Player-Coach Leadership: Experience managing, mentoring, or leading GRC professionals, combined with a strong desire and demonstrated ability to execute as an individual contributor. You must love rolling up your sleeves to build.
• Deep Control Expertise: Strong understanding of SOX 404 control design, risk-based scoping, testing, and proactive issue management within modern engineering environments (AWS, microservices, CI/CD pipelines).
• First-Principles Architect Mindset: You look at compliance as a systems-engineering challenge, not a checklist. You have experience implementing controls that are automated, scalable, and lightweight for developers.
• Exceptional Communication & HubSpot Culture Fit: You are empathetic, remarkably clear, and direct. You can explain complex regulatory “whys” to engineering leaders.

Preferred Experience

• Familiarity with emerging technology frameworks, specifically AI governance structures (such as ISO 42001) alongside traditional frameworks (SOC 1⁄2, ISO 27001, NIST).
• Experience supporting product transitions to usage-based billing or microservices-based financial data pipelines.
• Professional certifications such as CISA, CRISC, CISSP, or equivalent experience.

Why HubSpot

At HubSpot, security is a core value. We believe that to “Grow Better,” we must protect the operational and financial integrity of our platform with airtight, auditor-proof logic—while ensuring our teams can move fast and innovate with confidence. You’ll be joining a highly collaborative, deeply supportive GRC organization that treats governance as a modern product rather than a bureaucratic constraint. If you are inspired to build a secure-by-design compliance ecosystem at scale, we’d love to talk to you!

Pay & Benefits

The cash compensation below includes base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot’s bonus plan for eligible roles. In addition to cash compensation, some roles are eligible to participate in HubSpot’s equity plan to receive restricted stock units (RSUs). Some roles may also be eligible for overtime pay. Individual compensation packages are tailored to your skills, experience, qualifications, and other job-related reasons.

This resource will help guide how we recommend thinking about the range you see. Learn more about HubSpot’s compensation philosophy.

Benefits are also an important piece of your total compensation package. Explore the benefits and perks HubSpot offers to help employees grow better.

At HubSpot, fair compensation practices aren’t just about checking off the box for legal compliance. It’s about living out our value of transparency with our employees, candidates, and community.

Annual Cash Compensation Range:

$146,200—$233,900 USD

We know the confidence gap and impostor syndrome can get in the way of meeting spectacular candidates, so please don’t hesitate to apply — we’d love to hear from you.

If you need accommodations or assistance due to a disability, please reach out to us using this form.

At HubSpot, we value both flexibility and connection. Whether you’re a Remote employee or work from the Office, we want you to start your journey here by building strong connections with your team and peers. If you are joining our Engineering team, you will be required to attend a regional HubSpot office for in-person onboarding. If you join our broader Product team, you’ll also attend other in-person events, such as your Product Group Summit and other gatherings, to continue building on those connections.

If you require an accommodation due to travel limitations or other reasons, please inform your recruiter during the hiring process. We are committed to supporting candidates who may need alternative arrangements

Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Germany Applicants: (m/f/d) - link to HubSpot’s Career Diversity page here.

India Applicants: link to HubSpot India’s equal opportunity policy here.

About HubSpot

HubSpot (NYSE: HUBS) is an AI-powered customer platform with all the software, integrations, and resources customers need to connect marketing, sales, and service. HubSpot’s connected platform enables businesses to grow faster by focusing on what matters most: customers.

At HubSpot, bold is our baseline. Our employees around the globe move fast, stay customer-obsessed, and win together. Our culture is grounded in four commitments: Solve for the Customer, Be Bold, Learn Fast, Align, Adapt & Go!, and Deliver with HEART. These commitments shape how we work, lead, and grow.

We’re building a company where people can do their best work. We focus on brilliant work, not badge swipes. By combining clarity, ownership, and trust, we create space for big thinking and meaningful progress. And we know that when our employees grow, our customers do too.

Recognized globally for our award-winning culture by Comparably, Glassdoor, Fortune, and more, HubSpot is headquartered in Cambridge, MA, with employees and offices around the world.

Explore more:

• HubSpot Careers
• Life at HubSpot on Instagram

HubSpot may use AI to help screen or assess candidates, but all hiring decisions are always human. More information can be found here. By submitting your application, you agree that HubSpot may collect your personal data for recruiting, global organization planning, and related purposes. We may use CLEAR ID Verification during the hiring process to confirm your identity and help maintain a safe, secure, and trusted experience for all candidates. Refer to HubSpot’s Recruiting Privacy Notice for details on data processing and your rights.

Work with a Top 20 CPA and advisory firm that Accounts for Anything.  Aprio has 40 U.S. office locations, as well as international office locations and more than 3,200 team members that speak 60+ languages across the globe.  By bringing together proven expertise, deep understanding, and strategic foresight for fast-growing industries, Aprio ensures clients are prepared for wherever life or business may take them. Discover a top-rated culture, vast growth opportunities and your next big career move with Aprio.

Join Aprio’s Information Technology team and you will help clients maximize their opportunities.  Aprio is a progressive, fast-growing firm looking for a Cybersecurity Engineer to join their dynamic team.

Aprio’s Cybersecurity Engineering team builds and operates the controls that protect the firm — identity, network segmentation, cloud security baselines, endpoint, monitoring, encryption, and vulnerability management. The Cybersecurity Engineer is the mid-tier individual contributor on that team: the engineer trusted to take a well-scoped project, run it end-to-end, and deliver a clean, documented, operational result. This role is hands-on and execution-focused, with a growing depth in one or two control domains and a clear path toward Senior Engineer.

This position supports U.S. Government engagements that may involve Controlled Unclassified Information (CUI) and requires access to export‑controlled technical data. In accordance with CUI and U.S. export control regulations, this position is limited to ‘U.S. persons’ (including U.S. citizens, lawful permanent residents, and certain protected individuals) as defined in 22 C.F.R. § 120.62. These requirements are only tied to this specific job posting. We are an equal opportunity employer and all Aprio employment decisions are made in accordance with applicable laws.

What You’ll Do

• You will own small-to-medium engineering projects end-to-end, configure and operate control sets without direct oversight, and partner closely with Senior and Principal engineers on the larger initiatives that cross multiple domains.
• You’re the engineer who can pick up a control implementation, deliver it, document it, and hand it off cleanly to operations.
• You’ll start to grow real depth in a domain you care about — identity, endpoint, vulnerability, cloud security, or logging — and you’ll be a working partner to Associate engineers on day-to-day execution.

Key Responsibilities

• Project ownership: Take small-to-medium engineering projects end-to-end — scoping, design partnership with a Senior, build, test, deploy, document, and hand off to operations. Deliver them on time without surprises.
• Control implementation and operation: Configure and operate security controls across identity, network, cloud, endpoint, logging/monitoring, encryption/key management, and vulnerability management. Execute against approved patterns and standards.
• Domain depth: Develop deepening expertise in at least one control domain (e.g., endpoint, identity, vulnerability management, cloud security, IAM, monitoring). Become a real go-to on that domain for the team.
• Vulnerability and patch operations: Run vulnerability and patch workflows — scan, prioritize, remediate, validate. Track remediation against SLA and close the loop.
• Change support: Participate in change reviews, assess security impact for in-scope systems, implement approved changes, and validate post-change posture.
• Evidence and documentation: Produce clean operational documentation — runbooks, change records, evidence artifacts — that holds up under audit and peer review.
• Detection and response support: Partner with the SOC and Detection Engineering on logging coverage, telemetry quality, and the engineering pieces of response (access tooling, isolation capabilities, evidence capture).
• Associate mentorship: Pair with Associate engineers on day-to-day execution. Review their tickets, walk them through the toolset, and grow them toward independence.
• Automation and tooling: Contribute scripts and automation to reduce manual toil (validation checks, evidence collection, repeatable deployments) under the guidance of Senior+ engineers.

What Success Looks Like

First 30–60 days: Tooling and tenant familiarity is complete. You’re executing standard tasks (access requests, configuration changes, vuln workflows, evidence collection) on your own and logging clean work.

By 90 days: You’ve owned at least one small-to-medium project end-to-end — a vulnerability project, a hardening change, a logging coverage gap, or a tool configuration — and the result is documented, evidenced, and handed off cleanly.

By 6–12 months: You’re the go-to on at least one domain, you’re trusted to execute approved patterns without close oversight, Associate engineers are routinely paired with you, and you’re a working partner on at least one cross-team initiative led by a Senior or Principal engineer.

Required Qualifications

• 3+ years in security engineering, cloud engineering, or security operations with hands-on responsibility for implementing controls.
• Strong fundamentals in at least one of: identity and access management, network segmentation, vulnerability management, cloud security, endpoint security, centralized logging.
• Experience with at least one major cloud platform (Azure, AWS, GCP) in an engineering capacity.
• Comfortable executing vulnerability and patch workflows (scan, prioritize, remediate, validate).
• Ability to write clear operational documentation — runbooks, evidence artifacts, change records.
• Strong collaboration skills across Security, IT, and delivery teams.
• Comfortable mentoring Associate Engineers on day-to-day work

Preferred Qualifications

• Regulated-environment exposure (CMMC, NIST 800-171, FedRAMP-aligned, SOC 2, ISO 27001).
• Scripting / automation experience (Python, PowerShell, Bash); infrastructure-as-code familiarity a plus.
• Security certifications (Security+, SSCP, GSEC, AZ-500, AWS Security Specialty, or cloud/security engineering equivalents).
• Familiarity with incident-response procedures and evidence handling.
• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field — or equivalent applicable years of experience

$80,000 - $90,000 a year

The salary range for this opportunity is stated above. As such, an actual salary may fall closer to one or the other end of the range, and in certain circumstances, may wind up being outside of the listed salary range.

The application window is anticipated to close on July 27th and may be extended as needed.

Why work for Aprio:

Whether you are just starting out, looking to advance into management or searching for your next leadership role, Aprio offers an opportunity to grow with a future-focused, innovative firm.

Perks/Benefits we offer for full-time team members:

- Medical, Dental, and Vision Insurance on the first day of employment

- Flexible Spending Account and Dependent Care Account

- 401k with Profit Sharing

- 9+ holidays and discretionary time off structure

- Parental Leave – coverage for both primary and secondary caregivers

- Tuition Assistance Program and CPA support program with cash incentive upon completion

- Discretionary incentive compensation based on firm, group and individual performance

- Incentive compensation related to origination of new client sales

- Top rated wellness program

- Flexible working environment including remote and hybrid options

What’s in it for you:

- Working with an industry leader: Be part of a high-growth firm that is passionate for what’s next.

- An awesome culture: Thirty-one fundamental behaviors guide our culture every day ensuring we always deliver an exceptional team-member and client experience.  We call it the Aprio Way.  This shared mindset creates lasting relationships between team members and with clients.

- A great team: Work with a high-energy, passionate, caring and ambitious team of professionals in a collaborative culture.

- Entrepreneurship: Have the freedom to innovate and bring your ideas to help us grow to become the CPA firm of choice nationally.

- Growth opportunities: Grow professionally in an environment that fosters continuous learning and advancement.

- Competitive compensation: You will be rewarded with competitive compensation, industry-leading benefits and a flexible work environment to enjoy work/life balance.

EQUAL OPPORTUNITY EMPLOYER

Aprio is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race; color; religion; national origin; sex; pregnancy; sexual orientation; gender identity and/or expression; age; disability; genetic information, citizenship status; military service obligations or any other category protected by applicable federal, state, or local law.

Aprio, LLP and Aprio Advisory Group, LLC, operate in an alternative business structure, with Aprio Advisory Group, LLC providing non-attest tax and consulting services, and Aprio, LLP providing CPA firm services.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Company Description

Founded and headquartered in Switzerland, Avaloq is continuously expanding its global footprint with around 2,500 colleagues in 10 countries, and more than 160 clients in 35 countries. We are an industry-leading provider of wealth management technology and services for financial institutions around the world, including private banks and wealth managers, investment managers, as well as retail and neo banks. Our research led approach and continual innovation is powered by the passion and creativity of our colleagues.

We are always looking for talented people to join us on our mission to orchestrate the financial ecosystem and democratize access to wealth management. Avaloq offers the opportunity to work closely with some of the world’s leading financial institutions as we jointly develop and shape careers. Championing a collaborative, supportive and flexible work environment empowers our colleagues to reach their full potential.

Job Description

The Avaloq Security team is an international team of analysts, senior and expert software engineers and architects. The Avaloq Security team develops and maintains central application security frameworks and tools for all companywide technology stacks and consults the business teams on best practice implementations for context specific security requirements. It furthermore operates the group-wide application security assessments, monitors the security vulnerabilities and supports the business teams in related risk mitigation plans.

Your key tasks

• Analyse, design, and develop requirements in collaboration with Product Development, customers, business analysts, and software partners.
• Design, implement, and maintain internal CI/CD pipelines and automated tools to support vulnerability management, security reporting, and efficient development workflows.
• Contribute to and collaborate across departments on cross-functional projects.
• Check and maintain the daily automated build process, analysing security warnings and providing guidance or fixes as required.
• Monitor third-party library enrolment, updates, and removals using in-house tools and Mend (or similar solutions).
• Evaluate and validate detected vulnerabilities, assess exploitability, provide expert analysis on false positives, and develop potential fixes.
• Maintain configuration control and ensure accuracy of the release baseline.
• Coordinate security-related actions across multiple teams to ensure the high quality and security of Avaloq products.
• Prepare and distribute documentation and reports related to security risks, findings, and remediation progress.
• Conduct periodic reviews to verify compliance with internal security policies, guidelines, and best practices.
• Participate in internal technical discussions, sharing knowledge on security implementation, vulnerabilities, and opportunities for improvement.

Qualifications

• University degree in IT, Mathematics, Physics, or a related technical discipline.
• Must have at least 3-5 years of relevant work experience
• Strong experience in designing, implementing, and maintaining internal CI/CD pipelines and automation tooling.
• Senior-level engineering expertise with hands-on skills in Python, Java, JavaScript, Gradle, Jenkins (or other CI/CD tools).
• Knowledge of containerized applications and experience with Kubernetes and/or OpenShift (or similar container orchestration platforms).
• Deep understanding of security concepts, industry standards, and best practices.
• Practical experience with vulnerability management tools and automated security scanning solutions.
• Ability to communicate technical information effectively to non-technical stakeholders.
• Exposure to financial markets and understanding of financial products is an advantage.
• Strong analytical capabilities, attention to detail, and commitment to delivering high-quality results.
• Positive, collaborative mindset with the ability to promote best practices across the organization.

Additional Information

We realize that managing work life balance is a challenge we all face in our daily lives and in order to support with this we are pleased to offer hybrid and flexible working for most of our Avaloqers to maintain work life balance and still continue our fantastic Avaloq culture in our global offices.

In Avaloq we are proud to embrace diversity and understand the success of our business is built on the power of different opinions, we are whole heartedly committed to fostering an equal opportunity environment and inclusive culture where you can be your true authentic self.

We hire, compensate and promote regardless of origin, age, gender identity, sexual orientation or any other fantastic traits that make us all unique, we have done our best to write this advert in an inclusive and neutral way.

Please be aware that we will not accept speculative CV submissions for any of our roles from recruitment agencies, and any unsolicited candidate submissions will be exempt from any payment expectations.

#LI-Hybrid

Work with a Top 20 CPA and advisory firm that Accounts for Anything.  Aprio has 40 U.S. office locations, as well as international office locations and more than 3,200 team members that speak 60+ languages across the globe.  By bringing together proven expertise, deep understanding, and strategic foresight for fast-growing industries, Aprio ensures clients are prepared for wherever life or business may take them. Discover a top-rated culture, vast growth opportunities and your next big career move with Aprio.

Join Aprio’s Information Technology team and you will help clients maximize their opportunities. Aprio is a progressive, fast-growing firm looking for a Senior Cybersecurity Engineer to join their dynamic team.

Aprio’s Cybersecurity Engineering team builds and operates the controls that make the firm defensible: identity, network segmentation, cloud security baselines, endpoint, monitoring, encryption, and vulnerability management. The Senior Cybersecurity Engineer is the senior individual contributor on that team — the engineer who takes a control domain from “documented” to “running cleanly in production,” sets the standard for how it’s done, and pulls the Mid and Associate engineers up with them. This is a hands-on engineering role that also leads cross-team initiatives.

This position supports U.S. Government engagements that may involve Controlled Unclassified Information (CUI) and requires access to export‑controlled technical data. In accordance with CUI and U.S. export control regulations, this position is limited to ‘U.S. persons’ (including U.S. citizens, lawful permanent residents, and certain protected individuals) as defined in 22 C.F.R. § 120.62. These requirements are only tied to this specific job posting. We are an equal opportunity employer and all Aprio employment decisions are made in accordance with applicable laws.

What You’ll Do:

• You will own the operational health of one or two engineering domains, lead cross-team initiatives that touch multiple control areas, and design the patterns the rest of the team executes against.
• You’re the engineer who can take a tool from “purchased” to “deployed, tuned, and instrumented,” the partner Cloud Ops and Identity call when they need a security pattern that actually works, and the senior who makes the Mid and Associate engineers better through pairing, code review, and clear standards.
• You’ll also be a senior voice in architecture and decision conversations alongside the Principal Engineer and the Manager.

Key Responsibilities:

• Domain ownership: Own the operational health of one or two engineering domains (identity, network/segmentation, cloud security baselines, monitoring/logging, encryption/key management, endpoint, vulnerability management, configuration management). Keep them measurably healthy and improving.
• Cross-team initiatives: Lead initiatives that span Security, IT, Identity, Cloud Operations, and delivery teams — controlled rollouts, control set hardening, tool migrations. Land them without breaking production.
• Architecture and standards: Design new control patterns and reference architectures. Write the decision records, runbooks, and standards the team executes against and the auditors review.
• Controlled rollouts: Lead the end-to-end deployment of new control sets (e.g., bringing a new EDR online, hardening a new cloud account, standing up new logging pipelines) — pilot, measure, expand, document.
• Mentorship: Pair with Mid and Associate engineers, run design reviews, give substantive code/config review, and grow the next tier. Quality of output from less senior engineers is part of your scope.
• Operational partnership: Be the senior partner Cloud Ops, Identity, IT Service Management, GRC, and the SOC call when they need security engineering input. Solve problems with them, not at them.
• Detection/response engineering support: Partner with Detection Engineering and the SOC on logging coverage, telemetry quality, and the engineering pieces of response (privileged access tooling, isolation capabilities, evidence capture).
• Evidence and audit readiness: Produce control evidence and architecture documentation that holds up under audit and peer review. Keep your domains’ evidence map current.
• Automation: Push toward repeatable, codified controls (IaC, policy-as-code, automated evidence collection) instead of one-off manual work.

What Success Looks Like:

First 30–60 days: You can operate your priority domains safely on Aprio’s tooling, you’ve assessed current control posture, and you’ve published a prioritized remediation backlog for at least one domain.

By 90 days: You’re leading at least one cross-team initiative, you’ve published or substantially revised at least one architecture pattern or decision record, and you’re an active mentor to the Mid and Associate engineers.

By 6–12 months: Your domains have measurably improved control health (less drift, cleaner evidence, faster remediation, fewer escalations). At least one controlled rollout has landed cleanly. Less senior engineers on the team are visibly better because of how you work with them.

Required Qualifications:

• 5+ years in security engineering, with hands-on responsibility for implementing controls across identity, network, cloud, endpoint, and/or monitoring.
• Strong fundamentals in IAM, network segmentation, encryption / key management, and centralized logging / monitoring.
• Experience with at least one major cloud platform (Azure, AWS, GCP) in a security-engineering capacity.
• Ability to produce clear architecture documentation, runbooks, and decision records that hold up under audit and peer review.
• Excellent written and verbal communication; able to explain tradeoffs across Security, IT, and delivery audiences in plain language.
• Comfortable mentoring less senior engineers and owning quality-of-output for one or more domains.

Preferred Qualifications

• Regulated-environment experience (CMMC, NIST 800-171, NIST 800-53, FedRAMP-aligned, SOC 2, ISO 27001, HIPAA, PCI).
• Infrastructure-as-code experience (Terraform, Bicep, Pulumi) and policy-as-code (Sentinel, OPA).
• Security tooling integration experience (SIEM, EDR, vulnerability scanning, IAM, secrets management).
• Industry certifications (one or more): CISSP, CCSP, GIAC (e.g., GCED, GPEN, GCWN), AZ-500, AWS Security Specialty.
• Experience supporting a SOC’s detection/response engineering needs.
• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field — or equivalent applicable years of experience

$100,000 - $125,000 a year

The salary range for this opportunity is stated above. As such, an actual salary may fall closer to one or the other end of the range, and in certain circumstances, may wind up being outside of the listed salary range.

The application window is anticipated to close on July 27th and may be extended as needed.

Why work for Aprio:

Whether you are just starting out, looking to advance into management or searching for your next leadership role, Aprio offers an opportunity to grow with a future-focused, innovative firm.

Perks/Benefits we offer for full-time team members:

- Medical, Dental, and Vision Insurance on the first day of employment

- Flexible Spending Account and Dependent Care Account

- 401k with Profit Sharing

- 9+ holidays and discretionary time off structure

- Parental Leave – coverage for both primary and secondary caregivers

- Tuition Assistance Program and CPA support program with cash incentive upon completion

- Discretionary incentive compensation based on firm, group and individual performance

- Incentive compensation related to origination of new client sales

- Top rated wellness program

- Flexible working environment including remote and hybrid options

What’s in it for you:

- Working with an industry leader: Be part of a high-growth firm that is passionate for what’s next.

- An awesome culture: Thirty-one fundamental behaviors guide our culture every day ensuring we always deliver an exceptional team-member and client experience.  We call it the Aprio Way.  This shared mindset creates lasting relationships between team members and with clients.

- A great team: Work with a high-energy, passionate, caring and ambitious team of professionals in a collaborative culture.

- Entrepreneurship: Have the freedom to innovate and bring your ideas to help us grow to become the CPA firm of choice nationally.

- Growth opportunities: Grow professionally in an environment that fosters continuous learning and advancement.

- Competitive compensation: You will be rewarded with competitive compensation, industry-leading benefits and a flexible work environment to enjoy work/life balance.

EQUAL OPPORTUNITY EMPLOYER

Aprio is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race; color; religion; national origin; sex; pregnancy; sexual orientation; gender identity and/or expression; age; disability; genetic information, citizenship status; military service obligations or any other category protected by applicable federal, state, or local law.

Aprio, LLP and Aprio Advisory Group, LLC, operate in an alternative business structure, with Aprio Advisory Group, LLC providing non-attest tax and consulting services, and Aprio, LLP providing CPA firm services.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Work with a Top 20 CPA and advisory firm that Accounts for Anything.  Aprio has 40 U.S. office locations, as well as international office locations and more than 3,200 team members that speak 60+ languages across the globe.  By bringing together proven expertise, deep understanding, and strategic foresight for fast-growing industries, Aprio ensures clients are prepared for wherever life or business may take them. Discover a top-rated culture, vast growth opportunities and your next big career move with Aprio.

Join Aprio’s Information Technology team and you will help clients maximize their opportunities.  Aprio is a progressive, fast-growing firm looking for a Cybersecurity Engineer to join their dynamic team.

Aprio’s Cybersecurity Engineering team builds and operates the controls that protect the firm — identity, network segmentation, cloud security baselines, endpoint, monitoring, encryption, and vulnerability management. The Cybersecurity Engineer is the mid-tier individual contributor on that team: the engineer trusted to take a well-scoped project, run it end-to-end, and deliver a clean, documented, operational result. This role is hands-on and execution-focused, with a growing depth in one or two control domains and a clear path toward Senior Engineer.

This position supports U.S. Government engagements that may involve Controlled Unclassified Information (CUI) and requires access to export‑controlled technical data. In accordance with CUI and U.S. export control regulations, this position is limited to ‘U.S. persons’ (including U.S. citizens, lawful permanent residents, and certain protected individuals) as defined in 22 C.F.R. § 120.62. These requirements are only tied to this specific job posting. We are an equal opportunity employer and all Aprio employment decisions are made in accordance with applicable laws.

What You’ll Do

• You will own small-to-medium engineering projects end-to-end, configure and operate control sets without direct oversight, and partner closely with Senior and Principal engineers on the larger initiatives that cross multiple domains.
• You’re the engineer who can pick up a control implementation, deliver it, document it, and hand it off cleanly to operations.
• You’ll start to grow real depth in a domain you care about — identity, endpoint, vulnerability, cloud security, or logging — and you’ll be a working partner to Associate engineers on day-to-day execution.

Key Responsibilities

• Project ownership: Take small-to-medium engineering projects end-to-end — scoping, design partnership with a Senior, build, test, deploy, document, and hand off to operations. Deliver them on time without surprises.
• Control implementation and operation: Configure and operate security controls across identity, network, cloud, endpoint, logging/monitoring, encryption/key management, and vulnerability management. Execute against approved patterns and standards.
• Domain depth: Develop deepening expertise in at least one control domain (e.g., endpoint, identity, vulnerability management, cloud security, IAM, monitoring). Become a real go-to on that domain for the team.
• Vulnerability and patch operations: Run vulnerability and patch workflows — scan, prioritize, remediate, validate. Track remediation against SLA and close the loop.
• Change support: Participate in change reviews, assess security impact for in-scope systems, implement approved changes, and validate post-change posture.
• Evidence and documentation: Produce clean operational documentation — runbooks, change records, evidence artifacts — that holds up under audit and peer review.
• Detection and response support: Partner with the SOC and Detection Engineering on logging coverage, telemetry quality, and the engineering pieces of response (access tooling, isolation capabilities, evidence capture).
• Associate mentorship: Pair with Associate engineers on day-to-day execution. Review their tickets, walk them through the toolset, and grow them toward independence.
• Automation and tooling: Contribute scripts and automation to reduce manual toil (validation checks, evidence collection, repeatable deployments) under the guidance of Senior+ engineers.

What Success Looks Like

First 30–60 days: Tooling and tenant familiarity is complete. You’re executing standard tasks (access requests, configuration changes, vuln workflows, evidence collection) on your own and logging clean work.

By 90 days: You’ve owned at least one small-to-medium project end-to-end — a vulnerability project, a hardening change, a logging coverage gap, or a tool configuration — and the result is documented, evidenced, and handed off cleanly.

By 6–12 months: You’re the go-to on at least one domain, you’re trusted to execute approved patterns without close oversight, Associate engineers are routinely paired with you, and you’re a working partner on at least one cross-team initiative led by a Senior or Principal engineer.

Required Qualifications

• 3+ years in security engineering, cloud engineering, or security operations with hands-on responsibility for implementing controls.
• Strong fundamentals in at least one of: identity and access management, network segmentation, vulnerability management, cloud security, endpoint security, centralized logging.
• Experience with at least one major cloud platform (Azure, AWS, GCP) in an engineering capacity.
• Comfortable executing vulnerability and patch workflows (scan, prioritize, remediate, validate).
• Ability to write clear operational documentation — runbooks, evidence artifacts, change records.
• Strong collaboration skills across Security, IT, and delivery teams.
• Comfortable mentoring Associate Engineers on day-to-day work

Preferred Qualifications

• Regulated-environment exposure (CMMC, NIST 800-171, FedRAMP-aligned, SOC 2, ISO 27001).
• Scripting / automation experience (Python, PowerShell, Bash); infrastructure-as-code familiarity a plus.
• Security certifications (Security+, SSCP, GSEC, AZ-500, AWS Security Specialty, or cloud/security engineering equivalents).
• Familiarity with incident-response procedures and evidence handling.
• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field — or equivalent applicable years of experience

$80,000 - $90,000 a year

The salary range for this opportunity is stated above. As such, an actual salary may fall closer to one or the other end of the range, and in certain circumstances, may wind up being outside of the listed salary range.

The application window is anticipated to close on July 27th and may be extended as needed.

Why work for Aprio:

Whether you are just starting out, looking to advance into management or searching for your next leadership role, Aprio offers an opportunity to grow with a future-focused, innovative firm.

Perks/Benefits we offer for full-time team members:

- Medical, Dental, and Vision Insurance on the first day of employment

- Flexible Spending Account and Dependent Care Account

- 401k with Profit Sharing

- 9+ holidays and discretionary time off structure

- Parental Leave – coverage for both primary and secondary caregivers

- Tuition Assistance Program and CPA support program with cash incentive upon completion

- Discretionary incentive compensation based on firm, group and individual performance

- Incentive compensation related to origination of new client sales

- Top rated wellness program

- Flexible working environment including remote and hybrid options

What’s in it for you:

- Working with an industry leader: Be part of a high-growth firm that is passionate for what’s next.

- An awesome culture: Thirty-one fundamental behaviors guide our culture every day ensuring we always deliver an exceptional team-member and client experience.  We call it the Aprio Way.  This shared mindset creates lasting relationships between team members and with clients.

- A great team: Work with a high-energy, passionate, caring and ambitious team of professionals in a collaborative culture.

- Entrepreneurship: Have the freedom to innovate and bring your ideas to help us grow to become the CPA firm of choice nationally.

- Growth opportunities: Grow professionally in an environment that fosters continuous learning and advancement.

- Competitive compensation: You will be rewarded with competitive compensation, industry-leading benefits and a flexible work environment to enjoy work/life balance.

EQUAL OPPORTUNITY EMPLOYER

Aprio is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race; color; religion; national origin; sex; pregnancy; sexual orientation; gender identity and/or expression; age; disability; genetic information, citizenship status; military service obligations or any other category protected by applicable federal, state, or local law.

Aprio, LLP and Aprio Advisory Group, LLC, operate in an alternative business structure, with Aprio Advisory Group, LLC providing non-attest tax and consulting services, and Aprio, LLP providing CPA firm services.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Work with a Top 20 CPA and advisory firm that Accounts for Anything.  Aprio has 40 U.S. office locations, as well as international office locations and more than 3,200 team members that speak 60+ languages across the globe.  By bringing together proven expertise, deep understanding, and strategic foresight for fast-growing industries, Aprio ensures clients are prepared for wherever life or business may take them. Discover a top-rated culture, vast growth opportunities and your next big career move with Aprio.

Join Aprio’s Information Technology team and you will help clients maximize their opportunities. Aprio is a progressive, fast-growing firm looking for a Senior Cybersecurity Engineer to join their dynamic team.

Aprio’s Cybersecurity Engineering team builds and operates the controls that make the firm defensible: identity, network segmentation, cloud security baselines, endpoint, monitoring, encryption, and vulnerability management. The Senior Cybersecurity Engineer is the senior individual contributor on that team — the engineer who takes a control domain from “documented” to “running cleanly in production,” sets the standard for how it’s done, and pulls the Mid and Associate engineers up with them. This is a hands-on engineering role that also leads cross-team initiatives.

This position supports U.S. Government engagements that may involve Controlled Unclassified Information (CUI) and requires access to export‑controlled technical data. In accordance with CUI and U.S. export control regulations, this position is limited to ‘U.S. persons’ (including U.S. citizens, lawful permanent residents, and certain protected individuals) as defined in 22 C.F.R. § 120.62. These requirements are only tied to this specific job posting. We are an equal opportunity employer and all Aprio employment decisions are made in accordance with applicable laws.

What You’ll Do:

• You will own the operational health of one or two engineering domains, lead cross-team initiatives that touch multiple control areas, and design the patterns the rest of the team executes against.
• You’re the engineer who can take a tool from “purchased” to “deployed, tuned, and instrumented,” the partner Cloud Ops and Identity call when they need a security pattern that actually works, and the senior who makes the Mid and Associate engineers better through pairing, code review, and clear standards.
• You’ll also be a senior voice in architecture and decision conversations alongside the Principal Engineer and the Manager.

Key Responsibilities:

• Domain ownership: Own the operational health of one or two engineering domains (identity, network/segmentation, cloud security baselines, monitoring/logging, encryption/key management, endpoint, vulnerability management, configuration management). Keep them measurably healthy and improving.
• Cross-team initiatives: Lead initiatives that span Security, IT, Identity, Cloud Operations, and delivery teams — controlled rollouts, control set hardening, tool migrations. Land them without breaking production.
• Architecture and standards: Design new control patterns and reference architectures. Write the decision records, runbooks, and standards the team executes against and the auditors review.
• Controlled rollouts: Lead the end-to-end deployment of new control sets (e.g., bringing a new EDR online, hardening a new cloud account, standing up new logging pipelines) — pilot, measure, expand, document.
• Mentorship: Pair with Mid and Associate engineers, run design reviews, give substantive code/config review, and grow the next tier. Quality of output from less senior engineers is part of your scope.
• Operational partnership: Be the senior partner Cloud Ops, Identity, IT Service Management, GRC, and the SOC call when they need security engineering input. Solve problems with them, not at them.
• Detection/response engineering support: Partner with Detection Engineering and the SOC on logging coverage, telemetry quality, and the engineering pieces of response (privileged access tooling, isolation capabilities, evidence capture).
• Evidence and audit readiness: Produce control evidence and architecture documentation that holds up under audit and peer review. Keep your domains’ evidence map current.
• Automation: Push toward repeatable, codified controls (IaC, policy-as-code, automated evidence collection) instead of one-off manual work.

What Success Looks Like:

First 30–60 days: You can operate your priority domains safely on Aprio’s tooling, you’ve assessed current control posture, and you’ve published a prioritized remediation backlog for at least one domain.

By 90 days: You’re leading at least one cross-team initiative, you’ve published or substantially revised at least one architecture pattern or decision record, and you’re an active mentor to the Mid and Associate engineers.

By 6–12 months: Your domains have measurably improved control health (less drift, cleaner evidence, faster remediation, fewer escalations). At least one controlled rollout has landed cleanly. Less senior engineers on the team are visibly better because of how you work with them.

Required Qualifications:

• 5+ years in security engineering, with hands-on responsibility for implementing controls across identity, network, cloud, endpoint, and/or monitoring.
• Strong fundamentals in IAM, network segmentation, encryption / key management, and centralized logging / monitoring.
• Experience with at least one major cloud platform (Azure, AWS, GCP) in a security-engineering capacity.
• Ability to produce clear architecture documentation, runbooks, and decision records that hold up under audit and peer review.
• Excellent written and verbal communication; able to explain tradeoffs across Security, IT, and delivery audiences in plain language.
• Comfortable mentoring less senior engineers and owning quality-of-output for one or more domains.

Preferred Qualifications

• Regulated-environment experience (CMMC, NIST 800-171, NIST 800-53, FedRAMP-aligned, SOC 2, ISO 27001, HIPAA, PCI).
• Infrastructure-as-code experience (Terraform, Bicep, Pulumi) and policy-as-code (Sentinel, OPA).
• Security tooling integration experience (SIEM, EDR, vulnerability scanning, IAM, secrets management).
• Industry certifications (one or more): CISSP, CCSP, GIAC (e.g., GCED, GPEN, GCWN), AZ-500, AWS Security Specialty.
• Experience supporting a SOC’s detection/response engineering needs.
• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field — or equivalent applicable years of experience

$100,000 - $125,000 a year

The salary range for this opportunity is stated above. As such, an actual salary may fall closer to one or the other end of the range, and in certain circumstances, may wind up being outside of the listed salary range.

The application window is anticipated to close on July 27th and may be extended as needed.

Why work for Aprio:

Whether you are just starting out, looking to advance into management or searching for your next leadership role, Aprio offers an opportunity to grow with a future-focused, innovative firm.

Perks/Benefits we offer for full-time team members:

- Medical, Dental, and Vision Insurance on the first day of employment

- Flexible Spending Account and Dependent Care Account

- 401k with Profit Sharing

- 9+ holidays and discretionary time off structure

- Parental Leave – coverage for both primary and secondary caregivers

- Tuition Assistance Program and CPA support program with cash incentive upon completion

- Discretionary incentive compensation based on firm, group and individual performance

- Incentive compensation related to origination of new client sales

- Top rated wellness program

- Flexible working environment including remote and hybrid options

What’s in it for you:

- Working with an industry leader: Be part of a high-growth firm that is passionate for what’s next.

- An awesome culture: Thirty-one fundamental behaviors guide our culture every day ensuring we always deliver an exceptional team-member and client experience.  We call it the Aprio Way.  This shared mindset creates lasting relationships between team members and with clients.

- A great team: Work with a high-energy, passionate, caring and ambitious team of professionals in a collaborative culture.

- Entrepreneurship: Have the freedom to innovate and bring your ideas to help us grow to become the CPA firm of choice nationally.

- Growth opportunities: Grow professionally in an environment that fosters continuous learning and advancement.

- Competitive compensation: You will be rewarded with competitive compensation, industry-leading benefits and a flexible work environment to enjoy work/life balance.

EQUAL OPPORTUNITY EMPLOYER

Aprio is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race; color; religion; national origin; sex; pregnancy; sexual orientation; gender identity and/or expression; age; disability; genetic information, citizenship status; military service obligations or any other category protected by applicable federal, state, or local law.

Aprio, LLP and Aprio Advisory Group, LLC, operate in an alternative business structure, with Aprio Advisory Group, LLC providing non-attest tax and consulting services, and Aprio, LLP providing CPA firm services.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

1086155

Manager, Security GRC - Compliance Onboarding & Readiness

Location: United States - Remote, Flex, or Office

About the Role

HubSpot is seeking a Manager, Security GRC on our Compliance Onboarding & Readiness team. This role is a critical part of how HubSpot approaches trust, security, and governance. Instead of focusing on reactive audit defense, our team acts as a proactive design and engineering partner. We shift compliance engineering “left” to ensure our rapidly expanding product surface, including usage-based billing systems, advanced AI capabilities, and scaling infrastructure, is fundamentally secure by design and audit-ready.

This is a hands-on, “player-coach” role. Reporting directly to the Senior Manager, you will lead and mentor a dedicated team of GRC professionals, while also acting as a high-impact individual contributor (IC). You are someone who loves to get into the weeds: executing proactive control designs, performing technical walkthroughs, mapping controls to complex cloud environments, and directly authoring robust control documentation alongside your team.

You will drive the day-to-day operationalization of our High-Risk Control Testing and Compliance Onboarding charters, moving HubSpot away from point-in-time evidence gathering and toward continuous compliance automated by telemetry.

What You’ll Do

Be an Active Player-Coach & Lead the Team

• Direct People Management: Lead, develop, and mentor a talented sub-team of GRC professionals. Evolve their capabilities in risk-based judgment and technical engineering partnership.
• Hands-on Execution (IC Work): Actively lead by example. You will personally conduct high-impact control walkthroughs, draft complex process narratives, design baseline control mappings for new architectures, and directly test our most critical systems.
• Stabilization & Backlog Burnout: Guide and support the team through its immediate operational maturity phases, and partnering cross-functionally to systematically burn down the legacy issues backlog.

Operationalize the Compliance “Front Door”

• Shift Compliance Left: Manage and scale our centralized compliance onboarding intake process. Partner early with Product, Engineering, and FinOps during the design and architecture stages (pre-coding) to embed security and compliance controls before production release.
• Minimize Friction: Maintain predictable, frictionless compliance paths for engineering stakeholders so compliance acts as an operational accelerator rather than a bottleneck.

Drive High-Risk Control Testing & Continuous Assurance

• Execute Deep-Dive Testing: Personally lead and oversee rigorous internal testing of HubSpot’s highest-risk controls, prioritizing Identity and Access Management (IAM), privileged access, data protection, change management, and AI governance.
• Continuous Monitoring Telemetry: Partner to design and build automated dashboards, transitioning the team’s evidence collection from manual spreadsheets to continuous data streams.
• Define Early-Warning Signals: Build out and monitor key control health indicators (OKIs/PKIs) to identify and remediate control degradation long before audit windows open.

Foster Collaborative Partnerships & Seamless Hand-offs

• Proactive Pre-Audit Alignment: Lead proactive reviews to validate control design, helping system owners address gaps collaboratively before audit cycles begin.
• Frictionless Partner Handoffs: Partner deeply with our Compliance Audit Execution team to transition ready, thoroughly vetted control packages for external testing, replacing traditional siloed boundaries with smooth, cooperative handoffs.
• Shared Posture Insights: Actively feed readiness metrics and testing signals into the broader Security Governance and Risk ecosystem to build a unified, transparent view of security health across HubSpot.

What We’re Looking For

Required Experience & Technical Rigor

• Demonstrated experience in Security GRC, IT Compliance, or IT Audit, ideally within a fast-paced, public SaaS environment.
• Hands-On Player-Coach Leadership: Experience managing, mentoring, or leading GRC professionals, combined with a strong desire and demonstrated ability to execute as an individual contributor. You must love rolling up your sleeves to build.
• Deep Control Expertise: Strong understanding of SOX 404 control design, risk-based scoping, testing, and proactive issue management within modern engineering environments (AWS, microservices, CI/CD pipelines).
• First-Principles Architect Mindset: You look at compliance as a systems-engineering challenge, not a checklist. You have experience implementing controls that are automated, scalable, and lightweight for developers.
• Exceptional Communication & HubSpot Culture Fit: You are empathetic, remarkably clear, and direct. You can explain complex regulatory “whys” to engineering leaders.

Preferred Experience

• Familiarity with emerging technology frameworks, specifically AI governance structures (such as ISO 42001) alongside traditional frameworks (SOC 1⁄2, ISO 27001, NIST).
• Experience supporting product transitions to usage-based billing or microservices-based financial data pipelines.
• Professional certifications such as CISA, CRISC, CISSP, or equivalent experience.

Why HubSpot

At HubSpot, security is a core value. We believe that to “Grow Better,” we must protect the operational and financial integrity of our platform with airtight, auditor-proof logic—while ensuring our teams can move fast and innovate with confidence. You’ll be joining a highly collaborative, deeply supportive GRC organization that treats governance as a modern product rather than a bureaucratic constraint. If you are inspired to build a secure-by-design compliance ecosystem at scale, we’d love to talk to you!

Pay & Benefits

The cash compensation below includes base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot’s bonus plan for eligible roles. In addition to cash compensation, some roles are eligible to participate in HubSpot’s equity plan to receive restricted stock units (RSUs). Some roles may also be eligible for overtime pay. Individual compensation packages are tailored to your skills, experience, qualifications, and other job-related reasons.

This resource will help guide how we recommend thinking about the range you see. Learn more about HubSpot’s compensation philosophy.

Benefits are also an important piece of your total compensation package. Explore the benefits and perks HubSpot offers to help employees grow better.

At HubSpot, fair compensation practices aren’t just about checking off the box for legal compliance. It’s about living out our value of transparency with our employees, candidates, and community.

Annual Cash Compensation Range:

$146,200—$233,900 USD

We know the confidence gap and impostor syndrome can get in the way of meeting spectacular candidates, so please don’t hesitate to apply — we’d love to hear from you.

If you need accommodations or assistance due to a disability, please reach out to us using this form.

At HubSpot, we value both flexibility and connection. Whether you’re a Remote employee or work from the Office, we want you to start your journey here by building strong connections with your team and peers. If you are joining our Engineering team, you will be required to attend a regional HubSpot office for in-person onboarding. If you join our broader Product team, you’ll also attend other in-person events, such as your Product Group Summit and other gatherings, to continue building on those connections.

If you require an accommodation due to travel limitations or other reasons, please inform your recruiter during the hiring process. We are committed to supporting candidates who may need alternative arrangements

Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Germany Applicants: (m/f/d) - link to HubSpot’s Career Diversity page here.

India Applicants: link to HubSpot India’s equal opportunity policy here.

About HubSpot

HubSpot (NYSE: HUBS) is an AI-powered customer platform with all the software, integrations, and resources customers need to connect marketing, sales, and service. HubSpot’s connected platform enables businesses to grow faster by focusing on what matters most: customers.

At HubSpot, bold is our baseline. Our employees around the globe move fast, stay customer-obsessed, and win together. Our culture is grounded in four commitments: Solve for the Customer, Be Bold, Learn Fast, Align, Adapt & Go!, and Deliver with HEART. These commitments shape how we work, lead, and grow.

We’re building a company where people can do their best work. We focus on brilliant work, not badge swipes. By combining clarity, ownership, and trust, we create space for big thinking and meaningful progress. And we know that when our employees grow, our customers do too.

Recognized globally for our award-winning culture by Comparably, Glassdoor, Fortune, and more, HubSpot is headquartered in Cambridge, MA, with employees and offices around the world.

Explore more:

• HubSpot Careers
• Life at HubSpot on Instagram

HubSpot may use AI to help screen or assess candidates, but all hiring decisions are always human. More information can be found here. By submitting your application, you agree that HubSpot may collect your personal data for recruiting, global organization planning, and related purposes. We may use CLEAR ID Verification during the hiring process to confirm your identity and help maintain a safe, secure, and trusted experience for all candidates. Refer to HubSpot’s Recruiting Privacy Notice for details on data processing and your rights.

We are looking for a Senior Escalation Engineer to join our client — the worldwide frontrunner in identity security. By emphasising intelligent privilege controls, they deliver the most extensive security...

UK Remote | 💰 £31,100 – £39,350 + Incentive Awards tied to your performance +Benefits | Hear from the team ✨Start Date: We have start dates for Tuesday 1st September,...

About the TeamAt DoorDash we’re building the industry’s most scalable and reliable delivery network to support our three-sided marketplace of consumers, merchants, and Dashers. Security is paramount to the success...

About the TeamEnterprise Security is the primary point of contact for employee-focused security across DoorDash, Wolt, and Deliveroo. We deliver secure-by-default systems, processes, and controls for everyone who works here,...

Reports to: Chief Security Officer

Location: Remote US

Compensation Range: $220,000 to $240,000 base plus bonus and equity

What We Do:

Cybercrime is growing, and more businesses are getting hit by threats that used to target only the biggest organizations. That pushes defenders like us to operate at the highest level, and it deepens our need for good people who want to make a meaningful impact.

Founded in 2015 by former NSA cyber operators, Huntress is a remote-first team working to make enterprise-grade cybersecurity accessible to businesses of all sizes. We work closely with security teams and service providers protecting complex environments, often without the time or headcount to handle it all. That’s why we build our technology in-house and back it with a 24⁄7 human-led Security Operations Center (SOC). As a result, our platform is never disconnected from the experts who manage it, ensuring our customers’ protection.

Huntress now secures more than 5M endpoints and 11M identities worldwide. Those numbers keep growing because more businesses rely on us to help carry the load and operate with more confidence. Every day, you can see that commitment in how we stand with our customers and how we show up for each other.

What You’ll Do

We are seeking a strategic leader to own the future of Detection Engineering & Threat Hunting at Huntress. As a Director, you will manage multiple sub-teams (via Managers) and serve as a trusted advisor to the Sr. Dir of Threat Detection and Response.

Your mission is to align the DE&TH function with the broader company strategy. As we scale, you will determine the structural, technological, and budgetary requirements needed to maintain superior detection efficacy. You will own the relationship with the Product organization. Ensuring that our defensive strategy evolves faster than the adversaries we protect against.

Responsibilities

• Strategy & Vision: Set the direction, strategy, and vision for the entire DE&TH function. You will define the team’s 12-18-month prioritization.
• Manage a team of Managers: You will manage at least two teams or sub-teams via other managers. Your focus is on developing their leadership capabilities, enabling them to execute effectively, and holding them accountable for the health and output of their team.
• Budgeting & Planning: Propose and own plans for budgeting, execution, and hiring. You will develop capacity models to ensure our team’s growth aligns with our overall growth, presenting these resource needs to executive leadership.
• Cross-Functional Leadership: Strategize with senior leaders across Product, Engineering, and Security. You are a key stakeholder in the company’s direction, advocating for the telemetry and architectural changes required to support future detection use cases.
• Systemic Problem Solving: Identify and surface patterns to leadership regarding root causes of problems. You anticipate future challenges and own the delivery of solutions before they become bottlenecks.
• Culture & Standards: Exemplify and hold others accountable to the management standards of the company. You are responsible for creating a diverse, inclusive, and high-performing culture across the entire function.

What You Bring To The Team

• Strategic Leadership: 5+ years of experience in cybersecurity, with significant experience managing managers. You have led large, high-priority projects that impacted the company’s direction.
• Visionary Thinking: You can look past the current quarter. You understand the “Macro” of the threat landscape and can translate that into a “Micro” plan for your teams.
• Business Acumen: You understand how a SOC fits into the business model. You can articulate the ROI of detection engineering and threat hunting to non-technical stakeholders and manage a department budget.
• Force Multiplier: You excel at empowering others. You don’t solve problems for your team; you build the structures and frameworks that allow your team to solve problems themselves while you focus on accountability and scalability.

What We Offer:

• 100% remote work environment - since our founding in 2015
• Generous paid time off policy, including vacation, sick time, and paid holidays
• 12 weeks of paid parental leave
• Highly competitive and comprehensive medical, dental, and vision benefits plans
• 401(k) with a 5% contribution regardless of employee contribution
• Life and Disability insurance plans
• Stock options for all full-time employees
• One-time $500 reimbursement for building/upgrading home office
• Annual allowance for education and professional development assistance
• $75 USD/month digital reimbursement
• Access to the BetterUp platform for coaching, personal, and professional growth

Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are.

We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status.

We do discriminate against hackers who try to exploit businesses of all sizes.

Accommodations:

If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to accommodations@huntresslabs.com . Please note that non-accommodation requests to this inbox will not receive a response.

Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights.

#BI-Remote

ABOUT OPORTUN

Oportun (Nasdaq: OPRT) is a mission-driven financial services company that puts its members’ financial goals within reach. With intelligent borrowing, savings, and budgeting capabilities, Oportun empowers members with the confidence to build a better financial future. Since inception, Oportun has provided more than $21.3 billion in responsible and affordable credit, saved its members more than $2.5 billion in interest and fees, and helped its members set aside an average of more than $1,800 annually.

WORKING AT OPORTUN

Working at Oportun means enjoying a differentiated experience of being part of a team that fosters a diverse, equitable and inclusive culture where we all feel a sense of belonging and are encouraged to share our perspectives. This inclusive culture is directly connected to our organization’s performance and ability to fulfill our mission of delivering affordable credit to those left out of the financial mainstream. We celebrate and nurture our inclusive culture through our employee resource groups.

POSITION SUMMARY

The Information Security Governance & Awareness Senior Analyst supports and advances the organization’s information security governance and security awareness programs through policy lifecycle management, governance analysis, regulatory mapping, metrics reporting, and targeted security education initiatives.

This role is responsible for coordinating and contributing to the development, maintenance, review, approval, and publication of information security policies, standards, procedures, and related governance documentation. The Senior Analyst applies critical thinking and sound judgment to assess governance documentation against regulatory and framework requirements and helps identify potential gaps, inconsistencies, or improvement opportunities.

The ideal candidate possesses strong technical writing and analytical skills, excellent English language comprehension, attention to detail, and the ability to translate complex security and regulatory concepts into clear, actionable governance documentation and awareness communications.

This role also supports organizational security culture initiatives through audience-appropriate awareness content, phishing simulation activities, and security education support aligned to organizational risks and business objectives.

RESPONSIBILITIES

Security Governance & Policy Management

• Manage and support the lifecycle of information security policies, standards, procedures, and related governance documentation.
• Coordinate document reviews, stakeholder collaboration, approvals, renewals, attestations, and publication timelines.
• Track policy review schedules, exceptions, approvals, versioning, and governance workflow activities.
• Interpret and map regulatory and framework requirements to organizational governance documents and controls.
• Support governance alignment efforts related to:
  • PCI-DSS v4.0.1
  • NIST Cybersecurity Framework (CSF) 2.0
  • SOC 2
  • SOX
  • FTC Safeguards Rule and related FTC requirements
• Review governance documentation for clarity, consistency, completeness, enforceability, and alignment with regulatory and organizational requirements.
• Identify potential governance gaps, conflicting requirements, outdated language, or process inconsistencies and recommend improvements.
• Ensure governance documentation appropriately distinguishes between policies, standards, procedures, guidelines, and supporting controls.
• Draft, edit, and maintain governance documentation using concise, professional, and active-voice writing principles.
• Support audit, assessment, and compliance activities through governance documentation review and evidence coordination.
• Maintain governance repositories, templates, and document management systems.

Security Awareness & Education

• Support the organization’s security awareness and education initiatives for technical and non-technical audiences.
• Develop and maintain targeted awareness communications, training materials, and educational content aligned to organizational risks and emerging threats.
• Apply adult learning and communication principles to tailor awareness messaging to intended audiences and business contexts.
• Coordinate and support phishing simulation campaigns, including reporting, trend analysis, and user follow-up activities.
• Assist with measuring awareness participation, phishing resilience, and program effectiveness metrics.
• Collaborate with stakeholders to identify awareness gaps and support awareness improvement initiatives.

Metrics, Reporting & Program Support

• Develop and maintain governance and awareness program dashboards, recurring reports, and operational metrics.
• Produce reporting related to:
  • Policy lifecycle compliance
  • Review and approval timeliness
  • Governance exceptions
  • Security awareness participation
  • Phishing simulation trends
  • Governance process effectiveness
• Analyze governance and awareness trends to identify operational risks, recurring issues, or process improvement opportunities.
• Build and maintain reusable governance templates, reporting assets, and process documentation.
• Support governance committee preparation, leadership reporting, and cross-functional governance initiatives.
• Contribute to governance process improvement and operational efficiency efforts.

REQUIREMENTS

• Bachelor’s degree in Information Security, Cybersecurity, Information Systems, Risk Management, English, Communications, or related field; or equivalent practical experience.
• 3–5 years of experience in information security governance, compliance, policy management, technical writing, security awareness, or related areas.
• Strong working knowledge of security and regulatory frameworks including PCI-DSS, NIST CSF, SOC 2, SOX, and FTC requirements.
• Demonstrated ability to read, interpret, and map regulatory requirements to governance documentation and organizational controls.
• Excellent technical writing, editing, and English language comprehension skills.
• Strong critical thinking and analytical skills, including the ability to identify governance gaps, inconsistencies, or improvement opportunities.
• Strong understanding of the distinctions between policies, standards, procedures, guidelines, and controls.
• Experience developing metrics, dashboards, and recurring governance or compliance reporting.
• Familiarity with phishing simulation platforms and security awareness practices.
• Strong organizational, stakeholder coordination, and project management skills.
• Ability to manage multiple priorities and deadlines in a cross-functional environment.

Preferred Qualifications

• Experience supporting governance, risk, and compliance (GRC) programs in regulated industries.
• Understanding of adult learning principles and audience-based communication strategies.
• Experience supporting audits, assessments, and evidence collection activities.
• Familiarity with GRC platforms, workflow management tools, or document management systems.
• Experience in financial services, fintech, or highly regulated environments preferred.
• Relevant certifications such as:
  • Security+
  • CISSP
  • CISA
  • CRISC
  • PCI ISA

#LI-REMOTE

#LI-SS1

We are proud to be an Equal Opportunity Employer and consider all qualified applicants for employment opportunities without regard to race, age, color, religion, gender, national origin, disability, sexual orientation, veteran status or any other category protected by the laws or regulations in the locations where we operate.

California applicants can find a copy of Oportun’s CCPA Notice here:  https://oportun.com/privacy/california-privacy-notice/.

We will never request personal identifiable information (bank, credit card, etc.) before you are hired. We do not charge you for pre-employment fees such as background checks, training, or equipment. If you think you have been a victim of fraud by someone posing as us, please report your experience to the FBI’s Internet Crime Complaint Center (IC3).

Company Description

CREATIVITY IS OUR SUPERPOWER. It’s our heritage and it’s also our future. Because we don’t just make toys. We create innovative products and experiences that inspire fans, entertain audiences and develop children through play. Mattel is at its best when every member of our team feels respected, included, and heard—when everyone can show up as themselves and do their best work every day. We value and share an infinite range of ideas and voices that evolve and broaden our perspectives with a reach that extends into all our brands, partners, and suppliers.

Job Description

About the Role

The Security Engineer – Endpoint & Identity Threat Protection (EDR / ITP) is responsible for implementing, maintaining, and optimizing advanced endpoint detection and identity threat protection capabilities across Mattel’s global environment. This mid-level role focuses on enhancing detection accuracy, improving response efficiency, and strengthening the organization’s overall cyber defense posture. The engineer will work closely with cross-functional teams to ensure endpoint and identity protection tools are effectively integrated, monitored, and tuned to safeguard enterprise systems and data from emerging threats.

Roles and Responsibilities

• Deploy, manage, and optimize Endpoint Detection and Response (EDR) and Identity Threat Protection (ITP) platforms across Mattel’s enterprise.
• Develop and fine-tune behavioral analytics, detection logic, and response rules to identify and mitigate malicious activity targeting endpoints and identities.
• Collaborate with Security Operations and Incident Response teams to investigate, contain, and remediate threats in a timely and coordinated manner.
• Integrate EDR and ITP technologies with SIEM, SOAR, and other enterprise systems to enhance threat detection, visibility, and automation.
• Contribute to the design and implementation of endpoint and identity threat protection controls aligned with Mattel’s cybersecurity strategy.
• Partner with IT, Infrastructure, and Security Architecture teams to support endpoint hardening, secure configuration management, and policy enforcement.
• Ensure compliance of endpoint and identity controls with internal security standards and external regulatory requirements.
• Perform ongoing analysis of endpoint telemetry, identity logs, and behavioral data to identify patterns and optimize detection efficacy.
• Collaborate with engineering teams to improve agent performance, health, and interoperability across platforms and systems.
• Maintain and update operational documentation, playbooks, and standard procedures for endpoint and identity threat protection workflows.
• Participate in post-incident reviews to identify root causes, improve detection coverage, and strengthen response processes.
• Evaluate and recommend emerging endpoint and identity protection tools, techniques, and automation strategies to enhance defense capabilities.

Qualifications

Skills and Qualifications

Required:

• 3–5+ years of experience in cybersecurity engineering, focusing on endpoint and identity threat protection solutions.
• Hands-on experience managing enterprise-grade EDR and ITP platforms such as CrowdStrike, SentinelOne, Defender for Endpoint, or similar.
• Proficiency in detection engineering — developing custom detection logic, correlation rules, and behavioral analytics for endpoint and identity-based threats.
• Strong understanding of endpoint operating systems (Windows, macOS, Linux) and common adversary tactics including privilege escalation and lateral movement.
• Experience integrating endpoint and identity controls with SIEM, SOAR, and automation workflows to improve operational efficiency.
• Knowledge of identity and access management frameworks such as Azure AD, Okta, SSO, and MFA.
• Experience performing threat analysis using IOC/IOA data, event correlation, and telemetry investigation.
• Proficiency in scripting or automation (Python, PowerShell, or equivalent) for detection tuning, enrichment, or response orchestration.
• Solid understanding of endpoint policy management, application allowlisting, device control, and system hardening best practices.
• Excellent analytical and communication skills with the ability to collaborate effectively across technical and non-technical teams.

Preferred:

• Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience).
• Certifications such as ISC2 CC, GIAC GSEC, GCED, GCIA, or CompTIA CySA+.
• Experience with hybrid endpoint environments spanning on-premises, cloud, and virtual infrastructure (AWS, Azure, GCP).
• Familiarity with the MITRE ATT&CK framework for mapping detections and validating coverage.
• Hands-on experience with SOAR or automation frameworks to streamline response processes.
• Experience contributing to detection and response process improvement initiatives in global enterprises.

Shift Timings:

This position operates during 10:00 – 18:00 PST (22:30 – 06:30 IST), Monday through Friday, with emergency on-call duties as required.

Additional Information

Don’t meet every single requirement? At Mattel, we are dedicated to an inclusive workplace and a culture of belonging. If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we still encourage you to apply. You may be just the right candidate for this or other roles.

How We Work:

We are a purpose driven company aiming to empower generations to explore the wonder of childhood and reach their full potential. We live up to our purpose employing the following behaviors:

• We collaborate: Being a part of Mattel means being part of one team with shared values and common goals. Every person counts and working closely together always brings better results. Partnership is our process and our collective capabilities is our superpower.
• We innovate: At Mattel we always aim to find new and better ways to create innovative products and experiences. No matter where you work in the organization, you can always make a difference and have real impact. We welcome new ideas and value new initiatives that challenge conventional thinking.
• We execute: We are a performance-driven company. We strive for excellence and are focused on pursuing best-in-class outcomes. We believe in accountability and ownership and know that our people are at their best when they are empowered to create and deliver results.

Our Approach to Flexible Work:

We embrace a flexible work model designed to empower a culture of growth, optimism, and wellbeing, where every employee can reach their full potential. Combining purposeful in-person collaboration with flexibility, our focus is to optimize performance and drive connection for moments that matter.

Who We Are:

Mattel is a leading global toy and family entertainment company and owner of one of the most iconic brand portfolios in the world. We engage consumers and fans through our franchise brands, including Barbie, Hot Wheels, Fisher-Price, American Girl, Thomas & Friends, UNO, Masters of the Universe, Matchbox, Monster High, MEGA and Polly Pocket, as well as other popular properties that we own or license in partnership with global entertainment companies. Our offerings include toys, content, consumer products, digital and live experiences. Our products are sold in collaboration with the world’s leading retail and ecommerce companies. Since its founding in 1945, Mattel is proud to be a trusted partner in empowering generations to explore the wonder of childhood and reach their full potential.

Mattel’s award-winning workplace culture has been recognized by Forbes, Fast Company, Newsweek, Great Place to Work, TIME, and more.

Visit us at https://jobs.mattel.com/ and www.instagram.com/MattelCareers.

Mattel is an Equal Opportunity Employer where we want you to bring your authentic self to work every day. We welcome all job seekers, and all applicants will receive consideration for employment.

Videos to watch:

The Culture at Mattel

Corporate Philanthropy

Company Description

CREATIVITY IS OUR SUPERPOWER. It’s our heritage and it’s also our future. Because we don’t just make toys. We create innovative products and experiences that inspire fans, entertain audiences and develop children through play. Mattel is at its best when every member of our team feels respected, included, and heard—when everyone can show up as themselves and do their best work every day. We value and share an infinite range of ideas and voices that evolve and broaden our perspectives with a reach that extends into all our brands, partners, and suppliers.

The Team:

Job Description

About the Role

The Sr Security Engineer – Endpoint & Identity Threat Protection (EDR / ITP) is responsible for engineering, deploying, and optimizing advanced detection and response technologies that safeguard Mattel’s global enterprise. This senior technical role focuses on proactive endpoint detection, response automation, and identity threat protection, helping to strengthen the organization’s cyber defense posture. The position requires deep technical expertise across endpoint and identity protection technologies, strong collaboration skills, and a commitment to continuous improvement through automation, analytics, and security modernization initiatives.

Roles and Responsibilities

• Engineer, deploy, and maintain enterprise Endpoint Detection and Response (EDR) and Identity Threat Protection (ITP) platforms across Mattel’s environments.
• Develop, tune, and optimize behavioral analytics and detection logic to identify, prevent, and respond to malicious activity targeting endpoints and identities.
• Collaborate with Security Operations and Incident Response teams to investigate, contain, and remediate security incidents effectively and efficiently.
• Integrate EDR and ITP technologies with SIEM, SOAR, and threat intelligence platforms to improve visibility, automation, and response capabilities.
• Contribute to the architecture, implementation, and continuous enhancement of endpoint and identity threat protection strategies in alignment with Mattel’s cybersecurity goals.
• Partner with IT, Infrastructure, and Security Architecture teams to support secure configuration management, policy enforcement, and system hardening across all endpoints.
• Ensure endpoint and identity protection controls align with corporate security policies, compliance mandates, and global regulatory standards.
• Perform advanced telemetry analysis, detection validation, and post-incident investigations to improve detection fidelity and reduce false positives.
• Collaborate with Engineering, Cloud, and Infrastructure teams to ensure endpoint tools operate effectively across hybrid and cloud environments.
• Develop and maintain documentation, operational standards, and playbooks for endpoint and identity threat protection workflows.
• Participate in post-incident reviews to identify gaps, lessons learned, and opportunities to enhance security processes.
• Evaluate emerging endpoint and identity threat protection technologies and contribute to technical proof-of-concept initiatives to support security modernization.

Qualifications

Required:

• 5–7+ years of experience in cybersecurity engineering, with a focus on endpoint and identity threat protection in enterprise environments.
• Demonstrated expertise managing enterprise-grade EDR and ITP platforms such as CrowdStrike, SentinelOne, Defender for Endpoint, or similar solutions.
• Strong technical knowledge of endpoint operating systems (Windows, macOS, Linux) and adversary tactics, techniques, and procedures (TTPs).
• Experience designing and optimizing detection logic, behavioral rules, and custom correlation within EDR and identity systems.
• Proficiency in integrating endpoint and identity threat protection solutions with SIEM, SOAR, and automation platforms.
• In-depth understanding of identity and access management (IAM) frameworks such as Azure AD, Okta, SSO, and MFA.
• Experience in IOC and IOA analysis, enrichment, and use of threat intelligence for proactive defense and detection tuning.
• Hands-on experience in scripting or automation using PowerShell, Python, or equivalent languages for workflow orchestration and data enrichment.
• Strong understanding of endpoint configuration, policy management, application allowlisting, and device control.
• Excellent communication and collaboration skills with the ability to work effectively across global and cross-functional teams.

Preferred:

• Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience).
• Certifications such as GSEC, SSCP, GCED, GCIA, or CompTIA CySA+.
• Experience supporting hybrid endpoint environments across on-premises, cloud (AWS, Azure, GCP), and virtualized systems.
• Familiarity with the MITRE ATT&CK framework for mapping detections, validating coverage, and improving response maturity.
• Hands-on experience with SOAR or orchestration platforms to enhance threat detection and response workflows.
• Knowledge of modern endpoint protection trends, AI/ML-based detection models, and zero-trust security principles.

Shift Timings:

This position operates during 05:00 – 14:00 PST (17:30 – 02:30 IST), Monday through Friday, with emergency on-call duties as required.

Additional Information

Don’t meet every single requirement? At Mattel, we are dedicated to an inclusive workplace and a culture of belonging. If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we still encourage you to apply. You may be just the right candidate for this or other roles.

How We Work:

We are a purpose driven company aiming to empower generations to explore the wonder of childhood and reach their full potential. We live up to our purpose employing the following behaviors:

• We collaborate: Being a part of Mattel means being part of one team with shared values and common goals. Every person counts and working closely together always brings better results. Partnership is our process and our collective capabilities is our superpower.
• We innovate: At Mattel we always aim to find new and better ways to create innovative products and experiences. No matter where you work in the organization, you can always make a difference and have real impact. We welcome new ideas and value new initiatives that challenge conventional thinking.
• We execute: We are a performance-driven company. We strive for excellence and are focused on pursuing best-in-class outcomes. We believe in accountability and ownership and know that our people are at their best when they are empowered to create and deliver results.

Our Approach to Flexible Work:

We embrace a flexible work model designed to empower a culture of growth, optimism, and wellbeing, where every employee can reach their full potential. Combining purposeful in-person collaboration with flexibility, our focus is to optimize performance and drive connection for moments that matter.

Who We Are:

Mattel is a leading global toy and family entertainment company and owner of one of the most iconic brand portfolios in the world. We engage consumers and fans through our franchise brands, including Barbie, Hot Wheels, Fisher-Price, American Girl, Thomas & Friends, UNO, Masters of the Universe, Matchbox, Monster High, MEGA and Polly Pocket, as well as other popular properties that we own or license in partnership with global entertainment companies. Our offerings include toys, content, consumer products, digital and live experiences. Our products are sold in collaboration with the world’s leading retail and ecommerce companies. Since its founding in 1945, Mattel is proud to be a trusted partner in empowering generations to explore the wonder of childhood and reach their full potential.

Mattel’s award-winning workplace culture has been recognized by Forbes, Fast Company, Newsweek, Great Place to Work, TIME, and more.

Visit us at https://jobs.mattel.com/ and www.instagram.com/MattelCareers.

Mattel is an Equal Opportunity Employer where we want you to bring your authentic self to work every day. We welcome all job seekers, and all applicants will receive consideration for employment.

Videos to watch:

The Culture at Mattel

Corporate Philanthropy

Reports to: Chief Security Officer

Location: Remote US

Compensation Range: $220,000 to $240,000 base plus bonus and equity

What We Do:

Cybercrime is growing, and more businesses are getting hit by threats that used to target only the biggest organizations. That pushes defenders like us to operate at the highest level, and it deepens our need for good people who want to make a meaningful impact.

Founded in 2015 by former NSA cyber operators, Huntress is a remote-first team working to make enterprise-grade cybersecurity accessible to businesses of all sizes. We work closely with security teams and service providers protecting complex environments, often without the time or headcount to handle it all. That’s why we build our technology in-house and back it with a 24⁄7 human-led Security Operations Center (SOC). As a result, our platform is never disconnected from the experts who manage it, ensuring our customers’ protection.

Huntress now secures more than 5M endpoints and 11M identities worldwide. Those numbers keep growing because more businesses rely on us to help carry the load and operate with more confidence. Every day, you can see that commitment in how we stand with our customers and how we show up for each other.

What You’ll Do

We are seeking a strategic leader to own the future of Detection Engineering & Threat Hunting at Huntress. As a Director, you will manage multiple sub-teams (via Managers) and serve as a trusted advisor to the Sr. Dir of Threat Detection and Response.

Your mission is to align the DE&TH function with the broader company strategy. As we scale, you will determine the structural, technological, and budgetary requirements needed to maintain superior detection efficacy. You will own the relationship with the Product organization. Ensuring that our defensive strategy evolves faster than the adversaries we protect against.

Responsibilities

• Strategy & Vision: Set the direction, strategy, and vision for the entire DE&TH function. You will define the team’s 12-18-month prioritization.
• Manage a team of Managers: You will manage at least two teams or sub-teams via other managers. Your focus is on developing their leadership capabilities, enabling them to execute effectively, and holding them accountable for the health and output of their team.
• Budgeting & Planning: Propose and own plans for budgeting, execution, and hiring. You will develop capacity models to ensure our team’s growth aligns with our overall growth, presenting these resource needs to executive leadership.
• Cross-Functional Leadership: Strategize with senior leaders across Product, Engineering, and Security. You are a key stakeholder in the company’s direction, advocating for the telemetry and architectural changes required to support future detection use cases.
• Systemic Problem Solving: Identify and surface patterns to leadership regarding root causes of problems. You anticipate future challenges and own the delivery of solutions before they become bottlenecks.
• Culture & Standards: Exemplify and hold others accountable to the management standards of the company. You are responsible for creating a diverse, inclusive, and high-performing culture across the entire function.

What You Bring To The Team

• Strategic Leadership: 5+ years of experience in cybersecurity, with significant experience managing managers. You have led large, high-priority projects that impacted the company’s direction.
• Visionary Thinking: You can look past the current quarter. You understand the “Macro” of the threat landscape and can translate that into a “Micro” plan for your teams.
• Business Acumen: You understand how a SOC fits into the business model. You can articulate the ROI of detection engineering and threat hunting to non-technical stakeholders and manage a department budget.
• Force Multiplier: You excel at empowering others. You don’t solve problems for your team; you build the structures and frameworks that allow your team to solve problems themselves while you focus on accountability and scalability.

What We Offer:

• 100% remote work environment - since our founding in 2015
• Generous paid time off policy, including vacation, sick time, and paid holidays
• 12 weeks of paid parental leave
• Highly competitive and comprehensive medical, dental, and vision benefits plans
• 401(k) with a 5% contribution regardless of employee contribution
• Life and Disability insurance plans
• Stock options for all full-time employees
• One-time $500 reimbursement for building/upgrading home office
• Annual allowance for education and professional development assistance
• $75 USD/month digital reimbursement
• Access to the BetterUp platform for coaching, personal, and professional growth

Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are.

We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status.

We do discriminate against hackers who try to exploit businesses of all sizes.

Accommodations:

If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to accommodations@huntresslabs.com . Please note that non-accommodation requests to this inbox will not receive a response.

Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights.

#BI-Remote

Hello! We're Teya. Teya is a payment and software service provider, headquartered in London serving small, local businesses across Europe.