Company Description

Tech native for over 30 years, Devoteam guides businesses through sustainable digital transformation to deliver value.

With over 11,000 tech architects in more than 25 countries across Europe, the Middle East, and Africa, Devoteam is committed to using technology to serve people.

Devoteam has been a ServiceNow Elite Partner since 2019. In 2026, it was recognised as ServiceNow Partner of the Year for the fourth consecutive year.

Job Description

Looking to take your IT security consulting career to the next level? Our ServiceNow Cyber & Risk team is seeking a Consultant with an innovative, can-do attitude and a passion for making a difference. You’ll be based in our Prague office and work with global companies from across Europe.

With us, you’ll have the chance to do the job of your dreams - the one you didn’t even know you wanted yet. Here’s what you can expect:

• Leading the implementations of key ServiceNow IRM and SecOps projects within Devoteam Group.
• Technical leadership of the team - training, presentations, knowledge sharing.
• Pre-sales  and delivering product demos to potential customers, proposals preparations, projects estimations.
• Working on a variety of projects focused on advisory and implementation of Security Operations, Risk and Compliance using ServiceNow SecOps and IRM product suites.

Qualifications

You will be a great fit for this role if you have…

• 3+ years of consulting or implementation work experience in the field of IT security, risk or compliance.
• Knowledge of security trends and their application to address cyber security issues.
• An understanding of security, risk, and privacy standards and frameworks such as ISO2700x family, NIST CSF, DORA, NIS2, GDPR, and others.
• Analytical mindset and a can-do attitude.
• Fluent English communication skills.
• Soft skills such as communication and presentation.

Want to be head of the pack? We’d definitely welcome…

• Experience with international security projects is an advantage.
• Experience using/implementing ServiceNow IRM or SecOps is an advantage.
• A degree in Information Technologies (ideally with a focus on cyber security) is an advantage.
• Knowledge of the German language is an advantage

What will you get apart from the salary?

• 5 weeks of vacation per year (= 1 week extra)
• 4 My Days per year
• Hybrid office
• Flexible working hours
• Career Management, training and certifications in the best breed of technologies - focused on technical skills (ServiceNow, Google), Project Management methodology etc., including Udemy for business account.
• Meal allowance up to 28.000 CZK/year (123,90 CZK/day)
• Cafeteria 1000 CZK/month (MultiSport Card available)
• Phone tariff (unlimited calls, texts messages within the EU, 20GB of Internet)
• Employee Referral Program
• Sabbatical leave
• Repurchase of hardware

Moreover, we offer:

• Foreign business trips
• Above standard working equipment
• Company Mobile Phone (selection from Android/iPhone)
• Company Laptop (Windows/macOS)
• Coffee, tea, snacks and breakfasts in the office
• Company events and teambuildings
• Gifts for work anniversaries, promotion or childbirth
• Friendly and open culture

And last but not least, you can rely on:

• Transparent framework for career growth, reinforced by annual performance evaluations
• Trust and autonomy, with no micro-management
• Learning from senior colleagues and opportunities to collaborate with professionals from various industries
• Opportunities to attend conferences to keep skills up-to-date
• Working on a variety of projects for a broader range of experience
• Adoption and utilization of evolving IT technologies
• Usage of AI tools and access to elaborate, tailored AI training

Additional Information

Benefits:

• 5 weeks of vacation per year (= 1 week extra)
• 4 “My Days” per year
• Hybrid office
• Flexible working hours
• Udemy for business account
• Meal allowance up to 32.000 CZK/year (129,50 CZK/day)
• Cafeteria 1200 CZK/month (MultiSport Card available)
• Phone tariff (unlimited calls, texts messages within the EU, 20GB of Internet)
• Employee Referral Program
• Sabbatical leave
• Repurchase of hardware

Moreover, we offer:

• Above standard working equipment
• Company mobile phone (selection from Android/iPhone)
• Company laptop (Windows/macOS)
• Coffee, tea, snacks and breakfasts in the office
• Company events and team buildings
• Gifts for work anniversaries, promotion or childbirth
• Friendly and open culture

And last but not least, you can rely on:

• Transparent framework for career growth, reinforced by annual performance evaluations
• Trust and autonomy, with no micro-management
• Learning from senior colleagues and opportunities to collaborate with professionals from various industries
• Opportunities to attend conferences to keep skills up-to-date
• Usage of AI tools and access to elaborate, tailored AI training

At NiCE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

Information Security Engineer

At NICE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

So, what’s the role all about?

The Information Security Engineer will assist in implementing and administering initiatives implemented by InfoSec, including security initiatives mandated by regulatory and compliance requirements. This position will be responsible for ensuring that regular housekeeping activities are performed to maintain and monitor processes and systems.

The role ensures that both Corporate and Production services are managed according to company policies, processes, and compliance and regulatory requirements.

How will you make an impact?

• Create, manage, and respond to security incidents and conduct analysis in accordance with existing processes and company security policies
• Installation, configuration, and administration of information security tools such as, but not limited to, endpoint protection, SIEM, XDR, WAF, vulnerability scanners, and DLP
• Troubleshoot and resolve technical issues related to security tools and security processes
• Coordinate with third-party vendors
• Assist with internal and external audits associated with regulatory and compliance requirements
• Provide formal notification to Information Security leadership when changes are planned that may impact the approved security posture of NICE CX or the associated certification and accreditation
• Review and recommend improvements to information security processes
• Ensure regular housekeeping activities are performed to maintain system integrity and monitoring

Have you got what it takes?

• Knowledge of basic information security principles and theories
• A minimum of 3 years working in IT and data networks
• A minimum of 3 years working in Security Operations
• Good English communication skills
• Proven track record of solving problems
• Good organization and project management skills
• Advanced computer skills in desktop applications
• Possess excellent analytic skills including numbers, patterns, processes, and data flow
• Self-starter who can function without constant oversight

You will have an advantage if you also have:

• Proficient with Microsoft Applications
• Holder of COMPTIA Security+, CISA, CISSP, SSCP, CCSK, or related certification
• Knowledge of GDPR, PCI, SOC 2, FedRAMP, IRAP, and HIPAA compliance regulations

What you need to know

• This job is not intended to be all-inclusive, and employees will also perform other reasonable related business duties as assigned
• This organization reserves the right to revise or change job duties as the need arises
• This job may require overtime, including nighttime, early morning, and weekend hours
• This job may require on-call availability

What’s in it for you?

Learn more about the Benefits at NICE

Join an ever-growing, market-disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!

About NICE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime, and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud, and digital, NICE is consistently recognized as the market leader, with over 8,500 employees across 30+ countries.

NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation, or any other category protected by law.

#LI-Hybrid

Requisition ID: 10994 Reporting into: Manager, Information Security, CX

Role Type: Individual Contributor

About NiCE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NiCE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.

NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

At NiCE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

Information Security Engineer

At NICE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

So, what’s the role all about?

The Information Security Engineer will assist in implementing and administering initiatives implemented by InfoSec, including security initiatives mandated by regulatory and compliance requirements. This position will be responsible for ensuring that regular housekeeping activities are performed to maintain and monitor processes and systems.

The role ensures that both Corporate and Production services are managed according to company policies, processes, and compliance and regulatory requirements.

How will you make an impact?

• Create, manage, and respond to security incidents and conduct analysis in accordance with existing processes and company security policies
• Installation, configuration, and administration of information security tools such as, but not limited to, endpoint protection, SIEM, XDR, WAF, vulnerability scanners, and DLP
• Troubleshoot and resolve technical issues related to security tools and security processes
• Coordinate with third-party vendors
• Assist with internal and external audits associated with regulatory and compliance requirements
• Provide formal notification to Information Security leadership when changes are planned that may impact the approved security posture of NICE CX or the associated certification and accreditation
• Review and recommend improvements to information security processes
• Ensure regular housekeeping activities are performed to maintain system integrity and monitoring

Have you got what it takes?

• Knowledge of basic information security principles and theories
• A minimum of 3 years working in IT and data networks
• A minimum of 3 years working in Security Operations
• Good English communication skills
• Proven track record of solving problems
• Good organization and project management skills
• Advanced computer skills in desktop applications
• Possess excellent analytic skills including numbers, patterns, processes, and data flow
• Self-starter who can function without constant oversight

You will have an advantage if you also have:

• Proficient with Microsoft Applications
• Holder of COMPTIA Security+, CISA, CISSP, SSCP, CCSK, or related certification
• Knowledge of GDPR, PCI, SOC 2, FedRAMP, IRAP, and HIPAA compliance regulations

What you need to know

• This job is not intended to be all-inclusive, and employees will also perform other reasonable related business duties as assigned
• This organization reserves the right to revise or change job duties as the need arises
• This job may require overtime, including nighttime, early morning, and weekend hours
• This job may require on-call availability

What’s in it for you?

Learn more about the Benefits at NICE

Join an ever-growing, market-disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!

About NICE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime, and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud, and digital, NICE is consistently recognized as the market leader, with over 8,500 employees across 30+ countries.

NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation, or any other category protected by law.

#LI-Hybrid

Requisition ID: 10995 Reporting into: Manager, Information Security, CX

Role Type: Individual Contributor

About NiCE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NiCE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.

NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

At NiCE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

At NICE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

So, what’s the role all about?

The Information Security Analyst is primarily responsible for ensuring compliance with information security frameworks such as Cyber Essentials, Cyber Essentials Plus, ISO 27001, ISO 27701, ISO 42001, GDPR, and DORA. This role focuses on internal audits, regulatory compliance, and readiness for external audits while also contributing to Cybersecurity Operations Center (CSOC) activities, including incident monitoring and response.

How will you make an impact?

• Internal Audit Execution: Conduct internal audits to evaluate and enhance IT controls, compliance with standards, and risk management processes.
• Audit Preparation: Assist internal control owners in scoping appropriate evidence and preparing for external audits.
• Gap Assessments: Facilitate and/or conduct internal gap assessments and audit readiness evaluations for frameworks such as ISO 27001, GDPR, and DORA.
• Framework Tracking: Monitor updates to Cyber Essentials, ISO, and regulatory frameworks and ensure internal alignment.
• Control Documentation: Develop and maintain control narratives, walkthroughs, and documentation of compliance processes.
• Audit Findings: Identify control deficiencies and work with stakeholders to recommend cost-effective, value-added remediation actions.
• Compliance Reporting: Draft audit reports and present findings to management during status updates and closing meetings.
• External Audit Coordination: Collaborate with external audit teams to streamline processes and provide requested documentation and evidence.
• Security Monitoring: Use tools such as Rapid7 InsightIDR or other SIEM solutions to assist with security monitoring and incident detection.
• Incident Response Support: Participate in incident response efforts, documenting security incidents and assisting in containment and recovery actions.
• Threat Identification: Contribute to analyzing cybersecurity threats and implementing recommendations to improve the security posture.
• Policy and Procedure Development: Assist in creating and refining cybersecurity policies and operational procedures to align with audit and compliance objectives.
• Vulnerability Management: Support the tracking and remediation of vulnerabilities in coordination with IT and Security Operations teams.

Have you got what it takes?

• Strong expertise in audit and compliance frameworks, including ISO 27001, ISO 27701, ISO 42001, GDPR, DORA, Cyber Essentials, and Cyber Essentials Plus.

• Familiarity with CSOC tools such as Rapid7 InsightIDR or other SIEM solutions.

• Hands-on experience in internal and external audits, compliance assessments, and process improvement.

• Basic understanding of incident response frameworks and cybersecurity best practices.

• Exceptional analytical, organizational, and communication skills.

• Commitment to continuous learning and professional development in audit, compliance, and security.

You will have an advantage if you also have:

• A Master’s degree in Cybersecurity, Risk Management, or related fields is a plus.

• Certifications (preferred or required):

• Certified Information Systems Auditor (CISA)

• Certified Information Security Manager (CISM)

• Certified Information Systems Security Professional (CISSP)

• ISO 27001 Lead Auditor or Implementer

• Cyber Essentials Assessor (or equivalent)

• GIAC certifications (e.g., GIAC Certified Incident Handler - GCIH or GIAC Security Essentials - GSEC)

What’s in it for you?

Join an ever-growing, market disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!

Enjoy NICE-FLEX!

At NICE, we work according to the NICE-FLEX hybrid model, which enables maximum flexibility: 2 days working from the office and 3 days of remote work, each week. Naturally, office days focus on face-to-face meetings, where teamwork and collaborative thinking generate innovation, new ideas, and a vibrant, interactive atmosphere.

About NICE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud and digital, NICE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.

NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

Requisition ID: 10993

Reporting into: Director Information

Role Type: Individual Contributor

About NiCE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NiCE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.

NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

At NiCE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

Information Security Engineer

At NICE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

So, what’s the role all about?

The Information Security Engineer will assist in implementing and administering initiatives implemented by InfoSec, including security initiatives mandated by regulatory and compliance requirements. This position will be responsible for ensuring that regular housekeeping activities are performed to maintain and monitor processes and systems.

The role ensures that both Corporate and Production services are managed according to company policies, processes, and compliance and regulatory requirements.

How will you make an impact?

• Create, manage, and respond to security incidents and conduct analysis in accordance with existing processes and company security policies
• Installation, configuration, and administration of information security tools such as, but not limited to, endpoint protection, SIEM, XDR, WAF, vulnerability scanners, and DLP
• Troubleshoot and resolve technical issues related to security tools and security processes
• Coordinate with third-party vendors
• Assist with internal and external audits associated with regulatory and compliance requirements
• Provide formal notification to Information Security leadership when changes are planned that may impact the approved security posture of NICE CX or the associated certification and accreditation
• Review and recommend improvements to information security processes
• Ensure regular housekeeping activities are performed to maintain system integrity and monitoring

Have you got what it takes?

• Knowledge of basic information security principles and theories
• A minimum of 3 years working in IT and data networks
• A minimum of 3 years working in Security Operations
• Good English communication skills
• Proven track record of solving problems
• Good organization and project management skills
• Advanced computer skills in desktop applications
• Possess excellent analytic skills including numbers, patterns, processes, and data flow
• Self-starter who can function without constant oversight

You will have an advantage if you also have:

• Proficient with Microsoft Applications
• Holder of COMPTIA Security+, CISA, CISSP, SSCP, CCSK, or related certification
• Knowledge of GDPR, PCI, SOC 2, FedRAMP, IRAP, and HIPAA compliance regulations

What you need to know

• This job is not intended to be all-inclusive, and employees will also perform other reasonable related business duties as assigned
• This organization reserves the right to revise or change job duties as the need arises
• This job may require overtime, including nighttime, early morning, and weekend hours
• This job may require on-call availability

What’s in it for you?

Learn more about the Benefits at NICE

Join an ever-growing, market-disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!

About NICE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime, and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud, and digital, NICE is consistently recognized as the market leader, with over 8,500 employees across 30+ countries.

NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation, or any other category protected by law.

#LI-Hybrid

Requisition ID: 10994 Reporting into: Manager, Information Security, CX

Role Type: Individual Contributor

About NiCE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NiCE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.

NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

At NiCE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

Information Security Engineer

At NICE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

So, what’s the role all about?

The Information Security Engineer will assist in implementing and administering initiatives implemented by InfoSec, including security initiatives mandated by regulatory and compliance requirements. This position will be responsible for ensuring that regular housekeeping activities are performed to maintain and monitor processes and systems.

The role ensures that both Corporate and Production services are managed according to company policies, processes, and compliance and regulatory requirements.

How will you make an impact?

• Create, manage, and respond to security incidents and conduct analysis in accordance with existing processes and company security policies
• Installation, configuration, and administration of information security tools such as, but not limited to, endpoint protection, SIEM, XDR, WAF, vulnerability scanners, and DLP
• Troubleshoot and resolve technical issues related to security tools and security processes
• Coordinate with third-party vendors
• Assist with internal and external audits associated with regulatory and compliance requirements
• Provide formal notification to Information Security leadership when changes are planned that may impact the approved security posture of NICE CX or the associated certification and accreditation
• Review and recommend improvements to information security processes
• Ensure regular housekeeping activities are performed to maintain system integrity and monitoring

Have you got what it takes?

• Knowledge of basic information security principles and theories
• A minimum of 3 years working in IT and data networks
• A minimum of 3 years working in Security Operations
• Good English communication skills
• Proven track record of solving problems
• Good organization and project management skills
• Advanced computer skills in desktop applications
• Possess excellent analytic skills including numbers, patterns, processes, and data flow
• Self-starter who can function without constant oversight

You will have an advantage if you also have:

• Proficient with Microsoft Applications
• Holder of COMPTIA Security+, CISA, CISSP, SSCP, CCSK, or related certification
• Knowledge of GDPR, PCI, SOC 2, FedRAMP, IRAP, and HIPAA compliance regulations

What you need to know

• This job is not intended to be all-inclusive, and employees will also perform other reasonable related business duties as assigned
• This organization reserves the right to revise or change job duties as the need arises
• This job may require overtime, including nighttime, early morning, and weekend hours
• This job may require on-call availability

What’s in it for you?

Learn more about the Benefits at NICE

Join an ever-growing, market-disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!

About NICE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime, and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud, and digital, NICE is consistently recognized as the market leader, with over 8,500 employees across 30+ countries.

NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation, or any other category protected by law.

#LI-Hybrid

Requisition ID: 10995 Reporting into: Manager, Information Security, CX

Role Type: Individual Contributor

About NiCE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NiCE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.

NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

At NiCE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

At NICE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.

So, what’s the role all about?

The Information Security Analyst is primarily responsible for ensuring compliance with information security frameworks such as Cyber Essentials, Cyber Essentials Plus, ISO 27001, ISO 27701, ISO 42001, GDPR, and DORA. This role focuses on internal audits, regulatory compliance, and readiness for external audits while also contributing to Cybersecurity Operations Center (CSOC) activities, including incident monitoring and response.

How will you make an impact?

• Internal Audit Execution: Conduct internal audits to evaluate and enhance IT controls, compliance with standards, and risk management processes.
• Audit Preparation: Assist internal control owners in scoping appropriate evidence and preparing for external audits.
• Gap Assessments: Facilitate and/or conduct internal gap assessments and audit readiness evaluations for frameworks such as ISO 27001, GDPR, and DORA.
• Framework Tracking: Monitor updates to Cyber Essentials, ISO, and regulatory frameworks and ensure internal alignment.
• Control Documentation: Develop and maintain control narratives, walkthroughs, and documentation of compliance processes.
• Audit Findings: Identify control deficiencies and work with stakeholders to recommend cost-effective, value-added remediation actions.
• Compliance Reporting: Draft audit reports and present findings to management during status updates and closing meetings.
• External Audit Coordination: Collaborate with external audit teams to streamline processes and provide requested documentation and evidence.
• Security Monitoring: Use tools such as Rapid7 InsightIDR or other SIEM solutions to assist with security monitoring and incident detection.
• Incident Response Support: Participate in incident response efforts, documenting security incidents and assisting in containment and recovery actions.
• Threat Identification: Contribute to analyzing cybersecurity threats and implementing recommendations to improve the security posture.
• Policy and Procedure Development: Assist in creating and refining cybersecurity policies and operational procedures to align with audit and compliance objectives.
• Vulnerability Management: Support the tracking and remediation of vulnerabilities in coordination with IT and Security Operations teams.

Have you got what it takes?

• Strong expertise in audit and compliance frameworks, including ISO 27001, ISO 27701, ISO 42001, GDPR, DORA, Cyber Essentials, and Cyber Essentials Plus.

• Familiarity with CSOC tools such as Rapid7 InsightIDR or other SIEM solutions.

• Hands-on experience in internal and external audits, compliance assessments, and process improvement.

• Basic understanding of incident response frameworks and cybersecurity best practices.

• Exceptional analytical, organizational, and communication skills.

• Commitment to continuous learning and professional development in audit, compliance, and security.

You will have an advantage if you also have:

• A Master’s degree in Cybersecurity, Risk Management, or related fields is a plus.

• Certifications (preferred or required):

• Certified Information Systems Auditor (CISA)

• Certified Information Security Manager (CISM)

• Certified Information Systems Security Professional (CISSP)

• ISO 27001 Lead Auditor or Implementer

• Cyber Essentials Assessor (or equivalent)

• GIAC certifications (e.g., GIAC Certified Incident Handler - GCIH or GIAC Security Essentials - GSEC)

What’s in it for you?

Join an ever-growing, market disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!

Enjoy NICE-FLEX!

At NICE, we work according to the NICE-FLEX hybrid model, which enables maximum flexibility: 2 days working from the office and 3 days of remote work, each week. Naturally, office days focus on face-to-face meetings, where teamwork and collaborative thinking generate innovation, new ideas, and a vibrant, interactive atmosphere.

About NICE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud and digital, NICE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.

NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

Requisition ID: 10993

Reporting into: Director Information

Role Type: Individual Contributor

About NiCE

NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NiCE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.

Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.

NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

A platform you can believe in: Immersive One is the leading cyber resilience solution across the globe.

Build and scale a best in class platform alongside a team of the brightest minds in cybersecurity! At Immersive, we’re uniquely positioned to future-proof organizations against any cyber challenge. If that excites you, read on!

Immersive helps prove and improve your cyber resilience, by simulating real-world threats, testing your skills, and measuring performance. We put your readiness to the ultimate test. From sharpening technical capabilities to making high-pressure decisions, our platform allows you to assess every angle, pinpoint areas for growth, and prove your ability to tackle evolving threats with unwavering confidence.

https://www.immersivelabs.com/why-immersive-labs

Immersive was founded in 2017, from a cargo container in Bristol, UK we’ve grown to over 300 employees globally, announced funding of more than £150 million and been voted a Best place to work on multiple occasions!

https://www.immersivelabs.com/company/our-story

Cyber Security Engineer - Red Team

Immersive is hiring! Could you be our next Cyber Security Engineer?

Due to customer demand and increasing maturity within our platform we have an exciting and challenging opportunity for an experienced cyber professional within the offensive security sector - with expertise in conducting red team engagements - to join our Product team as Cyber Security Engineer - Red Team.

If successful you will join our Cyber team working closely with our Cyber Team Leads as we embark on this exciting new phase of product development within our market leading cyber resilience platform.

This isn’t an ordinary red team role - we know everyone claims this and will tell you their role is super unique…but this one really is.

You are constantly researching, learning, totally geeking out on all things offensive security related, from red teaming, to the latest AI driven attacks, and then taking that knowledge and creating labs and ranges.

You will be a key player in our Red Team Content team, shaping and influencing the roll out of our offensive security and AI pen test content roadmap, simulating attack paths and helping train our users to counter the latest threats.

You will be educating the world of offensive security professionals on how to make sure they are secure in what they do. Now that is a pretty cool legacy to leave behind.

Your mission (if you choose to accept it) is to evolve and disrupt within the Red Team space by creating emulated environments within our platform that will simulate both hacking and defending in an engaging and intuitive way for our community.

You will design, build and deliver practical and theory content to gamify offensive security and make it engaging and fun for the end user. You’ll shake up traditional training and teach complex concepts in an innovative way.

If you have an interest in and passion for cyber security, are experienced in the area of offensive security, and want to disrupt how employees build their resilience against the latest threats we will appreciate your input and give you the space to innovate within our market leading platform, Immersive One.

Your main responsibilities (we’re scaling fast, so these may change as we grow):

• Utilising knowledge of pen test and red teaming engagements and techniques to plan, write and improve offensive security labs, challenges and online learning content on the Immersive One platform.

• Produce multi-format content utilising various teaching methods; practical exercises, questions & gamification

• Test Red Team labs and ranges to ensure they function as expected

• Research vulnerabilities, tools and offensive tactics and compile this research to deliver practical and theory labs to users

• Compile technical research into understandable concise content for both technical and non-technical audience

• Work with the wider Product team on new projects and product innovations and how best to deploy them

Sounds good? We’d love to hear from you if you have proven experience in the following areas:

• A number of years of experience working in offensive security as a penetration tester or as a Offensive Security Consultant

• In-depth knowledge of the MITRE ATT&CK framework and how it is used to help enterprises deal with threats to their organisation.

• Have a strong technical understanding of networking, computing and cyber security concepts

• Have the ability to use examples and analogies to simplify complex subjects - your content will train real world users to identify and combat the latest threats so you need to be able to inhabit the mindset of your target audience to create realistic simulations

• Familiarity with Linux, Docker and Python would be beneficial

• Attitude and approach is just as important as technical skills for this role - you will be someone who enjoys tackling complex problems and finding the solution. You’ll be a natural problem solver and ‘tinkerer’ who enjoys prototyping and iteration.

Immersive’s growth has been fuelled by our values that underpin everything we do, here’s how they relate to this role:

• Driven - We push the boundaries of innovation, acting swiftly to achieve ambitious outcomes. Our drive embodies a culture of ambition, where challenges are stepping stones to excellence.

• Inclusive - Our strength lies in diversity, fostering a culture where every individual contributes to our collective strength. We champion open dialogue and empathy, ensuring a collaborative, inclusive workplace.

• Customer Centric - We seek to develop deep relationships with our customers to help them achieve their business outcomes. We exceed our customers and partners’ expectations by crafting products, services and experiences that surprise, delight and ensure they feel valued and supported every day.

• One Team - We are a talented global team working together to achieve our vision. Central to our ethos, resilience means adapting and thriving in adversity. It guides our innovation, ensuring we and our clients are prepared for the future.

We encourage people of all different backgrounds and identities to apply. We are committed to maintaining an inclusive, supportive place for you to be you and do your very best work. Excited by the above? We’re ready to receive your application!

As well as an inclusive, supportive place for you to be you. We offer an extensive range of benefits so you can do your very best work:

• Time off, flexible and remote working so you can work when is best for you, includes 25 days annual leave + 2 volunteering days and your birthday off

• The longer you are with Immersive, the more holiday days you get, up to a maximum of 30 days after five years of service

• Look after your family and yourself with enhanced parental leave, mindfulness groups, critical illness cover, 7% matched pension, private healthcare plan and more

• Career and learning development through the platform, a dedicated professional development fund and our ‘Learn Anything’ fund - which enables you to learn anything that’s not work!

• Recognition & Rewards for doing great work and living our values and behaviours

• Informal or formal flexible working options, e.g. flexible start and finish times, reduced hours

• We have a vibrant team culture with team events throughout the year. Our socials have included everything from pottery painting and paper mask making, to dungeons and dragons!

• When you do visit the UK hub, getting there is easy: we’re based in the centre of Bristol, just a 10 minute walk from the train station. We also offer railcard loan and cycle scheme to buy a new bike

Find out more about life at Immersive Labs https://careers.immersivelabs.com

Cyber threats wait for no one and neither should you. Apply now!

If you would like to read more about what you can expect from our recruitment process, you can visit our dedicated interview process page.

A platform you can believe in: Immersive One is the leading cyber resilience solution across the globe.

Build and scale a best in class platform alongside a team of the brightest minds in cybersecurity! At Immersive, we’re uniquely positioned to future-proof organizations against any cyber challenge. If that excites you, read on!

Immersive helps prove and improve your cyber resilience, by simulating real-world threats, testing your skills, and measuring performance. We put your readiness to the ultimate test. From sharpening technical capabilities to making high-pressure decisions, our platform allows you to assess every angle, pinpoint areas for growth, and prove your ability to tackle evolving threats with unwavering confidence.

https://www.immersivelabs.com/why-immersive-labs

Immersive was founded in 2017, from a cargo container in Bristol, UK we’ve grown to over 300 employees globally, announced funding of more than £150 million and been voted a Best place to work on multiple occasions!

https://www.immersivelabs.com/company/our-story

Cyber Security Engineer - Red Team

Immersive is hiring! Could you be our next Cyber Security Engineer?

Due to customer demand and increasing maturity within our platform we have an exciting and challenging opportunity for an experienced cyber professional within the offensive security sector - with expertise in conducting red team engagements - to join our Product team as Cyber Security Engineer - Red Team.

If successful you will join our Cyber team working closely with our Cyber Team Leads as we embark on this exciting new phase of product development within our market leading cyber resilience platform.

This isn’t an ordinary red team role - we know everyone claims this and will tell you their role is super unique…but this one really is.

You are constantly researching, learning, totally geeking out on all things offensive security related, from red teaming, to the latest AI driven attacks, and then taking that knowledge and creating labs and ranges.

You will be a key player in our Red Team Content team, shaping and influencing the roll out of our offensive security and AI pen test content roadmap, simulating attack paths and helping train our users to counter the latest threats.

You will be educating the world of offensive security professionals on how to make sure they are secure in what they do. Now that is a pretty cool legacy to leave behind.

Your mission (if you choose to accept it) is to evolve and disrupt within the Red Team space by creating emulated environments within our platform that will simulate both hacking and defending in an engaging and intuitive way for our community.

You will design, build and deliver practical and theory content to gamify offensive security and make it engaging and fun for the end user. You’ll shake up traditional training and teach complex concepts in an innovative way.

If you have an interest in and passion for cyber security, are experienced in the area of offensive security, and want to disrupt how employees build their resilience against the latest threats we will appreciate your input and give you the space to innovate within our market leading platform, Immersive One.

Your main responsibilities (we’re scaling fast, so these may change as we grow):

• Utilising knowledge of pen test and red teaming engagements and techniques to plan, write and improve offensive security labs, challenges and online learning content on the Immersive One platform.

• Produce multi-format content utilising various teaching methods; practical exercises, questions & gamification

• Test Red Team labs and ranges to ensure they function as expected

• Research vulnerabilities, tools and offensive tactics and compile this research to deliver practical and theory labs to users

• Compile technical research into understandable concise content for both technical and non-technical audience

• Work with the wider Product team on new projects and product innovations and how best to deploy them

Sounds good? We’d love to hear from you if you have proven experience in the following areas:

• A number of years of experience working in offensive security as a penetration tester or as a Offensive Security Consultant

• In-depth knowledge of the MITRE ATT&CK framework and how it is used to help enterprises deal with threats to their organisation.

• Have a strong technical understanding of networking, computing and cyber security concepts

• Have the ability to use examples and analogies to simplify complex subjects - your content will train real world users to identify and combat the latest threats so you need to be able to inhabit the mindset of your target audience to create realistic simulations

• Familiarity with Linux, Docker and Python would be beneficial

• Attitude and approach is just as important as technical skills for this role - you will be someone who enjoys tackling complex problems and finding the solution. You’ll be a natural problem solver and ‘tinkerer’ who enjoys prototyping and iteration.

Immersive’s growth has been fuelled by our values that underpin everything we do, here’s how they relate to this role:

• Driven - We push the boundaries of innovation, acting swiftly to achieve ambitious outcomes. Our drive embodies a culture of ambition, where challenges are stepping stones to excellence.

• Inclusive - Our strength lies in diversity, fostering a culture where every individual contributes to our collective strength. We champion open dialogue and empathy, ensuring a collaborative, inclusive workplace.

• Customer Centric - We seek to develop deep relationships with our customers to help them achieve their business outcomes. We exceed our customers and partners’ expectations by crafting products, services and experiences that surprise, delight and ensure they feel valued and supported every day.

• One Team - We are a talented global team working together to achieve our vision. Central to our ethos, resilience means adapting and thriving in adversity. It guides our innovation, ensuring we and our clients are prepared for the future.

We encourage people of all different backgrounds and identities to apply. We are committed to maintaining an inclusive, supportive place for you to be you and do your very best work. Excited by the above? We’re ready to receive your application!

As well as an inclusive, supportive place for you to be you. We offer an extensive range of benefits so you can do your very best work:

• Time off, flexible and remote working so you can work when is best for you, includes 25 days annual leave + 2 volunteering days and your birthday off

• The longer you are with Immersive, the more holiday days you get, up to a maximum of 30 days after five years of service

• Look after your family and yourself with enhanced parental leave, mindfulness groups, critical illness cover, 7% matched pension, private healthcare plan and more

• Career and learning development through the platform, a dedicated professional development fund and our ‘Learn Anything’ fund - which enables you to learn anything that’s not work!

• Recognition & Rewards for doing great work and living our values and behaviours

• Informal or formal flexible working options, e.g. flexible start and finish times, reduced hours

• We have a vibrant team culture with team events throughout the year. Our socials have included everything from pottery painting and paper mask making, to dungeons and dragons!

• When you do visit the UK hub, getting there is easy: we’re based in the centre of Bristol, just a 10 minute walk from the train station. We also offer railcard loan and cycle scheme to buy a new bike

Find out more about life at Immersive Labs https://careers.immersivelabs.com

Cyber threats wait for no one and neither should you. Apply now!

If you would like to read more about what you can expect from our recruitment process, you can visit our dedicated interview process page.

A platform you can believe in: Immersive One is the leading cyber resilience solution across the globe.

Build and scale a best in class platform alongside a team of the brightest minds in cybersecurity! At Immersive, we’re uniquely positioned to future-proof organizations against any cyber challenge. If that excites you, read on!

Immersive helps prove and improve your cyber resilience, by simulating real-world threats, testing your skills, and measuring performance. We put your readiness to the ultimate test. From sharpening technical capabilities to making high-pressure decisions, our platform allows you to assess every angle, pinpoint areas for growth, and prove your ability to tackle evolving threats with unwavering confidence.

https://www.immersivelabs.com/why-immersive-labs

Immersive was founded in 2017, from a cargo container in Bristol, UK we’ve grown to over 300 employees globally, announced funding of more than £150 million and been voted a Best place to work on multiple occasions!

https://www.immersivelabs.com/company/our-story

Cyber Security Engineer - Red Team

Immersive is hiring! Could you be our next Cyber Security Engineer?

Due to customer demand and increasing maturity within our platform we have an exciting and challenging opportunity for an experienced cyber professional within the offensive security sector - with expertise in conducting red team engagements - to join our Product team as Cyber Security Engineer - Red Team.

If successful you will join our Cyber team working closely with our Cyber Team Leads as we embark on this exciting new phase of product development within our market leading cyber resilience platform.

This isn’t an ordinary red team role - we know everyone claims this and will tell you their role is super unique…but this one really is.

You are constantly researching, learning, totally geeking out on all things offensive security related, from red teaming, to the latest AI driven attacks, and then taking that knowledge and creating labs and ranges.

You will be a key player in our Red Team Content team, shaping and influencing the roll out of our offensive security and AI pen test content roadmap, simulating attack paths and helping train our users to counter the latest threats.

You will be educating the world of offensive security professionals on how to make sure they are secure in what they do. Now that is a pretty cool legacy to leave behind.

Your mission (if you choose to accept it) is to evolve and disrupt within the Red Team space by creating emulated environments within our platform that will simulate both hacking and defending in an engaging and intuitive way for our community.

You will design, build and deliver practical and theory content to gamify offensive security and make it engaging and fun for the end user. You’ll shake up traditional training and teach complex concepts in an innovative way.

If you have an interest in and passion for cyber security, are experienced in the area of offensive security, and want to disrupt how employees build their resilience against the latest threats we will appreciate your input and give you the space to innovate within our market leading platform, Immersive One.

Your main responsibilities (we’re scaling fast, so these may change as we grow):

• Utilising knowledge of pen test and red teaming engagements and techniques to plan, write and improve offensive security labs, challenges and online learning content on the Immersive One platform.

• Produce multi-format content utilising various teaching methods; practical exercises, questions & gamification

• Test Red Team labs and ranges to ensure they function as expected

• Research vulnerabilities, tools and offensive tactics and compile this research to deliver practical and theory labs to users

• Compile technical research into understandable concise content for both technical and non-technical audience

• Work with the wider Product team on new projects and product innovations and how best to deploy them

Sounds good? We’d love to hear from you if you have proven experience in the following areas:

• A number of years of experience working in offensive security as a penetration tester or as a Offensive Security Consultant

• In-depth knowledge of the MITRE ATT&CK framework and how it is used to help enterprises deal with threats to their organisation.

• Have a strong technical understanding of networking, computing and cyber security concepts

• Have the ability to use examples and analogies to simplify complex subjects - your content will train real world users to identify and combat the latest threats so you need to be able to inhabit the mindset of your target audience to create realistic simulations

• Familiarity with Linux, Docker and Python would be beneficial

• Attitude and approach is just as important as technical skills for this role - you will be someone who enjoys tackling complex problems and finding the solution. You’ll be a natural problem solver and ‘tinkerer’ who enjoys prototyping and iteration.

Immersive’s growth has been fuelled by our values that underpin everything we do, here’s how they relate to this role:

• Driven - We push the boundaries of innovation, acting swiftly to achieve ambitious outcomes. Our drive embodies a culture of ambition, where challenges are stepping stones to excellence.

• Inclusive - Our strength lies in diversity, fostering a culture where every individual contributes to our collective strength. We champion open dialogue and empathy, ensuring a collaborative, inclusive workplace.

• Customer Centric - We seek to develop deep relationships with our customers to help them achieve their business outcomes. We exceed our customers and partners’ expectations by crafting products, services and experiences that surprise, delight and ensure they feel valued and supported every day.

• One Team - We are a talented global team working together to achieve our vision. Central to our ethos, resilience means adapting and thriving in adversity. It guides our innovation, ensuring we and our clients are prepared for the future.

We encourage people of all different backgrounds and identities to apply. We are committed to maintaining an inclusive, supportive place for you to be you and do your very best work. Excited by the above? We’re ready to receive your application!

As well as an inclusive, supportive place for you to be you. We offer an extensive range of benefits so you can do your very best work:

• Time off, flexible and remote working so you can work when is best for you, includes 25 days annual leave + 2 volunteering days and your birthday off

• The longer you are with Immersive, the more holiday days you get, up to a maximum of 30 days after five years of service

• Look after your family and yourself with enhanced parental leave, mindfulness groups, critical illness cover, 7% matched pension, private healthcare plan and more

• Career and learning development through the platform, a dedicated professional development fund and our ‘Learn Anything’ fund - which enables you to learn anything that’s not work!

• Recognition & Rewards for doing great work and living our values and behaviours

• Informal or formal flexible working options, e.g. flexible start and finish times, reduced hours

• We have a vibrant team culture with team events throughout the year. Our socials have included everything from pottery painting and paper mask making, to dungeons and dragons!

• When you do visit the UK hub, getting there is easy: we’re based in the centre of Bristol, just a 10 minute walk from the train station. We also offer railcard loan and cycle scheme to buy a new bike

Find out more about life at Immersive Labs https://careers.immersivelabs.com

Cyber threats wait for no one and neither should you. Apply now!

If you would like to read more about what you can expect from our recruitment process, you can visit our dedicated interview process page.

SupportYourApp is an international Intelligent Support-as-a-Service company that has been providing business process outsourcing services to other IT companies around the globe (technical and customer support, services to improve customer...

Description

We are seeking a Technical GRC Analyst to support the day-to-day operation of our governance, risk, compliance, and security assurance processes within a growing EdTech SaaS environment.

This role will focus on administering established policies and workflows, coordinating compliance and security activities, handling requests from across the business, and performing risk assessments—particularly where personal data, information security, and GDPR considerations are involved.

You will play a key role in ensuring that our systems, processes, security tooling, and third-party relationships meet our security, compliance, and data protection standards.

Working closely with the IT & Information Security Manager and wider IT team, you will help maintain audit readiness, support operational security assurance activities, and coordinate remediation and evidence management across the organisation.

The role offers exposure across governance, operational security assurance, compliance, and risk management within a growing SaaS environment.

Key Responsibilities

• Administer and operate IT risk, compliance, and security assurance processes aligned to internal policies and regulatory requirements (including GDPR)

• Act as a central point of contact for compliance-related requests (e.g. Subject Access Requests (SARs), data sharing requests, access requests, exceptions, and supplier onboarding)

• Perform risk assessments using defined criteria, with a focus on data protection and information security risks

• Review requests against defined policies and controls, escalating where appropriate in line with internal governance processes

• Support third-party / supplier risk assessments, including reviewing security and data protection documentation and tracking follow-up actions

• Support periodic reviews of high-risk and business-critical suppliers, applications, and technology platforms to ensure appropriate security, compliance, and data protection controls remain in place

• Support the implementation and ongoing operation of compliance and assurance tooling (Vanta), including evidence collection, test management, stakeholder coordination, remediation tracking, and control adoption activities.

• Ensure appropriate documentation, audit trails, and evidence are maintained for assessments, compliance activities, and operational processes

• Support internal and external audits (e.g. ISO 27001), including evidence gathering, action tracking, and coordination of remediation activities

• Monitor compliance with policies and highlight potential risks, gaps, or control weaknesses for review

• Support coordination and operational delivery of security improvement initiatives across IT and business teams.

• Support incident management processes through documentation, tracking, and coordination of follow-up actions

• Coordinate security awareness activities, including phishing simulation campaigns and training tracking

• Assist with reviews of security tooling configurations and collection of supporting control evidence

• Work closely with engineering, product, and business teams to ensure compliance and security processes are understood and followed

• Contribute ideas and feedback to improve workflows and operational processes, particularly where they impact scalability, operational efficiency, or customer trust

Skills & Experience

Essential:

• Experience in IT risk, compliance, or GRC roles within a SaaS or technology environment

• Understanding of GDPR and handling of personal data (especially sensitive or child/student data)

• Experience performing risk assessments using structured frameworks and defined processes

• Ability to interpret policies and apply them to operational and real-world scenarios

• Strong organisational, coordination, and documentation skills (audit trails, evidence, decision logs)

• Experience working with cross-functional teams (e.g. engineering, product, operations)

• Experience supporting operational security assurance activities, such as evidence collection, control validation, remediation tracking, or audit preparation

Desirable:

• Familiarity with ISO 27001, Cyber Essentials, or similar frameworks

• Experience supporting audits, evidence collection, or remediation tracking activities

• Experience with vendor / third-party risk management

• Exposure to data protection processes (e.g. SARs, DPIAs, data sharing assessments)

• Exposure to data classification, data governance, or data loss prevention (DLP) processes

• Experience with GRC, compliance, or assurance platforms (e.g. Vanta, Drata) and ticketing/workflow management tools

• Exposure to Microsoft 365 security and compliance tooling (e.g. Entra ID, Intune, Secure Score, Defender)

• Basic understanding of cloud/SaaS architecture and common security controls

Key Behaviours:

• Pragmatic approach to risk, with the ability to balance compliance requirements with business needs

• Comfortable assessing requests against defined policies and escalating concerns where appropriate

• Confident communicating risks, issues, and follow-up actions to stakeholders

• Detail-oriented, with a strong focus on documentation, evidence quality, and traceability

• Organised and proactive, with the ability to manage multiple tasks and follow through on actions

• Able to operate independently within established processes and governance frameworks

• Collaborative approach to working with technical and non-technical teams

Bromcom is an equal opportunities employer.

Come join Deepwatch’s team of world-class cybersecurity professionals and the brightest minds in the industry. If you’re ready to challenge yourself with work that matters, then this is the place for you. We’re redefining cybersecurity as one of the fastest growing companies in the U.S. – and we have a blast doing it!

Who We Are

Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch’s cloud-based security operations platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business.

Our core values drive everything we do at Deepwatch, including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch, every decision, process, and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values, we create a culture of excellence that is dedicated to empowering our team members to explore their potential, expand their skill sets, and achieve their career aspirations, which is supported by our unique annual professional development benefit.

Deepwatch recognition includes:

• 2025, 2024, 2023, 2022 and 2021 Great Place to Work® Certified
• 2024 Military Times Best for Vets Employers
• 2024 US Department of Labor Hire Vets Gold Award
• 2024 Forbes’ America’s Best Startup Employers
• 2024 Cyber Defense Magazine, Global Infosec Awards
• 2023 and 2022 Fortress Cybersecurity Award
• 2023 $180M Series C investment from Springcoast Capital Partners, Splunk Ventures, and Vista Credit Partners of Vista Equity Partners
• 2022 Cybersecurity Excellence Award for MDR

Position Summary

Deepwatch is seeking a Detection Engineer to join our Threat Detection & Research team and help strengthen detection capabilities across customer environments. Reporting to the Sr. Manager, Threat Detection & Research, this role is responsible for developing, tuning, validating, and optimizing cybersecurity detections that improve visibility into evolving threats and enhance the effectiveness of our MDR operations.

This role is ideal for a cybersecurity professional with strong analytical skills, hands-on SIEM experience, and a passion for threat detection engineering. You will work closely with Security Operations, Threat Research, Customer Success, and Engineering teams to improve alert fidelity, reduce false positives, and ensure high-quality detection coverage aligned to modern attacker behaviors and customer security priorities.

In this role, you’ll get to:

• Develop and document new Detection Capabilities for customer environments

• Work with customers to develop a comprehensive strategy for effective detections

  • Leverage industry frameworks, such as MITRE ATT&CK Framework, for customer-facing alert improvement roadmap
  • Apply knowledge of common detection tools (Azure logging, command line logging, etc.) to advise customers on logging capabilities to expand applicable detection library
  • Confidently prioritize log sources for ingestion and enablement

• Evaluate current monitoring and detection capabilities to identify areas for improvement

  • Conduct Detection Gap Analyses

• Manage detection capabilities to ensure appropriate coverage, effective operation, and adherence to Deepwatch standards

  • Detection Enablement
  • Detection Effectiveness (Tuning, Validation, etc.)
  • Detection Creation

• Onboard assigned customers, establishing baseline detection coverage and detection enablement plan post onboarding

• Ensure ingested log sources conform to CIM standards

To be successful in this role, you’ll need:

• 3–5 years of experience in cybersecurity, detection engineering, threat detection, or security operations
• Experience working for a Managed Security Service Provider (MSSP) or similar cybersecurity organization
• Experience working and querying SIEM tools or other log-based data preferably Splunk
• Experience in engineering event detection & response tuning
• Ability to engineer creative, scalable, and out-of-the-box solutions
• Up to date with engineering best practices, security technology trends, tools, and frameworks
• Experience in developing detections for attacker tactics, techniques, and procedures (TTPs)
• Able to both investigate and create security rules in at least 1 SIEM
• Understanding of general enterprise network architecture and security incident response
• Understanding of common enterprise technologies and logging capabilities including Cloud, IDS/IPS, Firewalls, Active Directory, Anti-Virus/EDR, Proxies, and Email Gateway
• Understanding of various attack frameworks such as MITRE ATT&CK and general adversarial / defensive security techniques (e.g. the Cyber Kill Chain, and NIST)
• Ability to communicate and document technical information effectively towards various audiences

Why Deepwatch?

• Mission-driven company focused on protecting customers from threats 24⁄7
• Hybrid work model in India, with access to collaborative office space in Bangalore
• High-impact leadership role with strong visibility across Product & Engineering
• Competitive compensation, equity, and benefits
• A company recognized as a Great Place to Work® for five consecutive years
• Opportunity to shape the future of cybersecurity and AI-driven platforms

What We Offer:

Deepwatch is excited to provide benefits designed to support team members and their families. Including:

• Medical, dental, vision, and disability insurance
• Flexible Time Off (FTO), 12 company holidays, sick leave and 8-Weeks Paid Parental Leave
• Unique professional development benefits with Annual “development dollars” to support our people growth and development
• Wellness contests and monthly educational programs
• 401(K) retirement program
• Learn more here: Deepwatch Benefits

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates, so please don’t hesitate to apply — we’d love to hear from you.  Please review our DEI Statement here.

Deepwatch welcomes and encourages applications from people with disabilities and accommodations are available on request for candidates taking part in all aspects of the selection process. Please inform your recruiter or contact recruiting@deepwatch.com for further information.

All Deepwatch employees are expected to:

• Be interested in and able to work remotely from a home office when not at a corporate office
• Pass a pre-employment background check in accordance with applicable laws

Deepwatch is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, marital status, sexual orientation, gender identity, genetic information, protected veteran status, or any other characteristic protected by law.  In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

By submitting your application, you agree that Deepwatch may collect your personal data for recruiting, global organization planning, and related purposes. The Deepwatch Privacy Policy explains what personal information we may process, where we may process your personal information, our purposes for processing your personal information, and the rights you can exercise over Deepwatch’s use of your personal information.

Come join Deepwatch’s team of world-class cybersecurity professionals and the brightest minds in the industry. If you’re ready to challenge yourself with work that matters, then this is the place for you. We’re redefining cybersecurity as one of the fastest growing companies in the U.S. – and we have a blast doing it!

Who We Are

Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch’s cloud-based security operations platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business.

Our core values drive everything we do at Deepwatch, including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch, every decision, process, and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values, we create a culture of excellence that is dedicated to empowering our team members to explore their potential, expand their skill sets, and achieve their career aspirations, which is supported by our unique annual professional development benefit.

Deepwatch recognition includes:

• 2025, 2024, 2023, 2022 and 2021 Great Place to Work® Certified
• 2024 Military Times Best for Vets Employers
• 2024 US Department of Labor Hire Vets Gold Award
• 2024 Forbes’ America’s Best Startup Employers
• 2024 Cyber Defense Magazine, Global Infosec Awards
• 2023 and 2022 Fortress Cybersecurity Award
• 2023 $180M Series C investment from Springcoast Capital Partners, Splunk Ventures, and Vista Credit Partners of Vista Equity Partners
• 2022 Cybersecurity Excellence Award for MDR

Position Summary

Deepwatch is seeking a Detection Engineer to join our Threat Detection & Research team and help strengthen detection capabilities across customer environments. Reporting to the Sr. Manager, Threat Detection & Research, this role is responsible for developing, tuning, validating, and optimizing cybersecurity detections that improve visibility into evolving threats and enhance the effectiveness of our MDR operations.

This role is ideal for a cybersecurity professional with strong analytical skills, hands-on SIEM experience, and a passion for threat detection engineering. You will work closely with Security Operations, Threat Research, Customer Success, and Engineering teams to improve alert fidelity, reduce false positives, and ensure high-quality detection coverage aligned to modern attacker behaviors and customer security priorities.

In this role, you’ll get to:

• Develop and document new Detection Capabilities for customer environments

• Work with customers to develop a comprehensive strategy for effective detections

  • Leverage industry frameworks, such as MITRE ATT&CK Framework, for customer-facing alert improvement roadmap
  • Apply knowledge of common detection tools (Azure logging, command line logging, etc.) to advise customers on logging capabilities to expand applicable detection library
  • Confidently prioritize log sources for ingestion and enablement

• Evaluate current monitoring and detection capabilities to identify areas for improvement

  • Conduct Detection Gap Analyses

• Manage detection capabilities to ensure appropriate coverage, effective operation, and adherence to Deepwatch standards

  • Detection Enablement
  • Detection Effectiveness (Tuning, Validation, etc.)
  • Detection Creation

• Onboard assigned customers, establishing baseline detection coverage and detection enablement plan post onboarding

• Ensure ingested log sources conform to CIM standards

To be successful in this role, you’ll need:

• 3–5 years of experience in cybersecurity, detection engineering, threat detection, or security operations
• Experience working for a Managed Security Service Provider (MSSP) or similar cybersecurity organization
• Experience working and querying SIEM tools or other log-based data preferably Splunk
• Experience in engineering event detection & response tuning
• Ability to engineer creative, scalable, and out-of-the-box solutions
• Up to date with engineering best practices, security technology trends, tools, and frameworks
• Experience in developing detections for attacker tactics, techniques, and procedures (TTPs)
• Able to both investigate and create security rules in at least 1 SIEM
• Understanding of general enterprise network architecture and security incident response
• Understanding of common enterprise technologies and logging capabilities including Cloud, IDS/IPS, Firewalls, Active Directory, Anti-Virus/EDR, Proxies, and Email Gateway
• Understanding of various attack frameworks such as MITRE ATT&CK and general adversarial / defensive security techniques (e.g. the Cyber Kill Chain, and NIST)
• Ability to communicate and document technical information effectively towards various audiences

Why Deepwatch?

• Mission-driven company focused on protecting customers from threats 24⁄7
• Hybrid work model in India, with access to collaborative office space in Bangalore
• High-impact leadership role with strong visibility across Product & Engineering
• Competitive compensation, equity, and benefits
• A company recognized as a Great Place to Work® for five consecutive years
• Opportunity to shape the future of cybersecurity and AI-driven platforms

What We Offer:

Deepwatch is excited to provide benefits designed to support team members and their families. Including:

• Medical, dental, vision, and disability insurance
• Flexible Time Off (FTO), 12 company holidays, sick leave and 8-Weeks Paid Parental Leave
• Unique professional development benefits with Annual “development dollars” to support our people growth and development
• Wellness contests and monthly educational programs
• 401(K) retirement program
• Learn more here: Deepwatch Benefits

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates, so please don’t hesitate to apply — we’d love to hear from you.  Please review our DEI Statement here.

Deepwatch welcomes and encourages applications from people with disabilities and accommodations are available on request for candidates taking part in all aspects of the selection process. Please inform your recruiter or contact recruiting@deepwatch.com for further information.

All Deepwatch employees are expected to:

• Be interested in and able to work remotely from a home office when not at a corporate office
• Pass a pre-employment background check in accordance with applicable laws

Deepwatch is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, marital status, sexual orientation, gender identity, genetic information, protected veteran status, or any other characteristic protected by law.  In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

By submitting your application, you agree that Deepwatch may collect your personal data for recruiting, global organization planning, and related purposes. The Deepwatch Privacy Policy explains what personal information we may process, where we may process your personal information, our purposes for processing your personal information, and the rights you can exercise over Deepwatch’s use of your personal information.

All roles at JumpCloud® are Remote unless otherwise specified in the Job Description.

About JumpCloud®

JumpCloud® is the AI-powered unified IT management platform designed to secure the modern workforce. By consolidating identity, device, and access management, JumpCloud provides intelligent, secure IT that scales from human users to autonomous AI agents. We help organizations around the globe eliminate complexity and turn AI risk into an optimized advantage, ensuring the right people and agents have secure access to the right resources at all times.

JumpCloud is Intelligent, Secure IT.

About the team:

As a Security Engineer on the DevSecOps Team, you will be responsible for designing and developing software solutions for protecting data and infrastructure deployed into the cloud. The Security organization is composed of SecOps, GRC, and DevSecOps functions, but all functions work closely together so you will be exposed to many different security areas.

What you will be doing:

• Infrastructure & Automation: Build and maintain infrastructure, including custom software and vendor integrations, to support Engineering’s Security needs (Product Security and Infrastructure Security).

• Cloud Access Engineering: Design and implement secure, automated self-service workflows for cloud infrastructure access and privilege escalation (AWS/GCP).

• Detection & Logging: Manage security infrastructure and SIEM configurations via Infrastructure as Code (Terraform) to ensure a highly auditable detection environment. Build and manage high-volume security data pipelines to ensure forensic logs are retained efficiently and cost-effectively.

• Vulnerability & Posture Management: Help design, overhaul, and improve custom vulnerability aggregation systems to streamline remediation efforts. Manage and tune Cloud Security Posture Management (CSPM) and container security platforms to ensure optimal coverage and reduce alert fatigue.

• Software Supply Chain & AppSec: Integrate and manage Software Supply Chain Security tooling to protect our developer ecosystem. Partner with Engineering to scale our threat modeling program, including developing automated and AI-assisted threat modeling pipelines built directly into the developer workflow.

Necessary skills:

• 4 years of software engineering experience with a strong interest or background in security engineering

• Proficient in writing Golang or Python (more than simple scripts)

• Experience with either AWS or GCP

• Experience with Terraform

• Experience with GitHub Actions

• Excellent written and oral communication

Personal characteristics we are looking for:

• Views security as an enabler, not an inhibitor to innovation

• Results oriented and self driven

• High level of integrity

• Ownership and accountability

• Clear communication

• Creative problem solver

• Passionate about security

Role requirements:

• You must be available for on-call (after hours) duties for any internal tools/services this team owns

• Serve as a responder in the on-call rotation for security incidents and alert triage.

Where you’ll be working/Location:

JumpCloud is committed to being Remote First, meaning that you are able to work remotely within the country noted in the Job Description.

You must be located in and authorized to work in the country noted in the job description to be considered for this role.

Please note: There is an expectation that our engineers participate in on-call shifts. You will be expected commit to being ready and able to respond during your assigned shift, so that alerts don’t go unaddressed.

Language:

JumpCloud has teams in 15+ countries around the world and conducts our internal business in English. The interview and any additional screening process will take place primarily in English. To be considered for a role at JumpCloud, you will be required to speak and write in English fluently.  Any additional language requirements will be included in the details of the job description.

Why JumpCloud?

If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about.

One of JumpCloud’s three core values is to “Build Connections.” To us that means creating “ human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed.” - Rajat Bhargava, CEO

Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud.  Please note JumpCloud is not accepting third party resumes at this time.

JumpCloud is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

Scam Notice:

Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of JumpCloud. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that JumpCloud will never ask for any personal account information, such as credit card details or bank account numbers, during the recruitment process. Additionally, JumpCloud will never send you a check for any equipment prior to employment.

All communication related to interviews and offers from our recruiters and hiring managers will come from official company email addresses (@jumpcloud.com) and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent JumpCloud and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at [email protected] with the subject line “Scam Notice”

#LI-Remote #BI-Remote

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, transcribing or summarizing interviews, and assessing responses. These tools assist our recruitment team but do not replace human judgment in hiring decisions, which are ultimately made by humans. Please see our Privacy Policy (https://jumpcloud.com/privacy) for more information about our personal data practices.

All roles at JumpCloud® are Remote unless otherwise specified in the Job Description.

About JumpCloud®

JumpCloud® is the AI-powered unified IT management platform designed to secure the modern workforce. By consolidating identity, device, and access management, JumpCloud provides intelligent, secure IT that scales from human users to autonomous AI agents. We help organizations around the globe eliminate complexity and turn AI risk into an optimized advantage, ensuring the right people and agents have secure access to the right resources at all times.

JumpCloud is Intelligent, Secure IT.

About the team:

As a Security Engineer on the DevSecOps Team, you will be responsible for designing and developing software solutions for protecting data and infrastructure deployed into the cloud. The Security organization is composed of SecOps, GRC, and DevSecOps functions, but all functions work closely together so you will be exposed to many different security areas.

What you will be doing:

• Infrastructure & Automation: Build and maintain infrastructure, including custom software and vendor integrations, to support Engineering’s Security needs (Product Security and Infrastructure Security).

• Cloud Access Engineering: Design and implement secure, automated self-service workflows for cloud infrastructure access and privilege escalation (AWS/GCP).

• Detection & Logging: Manage security infrastructure and SIEM configurations via Infrastructure as Code (Terraform) to ensure a highly auditable detection environment. Build and manage high-volume security data pipelines to ensure forensic logs are retained efficiently and cost-effectively.

• Vulnerability & Posture Management: Help design, overhaul, and improve custom vulnerability aggregation systems to streamline remediation efforts. Manage and tune Cloud Security Posture Management (CSPM) and container security platforms to ensure optimal coverage and reduce alert fatigue.

• Software Supply Chain & AppSec: Integrate and manage Software Supply Chain Security tooling to protect our developer ecosystem. Partner with Engineering to scale our threat modeling program, including developing automated and AI-assisted threat modeling pipelines built directly into the developer workflow.

Necessary skills:

• 4 years of software engineering experience with a strong interest or background in security engineering

• Proficient in writing Golang or Python (more than simple scripts)

• Experience with either AWS or GCP

• Experience with Terraform

• Experience with GitHub Actions

• Excellent written and oral communication

Personal characteristics we are looking for:

• Views security as an enabler, not an inhibitor to innovation

• Results oriented and self driven

• High level of integrity

• Ownership and accountability

• Clear communication

• Creative problem solver

• Passionate about security

Role requirements:

• You must be available for on-call (after hours) duties for any internal tools/services this team owns

• Serve as a responder in the on-call rotation for security incidents and alert triage.

Where you’ll be working/Location:

JumpCloud is committed to being Remote First, meaning that you are able to work remotely within the country noted in the Job Description.

You must be located in and authorized to work in the country noted in the job description to be considered for this role.

Please note: There is an expectation that our engineers participate in on-call shifts. You will be expected commit to being ready and able to respond during your assigned shift, so that alerts don’t go unaddressed.

Language:

JumpCloud has teams in 15+ countries around the world and conducts our internal business in English. The interview and any additional screening process will take place primarily in English. To be considered for a role at JumpCloud, you will be required to speak and write in English fluently.  Any additional language requirements will be included in the details of the job description.

Why JumpCloud?

If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about.

One of JumpCloud’s three core values is to “Build Connections.” To us that means creating “ human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed.” - Rajat Bhargava, CEO

Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud.  Please note JumpCloud is not accepting third party resumes at this time.

JumpCloud is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

Scam Notice:

Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of JumpCloud. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that JumpCloud will never ask for any personal account information, such as credit card details or bank account numbers, during the recruitment process. Additionally, JumpCloud will never send you a check for any equipment prior to employment.

All communication related to interviews and offers from our recruiters and hiring managers will come from official company email addresses (@jumpcloud.com) and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent JumpCloud and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at [email protected] with the subject line “Scam Notice”

#LI-Remote #BI-Remote

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, transcribing or summarizing interviews, and assessing responses. These tools assist our recruitment team but do not replace human judgment in hiring decisions, which are ultimately made by humans. Please see our Privacy Policy (https://jumpcloud.com/privacy) for more information about our personal data practices.

About the Job:

LaunchDarkly’s Product Security team is hiring a Product Security Engineer II to strengthen how we secure the platform engineers build with every day. You’ll bring depth in security fundamentals and program design as a member of a small, high-leverage team with strong engineering instincts.

LaunchDarkly is critical infrastructure. Our security team keeps it safe for the global systems that depend on us. You’ll spend most of your time on threat modeling and cloud security posture, with rotating exposure to the rest of the ProdSec surface area. Your work will help developers move fast without sacrificing security, through automation, guidance, and the kind of partnership that makes the secure path the easy one.

You’ll report to the Director of Security and work closely with software engineers, product managers, and other security engineers. We expect you to bring a sharp point of view on where AI can take work off the team’s plate and make our coverage deeper.

Responsibilities:

• Lead threat modeling engagements on the features and services where the risk warrants it.

• Partner with the ProdSec lead to evolve the practice from on-request to repeatable, with clear criteria for when an engagement is worth running.

• Own day-to-day triage of CNAPP findings end to end. Investigate, prioritize, route to service owners, and close the loop. Look for patterns that point to systemic fixes instead of one-off cleanup.

• Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team’s work demands.

• Partner with product engineering teams as a trusted reviewer. Catch issues early, explain the why, propose paths forward. Say no when needed, with reasons and alternatives.

• Bring AI to the work. Use it to accelerate triage, summarize findings, draft threat models, scan code, and reduce toil. Help the team build durable patterns for safe and effective use, not one-off prompts.

• Push the security floor up over time through documentation, office hours, small tooling improvements, and the kind of compounding work that prevents incidents rather than responds to them.

About You:

• You’re proactive by default. You’d rather spot drift early and fix the cause than chase symptoms after an incident.

• You believe security is a craft of habits and systems. Small consistent improvements beat heroic one-offs.

• You invest in relationships with the engineering, product, and leadership teams you work with.

• You know security work moves at the speed of trust.

• You’re a good partner. You’re helpful and direct, you say no with reasons and alternatives, and you don’t mistake gatekeeping for rigor.

• You’re security-first by background but engineering-curious by nature. You want to understand how the systems work, not just what’s wrong with them.

• You treat AI as part of the toolkit. You’re skeptical where you should be, aggressive where it pays off, and you want to work somewhere that’s serious about both.

Qualifications:

• 2 to 4 years of full-time experience in a security-focused role. AppSec, ProdSec, or cloud security preferred.

• Comfortable reading and critiquing pull requests in a modern stack. You don’t need to ship production services, but you should follow the code, ask sharp questions, and write small tools when it helps.

• Experience participating in or leading threat modeling exercises. Familiar with at least one structured approach (STRIDE, attack trees, or equivalent).

• Working knowledge of cloud security posture. Exposure to a CNAPP is a strong plus.

• Strong fundamentals: OWASP Top 10, authentication and authorization patterns, secrets management, common cloud misconfigurations.

• Hands-on experience applying AI tooling to security or engineering work. You can point to specific examples where it changed how you operated.

Nice to Haves:

• Experience with developer tools, SaaS platforms, or feature management

• Bug bounty triage experience (HackerOne, Bugcrowd)

• Familiarity with Go, Python, or TypeScript

• Contributions to internal security tooling or open-source security projects

Pay:

Target pay ranges based on Geographic Zones* for Level 2:

• Zone 1: San Francisco/Bay Area or NYC Metropolitan Area, Boston, Seattle - $ 136,000 - $187,000**
• Zone 2: Irvine, LA, Monterey, Santa Barbara, Santa Rosa, Austin, Portland, Philadelphia, Chicago - $122,000 - $168,000**
• Zone 3: All other US locations - $116,000 - $159,000**

LaunchDarkly operates from a place of high trust and transparency; we are happy to state the pay range for our open roles to best align with your needs. Exact compensation may vary based on skills, experience, and location.

*Within the United States, our geographic pay zones are defined by counties surrounding major metropolitan areas.

**Restricted Stock Units (RSUs), health, vision, and dental insurance, and mental health benefits in addition to salary.

About LaunchDarkly:

Modern software delivery was supposed to be the foundation for a thriving digital business but reality has proven otherwise. Slow, inefficient development cycles, costly outages, and fragmented customer experiences are preventing developers from building their best software. The LaunchDarkly platform helps developers innovate on new features faster while protecting them with a safety valve to instantly rewind when things go wrong. Developers can target product experiences to any customer segment and maximize the business impact of every feature. And by gradually rolling out new application components, they escape nightmare “big-bang” technology migrations.

The LaunchDarkly platform was built to guide engineers to the next frontier of DevOps by:

• Improving the velocity and stability of software releases, without the fear of end customer outages
• Delivering targeted experiences by easily personalizing features to customer cohorts
• Maximizing the business impact of every feature through the ability to experiment and optimize
• Coordinating the release and optimization of software to provide consistent experiences across mobile platforms and device types
• Improving the effectiveness and productivity of engineering teams, by providing insights into engineering cadence and stability

At LaunchDarkly, we believe in the power of teams. We’re building a team that is humble, open, collaborative, respectful and kind. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, or disability status. LD invites any applicant to review our written Affirmative Action Plan. To do so, contact People Ops at hr@launchdarkly.com.

Do you need a disability accommodation?

Fill out this accommodations request form and someone from our People Operations team will contact you for assistance.

Your safety matters to us. To protect yourself from potential scams, LaunchDarkly recruiters will only contact you from @LaunchDarkly.com email addresses or via LinkedIn from “Verified Recruiter” accounts.Be cautious of emails from other domains.  Legitimate LaunchDarkly recruiters will never ask for money, fees, or banking information before making a job offer. LaunchDarkly will never make a job offer without conducting a formal interview process. Our interview process does not involve asking detailed questions by email. If you are ever unsure about a communication that you receive, don’t click any links—visit Careers | LaunchDarkly  directly for confirmed job openings and links to apply.

Please notify us of any fraudulent representation by sending an email to careers@launchdarkly.com.

Mysten Labs believes that decentralized and open protocols are the bedrock of the internet of value. This is why at Mysten Labs, we are creating foundational infrastructure to accelerate the adoption of decentralized protocols based on blockchain technologies.

Overview

Security engineers own the operational and software security of the Sui blockchain, wallet, Move language, and other Mysten systems.

Security engineers support and work closely with the engineers working on the sensitive components of these systems. In addition, they are the key points of contact for audit engagements and bug bounty reports.

We are hiring security engineers now as we expand the ecosystem and production services. We have a strong team in protocol security, but we need experts in operational and software security who can help us navigate the challenges of running world class infrastructure.

Responsibilities

• Maintain and improve the custody systems that hold validator keys, operational keys, and important objects for Mysten-run smart contracts and general on-chain operations, including key generation, storage, access controls, signing workflows, aggregation, rotation, and recovery procedures

• Harden the signing path end-to-end: review and improve the code, infrastructure, and operational practices around how transactions are authorized, reviewed, and submitted on-chain

• Build and improve anti-scam and anti-abuse tooling for the Sui ecosystem, detecting phishing sites, malicious dApps, drainer contracts, and other threats that target Sui users, and partnering with wallet ecosystem teams on mitigations.

• Conduct code and design reviews of components that interact with sensitive keys or handle on-chain assets, with a focus on cryptographic correctness, access control, and operational safety

• Participate in investigation and response for security issues and incidents that touch custody or ecosystem abuse, and drive concrete fixes that prevent the same class of issue from recurring

Preferred Qualifications

• 3+ years of hands-on experience in security engineering, application security, or product security.

• Knowledge relevant to key management in production, for example HSMs, cloud KMS, MPC or threshold-signature systems, hardware wallets, or comparable custody infrastructure.

• Proficiency in one or more of: Rust, TypeScript, Python, or Move, and experience reviewing and writing security-sensitive code.

• Solid understanding of applied cryptography fundamentals and the common ways cryptographic systems are misused in practice.

• A builder mentality: comfortable operating with ambiguity, diving into unfamiliar codebases, and shipping the fix yourself rather than handing it off.

• Strong written and verbal communication: you can explain a finding or an issue clearly to the engineer who needs to fix it and to a non-technical stakeholder who needs to understand the risk.

• Interest in the web3 space is required; prior experience shipping in crypto, fintech, or other regulated/high-stakes environments is a plus.

Employment is contingent upon the successful completion of a background check, which may include verification of employment history, education credentials, criminal history, and other relevant information.

Regarding the recent rash of technology job scams: Be aware that emails from genuine Mysten Labs group recruiters will always come from the @ mystenlabs.com domain or related subdomains (e.g., mystenlabs.com/careers ). Remember: you can always verify positions on our job boards at www.mystenlabs.com/careers .

To support an efficient and fair hiring process, we may use technology-assisted tools, including artificial intelligence (AI), to help identify and evaluate candidates. All hiring decisions are ultimately made by human reviewers.

Our team is remote first and we are hiring across the world. Here at Mysten Labs, you’ll be joining a world-class team with tremendous growth potential as we bring the next billion users to web3. We raised a $300M Series B round from top Silicon Valley led venture funds like Jump Crypto, Andreessen Horowitz (a16z), Binance Labs, Redpoint, Lightspeed, Coinbase Ventures, Electric Capital, Standard Crypto, NFX, Slow Ventures, Scribble Ventures, Samsung Next, Lux Capital, among other investment firms and strategic partners. Come join us and build the future of web3!

About the Job:

LaunchDarkly’s Product Security team is hiring a Product Security Engineer II to strengthen how we secure the platform engineers build with every day. You’ll bring depth in security fundamentals and program design as a member of a small, high-leverage team with strong engineering instincts.

LaunchDarkly is critical infrastructure. Our security team keeps it safe for the global systems that depend on us. You’ll spend most of your time on threat modeling and cloud security posture, with rotating exposure to the rest of the ProdSec surface area. Your work will help developers move fast without sacrificing security, through automation, guidance, and the kind of partnership that makes the secure path the easy one.

You’ll report to the Director of Security and work closely with software engineers, product managers, and other security engineers. We expect you to bring a sharp point of view on where AI can take work off the team’s plate and make our coverage deeper.

Responsibilities:

• Lead threat modeling engagements on the features and services where the risk warrants it.

• Partner with the ProdSec lead to evolve the practice from on-request to repeatable, with clear criteria for when an engagement is worth running.

• Own day-to-day triage of CNAPP findings end to end. Investigate, prioritize, route to service owners, and close the loop. Look for patterns that point to systemic fixes instead of one-off cleanup.

• Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team’s work demands.

• Partner with product engineering teams as a trusted reviewer. Catch issues early, explain the why, propose paths forward. Say no when needed, with reasons and alternatives.

• Bring AI to the work. Use it to accelerate triage, summarize findings, draft threat models, scan code, and reduce toil. Help the team build durable patterns for safe and effective use, not one-off prompts.

• Push the security floor up over time through documentation, office hours, small tooling improvements, and the kind of compounding work that prevents incidents rather than responds to them.

About You:

• You’re proactive by default. You’d rather spot drift early and fix the cause than chase symptoms after an incident.

• You believe security is a craft of habits and systems. Small consistent improvements beat heroic one-offs.

• You invest in relationships with the engineering, product, and leadership teams you work with.

• You know security work moves at the speed of trust.

• You’re a good partner. You’re helpful and direct, you say no with reasons and alternatives, and you don’t mistake gatekeeping for rigor.

• You’re security-first by background but engineering-curious by nature. You want to understand how the systems work, not just what’s wrong with them.

• You treat AI as part of the toolkit. You’re skeptical where you should be, aggressive where it pays off, and you want to work somewhere that’s serious about both.

Qualifications:

• 2 to 4 years of full-time experience in a security-focused role. AppSec, ProdSec, or cloud security preferred.

• Comfortable reading and critiquing pull requests in a modern stack. You don’t need to ship production services, but you should follow the code, ask sharp questions, and write small tools when it helps.

• Experience participating in or leading threat modeling exercises. Familiar with at least one structured approach (STRIDE, attack trees, or equivalent).

• Working knowledge of cloud security posture. Exposure to a CNAPP is a strong plus.

• Strong fundamentals: OWASP Top 10, authentication and authorization patterns, secrets management, common cloud misconfigurations.

• Hands-on experience applying AI tooling to security or engineering work. You can point to specific examples where it changed how you operated.

Nice to Haves:

• Experience with developer tools, SaaS platforms, or feature management

• Bug bounty triage experience (HackerOne, Bugcrowd)

• Familiarity with Go, Python, or TypeScript

• Contributions to internal security tooling or open-source security projects

Pay:

Target pay ranges based on Geographic Zones* for Level 2:

• Zone 1: San Francisco/Bay Area or NYC Metropolitan Area, Boston, Seattle - $ 136,000 - $187,000**
• Zone 2: Irvine, LA, Monterey, Santa Barbara, Santa Rosa, Austin, Portland, Philadelphia, Chicago - $122,000 - $168,000**
• Zone 3: All other US locations - $116,000 - $159,000**

LaunchDarkly operates from a place of high trust and transparency; we are happy to state the pay range for our open roles to best align with your needs. Exact compensation may vary based on skills, experience, and location.

*Within the United States, our geographic pay zones are defined by counties surrounding major metropolitan areas.

**Restricted Stock Units (RSUs), health, vision, and dental insurance, and mental health benefits in addition to salary.

About LaunchDarkly:

Modern software delivery was supposed to be the foundation for a thriving digital business but reality has proven otherwise. Slow, inefficient development cycles, costly outages, and fragmented customer experiences are preventing developers from building their best software. The LaunchDarkly platform helps developers innovate on new features faster while protecting them with a safety valve to instantly rewind when things go wrong. Developers can target product experiences to any customer segment and maximize the business impact of every feature. And by gradually rolling out new application components, they escape nightmare “big-bang” technology migrations.

The LaunchDarkly platform was built to guide engineers to the next frontier of DevOps by:

• Improving the velocity and stability of software releases, without the fear of end customer outages
• Delivering targeted experiences by easily personalizing features to customer cohorts
• Maximizing the business impact of every feature through the ability to experiment and optimize
• Coordinating the release and optimization of software to provide consistent experiences across mobile platforms and device types
• Improving the effectiveness and productivity of engineering teams, by providing insights into engineering cadence and stability

At LaunchDarkly, we believe in the power of teams. We’re building a team that is humble, open, collaborative, respectful and kind. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, or disability status. LD invites any applicant to review our written Affirmative Action Plan. To do so, contact People Ops at hr@launchdarkly.com.

Do you need a disability accommodation?

Fill out this accommodations request form and someone from our People Operations team will contact you for assistance.

Your safety matters to us. To protect yourself from potential scams, LaunchDarkly recruiters will only contact you from @LaunchDarkly.com email addresses or via LinkedIn from “Verified Recruiter” accounts.Be cautious of emails from other domains.  Legitimate LaunchDarkly recruiters will never ask for money, fees, or banking information before making a job offer. LaunchDarkly will never make a job offer without conducting a formal interview process. Our interview process does not involve asking detailed questions by email. If you are ever unsure about a communication that you receive, don’t click any links—visit Careers | LaunchDarkly  directly for confirmed job openings and links to apply.

Please notify us of any fraudulent representation by sending an email to careers@launchdarkly.com.

Mysten Labs believes that decentralized and open protocols are the bedrock of the internet of value. This is why at Mysten Labs, we are creating foundational infrastructure to accelerate the adoption of decentralized protocols based on blockchain technologies.

Overview

Security engineers own the operational and software security of the Sui blockchain, wallet, Move language, and other Mysten systems.

Security engineers support and work closely with the engineers working on the sensitive components of these systems. In addition, they are the key points of contact for audit engagements and bug bounty reports.

We are hiring security engineers now as we expand the ecosystem and production services. We have a strong team in protocol security, but we need experts in operational and software security who can help us navigate the challenges of running world class infrastructure.

Responsibilities

• Maintain and improve the custody systems that hold validator keys, operational keys, and important objects for Mysten-run smart contracts and general on-chain operations, including key generation, storage, access controls, signing workflows, aggregation, rotation, and recovery procedures

• Harden the signing path end-to-end: review and improve the code, infrastructure, and operational practices around how transactions are authorized, reviewed, and submitted on-chain

• Build and improve anti-scam and anti-abuse tooling for the Sui ecosystem, detecting phishing sites, malicious dApps, drainer contracts, and other threats that target Sui users, and partnering with wallet ecosystem teams on mitigations.

• Conduct code and design reviews of components that interact with sensitive keys or handle on-chain assets, with a focus on cryptographic correctness, access control, and operational safety

• Participate in investigation and response for security issues and incidents that touch custody or ecosystem abuse, and drive concrete fixes that prevent the same class of issue from recurring

Preferred Qualifications

• 3+ years of hands-on experience in security engineering, application security, or product security.

• Knowledge relevant to key management in production, for example HSMs, cloud KMS, MPC or threshold-signature systems, hardware wallets, or comparable custody infrastructure.

• Proficiency in one or more of: Rust, TypeScript, Python, or Move, and experience reviewing and writing security-sensitive code.

• Solid understanding of applied cryptography fundamentals and the common ways cryptographic systems are misused in practice.

• A builder mentality: comfortable operating with ambiguity, diving into unfamiliar codebases, and shipping the fix yourself rather than handing it off.

• Strong written and verbal communication: you can explain a finding or an issue clearly to the engineer who needs to fix it and to a non-technical stakeholder who needs to understand the risk.

• Interest in the web3 space is required; prior experience shipping in crypto, fintech, or other regulated/high-stakes environments is a plus.

Employment is contingent upon the successful completion of a background check, which may include verification of employment history, education credentials, criminal history, and other relevant information.

Regarding the recent rash of technology job scams: Be aware that emails from genuine Mysten Labs group recruiters will always come from the @ mystenlabs.com domain or related subdomains (e.g., mystenlabs.com/careers ). Remember: you can always verify positions on our job boards at www.mystenlabs.com/careers .

To support an efficient and fair hiring process, we may use technology-assisted tools, including artificial intelligence (AI), to help identify and evaluate candidates. All hiring decisions are ultimately made by human reviewers.

Our team is remote first and we are hiring across the world. Here at Mysten Labs, you’ll be joining a world-class team with tremendous growth potential as we bring the next billion users to web3. We raised a $300M Series B round from top Silicon Valley led venture funds like Jump Crypto, Andreessen Horowitz (a16z), Binance Labs, Redpoint, Lightspeed, Coinbase Ventures, Electric Capital, Standard Crypto, NFX, Slow Ventures, Scribble Ventures, Samsung Next, Lux Capital, among other investment firms and strategic partners. Come join us and build the future of web3!