Role Description The Lead Cybersecurity Specialist within the Legence IT Security organization will be responsible for helping advance the company’s overall security posture. This role goes beyond operational support to include architecture, risk strategy, and cross-functional leadership. This role will work with other IT pillars and team members to implement, and continuously improve security controls that protect enterprise systems, cloud environments, and data against evolving threats while aligning with business objectives and regulatory requirements. This role will provide team leadership to junior staff members. Key Responsibilities - Cloud Security & Architecture - Ensure the implementation and governance of secure cloud architectures across platforms. - Continue development, enforcement, and governance of cyber security controls (including identity, access management, and workload protection). - Partner with engineering teams to embed security into cloud-native development and DevOps processes (DevSecOps). - Enterprise Risk Management - Evolve the organization’s security risk management program. - Conduct risk assessments, threat modeling, and control evaluations. - Translate technical risks into business impact and present recommendations to senior leadership. - Security Engineering & Automation - Develop and maintain advanced automation frameworks and scripts to improve detection, response, and compliance capabilities. - Lead efforts to integrate security tooling (SIEM, EDR, CSPM, etc.) into a cohesive security ecosystem. - Threat Detection & Incident Response - Oversee monitoring and detection strategies across networks, endpoints, and cloud environments. - Lead incident response efforts, including triage, containment, root cause analysis, and post-incident improvements. - Drive continuous improvement of detection use cases and response playbooks. - Vulnerability Management & Offensive Security - Lead vulnerability management lifecycle, including scanning, prioritization, and remediation strategies. - Coordinate perform penetration testing and adversary simulations. - Provide expert guidance on remediation and risk prioritization. - Governance, Compliance & Security Strategy - Support and help shape governance, risk, and compliance initiatives (e.g., NIST, ISO, SOC 2). - Lead security assessments, audits, and third-party risk reviews. - Contribute to long-term cybersecurity strategy, roadmap planning, and security metrics reporting. - Leadership & Collaboration - Act as a technical mentor and escalation point for junior analysts and engineers. - Oversee the career development of security team members. - Collaborate with IT, engineering, and business stakeholders to align security initiatives with organizational goals. - Stay ahead of emerging threats, technologies, and industry trends, bringing proactive recommendations to leadership. Qualifications - Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience). - 5–10+ years of experience in cybersecurity, with demonstrated progression into senior or lead responsibilities. - Deep expertise in cloud security, network security, and enterprise security architecture. - Strong experience with security technologies such as SIEM, EDR, IDS/IPS, firewalls, and encryption. - Proven experience in risk management, incident response, and vulnerability management. - Proficiency in scripting or programming (e.g., Python, PowerShell, Bash) for automation and security engineering. - Experience with security frameworks and compliance standards (e.g., NIST, ISO 27001, CIS). - Strong analytical, problem-solving, and decision-making skills. - Excellent communication skills, with the ability to influence technical and non-technical stakeholders. Preferred Qualifications - Industry certifications such as CISSP, CISM, CCSP, or GIAC. - Experience leading security initiatives or small teams. Compensation $125k-$165k, depending on experience. Benefits - 401(k) Plan with Company Match: Currently match contributions dollar-for-dollar up to 4% of eligible pay; immediate vesting. - Health & Welfare Benefits: Employer provided medical, dental, vision, prescription drug, Employee Assistance Program and accident & illness coverage. - Life and Disability Insurance: Employer provided basic life insurance and AD&D valued at 50K coverage amount with the option for voluntary buy up for additional coverage. - Time Off: Flexible non-accrual vacation; company holidays per policy. - Expenses: Business travel and related expenses reimbursed per company policy. Reasonable Accommodations If you need assistance or accommodations during the application or interview process, please contact us at ta@wearelegence.com or your dedicated recruiter with the job title and requisition number. Employment Eligibility Candidates must have current work authorization in the U.S.; visa sponsorship is not available for this position. Third-Party Recruiting Disclaimer Legence and its affiliates do not accept unsolicited resumes from agencies; any such submissions without a prior signed agreement authorized by Legence Holdings LLC's CHRO or Director of Talent Acquisition will not incur fees and are considered property of Legence. Pay Disclosure & Considerations Where pay ranges are indicated, please note that a successful candidate’s exact pay will be determined based on relevant job-related factors, including any of the following: candidate’s experience, skills, and qualifications, as well as geographic and market considerations. We are committed to ensuring fair and competitive compensation for all employees and comply with all applicable salary transparency laws. Equal Employment Opportunity Employer Legence and its affiliate companies are proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), marital or familial status, national origin, age, disability, genetic information (including family medical history), political affiliation, military service, other non-merit-based factors, and any other characteristic protected under applicable local, state or federal laws and regulations.

Title: Security Automation Engineer Location: Remote Department: Palo (Sales Operations) Job Description: Secur-Serv is a leading managed services provider of IT, print, and hardware services, with a security focus at the core of every service. Secur-Serv provides nationwide, on-site service to businesses of every size, focusing on the financial, manufacturing, transportation, and healthcare industries.  Why Secur-Serv? Join Secur-Serv because we are committed to professional and personal growth, working with employees to develop a defined career path and helping them achieve their career goals with internal and external training. We empower our employees to innovate and be a part of solutions that improve processes, systems, and transformation. We recognize and provide an environment where each and every employee can make an impact..   - Explore new training opportunities through our LinkedIn Learning platform and partners to develop your skills and career.    - Free wellness and mental health resources via our Employee Assistance Program (EAP) available which is all employees for help with life's stresses and up to three visits with a professional.  This is a remote, work-from-home position, and all qualified candidates are encouraged to apply in the continental U.S., with the exception of candidates from California, Maryland, Colorado, Washington, New York, Illinois, or New Jersey. POSITION SUMMARY The Security Automation Engineer will work with customer(s) supporting our mission to help them quickly and completely adopt our Security Operating Platform, leaving them more secure.  Develop and maintain expertise level skillsets on our products and solutions deployed within the customer's environment.   ESSENTIAL RESPONSIBILITIES - Follow all Secur-Serv requirements, policies, procedures, and management directions - Assist customers with their Incident Response efforts leveraging Cortex XSOAR for Security Orchestration Automation and Response - Learn & understand the customer’s business requirements and the threat landscape that is most applicable to their industry’s vertical sector - Lead Cortex XSOAR technical implementation/operations in a customer environment - Interact with Security and IT technologies relating to customer environment - Create documentation for Palo Alto Networks Cortex XSOAR playbooks - Refine and translate complex requirements and execute best practice solutions - Communicate effectively in crisis situations with all levels of an organization from Engineering/Operations to CIO/CISO audiences - Lead a team - Other tasks and duties as needed to support the customer and/or business relating to Cortex XSOAR REQUIREMENTS - Bachelor’s degree or equivalent military experience - Minimum 3 years’ experience managing complex security solutions in large environments - Experience in Python and/or JavaScript - Proven ability understandingof Linux or Unix, network troubleshooting analysis and current security threats - Experience in cybersecurity incident response - Detailed technical experience in the installation, configuration, and operation of high-end security solutions - Strong understanding of cybersecurity technologies, protocols and applications - Experience with IDS/IPS, SEIM, Endpoint solutions and technologies - Excellent written and verbal communication skills   PREFERRED SKILLS/EXPERIENCE - GCIA, CISSP, and/or DevOps certification PHYSICAL/MENTAL REQUIREMENTS - Sit Frequently at a desk - Frequent fine hand and finger movements (keyboard, writing, mouse movement) - Continual close visual acuity for reading - Hearing and Speaking for communication within and outside of company. - May be required to lift/push/pull up to 10 pounds for set up/movement of office equipment, - Mental Requirements – must be able to consistently: - Learn new tasks, - Remember Processes, - Maintain focus, - Complete tasks independently - Make timely decisions in the context of a workflow, - Ability to communicate effectively, - Able to adhere to process protocol in a timely manner WE ARE AN EQUAL OPPORTUNITY EMPLOYER.   All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.  Applicants who have disabilities may request that accommodations be made in order to complete the selection process by contacting our People Department by emailing [email protected] or calling 402.697.3039.  EEO is the law. To review your rights under Equal Employment Opportunity please visit: www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf.  Secur-Serv Drug & Alcohol Use Policy

Title: Information Security Officer Location: Naperville, IL Full Time Experienced Job Description: Sourcebooks is seeking an Information Security Officer to own and manage key components of the company’s Information Security Management System (ISMS) and help strengthen our security and compliance program. This role plays an important part in protecting company systems, data, and operations by leading risk management activities, coordinating security audits, managing policy governance, and supporting business continuity planning. The Information Security Officer will work closely with IT, Legal, and business stakeholders across the organization to ensure the company maintains strong security governance, regulatory compliance, and operational resilience. This is an exempt, salaried position with a range of $110, 000 - $120,00/annually. Starting pay is based on a thoughtful evaluation of job-related factors including geographic location, market conditions, relevant experience, training, and education to ensure a fair and competitive offer. This is a hybrid role based out of our Naperville, IL office with training 5 days/week in office for the first 90 days. Hybrid schedule will be discussed after 90 days. What you’ll do - Manage and help mature the company’s Information Security Management System (ISMS). - Lead risk assessments, control gap assessments, and Business Impact Analyses (BIA). - Maintain the organization’s risk register and track key risk indicators (KRIs) and security metrics. - Coordinate remediation activities to address security risks and control gaps. - Support internal and external security audits and regulatory compliance initiatives. Business Continuity & Resilience - Maintain and coordinate the company’s Business Continuity and Disaster Recovery program. - Lead Business Impact Analyses with stakeholders to identify critical systems and operational dependencies. - Support periodic testing of continuity and recovery plans. Policy Governance - Develop, maintain, and enforce information security policies, standards, and guidelines aligned with regulatory requirements and industry best practices. - Partner with the Legal team to ensure policies address regulatory, privacy, and contractual obligations. - Promote adoption of security policies across the organization and support compliance monitoring. Third-Party Risk - Assess security risks related to vendors and service providers that access company systems or data. - Support security reviews for new vendors and coordinate remediation activities related to third-party security findings. Fraud & Threat Monitoring - Monitor external threat intelligence to identify potential fraud or malicious activity. - Coordinate with Legal and external services to address domain spoofing, impersonation, and related threats. Security Awareness & Program Support - Support cybersecurity awareness initiatives including phishing simulations and employee training. - Track security initiatives and communicate program progress, risks, and accomplishments to leadership. - Develop security metrics and reporting to communicate the organization’s risk posture and program maturity. What you bring: - Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field. - 5+ years of experience in cybersecurity, technology risk, governance/risk/compliance (GRC), or technical compliance roles. - Strong understanding of security governance, policy development, and risk management practices. - Experience supporting security audits and regulatory compliance initiatives. - Familiarity with security frameworks such as ISO 27001, ISO 27701, NIST Cybersecurity Framework, NIST SP800-53, NIST SP800-171, PCI-DSS, HITRUST, or CMMC. - Experience evaluating and implementing security controls. - Strong analytical, project management, and communication skills. - Familiarity with Governance, Risk & Compliance (GRC) tools. Nice to have - Security certifications such as CISSP, CISM, CISA, or CRISC. - Experience supporting Business Continuity Planning or Disaster Recovery programs. - Experience working within an ISO-aligned Information Security Management System. Why Sourcebooks? As Newsweek’s #2 Most Loved Workplace in 2024 and a recognized leader in innovation by Fast Company (2024 Most Innovative Companies, 2023 Best Workplaces for Innovators), we use a mission-driven, data-centered approach to drive success for our authors and their books. We’re a thriving entrepreneurial company that creates books that transcend categories and defy odds, and we’ve been honored with hundreds of national bestsellers and awards. We are passionate book lovers dedicated to connecting books to readers in innovative ways. Story by story, book by book, we have changed more than 300 million lives. Join us as we change 300 million more! Full-time employees are eligible for our comprehensive benefits program. Our range of benefits include, but are not limited to, Medical/Prescription drug insurance, Dental, Vision, Health Care, Dependent Care, Flexible Spending Account, Health Savings Account, 401(k), Short and Long-Term Disability Insurance, Life/AD&D Insurance, and generous paid time off. Sourcebooks values the array of talents and perspectives that a diverse workforce brings. All qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status.

Title: Cloud Security Specialist IV Location: Remote Full Time Experienced Job Description: GAMA-1 is seeking a remote Cloud Security Specialist IV focused on AWS security operations, IAM, incident response, vulnerability management, and compliance in regulated environments. In partnership with the ISSO, this role is responsible for the overall protection of the enterprise cloud environment, ensuring data security and regulatory compliance while implementing best practices for access control, encryption, and threat mitigation. The Cloud Security Specialist IV collaborates with engineering and operations teams to secure systems, support audits and compliance efforts, and drive effective security across AWS environments. What You Will Do in This Role The Cloud Security Specialist IV is responsible for leading AWS security operations, managing enterprise security controls and IAM, driving incident response and compliance, and serving as the SME and customer point of contact to ensure secure, resilient, and well-governed cloud environments. Responsibilities include: - Serve as the Cloud Security SME and primary customer point of contact - Operate and monitor security controls across enterprise IT systems to support security operations - Lead cloud security operations in AWS (e.g., WAF, GuardDuty, Macie, CloudTrail, CloudWatch, Control Tower), ensuring effective detection, response, and governance - Perform security monitoring, incident response, and digital forensics using SIEM tools - Direct and influence multi-disciplinary teams in the implementation and operation of cybersecurity controls across the enterprise - Collaborate with application developers and database administrators to deliver innovative solutions to complex technology challenges and business requirements - Provide subject matter expertise on information security architecture and systems engineering to IT and business stakeholders - Drive automation of security controls, data, and processes to enhance metrics, visibility, and operational efficiency - Implement and manage IAM solutions (ForgeRock, SailPoint, SSO, provisioning, lifecycle management) to ensure secure and effective access governance - Assess risks and vulnerabilities and implement appropriate mitigation strategies - Support audits, compliance activities, and execution of the security roadmap to ensure regulatory alignment and continuous improvement What You Will Bring Required Qualifications - 8+ years of experience securing enterprise or mission-critical systems in regulated or government environments - 5+ years of hands-on security operations experience, including monitoring, detection, and response - 4+ years of AWS cloud security experience in production environments - 4+ years of Windows and Linux security administration in enterprise environments - Experience developing and enhancing security compliance reporting (e.g., AWS Security Hub, CloudTrail) - Demonstrated experience identifying, mitigating, and managing vulnerabilities - Experience supporting incident response activities and working with SIEM platforms Preferred Qualifications - Experience with IAM integrations (Active Directory, LDAP, enterprise databases), SSO, and identity lifecycle management - Working knowledge of federal security frameworks and standards, including NIST 800-37/53, IRS 1075, and MARS-E - Experience with vulnerability management, penetration testing, and enterprise firewall administration - Scripting experience in Java, JavaScript, or shell scripting Work authorization/security clearance requirements - Ability to obtain a security clearance. Work Environment - This work is normally completed in a remote environment. Physical Demands - Prolonged periods of sitting at a desk and working on a computer. - Must be able to access and navigate each department at the organization's and client facilities. Travel Required - No Proficiency Requirement - The employee is expected to demonstrate proficiency in all essential job functions, tools, and processes related to this position within the first 90 days of employment. This includes acquiring a thorough understanding of job-specific responsibilities, systems, and workflows as outlined during onboarding and training. Failure to meet this requirement may result in additional training, reassessment, or other actions as deemed necessary by management. GAMA-1 also offers a variety of benefits, including health insurance coverage, life and disability insurance, 401(k) savings plan, training and career development opportunities, paid holidays and paid time off (PTO - to cover vacation, illness or disability, appointments, emergencies or other situations that require time off from work).