ISC2

Welcome page

Job Listings


Here are our current job openings. Please click on the job title for more information, and apply from that page if you are interested.

Use this form to perform another job search

The system cannot access your location for 1 of 2 reasons:
  1. Permission to access your location has been denied. Please reload the page and allow the browser to access your location information.
  2. Your location information has yet to be received. Please wait a moment then hit [Search] again.
Click column header to sort

Search Results Page 1 of 1

Job Locations UK-Remote
Job Post Information* : Posted Date 2 days ago(12/3/2025 2:21 PM)
Title

Application Security Engineer
ID
2025-2278
Position Summary
The Application Security Engineer will be an integral part of the security team and will work cross-functionally with several lines of business to ensure the secure delivery of products and applications. The Application Security Engineer will be expected to attend stand-ups and strategy sessions to identify areas of risk and offer consulting on best practices. The Application Security Engineer will act as a champion and will formalize the integration of application security into our current processes and tools.
Responsibilities
The Application Security Engineer will be expected to facilitate technical design reviews, perform code analysis, offer remediation recommendations, perform manual and dynamic security testing, and document and present all findings. The Application Security Engineer will work closely with the Development, Release, and QA teams to identify and coordinate security testing, validate, test, and vet both internally and externally developed applications. As an Application Security Engineer, you will act as a DevSecOps Engineer that will be responsible for secure application delivery as well as the underlying infrastructure. The Application Security Engineer must be comfortable with securing cloud-based products in environments such as AWS, Azure and Salesforce. Additionally, this position will provide security risk assessments, create threat models and assist the team with vulnerability testing. |   | Additionally, this position manages the ISC2 responsible reporting program that supports the organization’s secure application delivery objectives. In addition to the daily duties described, the individual will assist the security engineering team in the management of security technologies administered by the group (e.g., WAF, Firewall, IDS, and SEIM). This would be an "as needed" function, which is primarily to provide coverage for those duties when individuals on the security engineering team are out of the office for training or vacation. Additionally, the Application Security Engineer will be expected to participate in the Incident Response team and act as a Subject Matter Expert when dealing with the continuity of our operations and when responding with cyber incidents. |   | - Conduct security assessments: Perform comprehensive security assessments of applications, including static code analysis, dynamic application testing, and penetration testing. Identify vulnerabilities, weaknesses, and potential attack vectors. | - Secure code review: Review application source code to identify security flaws, such as insecure authentication mechanisms, input validation vulnerabilities, and potential injection attacks. Provide recommendations for remediation and best practices for secure coding. | - Threat modeling: Collaborate with development teams to identify and assess potential threats and risks associated with the application. Use threat modeling techniques to prioritize security controls and countermeasures. | - Develop and implement security controls: Design, develop, and implement security controls and countermeasures to protect applications against common security threats, such as cross-site scripting (XSS), cross-site request forgery (CSRF), and SQL injection. Implement secure coding practices and security guidelines. | - Vulnerability management: Establish and maintain a vulnerability management program for applications. Track and prioritize vulnerabilities based on their severity and impact. Coordinate with development teams to ensure timely remediation of identified vulnerabilities. | - Security testing automation: Develop and maintain automated security testing tools and scripts to streamline the application security testing process. Integrate security testing into the continuous integration and deployment (CI/CD) pipeline. | - Security training and awareness: Conduct security training and awareness programs and determine skills training needs for development teams, promoting secure coding practices and awareness of common security vulnerabilities. Stay updated with the latest security trends, attack techniques, and best practices.  | - Incident response: Provide support during security incidents or breaches related to applications. Participate in incident response activities, including containment, investigation, and remediation. | - Compliance and regulatory requirements: Ensure that applications adhere to relevant security compliance standards, industry regulations, and data privacy requirements (e.g., GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability)). Collaborate with compliance teams to address any compliance-related concerns. | - Security documentation and reporting: Prepare and maintain security documentation, including security policies, procedures, and guidelines. Generate periodic reports on the security posture of applications and present findings to relevant stakeholders. |   | Other responsibilities include: | - Maintain and manage all pipelines from a security perspective.  | - Onboard new pipelines for security tooling.  | - Keep pipeline diagrams up to date with current security details.  | - Serve as the primary SME for the DAST scanner. This includes configuration, testing, vulnerability management, and remediation oversight.  | - Recommend continuous improvements for the SAST scanner.  | - Security code release approvals   | - Maintain and manage the WAF, including signatures, configuration, and threat intel feeds.  | - Serve as the SME and provide recommendations for ongoing improvements.  | - Establish baseline WAF signatures for XD Prod following the Silverline migration.  | - Baseline WAF signatures after code releases.  | - Serve as the primary point of contact for vetting bug reports and managing the informed disclosure process. | - Assist with attestation data gathering.  | - Support and assist with threat modeling.  | - Act as the formal backup for the threat modeling and attestation processes.  | - Review and approve Security Assessment Review reports as needed.  | - Perform other duties as required.
Job Locations UK-Remote
Job Post Information* : Posted Date 2 weeks ago(11/21/2025 5:56 PM)
Title

Enterprise Support Specialist (EMEA)
ID
2025-2276
Position Summary
ISC2 is looking for a skilled, customer-oriented Enterprise Support Specialist (EMEA) for our growing Enterprise IT Support Team.  The IT Support team has a strong focus on creating an ITIL based support structure that encourages collaboration, personal growth and offers multiple opportunities for functional cross-training and building a strong skillset that will allow employees to succeed and realize their true IT potential.   |   | Summary Description of Position: The Enterprise Support Specialist (EMEA) collaborates with business and IT experts to ensure effective technology service delivery. This individual will establish a rapport and build trust with stakeholders over time by delivering high-quality service outcomes.  The Enterprise Support Specialist (EMEA) must also understand and work within the guidelines of ITIL practices to deliver technology service, and agile techniques to deliver continuous improvement. ISC2 supports several security frameworks globally, this person must be familiar with security best practices that affect application configuration, change management and procurement. This role will also champion the ISC2 employee culture and foster the organization's Inclusion goals.
Responsibilities
- Consistently respond to all incoming Jira Sevice Management ticketed requests for support and services within prescribed SLAs. | - Provision end user systems and services within prescribed SLAs using appropriate tools and automation. | - Order hardware and software from preferred vendors, accurately maintain asset inventory and adhere to asset management policies. | - Administer and troubleshoot Apple (MacBooks, iPad, iPhone), Windows and mobile endpoints, using JAMF, Intune and Active Directory, basic level Salesforce workflows, and processes. | - Administer user accounts in Okta, Active Directory, Salesforce, and other dependent systems. | - Contribute to service improvement efforts, updates to documentation and the development of Service Desk Tier I support processes. | - Provide base level Triage for incidents requiring escalation to Tier 2 Infrastructure, Security, Salesforce Administrators and/ or Web Support teams. | - Perform other duties as assigned. 
Job Locations UK-Remote
Job Post Information* : Posted Date 3 weeks ago(11/17/2025 5:36 PM)
Title

Board Secretariat Manager
ID
2025-2255
Position Summary
The Board Secretariat Manager will work directly with the Board Officers, Board Members and Board Committees assisting with succession and knowledge transfer within the Board. The Board Secretariat Manager is responsible for facilitating administrative detail, managing board and committee workflow and providing highly responsible staff support for the Board of Directors.  The ideal candidate will bring significant experience working within the governance function of an organization, supporting board operations, compliance and efficient processes.  The primary duty is to manage, record, produce, disseminate and archive the official record of all Board of Directors meetings and to prepare materials and logistics necessary for Board activities.  The role requires discretion and independent judgment in handling confidential information and in interpreting and implementing policies and procedures within guidelines set by the Board of Directors and CEO. 
Responsibilities
Duties and Responsibilities:Governance Compliance | - Ensure adherence to legal, regulatory, and policy requirements. | - Work collaboratively with the executive leadership team, Board Chair and Board Secretary to support established governance processes and board operations | - Responsible for the ongoing management of action items, board policies, and frameworks by leveraging previous experience in governance settings, while promoting accountability and timely completion. | Communications | - Serve as liaison between the board, executive management, and stakeholders. | - Ensure effective communication and information flow. | Meeting Management | - Plan, organize, and facilitate the annual work calendar for board, committee, and taskforce meetings, ensuring opportunities for cross-committee collaboration and alignment of key initiatives across the governance program.Maintain committee members' focus on deliverables and milestones through structured program oversight. | - Ensure timely preparation and distribution of agendas, minutes, and related materials. | - Track attendance and ensure compliance with board policies. | Record Keeping | - Maintain accurate records of meetings, resolutions, and board documentation. | - Manage access to board repositories and ensure proper document storage and archiving. | Director Onboarding and Offboarding | - Manage onboarding and offboarding processes for board members, leveraging knowledge of governance best practices gained through prior roles. | - Provide resources for new directors and ensure return of assets upon departure. | Monitoring and Coordination | - Distribute post-meeting documents and track action items. | - Monitor action items and task ownership and progress against deliverables. | Board Member Performance Evaluation | - Coordinate board member evaluations in collaboration with the Board Chair. | - Ensure feedback is gathered, timelines are met, and follow-up actions are tracked. | Other DutiesUndertake special projects and other activities at the discretion of the Board.