Cyber Security

Cyber Security

Glocomms: A Specialist Cyber Security Talent Partner

Glocomms operates in the Cyber Security sector, a crucial domain as the need for adept professionals escalates in companies of all sizes. The UK, a hotspot for Cyber Security expertise, is experiencing a growing demand for these roles, underscored by an expanding skills shortage.

Predictions suggest that the number of open Cyber Security roles will only increase further, solidifying the value and longevity of these positions. The current shortage of skilled Cyber Security professionals in the EMEA region sits at 317,000, highlighting that demand continues to outstrip supply.

As specialists based in the City of London, Glocomms' consultants are committed to bridging this gap, sourcing top-tier talent for Cyber Security roles throughout the UK and Europe. Our services are dedicated to addressing this growing need, further securing the digital landscape for businesses across scales and sectors. Request a call back to hear more about our hiring solutions.

If you're a Cyber Security professional, please register your CV.

Register your CV

If you're looking for Cyber Security talent, please register your vacancy today.

Register your vacancy
or
Request a call back

Benefits of working with us

Our Cyber Security talent specialists help growing technology businesses source the right go-to-market strategy talent, manage the recruitment process, and facilitate onboarding. With multi-lingual language support, we provide international recruitment expertise to secure business-critical talent across Europe.

Our recruitment benefits

Experience

We have a decade’s worth of Cyber Security experience as a leading technology talent partner.

Network

A vast, global network of the best, in-demand Cyber Security talent.

Knowledge

Our award-winning talent specialists offer bespoke, tailored guidance on the latest hiring trends.

At Glocomms, we are dedicated to cultivating enduring partnerships grounded in trust, honesty, and shared prosperity. Our commitment lies in delivering bespoke solutions that align with your unique business requirements and Cyber Security recruitment preferences. Whether you seek immediate placement for pivotal roles or aspire for long-term strategic talent acquisition solutions, our arsenal of resources and expertise ensures successful outcomes. Share your vacancy with us today.

Looking to hire? Request a call back

Cyber Security Jobs

At Glocomms, we're excited about the future of Cyber Security. We encourage you to visit our Cyber Security Jobs to explore the cutting-edge roles we're filling in this transformative sector. Shape tomorrow's tech world with us; your future begins at Glocomms.

Security Software Engineer

Environment: fully on-site (5 days per week) Glocomms is partnered with a global quantitative trading firm seeking an elite Security Software Engineer to join its core engineering team in New York City. This role is designed for a top-tier technologist, a visionary security expert who thrives at the intersection of cutting-edge software development, cloud innovation, and advanced threat detection. You will be entrusted with building the most secure trading systems in the world, using your expertise to fortify mission-critical infrastructure while anticipating and neutralizing threats in a fast-moving environment. Key Responsibilities: Architect, build, and optimize advanced security frameworks that safeguard ultra-low latency trading systems, leveraging your deep expertise in high-performance, distributed systems. Contribute to cloud security strategy across diverse cloud environments (GCP, AWS, Azure) implementing state-of-the-art solutions that protect massive-scale systems while ensuring high availability. Design and implement next-generation detection and response capabilities, utilizing AI and machine learning to enhance real-time threat identification and remediation in milliseconds. Define and drive the firm's identity and authentication architecture; serve as a technical contributor to implement the most secure access control and authentication mechanisms (e.g., OAuth, SAML, and multi-factor authentication). Collaborate closely with core engineering, DevOps, and infrastructure teams to embed security best practices into every phase of the software development lifecycle, delivering high-assurance code without compromising speed or innovation. Develop systems that automate security incident responses at a granular level to ensure proactive defense against sophisticated cyber threats, zero-day vulnerabilities, and insider risks. Spearhead initiatives in data protection and cryptography, prioritizing the highest level of security for sensitive information, keys, and confidential trading algorithms. Leverage your advanced knowledge of container orchestration security to secure microservices and infrastructure across Kubernetes and Docker environments. Ideal Candidate: You are an exceptionally skilled software engineer with mastery of Python, C++, Go, or Java, and have a deep understanding of secure coding, cryptography, and vulnerability mitigation. You have extensive experience building cloud-native security architectures, particularly on GCP, with proven expertise in AWS security services (IAM, KMS, Security Hub, GuardDuty). You have designed and implemented high-performance detection and response frameworks, integrating AI/ML models and cutting-edge threat detection tools. You are a recognized expert in identity and access management (IAM), with a deep understanding of authentication protocols, MFA, and privileged access management. Your knowledge of security automation, SIEM platforms, intrusion detection, and incident response is unparalleled, with a track record of building highly automated, adaptive security systems. You are fluent in securing containerized applications and hybrid cloud infrastructures, particularly in high-performance and highly regulated environments. You operate with the utmost precision, translating complex security concepts into solutions that protect the firm's edge in the market. This is a fully on-site role based out of downtown Manhattan. Interested candidates should be located in (or willing to relocate to) the New York City Metropolitan Area.

US$200000 - US$450000 per year
New York
Apply

Manager, Security Engineering

We are partnered with a nationwide organization that provides facility maintenance services for commercial, industrial, residential, and companies. The client is looking to bring on a Security Engineering Manager to lead efforts to ensure the security, safety, and reliability of the client's product platform. Reporting to the Product & Engineering Leader, this role involves developing and executing comprehensive strategies for application security, managing security resources and practices, and collaborating with engineering teams to integrate security into product development. Key Responsibilities: Act as a strategic leader in shaping and implementing the application security strategy, ensuring alignment with the product security roadmap and organizational goals. Oversee the security of our platforms and assets, focusing on secure design and implementation across all products. Develop and manage security resources and practices, ensuring adherence to security best practices and effective utilization of security tools. Collaborate with stakeholders to align security initiatives with business objectives and ensure that security concerns are integrated into the product development lifecycle. Define and track key performance indicators (KPIs) and metrics for security engineering to measure and improve the effectiveness of security practices. Assess and manage the attack surface of our applications and platforms, implementing strategies to mitigate risks. Foster collaboration within the engineering team to integrate security seamlessly into the development process, from design to deployment. Lead efforts to ensure secure design principles are applied and security controls are implemented throughout the CI/CD pipeline. Requirements: Extensive experience in security engineering with a focus on infrastructure and web application security. Proficiency in encryption, penetration/vulnerability tools, and information security policies. Strong understanding of privacy rules and regulations and their application to security practices. Proven track record of managing security initiatives and leading distributed teams in a fast-paced environment. Relevant IT/cybersecurity certifications (e.g., CISSP, CISM, GSLC, OSCE) are highly desirable. Hands-on experience with AWS, Kubernetes, and CI/CD pipelines. Ability to influence and guide teams and stakeholders towards effective security solutions and practices. Additional Benefits: Health, dental, and vision medical coverage starting first day on the job. Paid Primary and Secondary Caregiver leave. Paid time off to volunteer. Employee Assistance Program. If you or someone you know is interested, please apply directly! **Location preference is to work hybrid out of the Cincinnati office location 2 days a week; candidates who are willing to accommodate this will be prioritized over fully remote candidates. Relocation assistance is available.

US$160000 - US$180000 per year
Cincinnati
Apply

Information Security Compliance Analyst

We're partnered with a leading electrical power company that is looking to add an Information Security Compliance Analyst to their growing security team! This person is responsible for ensuring that the organization adheres to cybersecurity regulations and internal policies by administering controls, investigating variances, and supporting audit processes to maintain compliance with various regulatory requirements. It's an exciting next step for someone looking to increase visibility and impact across an organization. Key Responsibilities: Implement and manage cybersecurity controls to ensure compliance with regulatory rule sets and internal policies. Monitor adherence to established protocols and standards, such as NERC-CIP, PCI, and SOX. Identify and investigate discrepancies or variances in compliance, escalating issues as necessary and collaborating on remediation process. Document evidence related to compliance activities, audits, and incidents. Support internal and external audit processes by providing necessary evidence and records. Ensure compliance with relevant regulatory requirements - including ERCOT and NERC-CIP - and prepare regulatory reports and Requests For Information. Implement operational best practices and drive process efficiency through automation and continuous improvement. Collaborate with process owners and stakeholders to ensure effective control performance. Document processes and controls related to cybersecurity and compliance. Preferred Qualifications: Bachelor's degree in Business, Technology, or a related field is strongly preferred Relevant certifications such as CISM, CISA, CISSP, etc. Proficiency in coding languages such as PowerShell, Python, C++ or Ruby) Knowledge of application development and technology key controls. Understanding of compliance standards and frameworks including NERC CIP, ISO 27001, NIST 800-53, SOX, PCI, NACHA, and NRC. Strong critical thinking and problem-solving abilities, and experience with Agile framework methodologies. Familiarity with ICS devices, generation assets, and transmission assets is a plus! If interested in learning more, please apply directly! **Location preference is to work hybrid out of the Dallas Metro office location 3 days a week; candidates who are willing to accommodate this will be prioritized over fully remote candidates. Relocation assistance is available.

US$110000 - US$130000 per year
Dallas
Apply

Lead Threat Detection Engineer

Glocomms are with a globally leading Wealth Management firm in the search for an experienced Lead Threat Detection Engineer to drive the creation and engineering of advanced security solutions designed to detect and counteract cyber threats. This role will focus on building and implementing innovative threat detection systems that address threats not previously identified. The ideal candidate will have a robust technical background, a proactive approach to problem-solving, and a passion for developing novel security solutions. Key Responsibilities: Security Solution Engineering: Design, build, and engineer cutting-edge security solutions specifically aimed at detecting and mitigating novel and sophisticated cyber threats. Develop and deploy advanced threat detection systems that are tailored to the unique needs of firms environment. Threat Detection Content Development: Create and maintain custom threat detection content, including detection rules, signatures, and alerts, to enhance the effectiveness of the firms security infrastructure. Develop innovative detection techniques and methodologies to identify previously unknown threats and attack vectors. Innovative Threat Detection Strategies: Lead the development of new threat detection strategies and frameworks to address emerging threats and vulnerabilities. Collaborate with cross-functional teams to integrate and optimize these strategies within the firms existing security architecture. Threat Intelligence and Analysis: Stay informed about the latest cyber threats, vulnerabilities, and attack trends relevant to the financial sector. Analyze complex threat data to continuously improve detection capabilities and adapt security solutions accordingly. Leadership and Collaboration: Provide leadership and mentorship to a team of threat detection engineers, fostering an environment of innovation and excellence. Work closely with other cybersecurity teams, IT departments, and stakeholders to ensure seamless implementation and enhancement of threat detection solutions. Incident Response and Continuous Improvement: Assist in the investigation and response to security incidents, leveraging advanced detection solutions to effectively identify and address threats. Evaluate and refine threat detection processes and solutions based on incidents learnt and the evolving threat landscape. Documentation and Reporting: Develop and maintain detailed documentation for all threat detection content, security solutions, and incident response procedures. Generate and present comprehensive reports on the performance of threat detection systems, emerging threats, and strategic recommendations to senior management. Qualifications: Education: Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field. Advanced degrees or certifications (e.g., CISSP, CISM, or equivalent) are a plus. Experience: Minimum of 7-10 years of experience in cybersecurity with a strong focus on threat detection and response. Proven experience in engineering and developing security solutions to detect cyber threats. Technical Skills: Proficiency in security technologies and platforms, such as SIEM (e.g., Splunk, QRadar), IDS/IPS, and EDR. Strong knowledge of network protocols, operating systems, and programming/scripting languages (e.g., Python, PowerShell). Experience with threat intelligence platforms and advanced analysis tools. Analytical Skills: Exceptional analytical and problem-solving skills with the ability to translate complex information into actionable security solutions. Leadership: Demonstrated leadership abilities with experience managing and mentoring technical teams. Communication: Excellent written and verbal communication skills, capable of conveying technical information to both technical and non-technical stakeholders.

US$150000 - US$175000 per year
Clearwater
Apply

Head of Cyber Security SOC

Job Title: Head of Cybersecurity Security Operations Center (SOC) Glocomms are partnered with a Vehicle Manufacturing Firm which stands at the cutting edge of innovation in the automotive industry. Their commitment to excellence extends beyond vehicle manufacturing to encompass the security and integrity of their digital infrastructure. As the company continues to grow and evolve, they are seeking a dynamic and experienced Head of Cybersecurity Security Operations Center (SOC) to lead their cybersecurity operations and enhance their defense against cyber threats. Position Overview: The Head of Cybersecurity SOC will serve as a strategic leader responsible for overseeing the cybersecurity operations center. This role focuses on developing and executing advanced strategies to safeguard the company's digital assets. The ideal candidate will be a visionary leader with a deep understanding of cybersecurity threats, proven experience in driving team growth, and a strong dedication to ensuring rapid and effective threat detection and response. Key Responsibilities: Strategic Leadership: Develop and implement a comprehensive cybersecurity strategy for the SOC that aligns with the company's business objectives and risk management framework. Define and set SOC goals, objectives, and key performance indicators (KPIs) to enhance threat detection, response capabilities, and overall security posture. Collaborate with executive leadership and other departments to align cybersecurity initiatives with organizational priorities. Team Management and Development: Lead, mentor, and grow a high-performing team of cybersecurity professionals, including analysts, engineers, and incident responders. Foster a culture of continuous improvement and professional development within the SOC team through training, certifications, and skill development opportunities. Oversee recruitment and retention strategies to build a robust and skilled cybersecurity workforce. Threat Detection and Response: Implement and manage advanced threat detection technologies and methodologies to identify and mitigate cyber threats in real-time. Develop and refine incident response plans, ensuring effective and timely responses to security incidents and breaches. Conduct regular threat assessments and vulnerability analyses to proactively address potential security risks. Operational Excellence: Monitor and manage SOC operations to ensure efficient incident management, alert handling, and threat intelligence integration. Establish and maintain relationships with external partners, including law enforcement, industry groups, and cybersecurity vendors, to stay updated on emerging threats and best practices. Continuously evaluate and improve SOC processes, tools, and technologies to enhance operational efficiency and effectiveness. Compliance and Reporting: Ensure compliance with relevant industry regulations, standards, and best practices related to cybersecurity and data protection. Prepare and present regular reports to executive leadership on SOC performance, threat landscape, and incident response activities. Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field; an advanced degree or relevant certifications (e.g., CISSP, CISM, CISA) is preferred. A minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role overseeing SOC operations. Proven expertise in threat detection, incident response, and cybersecurity technologies. Strong understanding of cybersecurity frameworks, standards, and compliance requirements. Excellent leadership, communication, and interpersonal skills with a demonstrated ability to manage and inspire teams. Experience in the automotive or manufacturing sector is a plus.

US$250000 - US$275000 per year
North Carolina
Apply

Senior Director of Cybersecurity

Glocomms is partnered with a prominent leader in the food and beverage industry dedicated to delivering safe, high-quality products to consumers while navigating the complex challenges of a dynamic marketplace. With a strong commitment to innovation and excellence, the client is seeking a Sr. Director of Information Security to spearhead their cybersecurity efforts and drive the company's mission to provide safe, reliable, and top-tier food products in an ever-evolving digital landscape. The Sr. Director of Information Security will lead the cybersecurity efforts for a leading food and beverage company, ensuring that the digital landscape supporting the production and distribution of private label packaged foods is secure, resilient, and aligned with the company's mission of delivering safe, high-quality products. This role combines cutting-edge cybersecurity practices with a deep understanding of the unique challenges faced by the food industry, where protecting sensitive information, ensuring supply chain integrity, and maintaining consumer trust are paramount. Primary Responsibilities: Craft and implement a cybersecurity vision that safeguards not just digital assets but also the processes that ensure the quality and safety of our food products. Your strategy will protect the company's recipes, proprietary processes, and sensitive supply chain data, ensuring the smooth and secure delivery of products from farm to table. Develop and maintain a cybersecurity risk management framework that addresses the specific challenges of the food and beverage industry, including protection against supply chain disruptions, contamination risks, and regulatory violations. Navigate the complex regulatory landscape of the food industry, ensuring that cybersecurity measures comply with industry-specific standards such as the FDA's Food Safety Modernization Act (FSMA) and other relevant food safety and quality regulations. Implement incident response plans tailored to the food industry's unique needs, ensuring rapid recovery not just of IT systems but also of critical production and supply chain operations in the event of a cybersecurity breach. Develop engaging, industry-specific cybersecurity training programs for employees, emphasizing the importance of protecting sensitive food safety data and the risks associated with digital threats in food production environments. Oversee relationships with vendors and suppliers critical to the food production process, ensuring they adhere to the company's cybersecurity standards while managing budgets to prioritize investments in technologies that enhance both security and operational efficiency. Regularly update stakeholders, including the Cybersecurity Steering Committee and executive leadership, on the cybersecurity program's impact on food safety, supply chain continuity, and consumer trust. Provide actionable insights that support the company's broader mission of delivering safe, high-quality foods to consumers. Key Qualifications: Bachelor's degree in Business Administration, Information Technology, Food Science, or a related field. Advanced degrees or specialized training in food safety/security are preferred. Proven senior leadership experience in information security and risk management within the food and beverage industry or other highly regulated environments. Experience with food safety, supply chain security, and regulatory compliance is highly desirable. Desired certifications include CISSP, CISM, CISA, and CRISC. Additional certifications in food safety or supply chain security are a plus. In-depth understanding of cybersecurity management frameworks (e.g., NIST, ISO/IEC 27001, ITIL, COBIT) and their application in the food and beverage industry. Familiarity with FSMA and other food safety regulations is a strong advantage. Ability to develop and implement cybersecurity strategies that protect both digital and physical assets, ensuring the integrity of food production and distribution processes. Skilled in working with cross-functional teams, including food safety, supply chain, and regulatory compliance, to integrate cybersecurity into broader business practices. Expertise in assessing the potential impact of cybersecurity threats on corporate and supply chain operations, with the ability to implement risk mitigation strategies. Experience managing complex projects in dynamic environments, ensuring that cybersecurity initiatives align with production schedules and business objectives. This role offers a unique opportunity to lead cybersecurity in a sector where the stakes are not just about data protection but also about the safety and trust of millions of consumers who rely on our client's products every day.

US$180000 - US$220000 per year
United States of America
Apply

Security Analyst

Summary: We are partnered with a private investment firm specializing in private equity, venture capital, credit, and public equity. This firm is consistently ranked among the top private equity firms globally, frequently appearing in rankings such as the PEI 300. Deeply invested in leveraging cutting-edge technology to enhance tech-driven investment strategies and operational capabilities, this firm is looking to bring a hybrid Security Analyst onto their growing team. This position will ensure confidentiality, integrity, and availability of the firm's systems, network, and data, while assisting in the implementation of security measures. The Senior Analyst will be responsible for: Continuously monitor and analyze security events across the firm's networks and systems, using Security Incident and Event Management (SIEM) tools to detect and respond to potential threats. Manage and respond to security incidents, including log monitoring and management, ensuring issues are resolved in a timely manner. Implement and maintain comprehensive security measures, including firewalls, encryption, web filtering, and network and operating system security. Provide technical security guidance and support across the organization, including recommendations for security software management and data protection. Utilize scripting languages such as Python and PowerShell to automate security tasks and enhance operational efficiency. Manage and configure security settings for local area networks, Active Directory, Group Policy Objects, and IAM/IDPs. Stay informed about the latest exploits and hacker techniques, proactively addressing vulnerabilities in the firm's systems. Oversee security measures for cloud environments, including AWS and Azure, ensuring adherence to best practices. Promote information security awareness across the organization to bolster overall security posture. The ideal candidate will possess the following qualifications: Bachelor's Degree in Computer Science, Management Information Systems (MIS), or Information Security. Solid understanding of cybersecurity fundamentals and hands-on experience with security software management and technical security guidance. Proficiency in Windows, Mac OS, and Unix/Linux operating systems. Experience with scripting languages such as Python and PowerShell. Knowledge of security concepts including IAM/IDPs, PAM, and encryption. Familiarity with local area networks, firewalls, Active Directory, Group Policy Objects, and security incident management. Experience with AWS and Azure cloud platforms. Strong analytical skills, attention to detail, and the ability to stay current with emerging threats and security trends. If you or someone you know is interested, apply directly below!

US$100000 - US$140000 per year
Boston
Apply

Security Engineer

Glocomms is partnered with a global alternative investment management firm looking to bring on a Security Engineer to play a vital role in protecting the firm's dynamic and evolving technological environment. The ideal candidate will have a strong background in information security within the financial industry and hands-on experience with Microsoft security solutions. Strong communication skills are a must, as this position will be tasked with providing senior leadership with clear and concise reports that accurately reflect the firm's cybersecurity posture and evolving risk landscape. Key Responsibilities: Implement and manage Microsoft security solutions, including desktop and server operating systems, Active Directory, Group Policy, EntraID, and Desired Configuration State. Ensure robust DNS and messaging security across the organization's infrastructure. Collaborate with development teams to integrate security measures in CI/CD pipelines using tools like Jenkins and Terraform. Manage and secure IaaS and SaaS solutions, ensuring seamless operation and compliance with security standards. Implement and manage authentication protocols, including SAML, OIDC, and Kerberos. Configure and maintain Office 365 security controls, including Azure Active Directory, Conditional Access, and Microsoft CAS. Develop and enforce Data Loss Prevention (DLP) policies and implement Azure Information Protection (AIP) solutions for data labeling, classification, and encryption. Ensure compliance with data protection regulations, such as GDPR and HIPAA, through effective use of DLP and AIP technologies. Utilize tools like EDR and SIEM for continuous monitoring and threat detection. Conduct vulnerability management and remediation efforts to safeguard the organization's assets. Write and maintain scripts in PowerShell for automation and enhanced security operations. Understand and analyze code in C#/.NET to ensure secure coding practices. Work independently and proactively within a fast-moving, high-pressure environment. Communicate and collaborate effectively with cross-functional teams to address security challenges and implement best practices. Qualifications: Bachelor's degree in Computer Science, Engineering, or a related field. 3-5 years of experience in a technical security role, preferably within the financial industry. Hands-on experience with Microsoft security solutions and related technologies. Proficient in managing Active Directory, Group Policy, and Azure AD. Strong scripting skills in PowerShell; familiarity with C#/.NET is a plus. Experience with CI/CD pipelines, Jenkins, Terraform, IaaS, and SaaS solutions. Knowledge of authentication protocols (SAML, OIDC, Kerberos) and security controls for Office 365. Relevant security certifications such as CISSP, GCIA, CISM, or product certifications (e.g., PingFederate, Azure, Windows, AD) are a plus. Ability to prioritize tasks in a high-pressure, fast-moving environment with a high sense of urgency. Strong problem-solving skills, proactive thinking, and the ability to work independently. Excellent communication and collaboration skills. This position will play a key role in the establishment and optimization of the firm's Information Security Governance framework. Interested candidates should have excellent oral and written communication skills and the ability to work cross-functionally with both technical and nontechnical teams. Candidates must be located in (or willing to relocate to) the Miami, FL area to be considered.

Negotiable
Miami
Apply

Senior Application Security Engineer

Glocomms is partnered with a cybersecurity SaaS platform who is seeking a fully remote Senior Application Security Engineer within Product Security, to play a critical role in safeguarding products from emerging threats. You will be responsible for designing, implementing, and managing security measures to protect applications and services. As a technical leader, you will collaborate with various teams to embed security best practices into every aspect of the product lifecycle, ensuring compliance with industry standards and regulatory requirements. Key Responsibilities: Develop a comprehensive understanding of products, services, and architectures to identify potential security risks and vulnerabilities. Conduct thorough security assessments, including threat modeling, secure architecture reviews, code reviews, and penetration testing of web and mobile applications. Interpret security vulnerability reports and provide actionable advice on prioritization, remediation, and mitigation to stakeholders with varying technical backgrounds. Collaborate with development teams to integrate security into all phases of the Software Development Life Cycle (SDLC), ensuring secure coding practices and adherence to industry standards. Create and maintain detailed documentation for security processes, protocols, and guidelines. Deliver accurate and concise security metrics to stakeholders and business leaders, providing clear insights into the organization's security posture. Stay up-to-date with the latest security vulnerabilities, tactics, techniques, and procedures (TTPs) to maintain high proficiency in relevant security topics. Develop and deliver security training and education programs across the organization to enhance security awareness and practices. Develop innovative and scalable tools, solutions, and processes to improve product security operations and effectiveness. Support the implementation of security tools, ensuring their effectiveness, and accurately interpreting results for relevant stakeholders. Qualifications: 8+ years of experience in Application Security roles, with a strong focus on application, API, database, and infrastructure security. Deep understanding of security vulnerabilities, defense techniques, and best practices. Ability to clearly explain vulnerabilities and their implications to stakeholders with varying levels of technical expertise. Proven experience in performing threat modeling and providing actionable recommendations based on results. High proficiency in scoring security vulnerabilities using the Common Vulnerability Scoring System (CVSS). Strong understanding of Secure Software Development Life Cycle (SSDLC) and experience with development and integration tools used in CI/CD pipelines. Experience in providing secure coding training and education to developers, going beyond generic remediation advice to offer tailored solutions. Knowledge of one or more major cloud providers (Azure, AWS, GCP) and their security practices. Experience with authentication and authorization standards and protocols, such as SAML, OAuth, LDAP, and Active Directory (AD). Practical knowledge of applied cryptography, including encryption at rest, TLS, hashing, and common cryptographic attacks. Ability to read and write code fluently, with a strong understanding of secure coding practices. Ability to thrive in a self-directed, highly collaborative, and cross-functional environment. A strong passion for researching vulnerabilities and staying ahead of the latest exploitation techniques.

US$160000 - US$180000 per year
Chicago
Apply

Penetration Tester

We are partnered with a leader in the data AI space who are actively seeking a skilled and experienced Penetration Tester with a strong background in software engineering to join their dynamic Security team. In this role, you will take ownership of evaluating the security of features and products, independently planning and executing penetration tests, and documenting your findings in accordance with industry best practices. As a key member of our team, you will advocate for and implement software security best practices, work closely with stakeholders to ensure that security is a fundamental part of the development process, and develop comprehensive threat models for proposed features. Qualifications: 3+ years of experience in application penetration testing and software engineering, preferably with enterprise software/systems. Proficiency in languages such as C#, Java, Ruby, Go, Python, etc. Proven ability to produce detailed penetration test reports tailored for both executives and developers, with clear prioritization and mitigation strategies. Strong experience with the OWASP testing guide and a deep understanding of industry-standard security practices. Familiarity with various web frameworks and technologies, including JavaScript, XML, SOAP, and JSON. Why This Role? You will have the independence to plan and execute penetration tests, showcasing your expertise in vulnerability identification and resolution. You'll play a crucial role in promoting software security best practices, driving a culture of security awareness within the organization. Work alongside stakeholders to integrate security into the design and development of features, ensuring robust security measures are in place. Lead the development of threat models and propose countermeasures, contributing to the proactive defense of our systems and applications. Our client is headquartered out of Boston, MA and this position is a fully remote opportunity** offering competitive compensation (base + bonus) and great benefits. If interested in learning more, please apply directly! **Hybrid (2-3 days a week) local to this company is preferred and will be prioritized over fully remote hires; however depending on circumstances our client is willing to consider fully remote employees.

US$140000 - US$160000 per year
New Boston
Apply

Junior Information Security Analyst

Information Security Analyst Location: Montreal, Canada (Hybrid 3-days on-site per week) Salary: Competitive base + bonus Working hours: 11:30am - 8:30pm EST Glocomms are partnered with a globally leading high-frequency trading firm with a security-first mindset in the search for an Information Security Analyst to join a highly technical team of Security Engineers and Analysts, focusing on preventing cyber intrusions and attacks via automation whilst identifying opportunities to further develop the existing security posture. Key responsibilities: Monitor SIEM, networks, and systems to identify potential security threats, incidents, and requests for information. Identify security exposure by developing/Implementing automated systems. Expand capabilities, optimize efficiency and exceed client expectations by engineering and administrating Security Infrastructure. Provide guidance and direction on security flaws, how to exploit and remediate such flaws. Assess the effectiveness of the firms' cyber defense and response time. Participate in hands-on Attack Simulations and threat emulation activities regularly. Have a heavy involvement in threat management, vulnerability management, and Incident Response activities. Work effectively as a senior team member, providing hands-on support to clients, maintaining communication, and keeping senior management up to date on progress. Ensure that appropriate standards, best practices, workplace policies, and procedures are followed. Experience required: Bachelors degree in Computer Science, Cyber/Information Security, IT, or a related field. Experience analyzing detected security evens and triaging incidents. Hands-on experience with SIEM, IDS/IPS, firewalls, DLP, and EDR/XDR. Strong knowledge of threat actor/group TTP's, network scanning, code activity, and DDOS. Experience programming in languages such as Python, PowerShell, or Bash for automation.

US$90000 - US$120000 per year
Montreal
Apply

Director of Laboratory Systems & Application Innovation

About the Company: A leading international pharmaceutical and biotechnology company is looking to expand their executive team with a tenured individual to oversee Operational Technology (OT) development and associated risk globally, for a pivotal pillar of their R&D team. Focused on systems and automation in a lab setting, this role will lead the strategic direction, roadmap development and associated maintenance for end-to-end lifecycle management as the department's impact continues to expand and grow. You'll collaborate across the organization with other technology-driven teams, assess and prioritize various risks, and ensure the proper standards and controls are in place for complete OT security compliance. This is a great next step for someone with previous success in a biotechnology, pharmaceutical or medical device setting, who understands the systems and applications used in laboratory research and related OT security / regulatory requirements that is looking to make an impact at the global level! Basic Qualifications: Bachelor's degree in Business, Science, Engineering, Information Technology, or a related field. 6+ years experience managing laboratory systems (preference if both validated and non-validated environments) 3+ years experience in a leadership role, managing large, multi-site, and international teams. Preferred Skills / Expertise: Masters, PhD or MBA, or post-graduate professional qualification in Business or Science, Engineering, Information Technology related discipline Proven success creating and driving vision / roadmap for multi-national organization. Confidence collaborating with various technical and non-technical stakeholders at all levels. Hands-on technical background, to demonstrate in-depth understanding of how various updates, modifications or new technologies are implemented. This is a hybrid position (2-3 days onsite) in Greater Boston, and offers a competitive compensation package inclusive of base + annual bonus + company shares and an extremely generous 401k match. If interested in learning more, please apply directly! **Relocation assistance may be available.

US$200000 - US$230000 per year + annual bonus, company shares
Boston
Apply

Cyber Security News & Insights

The Strategic Importance of Network Security: Beyond the Tech Image
cyber-security

The Strategic Importance of Network Security: Beyond the Tech

In today's digital era, where every facet of business is intricately intertwined with technology, network security is a growing concern. But while it's often pigeonholed as a purely technical issue, this viewpoint misses the broader implications. Network security is not only about firewalls, intrusion detection systems, and encryption; it's about strategy.A Strategic Defense against Cyber ThreatsHow we protect our data and systems from cyber threats is a direct reflection of our strategic priorities. The kind of security protocols you adopt, the technologies you embrace, and even the response mechanisms you have in place can shape the brand image and trustworthiness of your business in the eyes of your stakeholders.The Power of Cloud and Hybrid NetworksWith the increasing shift towards cloud and hybrid networks, businesses can no longer depend solely on traditional defense mechanisms. The strategic choice of leveraging cloud technologies requires an equally strategic approach to security. It's about seamlessly integrating on-premise infrastructures with cloud environments while ensuring that both are fortified against threats.Bridging the Network Security Skills GapThe technological landscape is constantly evolving, and with it comes new challenges. Our clients are increasingly looking for candidates with the skills needed for network automation to enhance performance, and tools like Terraform and Ansible to remain agile and efficient.However, there's a noticeable gap between demand and supply when it comes to expertise in these areas. Businesses are in dire need of professionals who can navigate the complex world of network security and automation.Connect with the Experts​Are these challenges affecting your hiring opportunities? Is the rapidly shifting landscape of network security causing uncertainties in your staffing needs?You're not alone. Many businesses are grappling with similar issues, and they require a strategic partner who understands both the technical and strategic dimensions of the domain.Reach out to James directly by completing the form below. Let us help you navigate these challenges and ensure that your network security strategy is robust, dynamic, and forward-thinking.Request a call back​

Read More
Hiring Cyber Security Talent Image
cyber-security

Hiring Cyber Security Talent

There are many verticals we specialize in here at Glocomms across the cyber security space, each with their own unique hiring trends. Here is a brief overview of some of the cyber security developments we are seeing across manufacturing, health technology, media & entertainment, and SaaS. ManufacturingCyber security is a fundamental challenge for any business leader, but manufacturing has officially overtaken financial services, healthcare, and insurance, to become the world’s most attacked sector[i], due to increases in reconnaissance targeting. As more supply chains and manufacturing facilities embrace digital software for efficiency reasons, there is the dual challenge of losing precious time to mitigating cyber-attacks. This presents the industry with an acute need for more cyber security professionals to prevent such attacks, but with a tight talent pool, competition for the best professionals is high. Europe’s automotive manufacturing and supply chain companies[ii]saw demand rising for cyber security professionals more than any other industry last year. This figure is compiled by GlobalData, whose thematic approach groups company activity to see which organizations can best weather disruptions and tackle issues “that keeps a CEO awake at night.” Health Technology The threat to healthcare and healthtech from cyber-attacks cannot be understated – 32% of healthcare security leaders said they had to divert patients to other providers after cyber-attacks, according to Imprivata’s report[iii], a digital identity company for life and mission-critical industries. ECRI[iv], a non-profit that focuses on healthcare technology and safety, also cites cloud security in its list of, ‘Top 10 Health Technology Hazards for 2023.’There is a greater need for cyber security professionals who can protect patient data as the healthcare industry becomes more reliant on technology. Medical institutions also need to create a culture of cyber security, to assist cyber experts when they come into the business. Media & EntertainmentYou may recall the leaking of the script for the James Bond movie ‘Spectre’[v], which highlighted how vulnerable the media & entertainment industry can be to cyber-attacks. Streaming services such as Netflix have also seen their own customer data breaches, with ransomware authors also becoming more adept at finding vulnerabilities, and thus exploiting them[vi]. So, how can the industry protect itself? Ultimately media & entertainment platforms need to invest in cyber software and professionals. Household names can utilize their brand power to attract talent and invest profits back into internships to enable new talent to enter the market in the future. Thinking long-term and planning for the talent of tomorrow is one strategy to future-proof an organization, because large-scale media & entertainment names cannot afford the reputable fallout of security breaches. SaaSThe popularity of Software-as-a-Service (SaaS) platforms is only going to grow, and the more applications an organization has in its tech stack, the greater the risk of cyber breaches. This means it is crucial to keep up with cyber security developments to maintain customer trust and platform integrity. According to Forbes[vii], “SaaS security is unique because of the velocity of new SaaS being adopted and the decentralized purchasing decision process. These two things combined break the traditional cybersecurity frameworks.”While business leaders and CISOs must adopt a risk mindset, whether working for a SaaS company or using one as a customer, the reality is that one way to mitigate cyber threats is to consider hazards outside of the software itself. Cyber experts can be employed to also educate users and have visibility over data transmissions. Often organizations are at the mercy of employees exposing information, therefore businesses must find talent that can not only lead it securely, but also has soft skills in teaching colleagues and training the wider organization on best practice. ​A number of industries are competing for the same cyber security talent. There are different push and pull factors dependent on the individual being hired, so a nuanced approach as opposed to a one-size-fits-all strategy will result in talent being more attracted to a business. To hire the best candidate for your open role, get in touch with Glocomms today. As a specialist talent partner in Technology, we have access to industry-leading talent around the world. Find the talent you need by submitting your vacancy, or request a call back to elevate your hiring process with the right talent partner today.

Read More
Cyber Security Talent Insights Image
cyber-security

Cyber Security Talent Insights

​​The cyber security market is predicted to grow to $266 billion by 2027, but with opportunity comes many risks, disruptions and challenges. With skilled business-critical cyber security professionals in high demand, companies must develop effective hiring solutions to capitalize on the market and protect their systems, networks, and data against cyber attacks and security breaches.In this report, our technology talent experts at Glocomms guide you through:Key trends in cyber security, from market risks to hiring approachesTop priorities for candidates in the cyber security fieldInsights from Katie Owston, Associate Vice President at GlocommsKey takeaways and recommendations for both hiring managers and professionalsDownload your copy of the 'Cyber Security Talent Insights' report by completing the form below:​​

Read More
Three IoT Cybersecurity Trends For 2019 Image
cyber-security

Three IoT Cybersecurity Trends For 2019

​As the world becomes more connected, the Internet of Things (IoT) continues to expand. Gartner forecasts that 14.2 billion connected things will be in use during 2019, rising to 25 billion by 2021.In the wake of this increased connectivity, cybersecurity breaches emerged as the #1 concern for US CEOs at this year’s World Economic Forum. Here, we explore three key cybersecurity trends impacting the IoT in 2019 and how they are shaping the labor market.The emergence of 5G5G is 2019’s hottest trend in IoT and its impact is expected to be huge. It has the potential to transfer higher volumes of data and connect to more devices up to 20 times faster than 4G. By 2020, Gartner forecasts that 60% of organizations plan to deploy 5G, while Ericsson’s 2018 Mobility Report predicts that by 2025 1.5 billion of us will be connected to 5G. While 5G will integrate the Internet of Things more deeply into our lives and open up numerous possibilities for consumers and businesses, it brings with it a much higher cyber security threat. A world that is almost entirely connected means organizations will be exposed to significant new cyber risks that businesses must be prepared for. IIoT : Industrial Internet of ThingsThe Industrial Internet of Things, or IIoT, refers to billions of industrial devices connected to wireless networks which collect and distribute data across industries as diverse as healthcare, utilities and transportation. This gathered data is analyzed to improve businesses processes and productivity to enable faster and more accurate decision making. The IIoT protects the critical infrastructure and systems we rely on and may take for granted in our day-to-day lives.A broader base of assets connected to more diverse systems and devices offers more points of entry for a potential breach and industries must rethink its security. System failures in the IIoT can have high risk consequences and without effective protection serious disruption can occur. The emergence of 5G will also have an impact on the IIoT. 5G enabled devices will require a new level of cybersecurity to protect infrastructures, with denial of service attacks (DOS) becoming a significant concern. For instance, in March 2019, a cyber disruption to the US grid reported by the Department of Energy involved a "denial of service condition" at a Western utility.IoMT – (Internet of Medical Things)​Emerging technologies are transforming the healthcare sector. Connected medical devices gather vital data to provide insights into patient symptoms, enable remote care and improve treatment. However, healthcare remains a vulnerable area in cybersecurity.The cost of data breaches in the IoMT are among the highest across all sectors, yet many healthcare facilities still rely on outdated operating systems. 4.4 million patient records were breached in Q3 alone in 2018, highlighting the need for extreme precautions.Again, 5G will have a far-reaching impact on the IoMT, with the increased connectivity substantially raising the potential for data breaches.The cybersecurity skills shortageThe rise of the IoT and the investment in 5G technology are putting immense pressure on demand for cybersecurity talent. An estimated 2.93 million cybersecurity positions globally are currently unfilled. A staggering 500,000 of those are located in the US.At the same time, while jobs postings for cybersecurity roles are up, applications have fallen.In the longer-term, 5G technology is expected to create an estimated 22 million jobs by 2035, requiring skills that people don’t yet have and placing more pressure on a jobs market struggling to keep pace with demand.Without a seamless and effective hiring process, organizations simply don’t have the capability to develop effective security procedures to both detect and prevent cyberattacks and protect vital data.Glocomms has recognized a tremendous opportunity in the emergence of 5G and the increasing reliance on IoT in our everyday lives.Given this market knowledge, we have developed a recruitment practice focused exclusively on networking and building a talent pool within IoT and IoT security. Having built relationships with some of the world’s premier IoT, IIoT and IoMT vendors, Glocomms continues to establish itself as a major provider of talent in a very niche and undersupplied IoT talent market. With lines of business that cover everything from Sales and Marketing, Product Management/Development, Software Development & R&D, Data Science & Engineering, and Cyber Engineering & Operations, we can confidently address the needs of any growing IoT vendor across their product development lifecycle. We work closely with vendors as they build and deploy their products and services, from early stage and greenfield organizations to companies looking to ramp up their sales and marketing teams and ensure their products and solutions reach the doorstep of every potential customer.Regardless of your business growth needs, we’ve got you covered!For more information about how to reach one of our specialized IoT recruitment consultants, or to learn how our business can become an extension of yours in finding that tough to reach IoT talent, contact us today.

Read More
How to Get Ahead in Cybersecurity Image
cyber-security

How to Get Ahead in Cybersecurity

​A career in cybersecurity is one of the most sought after in the tech field and can be a fulfilling and lucrative option for talented and ambitious professionals. Cybersecurity experts play a vital role in keeping their employers and their customers safe while online. But to succeed requires specific qualifications and experience.Here we take a look at how to get ahead in this rewarding field.Where are the jobs?In short, everywhere.From American universities to British Airways and Facebook, hackers have caused havoc for employers throughout 2018. No sector or organization is immune. By 2021 it’s predicted that at current levels of rising demand versus expected candidate availability, there could be a staggering 3.5 million open jobs in cybersecurity.Cybersecurity talent is sought after around the globe but in particular:In the UK and Europe, the introduction of the EU’s GDPR (General Data Protection Regulation) more than tripled demand for cybersecurity professionals in 2018. The GDPR is also expected to be one of the top cybersecurity concerns for employers in 2019.Australian and Canadian employers are experiencing serious national skills shortages in the sector.A 28% growth in cybersecurity jobs is predicted from 2016 to 2026 in the US.What about the gender gap?The gender gap is real and not predicted to close any time soon.  Females are underrepresented in the cybersecurity sector. It is estimated that around 20% of cybersecurity professionals are women but some studies suggest a much lower figure. Deloitte’s global Women in Cyber initiative launched in July 2018 to address this issue and encourage more females to explore a career in the sector. If you’re considering that option, this initiative offers real-life insight from women working in the sector, including advice on how to build a career in cyber, the potential challenges and the skills needed to succeed.A lucrative careerDemand is pushing up average salaries for cybersecurity professionals, which stands at around c$117,000. Pay for entry level jobs is also soaring. Graduate roles in the US now attract salaries of close to $100,000 per annum, more than in any other sector. Your salary will depend on your level of expertise and experience – and the specific requirements of a prospective employer. Speak to your recruiter for more detailed advice.A career with securityLike most of the tech sector, cybersecurity is one of the most reliable professions for long-term job security. The role of Cybersecurity Engineer is predicted to become the most in-demand tech job in 2019 but opportunities are varied and numerous. Other roles include security engineer, security analyst, penetration tester, and cryptographer. The emerging role of Chief Cybercrime Officer may also become critical to larger organizations in 2019 as data hacks are expected to rise.The key to success is to stay on top of current trends and develop the skillsets that make you more valuable to employers.  As well as the GDPR, research suggests that the top cybersecurity concerns for businesses in 2019 including phishing, ransomware, the cloud and cryptocurrency mining.Have you got what it takes to succeed?If you’re considering a career in this specialist sector, or seeking your next career move, here’s our advice:A bachelor’s degree in cybersecurity or another field of computer science is essential for most employers. Many cybersecurity professionals move from traditional tech roles, such as systems administrator into more specialized positions through additional training.For entry level candidates, deciding on your specialization can help to make you more attractive to businesses.Ensure you constantly refresh your skills and invest in your future. Tech is rapidly changing and new skillsets are required constantly.For professionals looking for a leadership role, the same advice applies. Stay ahead of trends in the sector and work on the skills that are needed for your next career move. Acquire the most relevant certifications and training, through online courses or a master’s degree for example.Networking should be an ongoing strategy to help you to fulfill your long-term career goals. Keep your LinkedIn profile up to date and build professional relationships with people in your field.Speak to a specialist recruiter who knows your sector inside out and is ideally positioned to advise on your next career move.Working with a specialist recruiter like those at Glocomms, can help understand your career options within cybersecurity and make sure you secure a job that is a perfect fit for you. To learn more, get in touch with Glocomms today.​

Read More
Cybersecurity Market Update Image
cyber-security

Cybersecurity Market Update

​Glocomms' insight on the 2018 Cybersecurity Landscape Across the End-User and Vendor ArenasIntroductionGlocomms was founded on the premise of Cybersecurity becoming the most in-demand and integral part of technology across all industries. In 2017, we saw a multitude of high-profile cyberattacks targeting various companies including Uber, Deloitte and Equifax with the most prominent attacks being WannaCry and Petya. Given the visibility on the cybersecurity market, Glocomms expects to see a large focus on hiring resources and talent to develop and elaborate the hardening of security practices. Such developments include in-house security operation centers (SOC), increased spending on the most innovative threat intelligence products and AI talent and the adoption of automation and cloud security practices in order to properly protect customer and employee data.​The consequences of insufficient security and data protection were recently highlighted by Facebook stocks sliding nearly 15% in a 36-hour window, off the back of an exposed global data breach. Such high profile examples prove that Cybersecurity has the attention of the global media platform and consequently, the market is tightening as the need for remediation in real-time is becoming absolutely imperative.​In order to provide this level of service on a 24x7x365, vendors and end users are adopting advanced solutions. The two main trends we have seen in the first quarter of 2018 have been the integration of Artificial Intelligence & Data Science coupled with the need for Automation & Cloud Security. ​AI/Data Science & Cloud AutomationOur recruitment business gives us a unique look into these trends, as our business model is comprised of two main pillars of focus: Cybersecurity and AI/Data Science. We see the perspective of urgent needs for specific skillsets, as well as the perspective of building expertise through seeking new challenges and career options through working with stealth-mode to IPO vendors as well as the world’s largest global end-users.​When considering the impact AI can have on Cyber, it is clear why artificial intelligence, machine learning and data science will have a huge impact on the ability for software to be able to detect and remediate intrusions and vulnerabilities. Nonetheless, it is who brings the expertise that affects how analytics will impact the industry given these will be the individuals building models to analyze and make sense of the data.​In order to understand the talent pool, we need to understand what motivates individuals to bring their experience to the cybersecurity industry. Most frequently, we see these professionals are motivated by the exposure to working with novel, proprietary, and in this case, unknown data. Additionally, not only the access and exposure to the data is compelling, but also the advanced decision making predictable by the data that draws this talent into the industry.​We have also seen increased attention on the automation and acceptance of risk adverse cloud usage cases, the adoption of MSSP’s that offer integrated threat analytics/ threat management solutions, and new industry trends that dive deeper into the impact AI can have on this ever-changing landscape across the vendor and end-user arenas.​Artificial intelligence, machine learning and data science are being leveraged in a variety of ways and can be exhibited by the huge influx of neural network and deep learning talent transition into the threat analytics arena. Given the sheer magnitude and significance of personal information embedded within the data across industries such as healthcare, financial services and commerce, it is no surprise that data scientists are excited about an opportunity to advance security solutions and play an impactful role on the business/product at large. We know from speaking to these professionals that it is the access and exposure to novel and unique data across the abovementioned industries that drive and motivate their career interests.​Given that Data Science/AI & Cybersecurity are the two focal points of our Glocomms business, it is exciting to see the transfusion of these emerging technology industries shaping the future of the entire technology landscape across all industries.​Investment BanksCloud security is currently the hottest trend from an end-user perspective. This trend is clear, given the activity we have seen across the finance industry as they move towards the adoption of specific usage cases for the various open source cloud platforms. This is exciting because these have historically been some of the most proprietarily kept platforms in the world – some banks even used proprietary coding languages to build their platform! In order to be comfortable with these offerings, the institutions now need to put together documentation on the risk assessments attributed to such solutions. Once these frameworks and usage-cases are clearly determined and outlined, offerings will begin to spread across more and more business units. Currently, large asset managers and global investment banks offer their clients a commercialized version of their front-office risk systems but this is only one portion of what the cross-business platform has to offer.​The next step will be providing an integrated and secure cloud-based solution across all layers of the risk management platforms that each of the various firms offer. Some banks are in the midst of developing a similar type of cross-business platform and although they may be scrutinized for their late-arrival to the party, it might work to their advantage given the new technology currently available because having an opportunity to build a platform from scratch using the latest and greatest products for hardening security layers and adopting cloud offerings allows for a more integrated and theoretically, hardened solution! It seems cloud security will be at the top of the list for most in-demand and least- attainable skill sets in 2018. This has already been evident given the vast hiring and increased compensation bands for cloud security professionals across the end-user arena. We believe the reason for this is these professional all need to not only bring the expert technical skills to the table, but also need to be able to communicate internally and externally with key stakeholders around usage cases for cloud offerings.​Buy-Side PerspectiveFrom a Buy-Side perspective, we have seen large global hedge fund clients looking to hire Encryption Engineers to build proprietary security layers into their existing infrastructure (often cloud-based). This is an obvious step in the right direction, given in the past it seemed many funds were scared by the prospects of putting their ‘secret sauce’ out in the cloud. Additionally, we have seen vast hiring across the Security Incident Event Management (SIEM) arena, most of whom, seem to be moving to Splunk given the versatility of the product. This is also consistent with what we have seen in Investment Banks this year.​From a recruitment standpoint, we see a huge amount of potential on the buy-side in 2018 and expect to see talents being directly targeted from the tech giants as these are the professionals with the most amount of exposure to novel data with the best skillsets for architectural remediation and hardening. ​Vendor PerspectiveAs the vendors continue to offer more and more comprehensive and integrated analytical solutions, the need to stay on top of the market and hire professionals that have experience with the most cutting-edge products becomes even more imperative. We have seen massive hiring across the vendor arena given the influx of investment and the urgent need for this analytical talent. The data being analyzed is ever-increasing and the adoption of AI is not quite keeping up with the workload for the SOC. Thus, we have still seen a steady stream of hiring within these types of positions including: threat hunters, incident responders and security engineers. Not only the vendors are hiring these professionals across the mid-senior level, but also the end-users are building their own in-house SOC’s to reinforce internal security measures creating more intelligent solutions on the network to detect vulnerabilities more quickly and readily. We have seen a large increase this year of around 20% higher than the industry standard this year in the compensation bands for someone with 3-5 years of experience with the abovementioned skills.​Glocomms’ cybersecurity recruitment practice is broken down across the vendor and end-user arenas as we have a commercial practice that offers talent solutions for our vendors across the entire product development lifecycle.As mentioned above, the adoption of intelligent threat hunting, incident response and vulnerability management has been clearly exhibited in a hiring trend of AI talent into the vendor and MSSP arena. ​Candidate TrendsAn interesting trend to note has been the movement of security professionals from the defense industry transition and partner with the financial services employees, in an attempt to continue to broaden the level of expertise and attention on security related problems. This talent is coming out of New York, Boston, Washington DC Metro Area, Texas, and California and heading to new security hubs forming in the Atlanta, South Carolina, Minneapolis and Colorado.Additionally, we have seen a large interest on the Financial Services side to hire talent from the Tech Giants given their background and exposure to massive amounts of data, enterprise level architecture, and forwards thinking technical skillsets.​Given the sheer magnitude of talent required, in the last 5 months, we have placed over 15 individuals for one Cybersecurity start-up that is still in stealth-mode on a retained basis! This project is ongoing and we expect to fill nearly 40+ roles this year with this one client given how perfectly our business models align, we have been able to deliver​Thus far in 2018 we have worked closely with a number of small to mid sized organizations (20-200 employees) on both Coasts undergoing large growth initiatives. Rapid growth is not uncommon for start-ups in this industry; these companies are primarily seeking analytical/AI talent, software engineers who are building their propriety platform and security professionals to advance the offerings. One interesting thing to note has been that security software engineers are receiving larger portions of equity given the impact their development of the platform will have on the multiplier attributed to the growth potential and in turn, value of the business.​For this type of endeavor we recommend a Multi-Hire Campaign (MHC) as we are able to best align our services with a companies specific and often urgent needs directly impacting our clients’ growth through an all-encompassing recruitment solution.​Many of our institutional clients are entirely revamping their security business units given the ever-changing nature of the available technology within the industry. As a result, we have staffed multiple senior, CISO/Strategic Leaders for our end-user clients whom will drive the growth initiatives going forward in 2018 and years to come. ​Mergers & AcquisitionsOur final cybersecurity market trend we wanted to highlight in this report corroborates the above with respect to focus and attention on new, cutting-edge, AI-driven threat management platforms. Security Vendors are being acquired by the big Tech Giants and large cyber players. The options are narrowing and the solutions are becoming far more comprehensive and integrated. Recent examples of this include: SQRRL were acquired by Amazon for $40 million; Phantom Cyber is being acquired by Splunk for $350 million; and CloudLock is bought by Cisco for $293 million. This showcases that the big-players are aware of the trends outlined above and are looking to eat up the market share and gain control of the growth and opportunity that is ravishing the emerging technologies marketplace. ​Diversity & InclusionDiversity and Inclusion awareness is at an all time high in the technology industry, with female representation and wage parity dominating the headlines. At Glocomms we find that identifying good practice, policies and initiatives to improve workforce diversity and inclusion are paramount for our clients. Throughout 2018, alongside our parent company, Phaidon International, we will be running a number of positive, action-orientated client events with relevant guest speakers and industry experts. The common themes of these initiatives will be to share pragmatic and proven successful practices that can tangibly improve diversity and inclusion within the workplace. By doing so our valued clients can enhance their access to wider talent pools for their meritocratic workplaces.​In relation to Cybersecurity – this is one of the most homogenized verticals within the technology arena and female-talent is highly scrutinized for being absent. Males hold 3 out of 4 jobs in tech, but specifically within cybersecurity, the numbers reflect that only 14% of the U.S. workforce in cybersecurity is female. [1] However, out of all of the areas within technology, we believe that Cybersecurity is the field that truly needs a diverse talent pool.​Working in Cybersecurity involves dealing with hugely complex issues and problems – teams need diversity so that problems are attacked with different viewpoints. At Glocomms we focus heavily on sourcing diverse talent within this field and working closely with our clients in creating a work environment to allow such talent to excel in their careers. In the past six months, 24% of the placements we have made in the Cybersecurity field are female. Whilst we still have a long way to go we are dedicated to doing our part to empower females to succeed in the industry.​In addition to females, Glocomms is committed to contributing to and being the driving force of change across all marginalized groups with respect to Diversity and Inclusion. Most recently, on March 24th, Glocomms was a sponsor for the second annual Out in Tech Talks[2], an event that united 400+ leading and aspiring LGBTQ+ and allied voices to advance the dialogue around diversity in tech and address the power of tech to create social change. It was an incredible event, showcasing the progress achieved while illuminating the massive amount of work left to do in reshaping the industry. Impressive panels included the leaders in Diversity and Inclusion at Amazon, Linked in and Youtube, an MD/Business Leader for the Cybersecurity business at a Leading Global Investment Bank and our own Executive Director at Glocomms.​Closing ThoughtsThis report was written and prepared by Giancarlo Hirsch, Vice President at Glocomms and accurate as of March 2018.​Glocomms has offices in NY and SF and is looking to launch offices in Boston, Chicago, Dallas and Charlotte in the coming 18 months. For more information or to get in touch with the team at Glocomms, please do reach out to usa@glocomms.com!​-------About UsGlocomms is a leading specialist recruitment agency for the technology sector. We were founded in 2013 to give clients and candidates peace of mind that the recruitment process is in expert hands. Our continual investment in best-in-class technologies and consultant training enables us to recruit with speed, precision and accuracy. Today, Glocomms provides contingency, retained search and project-based contract recruitment across our offices in San Francisco, New York, London and Berlin. Find out how Glocomms can help you.

Read More
Cyber Security Talent Needed Amid Rising Cyber Threats Image
cyber-security

Cyber Security Talent Needed Amid Rising Cyber Threats

​​The cyber security industry is under mounting pressure. As cyber-attacks become more common and the amount of data stored online increases (not only in volume but also in sensitivity) most industries are naturally growing concerned at the exponential growth of cybercrime. A report from Ponemon Institute found that 47% of the 662 IT professionals questioned have experienced a cyber security breach within the last two years. These breaches took place in both the public and private sector across the globe.Cyber threats are occurring across the globe. One of the largest cyber security breaches of history occurred last year in theUS,when JPMorgan Chase fell victim tocybercrime. During this breach personal information such as the names, phone numbers and email addresses of 76 million households were acquired. In UK telecoms provider TalkTalk was hacked earlier this year, with bank details from thousands of customers being stolen. OKCoin, the world’s largest bitcoin exchange server, was also recently forced to suspend some of its services after experiencing a cyber attack from hackers.Such examples only further highlight the need for all businesses to strengthen their approach to cyber security, especially firms holding personal customer details. This has led to an increase in demand for cyber security professionals and a dramatic increase in opportunities available across several industries.A report recently released by the Identity Theft Resource Center (ITRC) revealed that the business sector has accounted for 16 million exposed records so far in 2015; the medical and healthcare sector is responsible for 120 million exposed records, and the government and military sectors are accountable for the loss of nearly 34 million records.As a result of these high-profile cases and alarming statistics, the same Ponemon report found that intelligence sharing is swiftly becoming a popular method to help fight off such malicious attacks. This practice involves vendors, industry groups and peer-to-peer exchange programs sharing the information they have available with one another in an open and collaborative environment.The majority of respondents said vendors were their main source of information on cyber security threats (61%), followed by peers from other companies (56%). Both platforms act as a key source of information on malicious IP addresses and URLs.However, the ever-evolving nature of IT and cyber security means information often comes with a very short shelf-life; threats are often replaced with new threats almost immediately – 60% of respondents said some information loses its usefulness within minutes. Yet, very few IT professionals receive security threat information in real-time.This is where the cloud could benefitITprofessionals. Just as employees are utilising mobile devices and the cloud to access business information and systems, IT security professionals could also be looking to this platform to access threat details. Wolfgang Kandek, the Chief Technology Officer for Qualys, has noted that moving away from traditional enterprise systems and into the cloud will allow security professionals to respond quickly and in the most effective and appropriate manner possible.The 2015 Global Cyber security Status report from the ISACA states that, come 2020 there will be 1.5 million unfilled cyber security roles across the globe. In order to meet these changing demands, the Asian market is investing heavily in cyber security practices and education. The US, on the other hand, is suffering from a severe lack of cyber security talent, particularly at the mid-senior level.This is driving up salaries for CISOs (Chief Information Security Officers) who have a successful track record of implementing proven policies and procedures and building successful teams. It’s also driving demand for the security consulting market, which is now worth over $15 billion dollars and saw year-on-year growth of almost 10% in 2015. This market is dominated by Deloitte, IBM and EY.The cyber security market is estimated to grow to $170 billion (USD) by 2020, at a Compound Annual Growth Rate (CAGR) of 9.8% from 2015 to 2020, according to a report from Markets and Markets. So how can businesses address the cyber security skills gap? Should talent be sourced from outside the industry and transferable skills given prominence, or should appropriate training, coaching and education be put in place within anorganizationfor talent to be trained internally from junior level? Even with a combination of these two approaches, is it a case that no matter how well prepared anorganizationis, the hackers and criminals will always be one step ahead?If you’re struggling to find the talent needed to meet cyber security needs, or are seeking new opportunities in the sector,contact the Glocomms team today.--------About UsGlocomms is a leading specialist recruitment agency for the technology sector. We were founded in 2013 to give clients and candidates peace of mind that therecruitment process is in expert hands. Our continual investment in best-in-class technologies and consultant training enables us to recruit with speed, precision and accuracy. Today, Glocomms provides contingency, retained search and project-based contract recruitment across our offices in San Francisco, New York, London and Berlin. Find out how Glocomms can help you.

Read More
Cyber threats in the aviation, aerospace and defense sectors Image
cyber-security

Cyber threats in the aviation, aerospace and defense sectors

​Cyber security is a rising concern across a number of industries but, for some sectors, such as aviation, aerospace and defence, cyber attacks pose potentially disastrous ramifications. As a result, groups such as airlines and aircraft manufacturers are collaborating to tackle this emerging threat, head on.Cyber attacks on the riseThe Director of Strategy & Safety Management at the European Aviation Safety Agency (EASA) has revealed that aviation systems are on the receiving end of thousands of attacks each month.The areas most vulnerable to attack are the connective communication systems between the plane and the ground, which transmit flight information, and on-the-ground networks.In June 2015 a cyber security breach took down the flight plan system of 10 planes for around five hours. This DDoS attack grounded nearly 1,500 passengers.Growth in areas such as the Internet of Things has increased awareness of risk in the sector as a new breed of threat is beginning to emerge. Director of Cyber Security at Israel’s Institute for National Security Studies,Dr.Gabi Siboni, commented: “The next 9/11 will be caused by computer hackers infiltrating aircraft controls”.An industry on the defenceSITA’s 2016 Airline IT Trends Survey revealed that 9% of airlines plan to invest in cyber security in the next three years, with 72% of the 200 airlines surveyed already investing in cyber security projects.The US launched the Aviation Information Sharing and Analysis Center (A-ISAC) in 2014. The A-ISAC includes input from airlines and security agencies, including Boeing, the NSA, the FBI, and the CIA. As of yet, Europe does not have a major presence in this collaborative project – the only European members are Airbus and Lufthansa.Europe’s cyber security defendersThe European Centre for Cyber Security in Aviation (ECCSA) has been set up by the European Aviation Safety Agency (EASA). The ECCSA boasts an Aviation Computer Emergency Response Team (AV-CERT) that helps analyse cyber threats to better understand their origins and identify security flaws, and which could help work towards technical solutions and create best practice guidelines to tackle the issue.The job marketDue to the rising threat and awareness in the industry, there is a clear shortage of experienced cyber security professionals. According to recent figures, there are only enough active candidates in this sector to fill 31.6% of opportunities. This is not endemic to the UK; Israel has 28.4%, Germany 35%, France 38.6%, the US 66.7%, and Canada 68.1%.Globally, we now need more cyber security professionals in order to protect ourselves from cyber threats.Economist MarianoMamertinocommented: “The problem is fast approaching crisis point and British businesses will inevitably be put at risk if they can’t find the expertise they need to mitigate the threat. “This should serve as a wake-up call to Britain’s tech sector – it must pull together to [...] attract more people into cyber security roles.”Cyber security candidates from outside the aviation industry will find it relatively easy to transfer across to aviation. Here at Glocomms, we specialise in recruiting across Connective Technology roles, over the last 6 months we have noticed the increasing demand for network security engineers, security architects and security analysts in the sector.We work closely with clients with in the sector to monitor and track the best talent in the market. If you are a cyber security expert searching for your next step, or you’re looking to bolster your cyber security team over the next few months, get in touch today.  ​-------About UsGlocomms is a leading specialist recruitment agency for the technology sector. We were founded in 2013 to give clients and candidates peace of mind that the recruitment process is in expert hands. Our continual investment in best-in-class technologies and consultant training enables us to recruit with speed, precision and accuracy. Today, Glocomms provides contingency, retained search and project-based contract recruitment across our offices in San Francisco, New York, London and Berlin. Find out how Glocomms can help you.

Read More
Cybersecurity Salaries are on the Rise - Are you Ready? Image
cyber-security

Cybersecurity Salaries are on the Rise - Are you Ready?

​Do you have a strategy for attracting IT security talent in the next few years? This is a field in which demand is far outstripping supply and leaving positions vacant can have serious consequences. How will you attract and retain experienced professionals?According to a recent survey by Intel Security and Vanson Bourne, there are 209,000 unfilled security jobs in the US. Globally, there will be a 1-2 million shortfall in skilled workers in the field by 2019. Almost three quarters (71%) of large organizations questioned in the survey said this skills shortage left them vulnerable to cyberattacks.The rising threat: cyberattacksEvery organization is a potential cyber victim. A study by Forrester Research in 2015 found that 60% of brands experienced a breach of sensitive data that year. High-profile targets such as UPS, JP Morgan Chase, Sony, Experian and even the FBI have suffered considerable financial and reputational damage as a result of a successful attack.A recent Ponemon investigation found that the average cost of a breach is $3.8 million; a rise of 23% since 2013. For criminals, the possible rewards are huge. According to the 2016 Trustwave Global Security Report, a hacker investing $5,900 in a malware infection campaign could realise a 1,425% return on investment within 30 days, earning $84,100 as a result of the scam.With claims that nation states such as China and Russia are sponsoring security breaches, cybercrime is a threat that is not going to abate any time soon.Why cybersecurity should be on your C-suite agendaCybersecurity is becoming a more pressing topic for the C-suite. Installing a high quality firewall and antivirus software package is no longer enough; executives should be actively involved in developing cybersecurity strategies that focus on long-term proactivity, not short-term defensiveness.  A government committee in the UK has even gone so far as to propose that CEOs and senior executives should be subject to fines and custodial sentences if found negligent on cybersecurity.Worryingly, many senior teams still fail to grasp the importance of cybersecurity to business success. A 2014 survey found that around 33% of management boards received no regular reports about cybersecurity at all.[vi]Frequently, where security is found to be lacking an organization provides funding for short-term fixes rather than committing resource to a holistic, long-term strategy.The shortage of cybersecurity professionalsThe availability of experienced specialists is reaching crisis levels. Among security professionals, 23% said the lack of talent in this area is the biggest challenge facing the IT industry; 12% of all IT professionals agree.A recent Intel report found that 82% of organizations in the US, UK, Japan, Israel, Germany, France and Australia are experiencing a shortage of skilled workers in cybersecurity; 53% of organizations said recruitment difficulties were worse in this field than for other IT roles. Intrusion detection, attack mitigation and software development were the areas with the most severe shortage of eligible candidates.According to data from the Bureau of Labor Statistics, the challenge is set to increase: demand for cybersecurity professionals is predicted to grow 53% over the next two years.New graduates cannot simply fill these roles because only 23% of organizations see educational programs as giving candidates the skills they need to enter the industry.Hands-on experience and professional certification are valued much more, but these take time to acquire.How can you attract good recruits?In this competitive recruitment environment, what can you do to secure top talent? Unsurprisingly, pay is a major draw for promising professionals; the average compensation for an information security manager grew by around 6.4% in 2015-16.The US national average salary of a cybersecurity specialist with three or more years’ experience is $99,000. With five years’ experience, the average salary rises to $118,000.A substantial 80% of security professionals said a salary increase could persuade them to move to a new employer. This reflects a widely-held belief that despite mounting workloads, pay is not keeping up with the value they contribute to an organization; 61% of security professionals believe their salary is falling behind business growth and demands, compared to 55% among other IT professionals.How can you retain top talent?With unemployment rates among this group approaching zero, there are plenty of businesses out there looking to poach dissatisfied employees from their competitors; 74% of cybersecurity professionals have been targeted by head hunters in the last year.In terms of retention, focusing on job satisfaction and workload might help to keep good employees. The shortage of skilled professionals means there is more pressure on existing workers; 60% of cybersecurity professionals say they expect their workloads to increase in the next 12 months.If you pile the work up too high, your valued employee could simply move elsewhere.Contact Us to find out how Glocomms can help you.------About UsGlocomms is a leading specialist recruitment agency for the technology sector. We were founded in 2013 to give clients and candidates peace of mind that the recruitment process is in expert hands. Our continual investment in best-in-class technologies and consultant training enables us to recruit with speed, precision and accuracy. Today, Glocomms provides contingency, retained search and project-based contract recruitment across our offices in San Francisco, New York, London and Berlin. Get in touch today to see how Glocomms can help you.

Read More
The Cyber Security Challenge Image
cyber-security

The Cyber Security Challenge

​Reports indicate that the cyber security market is due to dramatically expand in the following few years, with new technologies emerging and the need for such technologies increasing.The proliferation of connected devices, services like the Cloud and bring-your-own-device (BYOD) practices means that the threat of cyber-attack is now growing faster than ever and, as a result, there is expected to be a boom in the cyber security industry.According to a MarketsandMarkets industry report, the cyber security market will increase from the $106.32 billion it is worth today, to $170.21 billion by 2020, at a compound annual growth rate (CAGR) of 9.8%.Worldwide governments are makingcyber securitya key political focus. The US is currently leading the way, according toLarnoLimnell writing for the International Business Times. “Most countries have cyber strategies on paper, but public discussion of policy and doctrinal levels and practical measures are not as mature as they are in the US,” he suggests.Europe has recognised this discrepancy, however; the European Commission, the European Council and the European Parliament have been working together to update and supersede the existing EU Directive in order to bring it in line with the recent advances in technology. “The objective is to issue a final proposed comprehensive regulation for the EU by the end of 2015, with final approval and adoption thereof to occur by the Spring of 2016,” said Stephen Jett from Taft Stettinius & Hollister LLP writing for Lexology.com.Indeed, the government’s role in combattingcyber attacksis a critical one, according to new research by Intel Security. The study of 625 IT decision makers from the finance, energy, transport and government sectors in Germany, France, the UK and the US found that 86% felt cooperation between the public and private sectors was vital for protecting cyber infrastructure.However, while the growth of this market is inevitable, more discussions need to take place regarding exactly what cyber security is and what it entails.Experts have spoken out about the emergence of the market and claim that professionals within the industry, and those looking to enter it, need to begin training in all areas of cyber security as early as possible.Discussing the sector, Gary Hayslip, the CIO for the City of San Diego, commented: “You talk to people, they think cyber is one thing, and it’s not.” It is this misunderstanding of the concept and market that requires more clarity. Linda Brent, the CEO for ASTA Group, expanded on this, stating that Cyber security can be considered to be “everything from artificial limbs to unmanned systems that are small enough to hold in your hand to the training and education of the workforce.”This training and education should start at the most basic level – in schools. Many professionals are encouraging the integration of Science and Technology programmes, so future generations will already have a sound grasp of cyber security and what it entails by the time they enter the workforce.This needs coordination between institutions - unless there is a unified understanding of the risks, challenges and learning opportunities then, any training provided is likely to be ineffective.Since higher education institutions are notoriously slow at updating their curriculum, this is presenting a significant challenge. Headway is being made in some regards, for example, women are being encouraged to enter into the cyber security industry thanks to a new training initiative from Cybrary and the Women in Technology (WIT) Association. However, it is vital that consolidated training opportunities be made far more widely available, as soon as possible.The Wall Street Journal has also recently reported that it’s not just schools and education institutions looking to improve awareness of cyber security; executive boards for high-profile businesses are also looking to improve their knowledge of the sector, so they are better informed should a cyber-attack occur. High-profile professionals are beginning to understand the significance of knowing where cyber security threats are coming from, how they are rectified and if enough is being done to challenge these attacks.As awareness of the cyber security space increases, so too are jobs in the sector. For information on opportunities in the industry – whether you are a potential candidate or looking to hire – contact us here.-----------------About GlocommsGlocomms is a leading specialist recruitment agency for the technology sector. We were founded in 2013 to give clients and candidates peace of mind that the recruitment process is in expert hands. Our continual investment in best-in-class technologies and consultant training enables us to recruit with speed, precision and accuracy. Today, Glocomms provides contingency, retained search and project-based contract recruitment across our offices in SanFrancisco, New York, London and Berlin.

Read More

Looking for something specific?

View more blogs