​This is a full-time, Remote-First role at Bamboo Health, a leader in Real-Time Care Intelligence. This position is a technical "hybrid" role within the Security Operations (SecOps) team, blending application security, cloud defense, and incident response. You will protect a platform that impacts over 1 billion patient encounters annually, requiring a high degree of focus on HIPAA and HITRUST compliance.

• ​Location: Remote-First (US).
• ​Experience Required: Bachelor’s degree or 5+ years of equivalent professional experience.
• ​Core Focus: Web application penetration testing, vulnerability management, and security automation.
• ​On-Call: Participation in the incident response on-call rotation is required.
• ​Compliance Environment: SOC 2, HIPAA, HITRUST, and ISO 27001.

​Key Responsibilities: Proactive Testing and Reactive Response

​The Engineer serves as a technical partner across the software development lifecycle, ensuring that security is "baked in" rather than bolted on.

​Vulnerability Management and Pentesting

​You will manage infrastructure, container, and API vulnerabilities through Dynamic Application Security Testing (DAST) and manual penetration testing. This includes performing root-cause analysis and threat modeling to prioritize remediation efforts.

​Cloud and Kubernetes Security

​The role involves securing applications hosted in automated Kubernetes platforms and cloud environments (AWS, Azure, or GCP). You will be responsible for ensuring that containerized workloads meet strict security standards.

​DFIR and Detection Engineering

​You will support the Digital Forensics and Incident Response (DFIR) process, including monitoring events, containment of threats, and remediation. A major part of the role is developing automation scripts to streamline these operations and improve detection logic.

​Security Advocacy and SDLC

​Partnering with development teams is essential. You will advocate for secure coding practices and ensure that security checkpoints are integrated into the Software Development Lifecycle (SDLC).

​Required Technical Skills

​Bamboo Health is looking for a versatile engineer who can code, test, and respond to threats with equal proficiency.

• ​Security Testing: Practical experience with DAST tools and manual web application penetration testing.
• ​Operating Systems: Intermediate proficiency with Linux, macOS, and Windows.
• ​Cloud Mastery: Foundational knowledge of cloud platforms and experience securing Kubernetes or containerized environments.
• ​Automation: Intermediate understanding of scripting languages like Python, PowerShell, or Bash.
• ​Compliance Knowledge: Familiarity with healthcare-specific frameworks such as HIPAA and HITRUST.
• ​Communication: Ability to articulate technical risk and business rationale to both engineers and stakeholders.

​The First Year: Roadmap to Success

• ​Months 1–3: Mastery of internal tools; supervised vulnerability scanning; integration into the on-call rotation.
• ​Months 4–6: Independent web application penetration testing; management of the automated phishing training program.
• ​Months 7–12: Leading the system-wide vulnerability management program; implementing security automation to replace manual procedures.

​This is a full-time, 100% Remote role at Peraton supporting the NOAA AWIPS (Advanced Weather Interactive Processing System) program. AWIPS is a critical national infrastructure platform used by the National Weather Service to process weather data and issue life-saving warnings. The role is heavily focused on the Risk Management Framework (RMF) and securing the software development lifecycle within an Agile/SAFe environment.

• ​Location: 100% Remote.
• ​Clearance: Ability to obtain/maintain a Public Trust.
• ​Experience Required: 8+ years with a BS; 6+ years with an MS; or 3+ years with a PhD (4 years of experience can sub for a degree).
• ​Focus: Gaining and maintaining Authorizations to Operate (ATO), DevSecOps strategy, and continuous monitoring.
• ​Frameworks: Strong knowledge of NIST 800-37 (RMF) and NIST 800-53 security controls.

​What You'll Do: Accreditation and Mission Readiness

​You will work at the intersection of systems engineering and federal compliance, ensuring the AWIPS platform remains resilient against evolving threats.

• ​RMF Implementation: Drive the full Risk Management Framework (RMF) lifecycle to gain and maintain system ATOs.
• ​Agile/SAFe Backlog: Work with the Cyber Lead to populate the Agile backlog with technical security tasks and DevSecOps strategies.
• ​Security Documentation: Develop and maintain critical artifacts including POA&Ms (Plan of Action and Milestones), SECONOPS (Security Concepts of Operations), and Standard Operating Procedures (SOPs).
• ​Defense-in-Depth: Conduct security activities using established TTPs (Tactics, Techniques, and Procedures) to secure the platform as it is built.
• ​Stakeholder Collaboration: Liaise with multiple Approving Organizations (AO), software architects, and data scientists to establish enterprise-wide security postures.

​Required Technical Qualifications

​Peraton is looking for a "mission capability integrator" who understands how to bake security into complex, large-scale federal systems.

• ​ATO Lifecycle: Proven experience in the software development lifecycle (SDLC) specifically regarding gaining and maintaining ATOs.
• ​Compliance Mastery: Expert knowledge of NIST processes and the application of security controls.
• ​Operational Security: Experience in Security Incident and Event Management (SIEM) and incident response.
• ​Artifact Management: Hands-on experience creating the technical documentation required for federal audits and authorizations.

​Preferred Qualifications

• ​Certifications: Security+, CISSP, or similar industry-standard credentials.
• ​Active Status: An active/current Public Trust is a significant advantage.

​Why This Role is Unique

​This isn't a typical "corporate" security job; you are protecting the system that enables weather forecasters to protect lives and property across the U.S. It requires a blend of compliance architecture and DevSecOps mindset. You will be working on a "mission of consequence" where system reliability is directly tied to national readiness.

​This is a 12-month contract-to-hire role focused on maturing a healthcare organization's Incident Response (IR) capabilities through advanced automation. As a Principal-level engineer, you will be the primary architect for Palo Alto Cortex XSOAR, responsible for taking manual IR processes and transforming them into automated, end-to-end playbooks.

• ​Location: 100% Remote (Must reside in CA, OR, WA, CO, GA, VA, MD, or DC).
• ​Pay Range: $70/hr - $85/hr.
• ​Experience Required: 7+ years in security engineering with a heavy specialization in SOAR.
• ​Core Tech Stack: Palo Alto Cortex XSOAR, Splunk, Python.
• ​Integrations: CrowdStrike, Proofpoint, Tanium, and Azure.

​What You’ll Do: Orchestration and Incident Response Support

​The mission of this role is to act as the bridge between raw security data and actionable, automated response. You will work directly with the IR team to identify their "pain points" and solve them through code.

• ​Playbook Development: Design, code, and implement complex XSOAR playbooks from scratch. This includes defining the logic for ingestion, enrichment, and automated containment.
• ​IR Optimization: Partner with Incident Response analysts to understand their workflows and improve the efficiency of their tooling.
• ​Enterprise Integration: Build and maintain integrations between XSOAR and the broader security stack, including CrowdStrike (EDR), Tanium (Endpoint), Proofpoint (Email), and Azure (Cloud).
• ​Python Automation: Leverage strong Python coding skills to create custom scripts and integrations that aren't available out-of-the-box.
• ​Data Analysis: Perform extensive analysis on security data to identify trends and opportunities for new automation use cases.

​Required Skills and Experience

​This is a high-level engineering role requiring a candidate who is as comfortable writing code as they are discussing security strategy with IR leads.

• ​SOAR Mastery: 7+ years of experience with a deep focus on Palo Alto Cortex XSOAR (formerly Demisto).
• ​Programming: High proficiency in Python is required; experience with Java or C is also beneficial.
• ​Ecosystem Knowledge: Strong working knowledge of Splunk (SIEM) and how it feeds into a SOAR platform.
• ​Soft Skills: Strong communication skills are essential, as you will be translating analyst needs into technical requirements.

​Key Logistics and Benefits

• ​Residency Requirement: While the role is remote, you must live in one of the following states for tax/employment purposes: CA, OR, WA, CO, GA, VA, MD, or DC.
• ​Contract-to-Hire: This is a 12-month initial term with the intent to convert to a permanent employee.
• ​Comprehensive Benefits: Includes four medical plans, 401(k) with match, HSA/FSA, and paid sick leave.

​This is a full-time, Remote (US) role for the Knights of Columbus, a unique organization that operates as both a Catholic fraternal society and a large-scale financial services provider (insurance and investments). This role is a "full-stack" security position, requiring a candidate who can handle high-level implementation and configuration while managing day-to-day operational defense.

• ​Location: Remote, US (Salary based on Connecticut range).
• ​Compensation: $104,500 – $172,400.
• ​Experience Required: 5+ years of relevant security, networking, or infrastructure engineering experience.
• ​Mission Context: The organization follows Catholic teachings in its investment and benefits strategies; profits support global charity and religious causes.
• ​Focus: Multifaceted security engineering across Office 365, public cloud (Azure/AWS), and on-premises infrastructure.

​Core Responsibilities: Build, Run, and Mentor

​This position bridges the gap between architecture and operations. You aren't just watching a dashboard; you are building the systems that feed it.

• ​System Lifecycle: Lead the implementation, integration, and support of security systems. Perform comprehensive Proof-of-Concepts (PoCs) for new tools.
• ​Active Defense: Monitor environments for intrusions, detect anomalies in network traffic, and perform incident response for alerts and reported events.
• ​Engineering & Documentation: Maintain technical diagrams and operational procedures. Secure Office 365 products and hybrid cloud environments.
• ​Collaboration & Mentorship: Partner with Architects and GRC (Governance, Risk, and Compliance) teams. Provide guidance and mentoring to junior team members.
• ​Advocacy: Educate internal users on security policies and requirements to foster a security-conscious culture.

​Technical Skills and Frameworks

​The ideal candidate needs a broad technical "utility belt" covering everything from perimeter defense to identity-centric security models.

• ​Security Stack: Hands-on experience with Firewalls, WAF, MFA, CASB, NAC, EDR, and SIEM.
• ​Modern Paradigms: Deep understanding of Zero Trust, IAM (Identity & Access Management), and PAM (Privileged Access Management).
• ​Cloud & SaaS: Extensive experience securing Office 365 and public cloud (AWS/Azure) data and systems.
• ​Automation (Bonus): Scripting experience in PowerShell or familiarity with SOAR (Security Orchestration, Automation, and Response) is a major plus but not required.
• ​Governance: Familiarity with industry-standard frameworks: NIST 800-53, NIST CSF, ISO 2700x, and COBIT.

​Required Qualifications

• ​Education: Bachelor’s degree or equivalent professional experience.
• ​Professional Depth: At least 5 years in a dedicated security or high-level networking/infrastructure role.
• ​Certifications (Preferred): While not required, the organization values CISSP, CISM, GSEC, or cloud-specific certs (Azure/AWS Security).

​Why This Role is Unique

​This role sits at the intersection of FinTech security and Non-Profit mission work. You are protecting a $100B+ insurance and investment engine, but the "dividends" of your work support religious and charitable causes. Technically, it is a high-autonomy role where you are expected to be an "author" of documentation and diagrams, not just a consumer of them.

​This is a full-time, Hybrid position at Foxhole Technology, supporting a State-level cybersecurity program in Maryland. The role is primarily focused on governance, risk, and compliance (GRC), specifically conducting maturity assessments and defining security requirements using the newly updated NIST CSF 2.0 framework.

• ​Location: Hybrid – Requires travel within the state of Maryland.
• ​Clearance: None required; must pass a Criminal Background Check.
• ​Experience Required: Minimum five (5) years defining security programs or processes.
• ​Education: BS Degree in a technical field.
• ​Primary Framework: NIST Cybersecurity Framework (CSF) 2.0.

​Key Responsibilities: Maturity and Compliance

​The Engineer will serve as a lead assessor, evaluating how various state organizations protect sensitive information and identifying gaps in their security posture.

• ​Cybersecurity Assessments: Conduct formal assessments to determine an organization’s cybersecurity maturity level.
• ​Policy Development: Define and develop security policies in accordance with NIST guidelines and industry best practices.
• ​Risk & Vulnerability Analysis: Perform risk assessments based on information flow and the sensitivity of data within the organization.
• ​Requirements Definition: Analyze and define technical security requirements for comprehensive information protection.
• ​Stakeholder Presentation: Present formal findings and actionable recommendations to leadership to improve the overall security posture.

​Minimum Requirements and Technical Proficiency

​Foxhole Technology is looking for an experienced practitioner who is deeply familiar with standardized IT security controls and state/federal reporting requirements.

• ​Experience: 5+ years protecting sensitive or classified information at a programmatic level.
• ​Technical Standards: Proficient in generally accepted IT security and control practices (e.g., ISO, COBIT, or similar NIST standards).
• ​NIST Expertise: Specialized knowledge in NIST CSF 2.0 documentation and the practical application of its subcategories and tiers.
• ​Mobility: Must be able to travel to various locations within Maryland as part of the assessment process.

​Why This Role is Unique

​This position is a direct bridge between technical auditing and high-level security strategy. Because it focuses on NIST CSF 2.0—which introduced the "Govern" function—you will be at the forefront of implementing the latest federal standards at a state level. It is an ideal role for an analyst transitioning into a more senior engineering or advisory capacity.

​This is a 12-month+ contract position that is 100% remote. The role is dedicated to the secure deployment and governance of artificial intelligence across a large enterprise. You will act as the primary architect for securing AI agents, LLM integrations, and specialized platforms like Copilot Studio and Azure AI, ensuring that innovation does not come at the cost of data privacy or system integrity.

• ​Location: 100% Remote.
• ​Duration: 12-month+ contract.
• ​Focus: Designing security frameworks for AI, performing AI-specific threat modeling, and establishing governance for the lifecycle of AI agents.
• ​Core Ecosystem: Microsoft 365 (Copilot, Viva), Azure AI, Power Platform, and third-party LLM integrations.

​Key Responsibilities: AI Strategy and Defense

​The AI Architect must move beyond traditional infrastructure security to address the unique vulnerabilities inherent in machine learning and generative AI.

• ​AI Security Architecture: Develop security frameworks for Copilot Studio, Azure AI models, and Power Platform. Define access policies, logging, and monitoring specifically tuned for AI-enabled applications.
• ​Specialized Risk Management: Conduct assessments for AI-specific threats, including prompt injection, model drift, data leakage, and adversarial attacks.
• ​Governance & Privacy: Align AI usage with GDPR, CCPA, and internal data governance standards. You will bridge the gap between technical security and legal/compliance requirements.
• ​Secure Lifecycle Management: Define the "cradle-to-grave" standards for AI agents—from secure creation and prompt engineering best practices to monitoring and eventual retirement.
• ​Enterprise Integration: Partner with teams to securely embed AI into major operational platforms like ServiceNow, Oracle, and Microsoft Viva.
• ​Incident Response: Build specific incident response playbooks for AI-related events (e.g., an AI agent bypassing a security control or leaking sensitive data).

​Required Technical Skills & Experience

​This role requires a practitioner who understands both the "how" of AI deployment and the "how" of its exploitation.

• ​Platform Expertise: Strong hands-on experience with Microsoft Copilot Studio, Azure AI, and Power Platform security.
• ​Threat Vectors: Deep understanding of AI-specific vulnerabilities and secure prompt engineering techniques.
• ​Integration Knowledge: Familiarity with the security nuances of integrating AI into enterprise ecosystems (M365, ServiceNow, Oracle).
• ​Third-Party Evaluation: Proven experience assessing the security posture of third-party AI tools and providing go/no-go recommendations.
• ​Foundational Security: Solid background in Cloud Security Architecture, Identity and Access Management (IAM), and Data Protection.

​Why This Role is Unique

​This is a pioneer role. Most security teams are still reacting to AI; this architect is tasked with building the proactive governance structure that allows a company to use AI safely. You aren't just managing firewalls; you are managing model interpretability and adversarial defense, making this a high-value career pivot for traditional security architects.

​This is a full-time, Fully Remote role within the Engineering department at Horizon3.ai. You will sit within the Rapid Response organization, reporting to the Director of Precision Defense. The role is a high-impact position designed for a seasoned expert who can translate complex vulnerability data from the NodeZero autonomous pentesting platform into actionable intelligence for customers and internal teams.

• ​Location: Remote (US).
• ​Experience Required: 8+ years in vulnerability analysis/research or cyber threat intelligence.
• ​Travel: Up to 5% for conferences or team meetings.
• ​Connection Requirement: Minimum 25Mbps broadband.
• ​Mission: To help organizations proactively find and verify exploitable vectors before attackers do, moving beyond "checkbox" security culture.

​What You’ll Do: Intelligence, Research, and Communication

​As the "eyes and ears" of the cybersecurity community for Horizon3.ai, you will bridge the gap between automated exploitation and human-led defense.

• ​Vulnerability Triage: Monitor public databases (CVE/CWE, NVD, CISA KEV) to stay current on emerging threats.
• ​Exploitation Analysis: Analyze NodeZero pentest outcomes to understand real-world customer exposure and inform research prioritization.
• ​Technical Publication: Research, document, and publish mitigation techniques. This includes writing blogs, white papers, and external-facing content about the most impactful vulnerabilities.
• ​Cross-Functional Support: Create internal content for Go-To-Market and Marketing teams. Collaborate with attack engineers to track product coverage for new zero-day or n-day threats.
• ​Threat Actor Tracking: Monitor threat actor behavior and trends to ensure NodeZero’s autonomous logic remains aligned with modern attacker TTPs.

​What You’ll Bring: Expertise and Digital Presence

​Horizon3.ai is looking for a "learn-it-all" with deep fluency in the vulnerability ecosystem and the ability to influence technical and non-technical stakeholders.

• ​Core Research Skills: Hands-on exposure to root-cause analysis, exploit reproduction, and PoC (Proof of Concept) evaluation.
• ​Ecosystem Fluency: Expert knowledge of EPSS (Exploit Prediction Scoring System), CVSS, and vendor advisory lifecycles.
• ​Exploitation Awareness: Understanding of how n-days propagate and the trends in PoC weaponization.
• ​Communication Mastery: Proven ability to publish security communications and present findings at major conferences (e.g., Black Hat, DEF CON, BSides).

​Preferred & Nice-to-Have Skills

• ​Programming: Comfort writing Python for data analysis and automation.
• ​Data Visualization: Experience creating visualizations to illustrate broad vulnerability trends across environments.
• ​Community Presence: Active participation in social channels, community forums, or Bug Bounty/VDP programs.
• ​Media Savvy: Experience briefing reporters or analysts and handling live Q&A sessions.

​This is a full-time, Remote role at OppFi, a tech-enabled financial platform. Despite the "III" designation, the role functions as a high-level operational and tactical contributor, blending Security Operations (SecOps) with Governance, Risk, and Compliance (GRC). The position is ideal for an analyst who wants to bridge the gap between technical incident response and strategic risk management within a highly regulated financial services environment.

• ​Location: Remote.
• ​Experience Required: 3–5 years of professional experience in Information Security or IT Risk Management.
• ​Reporting Line: Reports to the Manager, Security Operations.
• ​Focus: Security reviews for new tools, incident triage, SIEM tuning, and maintaining security governance dashboards.
• ​Industry Context: Regulated financial services (FFIEC, NIST frameworks).

​What You Will Do: Risk Management & Technical Operations

​The role is divided between proactive risk governance and reactive security monitoring, requiring a "whole-environment" view of security.

​Information Security Risk & Governance

• ​Security Reviews: Own the assessment process for evaluating risks when introducing new applications or tools.
• ​Policy Development: Identify emerging compliance requirements and refresh policies/standards to align with NIST, ISO, or FFIEC.
• ​Governance Visibility: Design and maintain dynamic dashboards and scorecards to provide leadership with insights into governance activities.

​Security Operations & Incident Support

• ​Monitoring & Triage: Act as a key responder for alerts from SIEM, EDR, and cloud logs. Gather data and escalate spicy incidents to senior engineers.
• ​Playbook Execution: Follow incident response playbooks for investigation, basic containment, and documentation.
• ​SIEM Tuning: Assist in the configuration and tuning of SIEM alerts and reports to reduce noise and improve detection logic.
• ​Log Analysis: Perform regular reviews of system logs to identify suspicious activity under the guidance of senior staff.

​Required Technical Expertise and Qualifications

​OppFi is looking for an analyst who understands the "defense-in-depth" philosophy and has hands-on experience with modern cloud-native security stacks.

• ​Core Experience: 3–5 years in SecOps, IR, or Vulnerability Management. Experience in financial services or healthcare is highly preferred.
• ​Framework Knowledge: Familiarity with FFIEC, NIST, COBIT, ITIL, or ISO control frameworks.
• ​Technical Stack:
  • ​EDR: CrowdStrike, Defender for Endpoint, or SentinelOne.
  • ​SIEM/SOAR: Sumo Logic, Splunk, or Azure Sentinel.
  • ​CSPM: Wiz, Prisma, or Orca (Cloud Security Posture Management).
  • ​Vulnerability Management: Qualys, Tenable, or Rapid7.
• ​Cloud & Networking: Foundational knowledge of AWS; basic understanding of Linux/Windows and TCP/IP networking.
• ​Threat Intelligence: Solid understanding of the MITRE ATT&CK framework.
• ​Certifications (Preferred): CompTIA CySA+, GCIH, GCIA, GSOC, or CISSP Associate.

​Why This Role is Unique

​This position is unique because it doesn't pigeonhole the analyst into a single silo. You are expected to be technical enough to tune a SIEM and investigate a cloud alert, but also professional enough to conduct a full security risk assessment for a new vendor. It offers a clear path toward security architecture or management by providing exposure to the GRC side of the house.

​This is a full-time, 100% remote contract role supporting a large federal government agency (specifically indicated as the Department of Veterans Affairs / VA). The role focuses on the Assessment and Authorization (A&A) process to ensure systems obtain and maintain their Authorization to Operate (ATO).

• ​Location: Fully Remote.
• ​Pay Range: $38–$42 per hour.
• ​Start Date: 1/20/2026.
• ​Clearance: Requires passing a Public Trust Clearance and fingerprinting process.
• ​Experience Required: 1+ years in Information Assurance (IA) controls analysis and risk assessments.
• ​Core Frameworks: NIST SP 800-53, 800-37 (RMF), and CNSSI 1254.

​The Challenge: ATO Lifecycle and Compliance

​The primary responsibility is ensuring that government information systems, devices, and networks remain compliant with federal security standards through rigorous testing and documentation.

• ​A&A Leadership: Plan and coordinate teams to conduct assessments of systems and networks to identify vulnerabilities and risks.
• ​eMASS Management: Perform extensive work within eMASS (Enterprise Mission Assurance Support Service) packages to track compliance.
• ​Technical Testing: Test CCIs (Control Correlation Identifiers) and validate Security Plans.
• ​Vulnerability Analysis: Support VASCARs and the Security Control Assessor (SCA) in enforcing the Risk Management Framework (RMF).
• ​Boundary Evaluation: Identify and evaluate major applications and infrastructure based on specific accreditation boundaries.

​Required Technical Skills and Experience

​The agency is looking for an analyst with a foundational background in IA tools and a strong grasp of the NIST-based Risk Management Framework.

• ​Tool Proficiency: 1+ years of experience with Nessus, Nmap, Burp Suite, and vulnerability scanning tools.
• ​Environment Knowledge: Familiarity with Linux security (RHEL7) and AWS cloud security.
• ​Platform Experience: Working knowledge of eMASS.
• ​Regulatory Knowledge: Deep understanding of NIST SP 800-53 and 800-37 and associated VA cybersecurity policies.
• ​Defense-in-Depth: Knowledge of information security and assurance principles and their supporting technologies.
• ​Advisory Skills: Capable of providing feedback to the ISO and ISSO regarding risks and recommended courses of action.

​Nice to Have

• ​VA Specifics: Prior experience with VA Cyber Security processes.
• ​Modern Infrastructure: Experience with Prisma Cloud/Twistlock and containerization.
• ​Documentation: Ability to write technical documents that are easily understood by non-technical stakeholders.

​This is a full-time, Exempt role at Meduit, a healthcare partner services firm. The position is highly focused on a hybrid of SOC operations and Data Governance, specifically tasking the analyst with the implementation and management of Microsoft Purview alongside traditional endpoint and vulnerability management tools.

• ​Location: Remote (United States).
• ​Salary Range: $80,000 to $95,000 USD (Budgeted range).
• ​Experience Required: 2 to 4+ years in cybersecurity or SOC operations.
• ​Networking Experience: At least 1 year of hands-on experience applying networking fundamentals (TCP/IP, DNS, Firewalls) to security investigations.
• ​Anticipated Start Date: 1/1/2026.
• ​Internet Requirement: Minimum 30MB download and 10MB upload speed.

​Key Responsibilities: Data Protection and Alert Response

​This role balances proactive data compliance with reactive incident response within a healthcare context.

• ​Microsoft Purview Ownership: Implement and manage Microsoft Purview for data protection, classification, and compliance.
• ​Incident Triage: Investigate security alerts originating from CrowdStrike Falcon, Azure Defender, and Rapid7 InsightIDR.
• ​Vulnerability Management: Review and prioritize system weaknesses using Rapid7 InsightVM.
• ​Identity & Access: Monitor Azure/Entra ID for identity security, including MFA and Conditional Access policies.
• ​Collaboration: Document all investigation and remediation steps while working with IT teams to resolve security gaps.

​Required Technical Qualifications

​The ideal candidate must hold specific Microsoft security certifications and demonstrate proficiency in a modern cloud-native security stack.

• ​Platform Expertise:
  • ​Azure AD / Entra ID and Microsoft Defender for Cloud.
  • ​CrowdStrike Falcon (Endpoint Protection).
  • ​Rapid7 InsightVM / IDR (Vulnerability & SIEM).
  • ​Microsoft Purview (Information Protection).
• ​Mandatory Certifications:
  • ​SC-900 (Microsoft Security, Compliance, and Identity Fundamentals).
  • ​SC-400 (Microsoft Information Protection Administrator).
• ​Core Fundamentals: Strong application of networking (TCP/IP, DNS, firewalls, VPNs) in threat analysis and incident investigation.

​Preferred Qualifications

• ​Advanced Certifications: SC-200, SC-300, or AZ-500 (Azure Security Engineer Associate).
• ​Generalist Certifications: CompTIA Security+ or CySA+.
• ​Education: Bachelor’s degree in Cybersecurity, IT, or a related field.

​This is a high-level Senior Individual Contributor role within F5 Labs, the threat intelligence and thought leadership division of F5. This position is unique as it blends traditional threat research (web, API, bot, and DDoS) with a heavy focus on the security implications of Artificial Intelligence. You will be responsible for investigating how attackers use AI, how they target AI systems, and how F5 can leverage AI for defense.

• ​Location: Remote (locations listed include NY, VA, MA, and Toronto, Canada).
• ​Annual Base Pay: $156,800.00 - $235,200.00.
• ​Experience Required: ~10 years in cybersecurity or a closely related field.
• ​Focus: Adversarial ML/AI, LLM-powered applications, web/API threats, and public-facing thought leadership (blogs, podcasts, presentations).
• ​Technical Skillset: Expert Python/Jupyter skills, LLM API prototyping, and deep knowledge of web protocols (HTTP, REST, OAuth).

​Primary Responsibilities: Investigation, Prototyping, and Evangelism

​The role requires a "Full-Stack Researcher" who can find a signal in the noise, build a tool to prove the risk, and write a compelling story about it.

• ​AI Threat Analysis: Investigate and document adversarial ML/AI techniques, such as data poisoning, prompt injection, and model theft.
• ​Tool Building: Create LLM-based applications, prototypes, or datasets using frameworks like Model Context Protocol (MCP) and LangChain to demonstrate AI’s role in security.
• ​Adversarial Research: Analyze malicious traffic and attacker behavior, occasionally probing attacker infrastructure or managing honeypots.
• ​Thought Leadership: Translate complex technical findings into high-impact articles, reports, and visuals for F5 Labs.
• ​Public Representation: Represent F5 via webinars, podcasts, media interviews, and industry conferences (e.g., Black Hat, DEF CON, RSAC).

​Core Skills and Qualifications

​F5 is looking for a self-starter who can own a research project from the initial hypothesis to a viral blog post.

• ​Technical Breadth: Strong grasp of web, cloud, and API protocols (HTTP/S, REST, OAuth, DNS, TLS).
• ​Data Science for Security: Proficiency in Python and Jupyter notebooks; experience with SQL or BigQuery is a plus for analyzing massive telemetry datasets.
• ​AI/LLM Proficiency: Ability to prototype with LLM APIs and frameworks; familiarity with agent-based systems and orchestration.
• ​Communication: Excellent "storytelling with data" skills—the ability to make technical research accessible to a broad audience.
• ​Preferred Experience: Background in Threat Intelligence, Red Teaming, or Application-Layer defenses (WAF, Bot Defense, DDoS).

​Why This Role is Unique

​Unlike standard SOC or Analyst roles, this is a publication-driven position. You are not just defending a perimeter; you are shaping the global conversation on how AI is transforming the threat landscape. You have the autonomy to define your own research projects and build open-source tools that benefit the wider security community.

​This is a full-time, Remote SOC Analyst II role at UST, a large digital transformation firm. Despite the "L2" title in the header, the requirements specifically look for L3-level experience to act as a high-tier escalation point for critical security incidents. The role focuses on deep-dive investigations, analyzing adversary TTPs, and performing proactive threat hunting across global client environments.

• ​Location: Remote (US Market).
• ​Compensation Range: $46,000 – $69,000 (Note: This is unusually low for the required L3 experience level).
• ​Experience Required: Minimum 3+ years of experience as a SOC L3 Analyst working within a Global SOC team.
• ​Focus: High-severity incident escalation, root cause validation, and identifying Advanced Persistent Threats (APTs) that evade automated detection.
• ​Technical Stack: SIEM platforms including QRadar, Sentinel, and Splunk.

​The Opportunity: Advanced Analysis and Risk Mitigation

​The L2/L3 Analyst is responsible for moving beyond basic alert triaging into complex forensic analysis and process improvement.

• ​Escalation & Investigation: Act as the primary escalation point for high and critical severity incidents, determining the potential impact and extent of compromise.
• ​Adversary Analysis: Analyze attack patterns and Tools, Techniques, and Procedures (TTPs) to map out the attack life cycle.
• ​Threat Hunting: Proactively hunt for Indicators of Compromise (IOCs) and signs of APTs using in-depth log analysis.
• ​Remediation Guidance: Provide recommendations for security control policy changes, security hygiene improvements, and vulnerability mitigation.
• ​Process Engineering: Identify gaps in existing security workflows and propose enhancements to incident response methodologies.
• ​Playbook Development: Experience in writing procedures, runbooks, and playbooks to standardize response efforts.

​What You Need: Technical and Professional Requirements

​The ideal candidate must be a "practical problem solver" with a deep background in global security operations and a strong command of enterprise SIEM tools.

• ​Core Experience: 3+ years in a Global SOC environment specifically at an L3 level.
• ​SIEM Expertise: Hands-on experience with major vendors: IBM QRadar, Microsoft Sentinel, and Splunk.
• ​Incident Response: Proven ability to gather evidence, validate root causes, and analyze compromise extent using client-specific security toolsets.
• ​Collaboration: Strong ability to work directly with a customer’s internal IT and security teams to resolve issues.
• ​Professionalism: Maintain high customer satisfaction through proactive and personal service.

​This is a full-time, Fully Remote Cloud Security Analyst role at KnowBe4, a global leader in security awareness training. The position functions as a "first responder" for the cloud ecosystem, focusing on real-time monitoring, incident management, and threat hunting across AWS and Azure environments. This role is highly operational, requiring a blend of defensive monitoring and offensive security thinking.

• ​Location: Fully Remote, United States.
• ​Salary Range: $80,000 - $85,000 (Base pay).
• ​Experience Required: 2+ years of hands-on experience in cloud security, InfoSec operations, or alert monitoring.
• ​Application Deadline: 12/30/2025.
• ​Focus: Triage and response for SIEM/CSPM alerts, incident containment, threat hunting using MITRE ATT&CK, and partnering with engineering for vulnerability remediation.

​What You'll Do: Monitoring, Response, and Alert Engineering

​The Analyst is the primary line of defense, ensuring that cloud alerts are translated into actionable intelligence and resolved through strong engineering principles.

• ​Security Monitoring & Response: Continuously triage alerts from SIEM, CSPM, and CWPP tools to distinguish real threats from noise.
• ​Incident Management: Lead cloud security investigations from initial detection through containment, eradication, and recovery.
• ​Threat Hunting: Proactively search log feeds for emerging attack patterns and perform root cause analysis on vulnerabilities.
• ​Alert Engineering: Build and refine security dashboards and alerts that reduce "alert fatigue" while surfacing critical signals.
• ​Security Validation: Conduct security reviews and penetration testing across cloud infrastructure to identify weaknesses.
• ​Infrastructure as Code (IaC): Partner with engineering to ensure findings are remediated using tools like Terraform or CloudFormation.

​Required Technical Expertise and Qualifications

​KnowBe4 is looking for a "builder" who uses modern tools (including AI) to automate security workflows and possesses a foundational understanding of both defensive and offensive security.

• ​Core Experience: 2+ years in security operations (SOC) or cloud security monitoring.
• ​Technical Domain Knowledge:
  • ​Navigating AWS and/or Azure environments.
  • ​Linux command line and basic scripting.
  • ​Understanding of containers, APIs, and databases.
• ​Builder Mindset: Demonstrated ability to use AI-assisted development to write scripts and automate repetitive tasks.
  • ​Experience with Terraform or CloudFormation is expected.
• ​Offensive Security: Familiarity with the OWASP Top 10 and common penetration testing concepts/tools.
• ​Soft Skills: Strong organizational skills to manage multiple simultaneous investigations and communicate findings to technical and non-technical stakeholders.
• ​Bonus Points:
  • ​Certifications: AWS Security Specialty or Azure Security Engineer.
  • ​Practical experience mapping alerts to the MITRE ATT&CK Framework.
  • ​Degree in Computer Science or InfoSec.

​This is a senior-level Individual Contributor (IC4) role within the Product Development category, reporting to the Chief of Staff to the CISO for Oracle Health & GIUs. This role is designed for a strategic professional who can build a unified performance measurement framework that translates raw technical data into executive-level risk insights.

• ​Location: Nashville, TN; Austin, TX; or Remote - United States.
• ​Salary Range: $97,500 – $199,500 per annum (plus bonus and equity).
• ​Experience Required: 7+ years in cybersecurity, analytics, or data-driven program management.
• ​Clearance: No security clearance required.
• ​Focus: Framework design, KPI standardization, and data normalization across a federated enterprise to support data-driven decision-making.

​Key Responsibilities: Framework Design and Strategic Insights

​The Architect serves as the primary engine for organizational clarity, ensuring that security leaders can track progress and prioritize investments based on validated data.

• ​Metric Framework Development: Design and maintain a unified metrics strategy aligned with strategic priorities and risk reduction.
• ​KPI Standardization: Define standardized KPIs across core security domains including Identity, Vulnerability Management, and Incident Response.
• ​Data Normalization: Partner across teams to source and validate data from various tools, ensuring a "single source of truth" for the enterprise.
• ​Executive Dashboarding: Design reports and dashboards tailored for both technical execution teams and high-level executive audiences.
• ​Data Governance: Establish ownership and quality control processes for data refresh cadences and metric accuracy.
• ​Business Translation: Translate complex technical trends, variance, and correlations into clear business insights for investment planning.

​Required Technical Expertise and Qualifications

​The successful candidate must balance deep analytical skills with a strong understanding of the cybersecurity landscape and enterprise frameworks.

• ​Core Experience: 7+ years in cybersecurity or data analytics. Experience in healthcare or a regulated industry is preferred.
• ​Analytics Proficiency: Strong proficiency in Oracle Analytics is a preferred skill for this role.
• ​Framework Knowledge: Understanding of common security frameworks such as NIST CSF, MITRE ATT&CK, and CIS Controls.
• ​Statistical Literacy: Familiarity with statistical concepts and the ability to interpret trends and correlations in security data.
• ​Communication: Exceptional ability to synthesize technical data into concise, compelling insights for non-technical stakeholders.

​This is a full-time, Fully Remote IT Support Specialist role at Onebrief, an AI-powered workflow software company valued at $1.1B, specializing in solutions for military staffs. This role is a crucial member of the IT department, responsible for providing comprehensive technical support and managing IT operations from onboarding to system maintenance and security.

• ​Location: Remote.
• ​Compensation: $75.6K – $92.4K plus Equity.
• ​Clearance/Citizenship: US Citizenship is required.
• ​Experience Required: Minimum of 1 year of IT work experience in a help desk or IT support role in a startup environment.
• ​Travel: Ability to travel up to 10% of the time.
• ​Focus: Providing Tier 1, 2, and 3 IT support; managing assets (physical/digital); and performing system maintenance for various SaaS platforms (likely including Google Workspace, Slack, macOS, and Windows).

​What You’ll Do: Full-Cycle IT Operations and Support

​The Specialist handles a wide range of responsibilities, acting as the first point of contact while also performing system administration and process documentation.

• ​Frontline Support: Serve as the first point of contact for technical assistance. Liaise with internal users and external vendors to resolve technical issues.
• ​Tiered Support & RCA: Provide tier 1, 2, and 3 IT support, and conduct root cause analysis (RCA) when necessary.
• ​Lifecycle Management: Onboarding and off-boarding of employees, including new user training and managing access to various IT systems and applications. Manage company assets, both physical (laptops) and digital.
• ​System Maintenance & Security: System maintenance of various SaaS platforms. Conduct regular system audits and preventive maintenance. Adhere to and enforce company policies regarding cyber security.
• ​Documentation & Process: Codifying adhoc IT process and writing supporting documentation.

​Required and Desired Qualifications

​The ideal candidate is an ambitious self-starter with a background in fast-paced startup environments and familiarity with standard enterprise tools.

• ​Required Experience: Minimum of 1 year of IT work experience in a help desk or IT support role in a startup environment.
• ​Technical Knowledge: Strong knowledge of computer systems, networks, and commonly used software.
• ​Soft Skills: Excellent communication skills.
• ​Citizenship: US Citizenship required.
• ​Nice to Haves:
  • ​2 years of IT work experience or experience in a system administration role.
  • ​Degree in computer science or an IT certification (e.g., CompTIA A+).
  • ​Experience with macOS, Windows, Google Workspace, Slack, and other SaaS tools.