​This is a full-time, fully remote Operations Analyst role at Oddball, a company focused on bringing quality software to the federal space. The analyst will support the COO and Program Managers across day-to-day business operations, with a strong focus on federal compliance, internal process scaling, and project-level financial support.

• ​Location: Fully Remote (United States).
• ​Wage Range: $75,000 – $100,000 USD.
• ​Education: Bachelor’s Degree.
• ​Focus: Developing SOPs, ensuring compliance with ISO/CMMI standards, managing risk, supporting project financials (invoicing, budgeting, burn-rate), and assisting with operational audits.
• ​Clearance Requirement: Certain roles may require U.S. citizenship and the ability to obtain a federal background investigation/security clearance.

​What You'll Be Doing: Compliance, Process, and Financial Support

​The analyst is a critical contributor to maintaining operational excellence and ensuring the business functions smoothly as it grows.

• ​Operational Process & Scaling: Develop and maintain internal operational processes, documenting SOPs and templates, and helping scale internal processes.
• ​Compliance & Audits: Ensure compliance with ISO/CMMI standards (preferred), support QASP compliance, contract transitions, and operational audits.
• ​Risk Management: Manage risk tracking, including maintaining risk logs and tracking mitigations.
• ​Financial Support: Assist with project-level financial activities, including budgeting, invoicing, burn-rate reviews, and reporting.
• ​Documentation & Reporting: Maintain operational systems and documentation repositories, prepare deliverables and executive reports, and provide day-to-day support across business operations.
• ​Unanet (Preferred): Knowledge of or willingness to learn Unanet (timekeeping administration, reporting, and basic financial inputs).
• ​Leadership Potential: Potential to lead smaller task orders or project efforts as needed.

​Required and Preferred Skills

​The role demands a proactive approach, strong organization, and familiarity with federal contracting practices.

• ​Required Approach: A proactive, self-starting approach with the ability to manage tasks independently and operate with minimal supervision.
• ​Core Skills: Strong organizational skills, attention to detail, strong written/verbal communication.
• ​Process Experience: Experience developing, documenting, and improving operational processes and procedures.
• ​Preferred Experience:
  • ​Familiarity with ISO 9001, CMMI, or similar quality management frameworks.
  • ​Experience supporting project financials (invoicing, budgeting, forecasting).
  • ​Experience in or exposure to federal government contracting, including contract compliance requirements.
  • ​Knowledge of risk management (maintaining risk logs).

​This is a full-time, remote Senior Data Analyst role at Calendly, focused on the Reporting Analytics function within the centralized Analytics team. The core responsibility is to design and deliver the company's "source of truth" reporting, powering executive decision-making and performance management by developing high-quality, consistent, and accurate dashboards and metric definitions.

• ​Location: Remote (Salary Tier determined by remote work location).
• ​Salary Hiring Range (Tier 1): $173,026.68 - $203,560.80 USD
• ​Experience: 6+ years of hands-on analytics and reporting experience in SaaS, technology, or high-growth environments.
• ​Focus: Metric standardization, dashboard design and maintenance (using Hex), owning the semantic layer (dbt), and supporting executive-level business reviews (WBD, MBR, Board materials).

​Key Responsibilities: Source of Truth and Metric Governance

​The analyst serves as a critical contributor in scaling Calendly's reporting ecosystem and ensuring organizational alignment.

• ​Executive Reporting: Design, build, and maintain official reporting dashboards in Hex that serve as inputs to the Weekly Business Digest (WBD), Monthly Business Review (MBR), Board materials, and company-wide performance dashboards.
• ​Metric Governance: Define, document, and uphold the gold standard of metric definitions across Calendly, ensuring consistency and trust in all official reporting.
• ​Data Foundation: Own and evolve the semantic layer within the data warehouse, creating the foundation for reliable, scalable, and self-serve analytics.
• ​Accuracy & Reliability: Ensure reporting accuracy and reliability, validating metrics and collaborating with Data Engineering to resolve data quality issues.
• ​Automation: Automate manual workflows to increase reporting speed, efficiency, and scalability.
• ​Cross-Functional Partnership: Collaborate closely with Finance, Sales, CX, Product, and Operations to deliver consistent, actionable insights, and support occasional deep-dive analyses.

​Required and Preferred Qualifications

​The role requires high proficiency in modern data tools and a deep understanding of the SaaS business model.

• ​Required Technical Proficiency:
  • ​Highly proficient in SQL.
  • ​Experienced working with modern data warehouses (BigQuery preferred) and transformation tools (dbt).
  • ​Expertise using Hex for building dashboards, reporting packages, and manual analysis.
• ​Core Skills: Experience defining semantic layers or centralized metric frameworks.
• ​Communication: Strong communication and data storytelling skills—able to make complex metrics and trends easy to understand for executives.
• ​Preferred Qualifications:
  • ​Strong understanding of SaaS and recurring revenue metrics (ARR, retention, funnel conversion, ACV).
  • ​Experience with scripting languages (Python/R) for analysis or automation.
  • ​Familiarity with data governance, KPI frameworks, and metric standardization.

​This is a full-time, 100% remote Senior Data Analyst role at Misfits Market, an e-grocer focused on sustainability. This position serves as the company's go-to expert on experimental design and causal inference. The analyst will drive the experimentation culture by designing, evaluating, and interpreting A/B tests across Product and Marketing, while also managing stakeholder dashboards and mentoring junior analysts.

• ​Location: 100% Remote Work.
• ​Salary Range: $120,000 - $135,000 annually.
• ​Experience/Education: Master's degree (Data Science, Statistics, or related) with 3+ years of experience, OR Bachelor's degree with 5+ years of experience.
• ​Focus: A/B testing, causal inference, advanced SQL, statistical programming (Python/R), and building internal frameworks using dbt (data build tool).

​Key Responsibilities: Experimentation and Infrastructure

​The role balances advanced statistical work, technical data modeling, and team mentorship.

• ​Own Experimentation Analytics: Design, monitor, and interpret A/B and multivariate tests across Product and Marketing.
• ​Business Translation: Translate experimental results into clear, actionable business recommendations.
• ​Develop Frameworks: Build dbt models and dashboards that automate experiment tracking, power statistical analyses, and improve result interpretability.
• ​Mentorship: Mentor analysts on best practices for causal inference, power analysis, metric selection, and communicating uncertainty.
• ​Improve Data Infrastructure: Maintain and improve dbt models, metrics definitions, and self-serve data assets.
• ​Advanced Analytics: Identify opportunities to move from descriptive to predictive analytics and from ad-hoc to self-serve reporting.

​Required Skills and Expertise

​The position requires deep analytical and technical skills, coupled with strong communication ability.

• ​Statistical Expertise: Deep understanding of experiment design, causal inference, and statistical testing.
• ​Programming (Mandatory):
  • ​Expert-level SQL skills (comfortable writing complex queries and optimizing for performance).
  • ​Proficiency with Python or R for statistical analysis.
• ​Data Tools:
  • ​Experience with dbt and data modeling best practices.
  • ​Experience with visualization tools (Mode, Tableau, PowerBI, etc).
• ​Soft Skills: Strong communication skills for gathering user stories and translating data insights to stakeholders of varying technical knowledge.
• ​Industry Preference: Prior experience in e-commerce or lifecycle marketing is a plus.

​This is a remote Data Analyst role at EQT, a major natural gas producer. The position focuses heavily on business intelligence (BI) and data visualization, requiring strong technical skills in SQL, Power BI (including DAX and RLS), and programming languages like R or Python to create custom, data-rich dashboards and products.

• ​Location: Remote (Excluding CA, CT, DE, IL, IN, LA, MA, MI, NJ, NY, and TN).
• ​Experience (Minimum): 1+ years of experience in SQL & T-SQL Procedures, Power BI, and other BI tools (Spotfire, Tableau).
• ​Education: Bachelor's Degree in Computer Science, Data Science, Engineering, or a closely related field.
• ​Focus: Dashboard creation, data mining/cleaning, custom BI product development using scripting, and implementing robust data security measures (Row-Level Security).

​Key Responsibilities: BI Development and Data Management

​The analyst is responsible for the full lifecycle of data visualization, from cleaning and preparation to secure deployment.

• ​Dashboard Creation: Creating data-rich dashboards with the ability to drill down data and visualize it through charts, reports, or dashboards in the best possible way.
• ​Power BI Specialization: Writing Power BI DAX expressions and implementing Row-level Security (RLS).
• ​Custom BI Development: Developing custom BI products with scripting and programming languages such as R, Python, etc.
• ​Data Preparation: Performing data mining, cleaning, and munging (processing raw data).
• ​Architecture: Working with data warehousing and business intelligence platforms.

​Required and Preferred Skills

​The role mandates specific technical proficiency in data querying and visualization tools.

• ​Required Technical Skills:
  • ​Minimum 1+ years of experience in SQL & T-SQL Procedures.
  • ​Minimum 1+ years of experience with Power BI and other BI tools (e.g., Spotfire, Tableau).
• ​Preferred Skills:
  • ​Ability to communicate with business as well as technical teams.
  • ​Strong analytical and problem-solving mindset and approach.
  • ​Experience with documenting, designing, and modeling solutions.
  • ​Ability to learn oil & gas operations.
  • ​Commitment to continuous improvement regarding best practices in development and design.

​This is a full-time Information Security Engineer role focused on maintaining and enhancing the corporate Information Security program. The position is critical for integrating regulatory compliance (e.g., PCI, GLBA) into the security roadmap, performing risk assessments, conducting incident response, and ensuring both application and infrastructure security conform to industry best practices and external audit requirements.

• ​Location: Remote, but local to the Temecula, CA office.
• ​Compensation: $96,000 to $120,000 annually, plus a 10% AIP (Annual Incentive Plan) opportunity.
• ​Experience: 5+ years of related IT experience, with 2+ years in an Information Security engineering role.
• ​Education: Bachelor's degree in a related field is required.
• ​Focus: Application security tool implementation, regulatory compliance (PCI, GLBA), incident investigation, and security auditing of IT operational controls.

​Essential Functions: Program Development, Incident, and Audit

​The engineer is a security generalist with a strong emphasis on compliance and hands-on operational security.

• ​Security Program & Compliance: Assist with the development, implementation, and administration of security policies, standards, and procedures. Assist in integrating regulatory compliance requirements (PCI, GLBA) into the security roadmap and ensure compliance with all external audit requirements.
• ​Application Security: Assist in the identification, evaluation, and implementation of industry leading application security tools and techniques.
• ​Risk & Testing: Perform risk assessments and execute system tests to ensure proper functioning of data processing and security measures. Perform periodic internal IT security audit functions on IT operational controls (e.g., system access controls, firewall rule reviews).
• ​Incident Response: Perform security incident investigations, including chain of custody, containment, root cause analysis, and identification of preventive measures. Define and assist in the management of an Incident Response Team and its escalation procedures.
• ​Operational Security: Coordinate with IT Operations to ensure endpoints and network devices conform to security standards. Plan, coordinate, and implement security measures to regulate access to computer data files.
• ​e-Discovery: Perform information systems evidence gathering to support e-discovery requests.

​Required Knowledge and Preferred Experience

​The role requires foundational security knowledge and experience in regulated industries.

• ​Required Skills:
  • ​Significant knowledge of security-oriented regulatory requirements and compliance.
  • ​Excellent familiarity with IT security principles and practices including firewalling, hardening, data loss prevention, threat prevention, and identity management.
  • ​Ability to provide technical guidance to less experienced team members.
• ​Preferred Experience:
  • ​3+ years of experience in a regulated IT environment including some combination of SOX, HIPAA, GLBA, or PCI.
  • ​Knowledge of the mortgage industry is helpful.
• ​Preferred Certifications:
  • ​Security class certifications strongly preferred.
  • ​CISSP license preferred.
  • ​Azure certifications preferred.

​This is a remote Technology Risk Analyst role focused on independently assessing and managing technology risks associated with third-party vendors and service providers. As a key member of the Digital Technology Risk Assurance team, this role drives the organization's overall risk posture by conducting comprehensive evaluations, identifying vulnerabilities, and ensuring continuous compliance within third-party relationships.

• ​Location: Remote, United States.
• ​Experience (Required): 2–4 years in technology risk, cybersecurity, audit, compliance, or third-party risk management.
• ​Focus: Performing vendor risk assessments, due diligence, ongoing monitoring, and aligning all practices with major industry standards (NIST, ISO 27001).
• ​Work Style: Proactive individual capable of tackling complex challenges with minimal guidance.

​Essential Functions: Vendor Lifecycle and Compliance

​The Analyst is responsible for the full lifecycle of technology risk assessment across third-party engagements.

• ​Vendor Evaluation: Conduct in-depth evaluations of third-party vendors, encompassing their financial stability, operational performance, and adherence to regulatory compliance requirements.
• ​Risk Identification and Mitigation: Proactively identify potential technology risks and vulnerabilities within third-party relationships, then develop and implement effective mitigation strategies and plans.
• ​Continuous Monitoring: Implement and maintain continuous monitoring of third-party performance and compliance through regular audits, reviews, and performance assessments.
• ​Cross-Functional Collaboration: Foster strong relationships with internal teams (procurement, legal, IT, and compliance) to ensure a unified approach to third-party risk management (TPRM).
• ​Alignment: Ensure all TPRM practices are meticulously aligned with established industry standards (NIST, ISO 27001), regulatory requirements, and organizational goals.
• ​Documentation: Maintain thorough, accurate, and up-to-date records pertaining to all TPRM processes and activities.

​Required and Preferred Qualifications

​The role requires foundational experience in risk frameworks and strong analytical skills.

• ​Required Experience:
  • ​2–4 years in relevant fields (technology risk, cybersecurity, audit, compliance, or TPRM).
  • ​Experience performing vendor risk assessments, due diligence, and ongoing monitoring.
  • ​Working knowledge of risk frameworks (e.g., NIST, ISO 27001).
• ​Preferred Experience:
  • ​3+ years of third-party risk management experience, including process or framework improvement.
  • ​Understanding of IT and cybersecurity concepts (cloud, network, application security).
  • ​Experience automating TPRM workflows or using GRC platforms (e.g., ServiceNow).
  • ​Experience managing the full vendor risk lifecycle (onboarding through offboarding).
• ​Certifications (Preferred): Professional certifications such as CISA, CISM, CRISC, CISSP, CTPRA, or similar.

​This is a remote Security Compliance Analyst role at Three Sisters Federal, supporting the IHS (Indian Health Service) enterprise cybersecurity and compliance operations within the federal government contracting sector. This position is vital for implementing Zero Trust architecture, conducting vulnerability management, and ensuring adherence to federal security frameworks through monitoring, evaluation, and documentation.

• ​Location: Remote.
• ​Experience: Minimum 7 years of information security or compliance experience.
• ​Education: Bachelor's degree in Cybersecurity, Computer Science, or related field.
• ​Certification (Required): Security+ CE certification is required; CISSP or CISM is preferred.
• ​Focus: Operating CDM tools (BigFix, Symantec, Palo Alto Prisma), managing vulnerabilities, RMF documentation (SSPs, Risk Assessments), and supporting audits based on FISMA and RMF standards.

​Key Responsibilities: Operations and Compliance

​The Analyst ensures the technical compliance and operational security health of critical IT systems for IHS.

• ​CDM Tool Operation: Operate and maintain CDM security tools such as BigFix, Symantec, and Palo Alto Prisma.
• ​Vulnerability Management: Conduct vulnerability scanning, analysis, and remediation tracking.
• ​RMF & Documentation: Develop and maintain System Security Plans (SSPs), risk assessments, and monitoring reports.
• ​Compliance & Audit: Support audit responses and continuous compliance activities, ensuring adherence to federal security frameworks and the implementation of Zero Trust architecture.
• ​Security Standards: Ensure systems comply with DISA STIGs, RMF, and FISMA reporting requirements.

​Qualifications and Desired Skills

​The role mandates experience with federal IT security regulations and specific security tools.

• ​Required Certifications: Security+ CE is required; CISSP or CISM is preferred.
• ​Federal Frameworks: Experience with DISA STIGs, RMF (Risk Management Framework), and FISMA reporting.
• ​Desired Tools & Concepts:
  • ​Vulnerability Management (e.g., BigFix, SCAP).
  • ​SIEM/Monitoring (Splunk).
  • ​Cloud/Network Security (Palo Alto Prisma).
  • ​Compliance/Risk (RMF, NIST 800-53, Continuous Monitoring).
  • ​Architecture (Zero Trust).

​This is a full-time, 100% remote Cybersecurity Engineer role responsible for the comprehensive design, development, and integration of secure architectures for Military OneSource environments. The engineer ensures strict compliance with DoD and federal security frameworks, with a strong emphasis on AWS GovCloud and the Risk Management Framework (RMF) process.

• ​Location: Remote (United States).
• ​Clearance: Active Secret clearance is required.
• ​Certification (Required): DoD 8570 certification at IAT Level III or IAM Level III (e.g., CASP+ CE, CISSP, CISM, CCSP).
• ​Experience: Bachelor’s Degree and a minimum of five years of experience.
• ​Focus: Designing secure AWS GovCloud architectures (IL4/IL5), implementing AWS-native security services, managing RMF artifacts (SSPs, POA&Ms), and ensuring compliance with DoD SRG, FedRAMP, and NIST 800-53.

​Responsibilities & Expertise: Architecture, Compliance, and Cloud Security

​The engineer acts as a core security architect, ensuring functional and compliant operation across hybrid cloud infrastructures.

​Cloud Architecture & Implementation

• ​Design & Development: Develop and design secure and functional system architectures for on-premises and cloud environments, focusing on AWS GovCloud and FedRAMP-authorized services.
• ​AWS Security Services: Implement and manage native AWS security services: Security Hub, GuardDuty, Inspector, CloudTrail, CloudWatch, Macie, Config, and IAM Access Analyzer to detect, monitor, and remediate risks.
• ​Cryptography: Manage cryptographic key generation and lifecycle operations within AWS KMS and other approved key management systems, ensuring FIPS 140-3 encryption compliance.
• ​Detection: Design and oversee intrusion detection and prevention architectures, leveraging AWS-native and DoD-approved tools (ACAS, HBSS, IDS/IPS).

​Compliance & Documentation

• ​RMF & FedRAMP: Ensure full compliance with DoD Instruction 8510.01 (RMF for DoD IT), FedRAMP Moderate/High, and NIST SP 800-53 Rev 5 baselines.
• ​Assessments: Conduct comprehensive system security, vulnerability, and Privacy Impact Assessments (PIAs). Evaluate inherited and shared controls from cloud service providers.
• ​Artifacts: Produce and maintain technical documentation, including RMF artifacts, SSPs (System Security Plans), SARs, POA&Ms, and PIAs.
• ​Continuous Monitoring (ConMon): Support ConMon activities through integration of ACAS scan results, AWS security alerts, and event-driven reporting.
• ​Privacy Standards: Research and apply privacy standards, including HIPAA and the Privacy Act of 1974.
• ​Zero Trust: Direct installation and configuration of security solutions, ensuring compliance with Zero Trust principles.

​Required Qualifications

• ​Clearance & Citizenship: Active Secret clearance and U.S. Citizenship are mandatory.
• ​Certification: DoD 8570 certification at IAT Level III or IAM Level III (e.g., CISSP, CISM).
• ​Experience: Proven experience designing and implementing secure AWS architectures compliant with FedRAMP and DoD SRG IL4/IL5 requirements.
• ​Technical Tools: Demonstrated expertise using AWS security services (listed above). Proficiency in vulnerability management and continuous monitoring tools (ACAS, Nessus, Splunk).
• ​Frameworks: Strong working knowledge of FedRAMP, NIST SP 800-53 Rev 5, DoD Cloud Computing SRG, and RMF processes.
• ​Communication: Excellent communication and technical writing skills for preparing compliance documentation.

​This is a full-time Information Security Engineer role at Akerman, a premier law firm, seeking a technically adept professional to thrive at the intersection of security engineering, governance, and client assurance. The ideal candidate will lead and maintain the organization’s ISO 27001 and SOC 2 Type II programs, manage client security audits, and automate processes using AI-powered GRC platforms.

• ​Location: Miami, FL, USA.
• ​Experience: 7+ years of experience in Information Security Engineering, Risk Management, or Compliance.
• ​Core Focus: Implementing and maintaining ISO 27001 ISMS and SOC 2 Type II (Security, Availability, Confidentiality principles), managing client audit responses, and performing vendor risk management.
• ​Tools: Proficiency with AI-powered GRC automation platforms (e.g., Archer, Drata, Vanta).

​Key Responsibilities: Governance, Assurance, and Engineering

​The engineer drives compliance programs, manages assurance activities with clients and vendors, and supports security operations.

• ​Compliance Leadership: Lead and maintain the organization’s ISO 27001 Information Security Management System (ISMS) and SOC 2 Type II programs, ensuring continuous compliance.
• ​Audit Response: Coordinate and respond to client security audits and vendor security assessments, ensuring timely and accurate delivery of evidence. Work closely with internal teams (Legal, HR, IT) to track remediation.
• ​GRC Automation: Use AI-powered GRC tools (Drata, Vanta, Archer) to automate control monitoring, risk assessments, and compliance reporting.
• ​Policy & Standards: Develop and maintain security policies, procedures, and technical hardening standards mapped to ISO 27001 Annex A, NIST CSF, and CIS Controls.
• ​Vendor Risk: Participate in third-party vendor reviews, performing due diligence and tracking remediation activities.
• ​Security Support: Support cloud and on-premises security posture improvement across AWS, Azure, and/or GCP environments, and support the full incident response process.

​Desired Qualifications and Framework Knowledge

​The role requires extensive experience with major regulatory frameworks and security assurance processes.

• ​Required Experience: Hands-on experience implementing or maintaining ISO 27001 and SOC 2 Type II. Proven experience responding to client security questionnaires and conducting vendor security assessments.
• ​Framework Expertise: Deep understanding of security frameworks: ISO 27001, NIST CSF, SOC 2, CIS Controls, and GDPR/CCPA principles.
• ​System Knowledge: Strong understanding of SIEM, EDR, vulnerability management, and access control systems.
• ​Preferred Certifications (Any Combination): CISSP, CISA, CRISC, CCSP, OSCP, GCIH.

​This is a remote Penetration Testing Analyst role on the Global Services team, focused on helping clients improve their security posture by performing comprehensive technical testing and delivering tactical reports. The role is heavily focused on hands-on attacking, high-quality report writing, and client communication, including assisting Managed Services teams with triage and incident response.

• ​Location: Remote, United States.
• ​Experience: 3+ years in an active technical security role, with previous technical security consulting experience preferred.
• ​Education/Certification: Bachelor's degree (Computer Science or related) or equivalent experience. Certifications like GPEN, CPTS, or OSCP are required.
• ​Focus: Performing internal/external network penetration testing, web application and API testing, social engineering, developing executive briefings, and translating complex technical concepts for non-security personnel.

​Primary Responsibilities: Hacking, Reporting, and Client Delivery

​The analyst's duties span from hands-on exploitation to crucial client-facing reporting and communication.

• ​Technical Testing: Perform technical testing against a variety of targets, including:
  • ​Network penetration testing (internal, external, and wireless).
  • ​Web application and API testing.
  • ​Social engineering (on-premise and electronic).
• ​Advanced Hacking: Enjoy attacking networks and hacking custom protocols implemented in embedded devices.
• ​Reporting & Quality: Consistently produce high-quality reports, perform peer-review of colleagues' work, and help develop Executive Briefings.
• ​Client Communication: Deliver timely reports to clients and external stakeholders, and be capable of translating technical concepts to non-security personnel.
• ​Managed Services Support: Work with various Managed Services teams to deliver day-to-day tactical reports, triage alerts, address customer needs, and assist with incident response handling and communication.

​Required Skills and Expertise

​The role demands a strong foundation in offensive security tools, network protocols, and multiple programming languages.

• ​Penetration Testing Knowledge: Strong knowledge of modern penetration testing tools and methods.
• ​Security Concepts: Strong knowledge of network, web-based application, and IEEE 802.11 security concepts.
• ​Operating Systems: Knowledge of Windows/Linux/UNIX internals and the Internet protocol suite.
• ​Programming Languages: Experience using interpreted languages (Ruby, Python, PHP, etc.) and knowledge of compiled languages (Java, C, C++, Assembly, etc.).
• ​Consulting: Previous technical security consulting experience.

​This is a senior-level, remote Senior Cybersecurity Engineer role at Healthfirst, specifically focusing on Security Awareness. This engineer will be responsible for developing and running the enterprise-wide security awareness program, ensuring it meets healthcare regulations and standards, and actively works to mitigate the top human risks by changing employee behavior.

• ​Location: Remote, New York.
• ​Hiring Range (GNY Area): $134,600 - $194,480.
• ​Hiring Range (Other Approved Locations): $119,600 - $177,905.
• ​Focus: Developing comprehensive security awareness campaigns, identifying top human risks, changing user behavior, ensuring regulatory compliance, and applying IT/Security Engineering expertise to the awareness discipline.
• ​Experience: Management/leadership experience in instructional design and having substantially expanded an enterprise security program for a large organization ($5B+ annual revenue).

​Responsibilities: Program Development and Risk Mitigation

​The role requires a blend of technical security knowledge, instructional design, and strategic leadership to influence behavior across the enterprise.

• ​Program Development: Develop learning and awareness programs to cultivate a culture of security awareness.
• ​Behavior Change: Identify the top human risks to Healthfirst and the specific behaviors that need to be changed to mitigate that risk. Develop and maintain a program that supports changing these risky behaviors.
• ​Compliance: Ensure the security awareness program meets industry regulations, standards, and compliance requirements (e.g., HIPAA in healthcare), and clearly communicates security policies.
• ​Liaison: Work closely with leadership across the organization to understand security challenges and tailor training to meet business and compliance requirements.
• ​Technical Integration: Continuously monitor the vulnerability of the enterprise and develop engineering solutions to improve security, applying expertise in IT Infrastructure and Application Development.

​Required and Preferred Qualifications

​The position mandates both technical security understanding and direct experience leading large-scale organizational programs.

• ​Education: BS Degree in Computer Science, Information Technology, or Cyber Security (or related field).
• ​Leadership Experience (Mandatory): Management and leadership responsibility, experience in instructional design, and having built or substantially expanded an enterprise security program for an organization larger than $5B annual revenue.
• ​Core Security Understanding: In-depth understanding of cybersecurity concepts and principles, and the ability to mitigate identified human risks.
• ​Program Development: Ability to develop comprehensive security awareness campaigns and form complex security messages in a simple, clear, and concise manner.
• ​Preferred Tools: Knowledge of KnowBe4 and Living Security (security awareness platforms).
• ​Preferred Experience: Project management experience, IT engineering or Security Engineering experience, and basic experience giving security training to non-security personnel.

​This is an advanced level, remote, contract-to-hire Cybersecurity Engineer role focused on system and network security. The engineer will be a top-level contributor and expert in security operations, incident response, and forensic analysis. This position requires deep technical knowledge in networking, Linux/Windows administration, advanced scripting, and malware analysis, preferably within banking, government, or healthcare sectors.

• ​Location: York, Pennsylvania (Remote Friendly).
• ​Work Type: Contract To Hire (3 months duration to start).
• ​Experience: 5+ years of IT experience with 3+ years of enterprise information system security experience is required.
• ​Education: Associate's Degree Required; Bachelor's Degree preferred.
• ​Certification: CISSP, ISSA, CCSP or related security certification(s) Upon Hire Required.
• ​Focus: Continuous monitoring program, incident response management (forensics, containment), security system deployment (Check Point, Anti-virus, DLP, etc.), and developing architectural/functional specifications.

​Duties & Responsibilities: Incident, Monitoring, and Design

​The engineer is responsible for high-level operations, security architecture, and complex threat analysis.

• ​Security Operations & Monitoring: Make enhancements to existing monitoring and security operations, and contribute to a continuous monitoring program framework. Monitor information systems and maintain security controls to ensure regulatory compliance.
• ​Deployment & Integration: Participate in the deployment and operation of information security systems, including integration, testing, troubleshooting, and updating/upgrading of various security tools (Anti-virus, IPS, malware detection, DLP, Identity and access management, encryption tools).
• ​Incident Response: Key participant/operator in incident response activities, including reporting, enterprise coordination, isolation, containment, eradication, and recovery. Provides forensic analysis for incidents. Participates in tactical efforts to stem attacks.
• ​Threat Analysis: Provides advanced expertise around the analysis of malware, suspicious emails, and writes protection signatures.
• ​Documentation & Reporting: Develops and maintains various daily reports for audit review (security and change management). Responsible for writing the architectural and functional specifications related to security and data flows.
• ​Support: Provides advanced technical support and consultation on complex projects. Provides after hours, on-call support as needed.

​Required Knowledge and Skills

​The role mandates advanced knowledge in core infrastructure and offensive/defensive security.

• ​Core Security Expertise:
  • ​Advanced awareness and understanding of cybersecurity trends and hacking techniques.
  • ​Advanced knowledge of malware analysis and writing protection signatures.
• ​Networking & OS:
  • ​Advanced knowledge of common application-level protocols (SMTP, SSH, HTTPS, FTP) and network fundamentals (routing, switching).
  • ​Advanced understanding of Linux and/or Windows administration.
  • ​Advanced scripting knowledge (Bash, VBScript, Perl, PHP, etc.).
• ​Domain (Preferred): Prior experience in banking, government, or healthcare security procedures, specifically with a network and/or security engineering focus.

​This is a full-time, remote Cybersecurity Engineer role at BECU, a large financial institution, focused on protecting their digital ecosystem by developing security requirements and architecting secure solutions across cloud, mobile, and on-premises environments. The engineer will implement and manage cutting-edge security tools, drive policy evolution, and ensure robust security controls are deployed across all platforms.

• ​Location: Remote (Must reside in one of the approved states: WA, OR, ID, AZ, TX, GA, SC, NC, CA, or VA). Hybrid requirement for Washington State residents near Tukwila HQ (Tuesdays & Wednesdays).
• ​Pay Range (Target): $114,300.00 - $139,700.00 annually.
• ​Minimum Experience: Five years of progressively responsible experience in cyber security, security engineering, network engineering, computer incident response, systems architecture, or digital platform security (cloud).
• ​Focus: Security tool management, policy and standards development, root cause analysis for security tooling issues, and securing cloud/mobile/on-prem platforms.

​Impact & What You'll Do: Engineering, Policy, and Response

​The engineer is a key defender responsible for the execution and continuous improvement of security services.

• ​Tool Management: Implement and manage cutting-edge cybersecurity tools and services, ensuring smooth and effective protection of the environment.
• ​Policy & Standards: Help evolve BECU's security policies, standards, and guidelines to stay ahead of emerging threats and technology trends.
• ​Secure Implementation: Drive the implementation of security controls and requirements across all compute and storage platforms, utilizing a digital-first approach across cloud, mobile, and on-prem environments.
• ​Problem Solving: Perform root cause analysis for security tooling issues and ensure timely resolution to maintain system integrity.
• ​Monitoring & Response: Run proactive monitoring, alerting, and escalation for cybersecurity events, acting as a key player in the defensive strategy.
• ​Collaboration: Work closely with IT and business teams to integrate cybersecurity solutions and develop clear, actionable documentation.

​Qualifications and Preferred Certifications (Text Rewrite)

​Minimum Qualifications Required:

• ​Bachelor’s degree in Information Security, Computer Science, or equivalent education or work experience.
• ​Minimum five years of progressively responsible experience in cyber security, security engineering, network engineering, computer incident response, systems architecture, digital platform security (cloud), or related fields.

​Desired Qualifications and Preferred Skills:

• ​Active CISSP, CISM, or equivalent certification is preferred.
• ​Additional cloud certifications such as CCSK or CCSP are preferred.
• ​Proven experience in assessing and articulating risk using data-driven, fact-based methods to all different audiences and leadership levels.
• ​Demonstrated proficiency in verbal and written communication for conveying technical concepts clearly and accurately.
• ​The role requires the willingness to be on camera for all customer and internal meetings.

​This is a 100% Remote Cyber Security Engineer role, internally titled "Product Security Leader PSR," at GE Healthcare's Caption Health SBU, which focuses on AI-assisted ultrasound clinical applications. This role is a senior-level position dedicated to integrating security into every phase of the product lifecycle (Security by Design) in a highly regulated healthcare environment, ensuring compliance with standards like HIPAA and HITRUST.

• ​Location: Remote, United States.
• ​Experience: 5–8 years of experience in application/product security.
• ​Focus: Threat Modeling, Vulnerability Management, Security by Design, Incident Response, and maintaining strict compliance documentation for healthcare technology products.
• ​Compliance Standards: HIPAA, HITRUST, SOC 2, ISO 27001.

​Essential Responsibilities: Security Lifecycle Management

​The leader is responsible for embedding robust security practices from product conception through release and maintenance.

• ​Security by Design: Partner with product and engineering teams to integrate security into architecture, design, and development processes.
• ​Risk Assessment: Conduct threat modeling, security reviews, and risk assessments for new and existing products.
• ​Compliance & Documentation: Deliver product release security documents and document cybersecurity status and processes in accordance with regulations. Ensure products meet internal and external compliance requirements (HIPAA, HITRUST, SOC 2, ISO 27001).
• ​Vulnerability Management: Identify, triage, and drive remediation of vulnerabilities in applications and infrastructure.
• ​Incident Response: Support product-related security incidents and coordinate resolution.
• ​Awareness: Educate developers and product managers on secure development practices and emerging threats.

​Required and Preferred Qualifications

​The role requires a strong background in software security engineering, with a preference for healthcare domain experience.

• ​Required Experience: 5–8 years in application/product security, with a strong understanding of secure software development.
• ​Technical Proficiency: Proficiency in threat modeling and vulnerability management. Experience in security/network/system administration/development.
• ​Cloud & Containers: Familiarity with cloud platforms (AWS, Azure, GCP) and container security (Docker, Kubernetes).
• ​Preferred Domain Expertise:
  • ​Experience working in or with healthcare technology companies or digital health platforms.
  • ​Deep understanding of HIPAA, HITECH, and 21 CFR Part 11 compliance requirements.
  • ​Knowledge of PHI/PII protection and data residency concerns.
  • ​Exposure to HITRUST CSF or similar frameworks.
• ​Certifications (Plus): OSCP, CISSP, CSSLP.

​This is a full-time, remote Information Security Compliance Analyst role at Bonterra, a technology company dedicated to the social good industry. The analyst will be the primary resource for executing the company's annual Service Organization Controls (SOC) reporting and will be heavily involved in vendor risk management and enterprise-wide security programs.

• ​Location: Remote, United States.
• ​US Base Salary Range: $75,000 - $100,000.
• ​Experience: 6+ years' experience performing risk and compliance activities (or less experience with a relevant degree).
• ​Focus: Leading SOC reporting initiatives, performing technical risk assessments of third-party suppliers, maintaining vendor registers, and assisting with security awareness and training programs.

​Job Responsibilities: Audit, Risk, and Program Management

​The analyst is central to maintaining Bonterra's compliance posture and managing third-party risk.

• ​SOC Reporting Lead: Perform as the primary in executing the annual Service Organization Controls (SOC) reporting initiatives across several Bonterra products.
• ​Audit Coordination: Work closely with control owners and internal/external auditors to ensure requests are completed efficiently as part of the overall project management process.
• ​Vendor Risk Management (VRM): Perform technical risk assessments of third-party suppliers' security and privacy controls. Maintain a register of relevant suppliers, controls, and risks for ongoing VRM activities.
• ​Program Support: Assist in maintaining the overall security awareness, role-based security training, and phishing simulation programs across the enterprise.
• ​Incident Response: Responsible for creating the playbook for reporting of high-risk events that involve compliance, risk, and information security.
• ​Internal Audits: Assist in conducting user activity audits where required.

​Required Qualifications and Certifications

​The role requires strong organizational skills, proven project management capability, and preferred certifications in the risk and compliance domain.

• ​Experience: 6+ years' experience performing risk and compliance activities (or relevant degree with less experience).
• ​Management Skills: Project management experience, experience managing multiple priorities independently, and excellent organizational, planning, and time management skills.
• ​Analytical Skills: Excellent research and analytical skills.
• ​Communication: Excellent verbal and written communication skills, with the ability to exercise good judgment when dealing with senior management.
• ​Software Proficiency: Proficient with technology and ability to learn software systems, including GRC, ticketing, and project management software and workflows.
• ​Preferred Certifications: Information systems security professional certifications preferred (e.g., CRISC, CISA, CISSP, CISM, GSEC, GCFA, GCTI, CCSP, or other relevant certifications).