​This is a Direct Hire role based in Philadelphia, PA. Despite the "Project Manager" title in the header, the description specifies a Director-level scope, requiring a leader who can bridge the gap between high-level strategic vision and hands-on technical execution. You will be the primary architect of the AI roadmap, moving initiatives from the conceptual phase into production-ready, compliant, and scalable AI/ML solutions.

• ​Location: Philadelphia, PA (Direct Hire).
• ​Experience Required: 3+ years specifically managing AI/ML products or technical initiatives.
• ​Core Tech: LLMs, RAG (Retrieval-Augmented Generation), and Agentic AI frameworks.
• ​Compliance Bar: High focus on NIST and SOC-2 standards for AI.
• ​Preferred Ecosystem: AWS AI delivery experience.

​Key Responsibilities: From Strategy to Production

​This role is designed for a technical leader who understands that AI success is measured by ROI and latency, not just innovation.

​AI Roadmap & Technical Delivery

​You will lead the end-to-end execution of the company’s AI roadmap. This involves translating complex business needs into actionable technical requirements, including the development of ML models and "Agentic" capabilities (AI agents that can take autonomous actions).

​Success Metrics & Optimization

​You are responsible for defining and tracking the KPIs that matter for AI production. This includes accuracy (model performance), latency (speed of inference), and ROI (business value). You will ensure that AI solutions aren't just "cool" but are efficient and cost-effective.

​Compliance and Security Governance

​A standout requirement for this role is ensuring that all AI initiatives meet NIST and SOC-2 compliance standards. You will be the gatekeeper for data privacy and security within the AI/ML workflows, ensuring that model training and data handling follow strict regulatory guidelines.

​Cross-Functional Coordination

​You will act as the "connective tissue" between data scientists, software engineers, and non-technical business stakeholders. Your goal is to ensure seamless adoption of AI tools across the organization through clear communication and data-driven decision-making.

​What You Bring: Technical & Leadership Profile

• ​AI Expertise: Deep understanding of LLMs, RAG, and Agentic AI. You should be familiar with how to move a model from a notebook to a production environment.
• ​Regulatory Knowledge: Proven experience navigating SOC-2 and NIST frameworks, specifically in how they apply to data and AI.
• ​Data-Driven Mindset: Strong analytical skills with the ability to justify technical decisions using performance metrics.
• ​Education: Bachelor’s degree in CS, Data Science, or InfoSec.
• ​Agility: The ability to provide "hands-on" leadership in a fast-paced environment where AI standards are constantly evolving.

​Summary of the "Production-Ready" Focus

​Unlike general project management, this role emphasizes AI Engineering Management:

• ​RAG Implementation: Ensuring the accuracy of retrieval systems.
• ​AWS Delivery: Leveraging AWS-specific AI tools (like SageMaker or Bedrock) for deployment.
• ​Agentic Frameworks: Designing AI that doesn't just answer questions but performs tasks.

​This is a full-time, Remote (US) role within UBC’s Safety and Risk Management Department. This position is a specialized blend of high-level project management, financial oversight, and scientific contribution within the pharmaceutical support industry. You will be responsible for the operational success of risk management projects, epidemiologic studies, and registries that enhance the drug development and commercialization lifecycle.

• ​Requisition ID: 6954
• ​Experience Required: Senior-level experience in pharmaceutical, biotech, or CRO environments.
• ​Core Focus: Project management, scientific writing, and business development for safety and risk programs.
• ​Key Frameworks: REMS, EU RMPs, RiskMAPs, and GVP (Good Pharmacovigilance Practices).

​Key Responsibilities: Operations, Science, and Business

​The Senior Project Manager at UBC operates at the intersection of clinical research and regulatory compliance, ensuring that safety-related deliverables are met with precision.

​Project Management & Finance

​You will have direct responsibility for tracking and managing timelines for SERRM projects. This includes quantifying timeliness by tracking planned vs. actual delivery dates, monitoring resource utilization (hours), and collaborating with Finance and Contracts to manage budgets and invoicing based on project milestones.

​Scientific and Regulatory Contribution

​Beyond managing schedules, you will lead the operations for epidemiologic studies and registries. You will participate in the preparation and design of:

• ​RiskMAPs and REMS: Developing Risk Evaluation and Mitigation Strategies for the US market.
• ​EU RMPs: Preparing Risk Management Plans for the European market.
• ​Scientific Documents: Designing protocols, abstracts, manuscripts, and educational materials.
• ​Literature Research: Retrieving and analyzing epidemiology and non-clinical data from PSURs (Periodic Safety Update Reports) and DUS (Drug Utilization Studies).

​Business Development & Process Improvement

​You will act as a bridge between the technical team and the sales organization by supporting the development of service descriptions and budgets for new proposals. Internally, you will drive process improvements and the maintenance of Standard Operating Procedures (SOPs) to ensure the department remains compliant and efficient.

​Desired Skills and Qualifications

​UBC is looking for a detail-oriented leader who can navigate the complexities of scientific terminology and regulatory documentation.

• ​Education: Bachelor’s degree (Scientific or Pharmaceutical degree preferred).
• ​Industry Context: Proven experience within a Clinical Research Organization (CRO) or biotech environment.
• ​Technical Writing: Familiarity with protocol writing and study design; proficiency with medical and scientific terminology is essential.
• ​Project Tools: Advanced knowledge of project management techniques and computer proficiency (specifically for managing complex tables and figures).
• ​Soft Skills: High degree of accuracy, self-motivation, and the ability to thrive in a fast-paced environment where learning different research areas is required.

​This is a Part-Time (20 hours/week), Remote contract role with a duration of 7 months. The position is a blend of technical data management (SQL/Dashboards) and project coordination, sitting within a global technology environment. You will be responsible for the "plumbing" of monetization strategies—ensuring that data pipelines, pricing systems, and product launch checklists are accurate and compliant.

• ​Location: Remote (US).
• ​Pay Range: $23.00 - $26.50 per hour.
• ​Experience Required: 0–2 years (Entry-level to early-career).
• ​Technical Core: SQL querying, database management, and Dashboard maintenance.
• ​Schedule: 20 hours per week (Non-Exempt).

​Key Responsibilities: Data Pipelines & Launch Execution

​This role focuses on the operational excellence required to move a product from a pricing concept to a live commercial system.

​Data Infrastructure & Analysis

​You will develop and maintain SQL data pipeline setup plans specifically for pricing operations. This includes creating and enhancing dashboards (via SharePoint or similar UI platforms) to track operational trends. You aren't just moving data; you are generating actionable insight summaries to help stakeholders understand pricing performance.

​Product Launch & Systems Accuracy

​A major part of the role is Launch Data Validation. Before a product goes live, you will execute checklists to ensure all pricing data is accurate across internal systems. You will prepare "systems update packages" and ensure that monetization strategies are correctly reflected in commercial platforms.

​Project Coordination & Compliance

​You will act as the administrative engine for cross-functional initiatives. This includes maintaining monthly action-item trackers, updating project logs, and preparing review summaries for monthly and quarterly business reviews. You will also be responsible for documenting processes to establish best practices for future workflows.

​Required Technical Proficiency

​AGS is looking for a detail-oriented professional who can handle the technical side of data while managing the soft skills of stakeholder alignment.

• ​SQL Skills: 0–2 years of experience querying pricing or operational databases.
• ​Visual Reporting: Experience maintaining dashboards (SharePoint, UI platforms, etc.).
• ​Quality Assurance: Proven ability to conduct data validation and maintain high levels of accuracy under tight deadlines.
• ​Coordination: Strong written and verbal communication skills for navigating multiple teams and diverse stakeholders.
• ​Organization: Experience with version control, project tracking, and time management in a fast-paced setting.

​Benefits & Employment Details

​Despite being a part-time contract role, this position offers a surprisingly robust benefits package through Allegis Group:

• ​Health: Medical, dental, vision, and hospital plans.
• ​Financial: 401(k) Retirement Plan (Pre-tax and Roth options) and Life Insurance.
• ​Disability: Company-paid short and long-term disability.
• ​Support: Employee Assistance Program and various leave options (Parental, Family Leave, PTO).
• ​AI Disclosure: Allegis notes they may use AI tools to screen and assess applicants based on qualification matching

​This is a full-time role within the Technology category at Bamboo. The position is a dual-function role, requiring the candidate to act as both a Project Manager for business stakeholders and a Scrum Master for development teams. You will oversee the full lifecycle of complex technical initiatives, including SaaS deployments, API integrations, and workflow optimizations.

• ​Category: Technology
• ​Salary: Starting at $135,000 annually (commensurate with skills and experience).
• ​Experience Required: At least 4 years managing technical projects in a high-growth environment.
• ​Core Ecosystem: Heavy reliance on the Atlassian Suite (Jira, Confluence, Advanced Roadmaps).
• ​Focus: Cross-functional collaboration, backlog prioritization, and proactive risk documentation.

​Key Responsibilities: Facilitation and Ownership

​The TPM at Bamboo acts as the "connective tissue" between high-level business goals and technical execution.

​Scrum Master & Agile Facilitation

​You will lead technical project teams through the Agile process, setting Sprint goals and ensuring a regular release schedule. This includes taking ownership of the scrum team, facilitating cross-functional collaboration, and acting as the primary point of contact for stakeholders.

​Project Lifecycle Management

​The role involves managing projects from initiation through completion. You will be responsible for ensuring deliverables are on time, within scope, and meet the satisfaction of all involved parties. A significant emphasis is placed on clear documentation throughout the project lifecycle.

​Stakeholder Communication

​You must be able to translate complex technical concepts into language that non-technical business users can understand. This includes presenting project requirements, status updates, and proactively identifying and documenting risks before they become blockers.

​Tooling & Roadmap Oversight

​TPMs at Bamboo spend the majority of their time within Jira, Confluence, and Advanced Roadmaps. You will be responsible for maintaining these tools to provide a transparent view of the project's health and trajectory.

​Required Skills & Qualifications

• ​Experience: 4+ years in a high-growth tech environment managing SaaS and vendor implementations.
• ​Technical Foundation: A strong understanding of technical concepts (APIs, integrations, cloud infrastructure).
• ​Atlassian Mastery: Expert-level comfort with Jira and Confluence is mandatory.
• ​Organization: Hyper-organized with the ability to prioritize competing tasks with minimal oversight.
• ​Communication: Excellent interpersonal skills with the ability to lead a remote-first team.

​Preferred Requirements

• ​Domain Knowledge: Experience in the Property and Casualty (P&C) Insurance industry.
• ​Advanced Tooling: Jira Administrator experience or certification.
• ​Technical Depth: Previous experience as a Developer or hands-on experience with AWS.
• ​Certification: PMP Certification is a plus.

Why This Role is Unique

​This role offers a high degree of autonomy and "ownership." You aren't just tracking tasks; you are acting as a facilitator for multiple aspects of the business. The starting salary of $135,000 reflects the high level of technical expertise and leadership required to navigate Bamboo's high-growth environment.

​This is a full-time, Remote (US) role at FIRST, a highly-awarded global brand experience agency. The position is designed for an event professional with a background in high-stakes corporate environments, particularly financial services. You will own the end-to-end lifecycle of internal and client-facing events, ranging from C-suite dinners to large-scale hybrid conferences.

• ​Location: Remote, US (Domestic and international travel required for onsite execution).
• ​Salary Range: $90,000 – $120,000 (High-cost states) or $75,000 – $100,000 (All other states).
• ​Experience Required: 8–10+ years in Event Management.
• ​Key Tooling: Expert-level Cvent and Microsoft Excel proficiency.
• ​Core Focus: Full life-cycle planning for virtual, in-person, and hybrid programs.

​Key Responsibilities: Full Life-Cycle Event Execution

​The Senior Project Manager acts as the strategic lead, ensuring that creative solutions and logistical precision meet the client’s brand standards.

​Strategic Planning and Operations

​You will manage every aspect of event operations from the initial briefing to post-event reconciliation. This includes site selection, contract negotiation, and the coordination of logistics such as transportation, hotel accommodations, food and beverage, and gift selection. For hybrid and virtual events, you will manage the selection of appropriate platforms and the creation of detailed timelines.

​Financial and Vendor Management

​A critical component of this role is total financial oversight. You will develop and manage budgets, handle invoice processing, and deliver final financial reporting. You are also responsible for managing complex vendor relationships across A/V, production, and technology teams to ensure all deliverables are met on time and within budget.

​Team Leadership and Mentorship

​Depending on the specific assignment, you may manage and mentor a team of up to 5 direct reports. This involves overseeing workloads, managing vacation coverage to ensure constant client support, and conducting personal development reviews. You will foster a positive team atmosphere while ensuring adherence to the client's risk and compliance guidelines.

​Internal and External Collaboration

​You will work seamlessly with internal partners, including Marketing for digital and print collateral, Production for staging and webcasts, and the Event Technology team for web builds and attendee data management.

​Required Skills and Qualifications

​FIRST is looking for a client-centric professional who can influence senior stakeholders and lead by example.

• ​Corporate Expertise: Significant experience in a corporate environment (Financial Services is a plus), managing C-level executive programs and sponsorships.
• ​Platform Mastery: Advanced experience with Cvent for registration and attendee management.
• ​Communication: Excellent written and oral communication skills, with the ability to adjust to different client work styles and demands.
• ​Industry Knowledge: Active participation in the industry with an extensive network of suppliers, venues, and best practices.
• ​Project Management: Ability to independently manage multiple projects simultaneously in a fast-paced environment.

​This is a full-time, Experienced contract role based in the United States. The position is heavily focused on the modern "Compliance-as-Code" movement, specifically utilizing automation platforms to maintain high-trust standards like SOC 2. It is an ideal role for an analyst who understands the intersection of cloud-native engineering and rigorous regulatory auditing.

• ​Location: Remote (United States).
• ​Employment Type: Contract.
• ​Core Focus: SOC 2 Type I/II, GRC, and Third-Party Audits.
• ​Primary Tooling: Drata and Vanta (Compliance automation).
• ​Frameworks: SOC 2, NIST, ISO 27001.

​Key Responsibilities: Automating Trust

​The Analyst serves as the primary driver for organizational trust, ensuring that security controls are not just designed, but continuously verified through automation.

​SOC 2 & Audit Lifecycle

​You will lead the readiness and ongoing maintenance of SOC 2 Type I and Type II reports. This involves constant evidence collection, control testing, and acting as the central liaison for external auditors during the examination window.

​Compliance Automation (Drata/Vanta)

​A primary task is the administration and optimization of platforms like Drata or Vanta. You will configure these tools to monitor your cloud environment (AWS/Azure/GCP) in real-time, mapping technical configurations to specific compliance controls.

​GRC & Risk Management

​You will support internal GRC functions by conducting risk assessments, managing the policy lifecycle, and implementing control frameworks like NIST or ISO 27001. You'll collaborate with engineering and IT to ensure that security controls are enforceable and integrated into their existing workflows.

​Metrics & Reporting

​You are responsible for monitoring compliance KPIs and preparing executive-level reporting for leadership and the board, demonstrating the health and maturity of the security program.

​Required Qualifications

​The organization is looking for a GRC specialist who is comfortable in a high-growth, technically fluid environment.

• ​Experience: 3+ years in cybersecurity, compliance, or GRC.
• ​Specialization: Hands-on experience with SOC 2 audits and the use of automated compliance platforms (Vanta, Drata, etc.).
• ​Framework Knowledge: Strong grasp of risk management frameworks and the technical implementation of security controls.
• ​Auditor Relations: Proven experience managing external auditors and coordinating the "Pull List" for evidence.
• ​Certifications (Plus): CISA (Certified Information Systems Auditor), CISSP, or CRISC.

​Bonus Points

• ​Environment: Experience in Cloud-native or SaaS environments.
• ​Broad Compliance: Familiarity with HIPAA, GDPR, or ISO 27001.
• ​Culture: Previous experience in a startup or fast-growing tech company where agility is key.

​Why This Role is Unique

​This isn't a "paperwork" compliance job. Because it relies on tools like Vanta and Drata, the role is more about Technical GRC—monitoring APIs, checking cloud configurations, and working with engineers to automate evidence. It moves the needle from "annual audits" to "continuous compliance."

​This is a senior-level, 100% Remote position (requisition INFOR005806) with a salary range of $115,000 to $150,000. The role is highly technical and progressive, focusing on the "build and design" phase of security rather than just policy. The organization is looking for a "hands-on-keyboard" architect who can migrate environments to the cloud, secure network communications, and mentor a growing team of security professionals.

• ​Location: Remote (HQ in Kansas City, MO).
• ​Experience Required: At least 10 years of combined IT/Security experience.
• ​Core Focus: Cloud architecture (AWS/Azure/GCP), Network Security, and Security Standards development.
• ​Technical Bar: Must have at least 3 years of high-impact work, such as full system overhauls or cloud migrations.

​Key Responsibilities: Design, Build, and Educate

​This role functions as a bridge between high-level strategy and technical implementation.

​Cloud Security Architecture

You will be responsible for designing and building secure cloud environments. This includes hands-on work with EC2, Virtual Networks, Direct Connect, and IAM. You aren't just reviewing charts; you are expected to have the "hands-on-keyboard" experience necessary to build these environments from scratch.

​Network & Communication Security

A deep understanding of TCP/IP, Routing, and DNS is essential. You will design the security infrastructure that protects the organization’s networks from breaches, ensuring that data flow remains secure and compliant with internal standards.

​Standards & Compliance

You will develop and manage security standards and best practices for the entire IT system. This involves thinking strategically about the evolving threat landscape and ensuring the organization stays ahead of emerging threats through robust infrastructure.

​Mentorship and Leadership

A unique aspect of this role is the focus on collaborating, educating, and developing other security architects. You will act as a technical lead, elevating the skills of the broader security team.

​Technical Skills and Standout Qualifications

​The preferred qualifications list suggests a "Purple Team" mindset—someone who understands both offensive (Red) and defensive (Blue) tactics.

• ​Cloud Ecosystems: Proficiency in AWS, Azure, and GCP, specifically using Terraform for infrastructure as code (IaC).
• ​Zero Trust & WAF: Experience with Zero Trust tools like Zscaler, Guardicore, or Illumio, and WAF technologies like Akamai or AWS Shield.
• ​Offensive Security: Hands-on experience with penetration testing, vulnerability scanning, and threat modeling.
• ​Coding & Automation: Proficiency in Python, PowerShell, C#, or Shell to develop automation scripts.
• ​Framework Knowledge: Knowledge of NIST CSF, ISO 27001, and regulatory requirements like GDPR, HIPAA, and PCI.
• ​Certifications (Preferred): CISSP, CISM, GCP Professional, CCSK, or OSCP.

​Why This Role is Unique

​This role is a "Progressive Role," meaning the level and specific responsibilities can be adjusted based on the candidate's specific depth of experience. It offers a high degree of autonomy to influence the security posture of a "forward-thinking" team that utilizes Lucid Charts/Visio to map out complex security integrations.

​This is a Remote (US) senior-level role within the Starbucks Cybersecurity Operations Center (CSOC). As a senior "partner" (employee) in this role, you are responsible for more than just monitoring; you are expected to mature defense capabilities at a massive, global scale. You will act as an escalation point and a detection architect, using data analytics and threat intelligence to protect Starbucks' brand and digital ecosystem.

• ​Location: Remote (US) – Headquarters in Seattle, WA.
• ​Pay Range: $112,400 - $211,800 (Bonus Eligible).
• ​Experience Required: 5+ years in IT and 4+ years in Security Operations (SOC).
• ​Core Focus: Rapid triage, custom detection engineering, threat hunting, and cloud security.
• ​Tech Stack: SIEM, EDR, SOAR, WAF, and multi-OS forensics (Windows, Linux, MacOS).

​Key Responsibilities: Detection, Hunting, and Mentorship

​The Senior Engineer focuses on high-level resolution and proactive defense rather than routine alert handling.

​Detection Engineering & MITRE ATT&CK

You will create custom detections aligned with the MITRE ATT&CK Framework. This involves auditing logs to find detection gaps and tuning security tools to minimize false positives, ensuring the team stays focused on legitimate threats.

​Threat Hunting & Analytics

Beyond responding to alerts, you will actively hunt for new threats that automated systems might miss. This requires performing data analytics on telemetry to surface "hidden" activity and reviewing threat intelligence feeds to recommend toolset changes.

​Advanced Investigations & Forensics

You are responsible for in-depth investigations across Windows, Linux, and MacOS hosts. When a critical incident occurs, you lead the triage effort to determine severity and urgency, ensuring rapid containment and resolution.

​Automation & Process Improvement

You will "write stories" for automation engineers to improve the SOAR environment. By providing operational feedback, you help refine SOC playbooks and Standard Operating Procedures (SOPs) to ensure the entire team operates consistently.

​Leadership & Mentorship

As a Senior Individual Contributor, you act as a mentor for junior SOC engineers and serve as a subject matter expert for security tools and compliance (SOX/PCI).

​Required Technical Proficiency

​Starbucks is looking for a self-driven expert with a deep understanding of attacker psychology and modern programming.

• ​Programming: Proficiency in at least one modern language (e.g., Python, PowerShell, C#, Rust, Go).
• ​Security Tools: Hands-on experience with SIEMs, WAFs, IDS/IPS, and Endpoint Detection (EDR).
• ​Forensics & OS: Deep knowledge of modern threats and the ability to investigate various operating systems.
• ​Cloud & Containers: Ability to assess current cloud security postures and propose architectural improvements.
• ​Compliance: Basic understanding of SOX and PCI regulatory requirements.

​Preferred Qualifications

• ​Broad Domain Mastery: Proficiency in multiple pillars such as Forensics, Reverse Engineering, Big Data, or Threat Intel.
• ​Community Contribution: A track record of giving back to the security community through teaching or open-source code.
• ​Certifications: CISSP, GCIH, or SSCP are highly valued but not required.

​This is a full-time, Hybrid role based in Overland Park, KS. Mariner is a high-growth financial services firm (advising on over $560B) that prioritizes an "engineering-minded" approach to security. This role is designed for a technically curious practitioner who wants to work under leadership that understands hands-on workflows and trade-offs. You will be responsible for building, optimizing, and running security platforms in a high-rigor, highly regulated financial environment.

• ​Location: Overland Park, KS (Hybrid).
• ​Experience Required: 3–5 years in information security, IT operations, or engineering.
• ​Core Focus: Platform engineering, identity architecture (Okta), and automation.
• ​Environment: Financial Services; modern architectures with a focus on precision and repeatability.
• ​Culture: Fast-moving, autonomous, and focused on "security by design."

​Key Responsibilities: Engineering and Operational Excellence

​The role balances the technical "run" of security tools with the "build" of new capabilities and automated workflows.

​Platform Engineering and Optimization

You will implement and optimize enterprise-level tooling across detection, identity, cloud, and endpoint technologies. This isn't just monitoring; it’s about engineering the platforms to work more effectively through continuous refinement.

​Deep-Dive Assessments

Conduct hands-on testing of systems, configurations, and architectures. You will provide actionable insights that influence how the broader engineering and business teams make technical decisions.

​Core Security Operations

Support and mature the "bread and butter" of SecOps, including:

• ​Malware Response: Handling remediation and recovery.
• ​Vulnerability Management: Managing patch governance and risk analysis.
• ​SIEM Analysis: Log correlation, trend monitoring, and incident documentation.

​Identity and Automation

A significant portion of the role involves IAM (Identity and Access Management), specifically using Okta to integrate applications and security systems. You will use Python, PowerShell, or Bash to automate response actions and streamline security workflows.

​What You Bring: Technical Profile

​Mariner is looking for an analyst who is ready to step into an engineering mindset, with a high bar for detail and documentation.

• ​Education: Bachelor’s degree in CS, InfoSec, or equivalent experience.
• ​Tooling Knowledge: Familiarity with SIEM, EDR, and Vulnerability Scanners.
• ​Identity Mastery: Hands-on familiarity with Okta or similar IAM solutions.
• ​Framework Fluency: Knowledge of NIST, CIS, and ISO 27001 standards.
• ​Automation Skills: Ability to write scripts (Python, PowerShell, or Bash) to remove manual toil from security processes.
• ​Soft Skills: Exceptional communication skills and the ability to operate with high autonomy in a fast-paced environment.

​Why This Role is Unique

• ​Engineering-First Leadership: Report to leaders who have been hands-on and understand the technical constraints of the job.
• ​Broad Domain Depth: Gain exposure to everything from detection engineering to cloud-native security and identity architecture.
• ​State-of-the-Art Access: Work with advanced automated response tooling and emerging standards in a high-stakes financial context.

​This is a full-time, REMOTE role at Pennymac (NYSE: PFSI), one of the top mortgage lenders in the U.S. This position is heavily focused on the engineering and lifecycle management of security tools. Unlike a pure SOC analyst role, this is an infrastructure-heavy position where you will design, automate, and maintain the platforms that protect the organization’s mortgage data.

• ​Location: 100% Remote.
• ​Salary Range: $75,000 - $130,000.
• ​Focus: Design and deployment of SIEM, EDR, and Vulnerability Management systems.
• ​Tech Core: AWS Cloud, EDR (Crowdstrike), and Email Security (Proofpoint).
• ​Automation Hub: Heavy emphasis on Infrastructure as Code (IaC) and DevSecOps.

​Key Responsibilities: Designing and Automating Defense

​The Engineer is responsible for the "plumbing" of the security organization—ensuring tools are deployed correctly, updated constantly, and integrated seamlessly.

​Core Security Platform Management

You will design, deploy, and maintain the full lifecycle of enterprise security platforms. This includes SIEM for log aggregation, EDR for endpoint protection, and Vulnerability Management systems to identify weaknesses. You are responsible for the entire journey: from evaluation and testing to patching and decommissioning.

​Automation and DevSecOps

A major part of this role is moving away from manual configurations. You will use automation tools to deploy security controls and manage infrastructure. The goal is to integrate security tools directly into CI/CD pipelines to ensure a "secure as you build" environment.

​Email and Cloud Security

You will manage Proofpoint or similar gateways to handle threat detection and DMARC implementation. Additionally, you will provide expertise on integrating security controls into AWS or general cloud environments.

​Operational Compliance

You will be the point of contact for responding to audits, penetration tests, and vulnerability assessments, ensuring the environment remains in compliance with established security policies.

​Required Technical Proficiency

​Pennymac is looking for an engineer who is comfortable writing code to manage infrastructure and has a deep understanding of enterprise-grade security tools.

• ​Security Tools: Practical knowledge of Crowdstrike (EDR), SIEM platforms, Firewalls, DLP, and Identity Platforms.
• ​Automation Tools: Competency in Ansible, Terraform, Chef, or Puppet.
• ​Scripting: Expertise in at least one language, specifically Python, PowerShell, or Perl.
• ​Email Security: Experience with Proofpoint (DMARC, Security Gateway, Threat Detection).
• ​Cloud: Hands-on experience with AWS or similar public cloud providers.
• ​Collaboration: Ability to provide expertise on integrating complex security controls into existing IT environments.

​Why Join Pennymac?

• ​Scale: Support a firm that has helped over 4 million homeowners.
• ​Support: Access to comprehensive medical, 401k match, and tuition reimbursement.
• ​Culture: A remote-first environment with a focus on being "Accountable, Reliable, and Ethical."

​This is a full-time, Remote-First role at Bamboo Health, a leader in Real-Time Care Intelligence. This position is a technical "hybrid" role within the Security Operations (SecOps) team, blending application security, cloud defense, and incident response. You will protect a platform that impacts over 1 billion patient encounters annually, requiring a high degree of focus on HIPAA and HITRUST compliance.

• ​Location: Remote-First (US).
• ​Experience Required: Bachelor’s degree or 5+ years of equivalent professional experience.
• ​Core Focus: Web application penetration testing, vulnerability management, and security automation.
• ​On-Call: Participation in the incident response on-call rotation is required.
• ​Compliance Environment: SOC 2, HIPAA, HITRUST, and ISO 27001.

​Key Responsibilities: Proactive Testing and Reactive Response

​The Engineer serves as a technical partner across the software development lifecycle, ensuring that security is "baked in" rather than bolted on.

​Vulnerability Management and Pentesting

​You will manage infrastructure, container, and API vulnerabilities through Dynamic Application Security Testing (DAST) and manual penetration testing. This includes performing root-cause analysis and threat modeling to prioritize remediation efforts.

​Cloud and Kubernetes Security

​The role involves securing applications hosted in automated Kubernetes platforms and cloud environments (AWS, Azure, or GCP). You will be responsible for ensuring that containerized workloads meet strict security standards.

​DFIR and Detection Engineering

​You will support the Digital Forensics and Incident Response (DFIR) process, including monitoring events, containment of threats, and remediation. A major part of the role is developing automation scripts to streamline these operations and improve detection logic.

​Security Advocacy and SDLC

​Partnering with development teams is essential. You will advocate for secure coding practices and ensure that security checkpoints are integrated into the Software Development Lifecycle (SDLC).

​Required Technical Skills

​Bamboo Health is looking for a versatile engineer who can code, test, and respond to threats with equal proficiency.

• ​Security Testing: Practical experience with DAST tools and manual web application penetration testing.
• ​Operating Systems: Intermediate proficiency with Linux, macOS, and Windows.
• ​Cloud Mastery: Foundational knowledge of cloud platforms and experience securing Kubernetes or containerized environments.
• ​Automation: Intermediate understanding of scripting languages like Python, PowerShell, or Bash.
• ​Compliance Knowledge: Familiarity with healthcare-specific frameworks such as HIPAA and HITRUST.
• ​Communication: Ability to articulate technical risk and business rationale to both engineers and stakeholders.

​The First Year: Roadmap to Success

• ​Months 1–3: Mastery of internal tools; supervised vulnerability scanning; integration into the on-call rotation.
• ​Months 4–6: Independent web application penetration testing; management of the automated phishing training program.
• ​Months 7–12: Leading the system-wide vulnerability management program; implementing security automation to replace manual procedures.

​This is a full-time, 100% Remote role at Peraton supporting the NOAA AWIPS (Advanced Weather Interactive Processing System) program. AWIPS is a critical national infrastructure platform used by the National Weather Service to process weather data and issue life-saving warnings. The role is heavily focused on the Risk Management Framework (RMF) and securing the software development lifecycle within an Agile/SAFe environment.

• ​Location: 100% Remote.
• ​Clearance: Ability to obtain/maintain a Public Trust.
• ​Experience Required: 8+ years with a BS; 6+ years with an MS; or 3+ years with a PhD (4 years of experience can sub for a degree).
• ​Focus: Gaining and maintaining Authorizations to Operate (ATO), DevSecOps strategy, and continuous monitoring.
• ​Frameworks: Strong knowledge of NIST 800-37 (RMF) and NIST 800-53 security controls.

​What You'll Do: Accreditation and Mission Readiness

​You will work at the intersection of systems engineering and federal compliance, ensuring the AWIPS platform remains resilient against evolving threats.

• ​RMF Implementation: Drive the full Risk Management Framework (RMF) lifecycle to gain and maintain system ATOs.
• ​Agile/SAFe Backlog: Work with the Cyber Lead to populate the Agile backlog with technical security tasks and DevSecOps strategies.
• ​Security Documentation: Develop and maintain critical artifacts including POA&Ms (Plan of Action and Milestones), SECONOPS (Security Concepts of Operations), and Standard Operating Procedures (SOPs).
• ​Defense-in-Depth: Conduct security activities using established TTPs (Tactics, Techniques, and Procedures) to secure the platform as it is built.
• ​Stakeholder Collaboration: Liaise with multiple Approving Organizations (AO), software architects, and data scientists to establish enterprise-wide security postures.

​Required Technical Qualifications

​Peraton is looking for a "mission capability integrator" who understands how to bake security into complex, large-scale federal systems.

• ​ATO Lifecycle: Proven experience in the software development lifecycle (SDLC) specifically regarding gaining and maintaining ATOs.
• ​Compliance Mastery: Expert knowledge of NIST processes and the application of security controls.
• ​Operational Security: Experience in Security Incident and Event Management (SIEM) and incident response.
• ​Artifact Management: Hands-on experience creating the technical documentation required for federal audits and authorizations.

​Preferred Qualifications

• ​Certifications: Security+, CISSP, or similar industry-standard credentials.
• ​Active Status: An active/current Public Trust is a significant advantage.

​Why This Role is Unique

​This isn't a typical "corporate" security job; you are protecting the system that enables weather forecasters to protect lives and property across the U.S. It requires a blend of compliance architecture and DevSecOps mindset. You will be working on a "mission of consequence" where system reliability is directly tied to national readiness.

​This is a 12-month contract-to-hire role focused on maturing a healthcare organization's Incident Response (IR) capabilities through advanced automation. As a Principal-level engineer, you will be the primary architect for Palo Alto Cortex XSOAR, responsible for taking manual IR processes and transforming them into automated, end-to-end playbooks.

• ​Location: 100% Remote (Must reside in CA, OR, WA, CO, GA, VA, MD, or DC).
• ​Pay Range: $70/hr - $85/hr.
• ​Experience Required: 7+ years in security engineering with a heavy specialization in SOAR.
• ​Core Tech Stack: Palo Alto Cortex XSOAR, Splunk, Python.
• ​Integrations: CrowdStrike, Proofpoint, Tanium, and Azure.

​What You’ll Do: Orchestration and Incident Response Support

​The mission of this role is to act as the bridge between raw security data and actionable, automated response. You will work directly with the IR team to identify their "pain points" and solve them through code.

• ​Playbook Development: Design, code, and implement complex XSOAR playbooks from scratch. This includes defining the logic for ingestion, enrichment, and automated containment.
• ​IR Optimization: Partner with Incident Response analysts to understand their workflows and improve the efficiency of their tooling.
• ​Enterprise Integration: Build and maintain integrations between XSOAR and the broader security stack, including CrowdStrike (EDR), Tanium (Endpoint), Proofpoint (Email), and Azure (Cloud).
• ​Python Automation: Leverage strong Python coding skills to create custom scripts and integrations that aren't available out-of-the-box.
• ​Data Analysis: Perform extensive analysis on security data to identify trends and opportunities for new automation use cases.

​Required Skills and Experience

​This is a high-level engineering role requiring a candidate who is as comfortable writing code as they are discussing security strategy with IR leads.

• ​SOAR Mastery: 7+ years of experience with a deep focus on Palo Alto Cortex XSOAR (formerly Demisto).
• ​Programming: High proficiency in Python is required; experience with Java or C is also beneficial.
• ​Ecosystem Knowledge: Strong working knowledge of Splunk (SIEM) and how it feeds into a SOAR platform.
• ​Soft Skills: Strong communication skills are essential, as you will be translating analyst needs into technical requirements.

​Key Logistics and Benefits

• ​Residency Requirement: While the role is remote, you must live in one of the following states for tax/employment purposes: CA, OR, WA, CO, GA, VA, MD, or DC.
• ​Contract-to-Hire: This is a 12-month initial term with the intent to convert to a permanent employee.
• ​Comprehensive Benefits: Includes four medical plans, 401(k) with match, HSA/FSA, and paid sick leave.

​This is a full-time, Remote (US) role for the Knights of Columbus, a unique organization that operates as both a Catholic fraternal society and a large-scale financial services provider (insurance and investments). This role is a "full-stack" security position, requiring a candidate who can handle high-level implementation and configuration while managing day-to-day operational defense.

• ​Location: Remote, US (Salary based on Connecticut range).
• ​Compensation: $104,500 – $172,400.
• ​Experience Required: 5+ years of relevant security, networking, or infrastructure engineering experience.
• ​Mission Context: The organization follows Catholic teachings in its investment and benefits strategies; profits support global charity and religious causes.
• ​Focus: Multifaceted security engineering across Office 365, public cloud (Azure/AWS), and on-premises infrastructure.

​Core Responsibilities: Build, Run, and Mentor

​This position bridges the gap between architecture and operations. You aren't just watching a dashboard; you are building the systems that feed it.

• ​System Lifecycle: Lead the implementation, integration, and support of security systems. Perform comprehensive Proof-of-Concepts (PoCs) for new tools.
• ​Active Defense: Monitor environments for intrusions, detect anomalies in network traffic, and perform incident response for alerts and reported events.
• ​Engineering & Documentation: Maintain technical diagrams and operational procedures. Secure Office 365 products and hybrid cloud environments.
• ​Collaboration & Mentorship: Partner with Architects and GRC (Governance, Risk, and Compliance) teams. Provide guidance and mentoring to junior team members.
• ​Advocacy: Educate internal users on security policies and requirements to foster a security-conscious culture.

​Technical Skills and Frameworks

​The ideal candidate needs a broad technical "utility belt" covering everything from perimeter defense to identity-centric security models.

• ​Security Stack: Hands-on experience with Firewalls, WAF, MFA, CASB, NAC, EDR, and SIEM.
• ​Modern Paradigms: Deep understanding of Zero Trust, IAM (Identity & Access Management), and PAM (Privileged Access Management).
• ​Cloud & SaaS: Extensive experience securing Office 365 and public cloud (AWS/Azure) data and systems.
• ​Automation (Bonus): Scripting experience in PowerShell or familiarity with SOAR (Security Orchestration, Automation, and Response) is a major plus but not required.
• ​Governance: Familiarity with industry-standard frameworks: NIST 800-53, NIST CSF, ISO 2700x, and COBIT.

​Required Qualifications

• ​Education: Bachelor’s degree or equivalent professional experience.
• ​Professional Depth: At least 5 years in a dedicated security or high-level networking/infrastructure role.
• ​Certifications (Preferred): While not required, the organization values CISSP, CISM, GSEC, or cloud-specific certs (Azure/AWS Security).

​Why This Role is Unique

​This role sits at the intersection of FinTech security and Non-Profit mission work. You are protecting a $100B+ insurance and investment engine, but the "dividends" of your work support religious and charitable causes. Technically, it is a high-autonomy role where you are expected to be an "author" of documentation and diagrams, not just a consumer of them.

​This is a full-time, Hybrid position at Foxhole Technology, supporting a State-level cybersecurity program in Maryland. The role is primarily focused on governance, risk, and compliance (GRC), specifically conducting maturity assessments and defining security requirements using the newly updated NIST CSF 2.0 framework.

• ​Location: Hybrid – Requires travel within the state of Maryland.
• ​Clearance: None required; must pass a Criminal Background Check.
• ​Experience Required: Minimum five (5) years defining security programs or processes.
• ​Education: BS Degree in a technical field.
• ​Primary Framework: NIST Cybersecurity Framework (CSF) 2.0.

​Key Responsibilities: Maturity and Compliance

​The Engineer will serve as a lead assessor, evaluating how various state organizations protect sensitive information and identifying gaps in their security posture.

• ​Cybersecurity Assessments: Conduct formal assessments to determine an organization’s cybersecurity maturity level.
• ​Policy Development: Define and develop security policies in accordance with NIST guidelines and industry best practices.
• ​Risk & Vulnerability Analysis: Perform risk assessments based on information flow and the sensitivity of data within the organization.
• ​Requirements Definition: Analyze and define technical security requirements for comprehensive information protection.
• ​Stakeholder Presentation: Present formal findings and actionable recommendations to leadership to improve the overall security posture.

​Minimum Requirements and Technical Proficiency

​Foxhole Technology is looking for an experienced practitioner who is deeply familiar with standardized IT security controls and state/federal reporting requirements.

• ​Experience: 5+ years protecting sensitive or classified information at a programmatic level.
• ​Technical Standards: Proficient in generally accepted IT security and control practices (e.g., ISO, COBIT, or similar NIST standards).
• ​NIST Expertise: Specialized knowledge in NIST CSF 2.0 documentation and the practical application of its subcategories and tiers.
• ​Mobility: Must be able to travel to various locations within Maryland as part of the assessment process.

​Why This Role is Unique

​This position is a direct bridge between technical auditing and high-level security strategy. Because it focuses on NIST CSF 2.0—which introduced the "Govern" function—you will be at the forefront of implementing the latest federal standards at a state level. It is an ideal role for an analyst transitioning into a more senior engineering or advisory capacity.