Role Description We are looking for a motivated and skilled Penetration Tester with hands-on experience in Active Directory, Network, and Web Application penetration testing. The ideal candidate should be able to identify security vulnerabilities, misconfigurations, and weaknesses across enterprise environments and provide actionable recommendations to improve the organization's security posture. In addition to traditional penetration testing, the candidate will participate in purple-team exercises, collaborating with defensive teams to simulate real-world attack scenarios and strengthen detection and response capabilities. An interest in SOC operations, monitoring, and threat detection will be considered a strong advantage. Qualifications - Hands-on experience in Active Directory security assessments and penetration testing - Strong knowledge of network penetration testing methodologies - Experience in web application security testing (OWASP Top 10) - Understanding of security configuration reviews and misconfiguration analysis - Experience performing vulnerability validation and risk analysis - Hands-on experience with tools such as: - Nmap - Burp Suite - Metasploit - BloodHound - Impacket - CrackMapExec - Strong understanding of Windows security architecture and AD attack techniques - Knowledge of network protocols, authentication mechanisms, and common attack vectors Requirements - Experience with Purple Team exercises - Exposure to SOC operations, SIEM platforms, or security monitoring - Familiarity with MITRE ATT&CK framework - Scripting knowledge (Python, PowerShell, Bash) - Exposure to cloud security assessments (Azure / AWS) Preferred Certifications (Optional) - PNPT - eCPPT - GPEN / GWAPT Soft Skills - Strong analytical and problem-solving mindset - Ability to clearly communicate technical risks and remediation steps - Good documentation and reporting skills - Ability to collaborate with both offensive and defensive security teams - Strong curiosity and passion for continuous learning in cybersecurity

• Compliance & Audit Leadership: Support the maintenance of our compliance frameworks, specifically ISO 27001 and SOC2 Type II. You will need to be comfortable being a primary point of contact for external auditors. • Client Assurance: Own the end-to-end process for Client Audits and Security RFIs, translating our complex technical controls into clear, professional, and digestible responses for stakeholders. • Cloud Governance: Apply a GRC lens to our cloud environment, ensuring that our AWS infrastructure aligns with best practices (CIS benchmarks) and triage alerts in line with our internal risk appetite. • Incident Management & Triage: Monitor security tools and act as a first-to-second responder for alert triage. You’ll manage the lifecycle of security incidents, from discovery to post-mortem. • Third-Party Risk Management: Conduct thorough due diligence on suppliers, integrations , ensuring our supply chain meets our rigorous security standards. • Risk-Based Decision Making: Conduct risk assessments across the business, providing actionable advice that balances security requirements with operational efficiency. • Security Automation: Identify opportunities to automate manual GRC and SecOps tasks to increase the team's velocity.

Job Description Join one of the nation’s most comprehensive academic medical centers, UChicago Medicine as an Epic MyChart Analyst - Intermediate for the IT Clinical Applications department. This is a remote, work from home opportunity and you may be based outside of the greater Chicagoland area. The MyChart Analyst - Intermediate formulates and defines systems scope and objectives through research and fact-finding combined with an understanding of applicable business applications and industry requirements. With this knowledge, develops, configures, or modifies moderately complex information applications. Includes analysis of business and user needs, documenting requirements, and revising existing logic as necessary. Guides and collaborates with other Application Analysts. Contributes to application analysis and considers the business implication of the application of technology to the current business environment. Essential Job Functions - Evaluate business implications of technology on the current business environment - Analyze business and user needs, formulates and defines application requirement scope and objectives - Document Requirements in the BRD (Business Requirement Document) - Revise existing (problematic) application configuration or builds new application configuration - Unit test configuration and other application set up - Mentor less experienced Application Analysts Required Qualifications - Associate or bachelor’s degree or equivalent training or work experience - Epic MyChart certification is required - Minimum of 2 years of experience with information system software solutions - Working knowledge of multiple software applications, systems analysis/design, Integration/design, or web applications/design - Ability and commitment to meet deadlines and to operate in a fast-paced environment - Capable of working well in a diverse, multi-disciplinary team and successfully interacting with others at all levels of the organization, including remote teams - Beginning skills in documenting and analyzing business processes - General understanding of business, functional, and technical requirements - General understanding of underlying technologies: hardware, networking, applications - Excellent interpersonal, written, and oral communication skills, and effective presentation skills - Experience developing presentations for project work - Ability to plan and facilitate meetings with diverse participants - Ability to maintain a professional attitude and demeanor in both normal and pressure situations - Proven skills in problem solving Position Details - Job Type/FTE: Full Time (1.0 FTE) - Shift: Day - Location: Remote - Unit/Department: IT Clinical Applications - CBA Code: Non-Union Why Join Us We’ve been at the forefront of medicine since 1899. We provide superior healthcare with compassion, always mindful that each patient is a person, an individual. To accomplish this, we need employees with passion, talent and commitment… with patients and with each other. We’re in this together: working to advance medical innovation, serve the health needs of the community, and move our collective knowledge forward. If you’d like to add enriching human life to your profile, UChicago Medicine is for you. Here at the forefront, we’re doing work that really matters. Join us. Bring your passion. UChicago Medicine is growing; discover how you can be a part of this pursuit of excellence at: UChicago Medicine Career Opportunities UChicago Medicine is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, ethnicity, ancestry, sex, sexual orientation, gender identity, marital status, civil union status, parental status, religion, national origin, age, disability, veteran status and other legally protected characteristics. As a condition of employment, all employees are required to complete a pre-employment physical, background check, drug screening, and comply with the flu vaccination requirements prior to hire. Medical and religious exemptions will be considered for flu vaccination consistent with applicable law. Compensation & Benefits Overview UChicago Medicine is committed to transparency in compensation and benefits. The pay range provided reflects the anticipated wage or salary reasonably expected to be offered for the position. The pay range is based on a full-time equivalent (1.0 FTE) and is reflective of current market data, reviewed on an annual basis. Compensation offered at the time of hire will vary based on candidate qualifications and experience and organizational considerations, such as internal equity. Pay ranges for employees subject to Collective Bargaining Agreements are negotiated by the medical center and their respective union. Review the full complement of benefit options for eligible roles at Benefits - UChicago Medicine.

An inclusive work environment is an empowering one. At Cutover, we lead with empathy and enable others to succeed through curiosity, kindness, and self-expression. Location: US, remote (CST or EST time zone), willing to travel to New York office for audits as required We regret that we are unable to provide work visa sponsorship at this time. Cutover provides enterprise technology operations teams with an AI-powered SaaS solution that automates and streamlines complex processes with intelligent runbooks. The Cutover solution enables teams to respond to incidents quickly, recover from IT outages, and manage cloud migrations with precision and efficiency. Cutover is used in many of the world's largest financial institutions to support their critical technology operations, including 5 out of the top 6 largest asset managers and 3 out of the top 5 US banks. What does this role mean to us? We are looking for a versatile, proactive mid-Level Security Analyst to join our lean but high-impact security team. This “generalist” role offers a 360-degree view of Information Security and is designed for someone who thrives on variety—one day you’ll be leading a SOC 2 audit, and the next you’ll be triaging a security alert or refining our AWS security posture. As a key member of a small team, you won’t just be following a playbook; you’ll be writing it. You will have significant autonomy and the power to influence our global security strategy directly. What will you be doing as our Information Security Analyst? - Compliance & Audit Leadership: Support the maintenance of our compliance frameworks, specifically ISO 27001 and SOC2 Type II. You will need to be comfortable being a primary point of contact for external auditors. - Client Assurance: Own the end-to-end process for Client Audits and Security RFIs, translating our complex technical controls into clear, professional, and digestible responses for stakeholders. - Cloud Governance: Apply a GRC lens to our cloud environment, ensuring that our AWS infrastructure aligns with best practices (CIS benchmarks) and triage alerts in line with our internal risk appetite. - Incident Management & Triage: Monitor security tools and act as a first-to-second responder for alert triage. You’ll manage the lifecycle of security incidents, from discovery to post-mortem. - Third-Party Risk Management: Conduct thorough due diligence on suppliers, integrations , ensuring our supply chain meets our rigorous security standards. - Risk-Based Decision Making: Conduct risk assessments across the business, providing actionable advice that balances security requirements with operational efficiency. - Security Automation: Identify opportunities to automate manual GRC and SecOps tasks to increase the team's velocity. What we’d like you to bring to the table… - 3-5 years experience in Information Security, with a proven track record in a ‘full stack’ security or GRC role - Experience triaging alerts (CSPM/SIEM/EDR), incident management and a foundational understanding of cloud native security tools - You enjoy creating processes where none exist and can move from "problem identified" to "solution implemented" independently. - You’ve led SOC2 or ISO27001 audits and know how to manage evidence collection, auditor expectations and communicate to stakeholders effectively. - Relevant certifications are a plus (CISA, CISSP), but we value functional experience and the ability to apply security principles to real-world business problems above all else. The good stuff… - We're excited to offer Share Options as part of our compensation package. - 20 days of PTO per year + public holidays, and we want you to take all of them! - 3 volunteer days to use for any charitable/voluntary cause you would like. - A top-tier private health insurance package. - 401k contribution plan - Work from home stipends - A personal learning and development budget through Learnerbly. You’ll be supported in your quest for knowledge, whatever that looks like to you. - If you’re thinking of starting or growing your family, then you’ll be in great company - more than half of our team are parents and we’ve built a globally consistent parental leave approach that we’re proud of. - Employee Referral Scheme. - Safeguarding the mental health of our teams is paramount for us. If you’d like to, then you’ll be able to avail yourself of multiple Cutover mental health initiatives, from fully subsidized therapy sessions to subscriptions to leading wellbeing platforms. Target compensation package: $145,000-155,000 base salary + stock options + benefits The final offer may vary from the target compensation package, taking into consideration factors such as your experience level and skill set. If we aren't aligned on salary at this stage, we’d still love to hear from you to better understand if there are more suitable opportunities at Cutover. Diversity Statement - Empowering Our Teams We encourage our team to bring their authentic selves to work, which we have found has strengthened workplace relationships and fostered a genuine sense of community. If you are excited by this role, we invite you to apply! Even if your profile doesn’t check all the boxes, please don't simply scroll past! We recognize that talent lies everywhere and that some demographic groups are more likely to apply for a "stretch role" than others. We are always open to different perspectives and professional backgrounds to keep Cutover's culture evolving and to ensure that we never stop learning. Cutover is an Equal Opportunity Employer. Maintaining an equitable hiring process is imperative to our mission. All applicants are considered without regard to race, ethnicity, national origin, religion, sex, gender identity, sexual orientation, age, mental or physical disability, marital status, protected veteran or parental status. Learn more about Life at Cutover, our Guiding Principles, and our latest news on Twitter and LinkedIn