This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Staff Security Engineer L6 (SOC) serves as a senior technical leader for advancing Inovalon's detection, response, and automation capabilities across the enterprise, cloud, and SaaS environments. As a subject matter expert in Security Operations, SIEM, SOAR, and security engineering, the engineer provides deep technical expertise in security monitoring, incident response, threat detection engineering, and automation to strengthen Inovalon's overall security posture. The Staff Security Engineer L6 is expected to remain current on emerging threats, adversary tactics, cloud and identity risks, and evolving security operations technologies. Working closely with SOC analysts, engineering, IT, and cloud teams, this position drives proactive security operations by implementing scalable monitoring, automation, and response capabilities that improve visibility, reduce manual effort, and accelerate containment of threats. The Staff Security Engineer L6 also contributes to continuous improvement of SOC processes, metrics, and tooling to ensure alignment with enterprise risk management, compliance obligations, and operational excellence. Duties and Responsibilities - Lead the strategic implementation of security standards in alignment with security policies. - Provide technical expertise and direction for the selection and implementation of a diverse suite of product security controls and countermeasures. - Provide technical leadership to recommend appropriate information security frameworks, requirements, direction, and system recommendations. - Stay abreast of security best practices and technologies, and foster the growth of team members by providing training, guidance, and mentoring. - Design, develop, and maintain SOAR playbooks and automated response workflows to improve detection, triage, and containment across endpoint, network, identity, and cloud environments. - Integrate and optimize SIEM, EDR, vulnerability management, identity, and ticketing platforms (e.g., Rapid7, CrowdStrike, ServiceNow, Azure, email security) to enable end-to-end automated incident response. - Engineer and tune security detections, enrichment pipelines, and correlation logic to reduce false positives and improve MTTD/MTTR through automation and orchestration. - Develop and maintain automation scripts and APIs to support SOC operations, including automated containment (isolate host, disable account, block IP/domain), enrichment (threat intel, asset context), and reporting. - Build and maintain SOC automation use cases such as phishing response, suspicious login triage, malware containment, vulnerability prioritization, and insider-risk monitoring. - Collaborate with SOC analysts, threat hunters, and engineering teams to identify manual processes and convert them into automated workflows, increasing SOC efficiency and consistency. - Maintain and optimize SOAR platform health, integrations, and playbook performance, including version control, documentation, and continuous improvement lifecycle. - Create and deliver automation metrics and dashboards (automation coverage, time saved, incident response time reduction, false-positive reduction) for SOC leadership and executive reporting. - Work with leadership, customers, and stakeholders in both IT and Information Security to develop requirements based on a changing threat landscape and new digital capabilities. - Build security into product delivery pipeline (DevSecOps) using scripting. - Perform architecture reviews, identify security risks, recommend, and implement mitigations. - Research, recommend, and implement effective security controls for cloud-native services. - Discover and implement untapped functionality from security tools and services. - Work autonomously and proactively seek out opportunities to build security capabilities across our platforms. - Automate security throughout the development lifecycle (DevSecOps) by enabling security tools, technologies, and best practices for agile development. - Document security and compliance issues. - Present findings to clients, including technical teams and executive leadership, providing clear explanations of vulnerabilities, the potential impact on the business, and recommended mitigation strategies. - Adhere to all confidentiality, HIPAA, regulatory, and other such policies, procedures, and requirements as outlined within Employer’s Operating Policies and Procedures in all ways and at all times with respect to any aspect of the data handled or services rendered in the scope of work. - Maintain compliance with Inovalon’s policies, procedures, and mission statement, and fulfill those responsibilities and/or duties that may be reasonably provided by Inovalon for the purpose of achieving operational and financial success. Qualifications - A minimum of years of experience in software and security engineering. - 5+ years of experience in one of these programming languages such as JavaScript, Python, Golang, and PowerShell. - 5+ years’ experience in building security test automation utilities (security as code) and environments. - 5+ years’ experience with cloud native technologies (Azure, AWS, GCP) and secure configurations. - 3+ years’ experience in security system administration (installation, configuration, upgrade, and support). - 3+ years of experience in application security architecture and risk assessments. - Experience with OWASP TOP 10, NIST CSF, and MITRE ATT&CK frameworks. - One or more of the certifications: CISSP, CEH, OSCP. - Preferred: AWS Cloud certifications. - Cloud Security and Governance, Risk, and Compliance GRC, Thick Client Thin Client VAPT Knowledge/Hands on about DevSecOps/DevOps Knowledgeable about Data Protection. Education - Required: Bachelor of Science in an engineering or technical discipline. - Preferred: Bachelor of Science in a cybersecurity discipline or a master's in an engineering or technical discipline with cybersecurity coursework. Physical Demands and Work Environment - Sedentary work (i.e., sitting for long periods of time). - Frequently or constantly to lift, carry, push, pull, or otherwise move objects and repetitive motions. - Subject to inside environmental conditions. - Travel for this position will include less than 5% locally, usually for training purposes. Benefits - Inovalon offers a competitive salary and benefits package. - In addition to the base compensation, this position may be eligible for performance-based incentives. - The actual base pay offered may vary depending on multiple factors including, but not limited to, job-related knowledge/skills, experience, business needs, geographical location, and internal equity. - Inovalon invests in associates to help them stay healthy, save for long-term financial goals, and manage the demands of work and personal commitments. - Benefits package may include health insurance, life insurance, company-paid disability, 401k, 18+ days of paid time off, and more. Base Compensation Range $151,800 — $185,000 USD Equal Opportunity Employer Inovalon is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

Job DetailsLevel: ExperiencedJob Location: REMOTE (United States) - Remote, VA 22211Position Type: Full TimeEducation Level: Bachelor's DegreeTravel Percentage: Occasionally Job Shift: DayJob Category: Professional ServicesBMA is seeking a Cybersecurity Engineer to support the DLA Cybersecurity Web/App Vulnerability Management Support Services program. This is a fully remote position and contingent on contract award. Job Summary BMA is seeking a Cybersecurity Engineer (CE) to support our DLA Cybersecurity Web/App Vulnerability Management Support Services contract. The CE provides advanced cybersecurity (CS) engineering support for the Cybersecurity Web/Application Vulnerability Management Branch supporting DLA’s J6 Information Operations (IO) Directorate. The CE supports the assessment, analysis, and remediation of CS vulnerabilities across DLA enterprise IT, Cloud, and Operational Technology (OT) environments. The CE performs CS engineering and vulnerability analysis activities to ensure the confidentiality, integrity, and availability of DLA information systems (IS). The role focuses on evaluating system architectures, identifying security weaknesses, conducting CS assessments, and recommending risk-based mitigation strategies to improve the overall CS posture of DLA systems. The CE supports the evaluation of CS compliance with federal and DoD policies and provides technical expertise in system design, security engineering, vulnerability analysis, and CS architecture reviews. The CE works closely with Program Managers (PMs), Information System Security Managers (ISSMs), system administrators (SA), network engineers (NE), and Authorizing Officials (AOs) to ensure CS controls are properly implemented and maintained throughout the system lifecycle. Key responsibilities include CS engineering and system security design. Provide CS engineering support for the planning, design, development, testing, and integration of DLA information systems. Analyze system architectures and infrastructure to identify CS risks and recommend improvements to system security design. Integrate CS engineering principles into enterprise IT, cloud environments, and OT systems. Support secure system architecture development and CS engineering documentation. Conduct vulnerability assessment and risk analysis. Conduct CS vulnerability assessments across DLA IT, Cloud, and OT environments. Evaluate system configurations and architectures to identify potential vulnerabilities and security weaknesses. Perform risk assessments to determine the likelihood and impact of identified CS threats. Develop mitigation strategies and technical recommendations to reduce system risk and improve CS posture. Provide information assurance engineering support. Perform analysis of existing and emerging information systems to evaluate compliance with DoD and federal CS policies. Conduct CS assessments and security test and evaluation activities to validate compliance with CS standards. Support CS engineering reviews for both classified and unclassified information systems. Provide technical analysis of proposed CS policies and assess their impact on system architectures and security operations. Conduct CS compliance and security control validation. Evaluate compliance of DLA systems with CS policies, standards, and regulatory requirements. Identify areas of non-compliance and recommend remediation actions. Support implementation of security controls aligned with enterprise CS architecture. Assist with development and maintenance of CS standards, guides, and implementation documentation. Provide CS documentation and reporting. Develop CS engineering documentation including risk assessment reports, architecture assessments, and security engineering analyses. Produce implementation documentation and technical reports supporting CS engineering efforts. Document vulnerability findings and recommended mitigation strategies. Provide status updates and technical reports supporting project activities and CS operations. Perform OT security engineering. Evaluate CS risks associated with DLA OT environments including industrial control systems and facility-related control systems. Assess OT system architecture, network configurations, and system interfaces for potential vulnerabilities. Provide CS engineering recommendations for OT system protection and risk mitigation. Clearance Requirement There is a Secret security clearance requirement for this role at time of proposal submission. Required Skills & Certifications DoD Approved Baseline Certification (DoD 8570/8140) Information Assurance Management (IAM) Level III such as ISACA Certified Information Security Manager (CISM), ISC2 Certified Information Systems Security Professional (CISSP), EC-Council Certified Chief Information Security Officer (C-CISO), or GIAC / SANS GIAC Security Leadership Certification (GSLC). DoD 8570/8140 Information Assurance System Architecture and Engineering (IASAE) Level III such as the ISC2 Certified Information Systems Security Professional – Information Systems Security Architecture Professional (CISSP-ISSAP). Computing Environment (CE) Certification: one or more of the following Microsoft Certified Solutions Associate (MCSA) or Expert (MCSE), Cisco Certified Network Associate (CCNA), Microsoft Azure Security Technologies, Amazon Certified Security, or other relevant computing environment certification. 10+ years of relevant information technology experience supporting cybersecurity or information assurance programs. 5+ years of Operational Technology (OT) cybersecurity experience. Demonstrated experience performing cybersecurity engineering activities including system security design, vulnerability assessment, and risk analysis. Experience supporting cybersecurity compliance assessments within large enterprise IT environments. Strong analytical and problem-solving skills related to cybersecurity engineering challenges. Experience working with enterprise IT infrastructure, network security, and cloud-based systems. Experience with STIG compliance cycles, vulnerability management, and POA&M governance. Strong technical writing skills producing RMF artifacts, policy/procedure documents, and audit-ready evidence packages. Strong facilitation skills for IPTs/WG sessions and cross-functional coordination. Desired Skills & Certifications TS with SCI eligibility. Experience supporting DoD or DLA program offices. Experience supporting DoD or DLA environments. BS or BA in Information Technology, Cybersecurity, Computer Science, Engineering, Business Administration, or a related field. Project Management certification required, such as Project Management Professional (PMP) or equivalent recognized project management certification. One or more of the following DoD-Approved CSSP Analyst Certifications: EC-Council Certified Ethical Hacker, EC-Council CSA Certified SOC Analyst, CompTIA Cybersecurity Analyst (CySA+), GIAC or SANS GCIA GIAC Certified Intrusion Analyst, or GIAC or SANS GCIH GIAC Certified Incident Handler. Current Risk Management Professional certification such as one or more of the following: PMP-RMP, ISACA Certified in Risk and Information Systems Control (CRISC), ISACA Certified Information Systems Auditor (CISA), ISACA Certified Information Security Manager (CISM), ISC2 Certified in Governance, Risk and Compliance (CGRC), or Risk and Insurance Management Society Certified Risk Management Professional (RIMS-CRMP). Other Duties Able to travel within a week's notice. This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. Overview BMA is an employee-owned small business headquartered in Huntsville, AL that provides superior customer service by empowering all levels of our staff to make timely decisions to produce high-quality results. BMA fosters an environment of passion, precision, and dedication in order to fulfill our commitments to our partners, government, and country. Benefits We believe that our employees well-being is paramount to our success so our benefits package has been crafted with that in mind. We offer multiple healthcare coverage options to include low deductible, high deductible, and plans eligible for our Health Savings Account (HSA) option. Along with medical coverage, employees have dental, vision, accident & illness, short- and long-term disability all available to them. BMA proudly maintains a 401(k) plan with an industry leading 6% match that can include profit sharing based on company performance. Lastly, being an employee-owned company means that BMA offers a 100% Employee Stock Ownership Plan (ESOP), providing eligible employees the opportunity to earn stock in BMA, subject to plan eligibility and vesting requirements. AAP & EEO Statement Beshenich Muir & Associates, LLC (BMA) is an Equal opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, religious creed, gender, sexual orientation, gender identity, gender expression, transgender, pregnancy, marital status, national origin, ancestry, citizenship status, age, disability, protected Veteran Status, genetics or any other characteristics protected by applicable Federal, State, or Local Law. Qualifications

Overview The Security Engineer - IAM role plays a crucial part in IT security, by ensuring that the right individuals have appropriate access to technology resources. They manage and maintain the IAM infrastructure, monitor user access activities, and implement policies to safeguard sensitive information. The Security Engineer - IAM collaborates with other departments to design, configure, and support secure access systems, ensuring compliance with regulatory requirements. Their role involves continuously evaluating and improving security measures to protect against unauthorized access and potential data breaches. Responsibilities - Design, implement, and maintain IAM solutions across on‑prem and cloud environments (AWS, Entra ID, Okta). - Administer lifecycle provisioning/deprovisioning and access changes. - Develop IAM policies, standards, and governance documentation. - Configure and support MFA, SSO, and federation services (SAML, ADFS, OAuth) - Integrate and manage privileged/service accounts through PAM platforms. - Conduct access audits and compliance reporting (HIPAA, HITRUST). - Automate IAM workflows using PowerShell/Python. - Monitor IAM logs and access patterns for anomalies. - Participate in identity-related incident response. - Partner across IT and Cloud teams to enforce least privilege and RBAC. - Support IAM portions of disaster recovery and business continuity. - Complete all responsibilities as outlined in the annual performance review and/or goal setting. - Complete all special projects and other duties as assigned. - Must be able to perform duties with or without reasonable accommodation. This job description is intended to describe the general nature and level of work being performed and is not to be construed as an exhaustive list of responsibilities, duties and skills required. This job description does not constitute an employment agreement and is subject to change as the needs of Cotiviti and requirements of the job change. Qualifications - Bachelor’s degree in technology discipline or equivalent professional experience. - 2+ years of experience in Identity and Access Management or related security roles. - Relevant IAM certifications preferred (CISSP, CISM, CIAM). - Experience with AWS IAM, Entra Active Directory, Active Directory (Group Policy), and Okta. - Strong understanding of IAM concepts, principles, frameworks, and compliance requirements. - Expertise in federation technologies (ADFS, SAML, OAuth), SSO, and MFA. - Experience with PAM design and service account integration (Delinea, CyberArk, BeyondTrust). - Ability to manage IAM policies, permissions, RBAC, and least privilege. - Proficiency in PowerShell and Python automation. - Experience conducting access audits and compliance reporting (HIPAA, HITRUST). - Strong troubleshooting and problem‑solving skills. - Excellent communication and collaboration abilities. - Experience with IAM DR/BCP planning. Cognitive/Mental Requirements: - Communicating with others to exchange information. - Problem-solving and thinking critically. - Completing tasks independently. - Interpreting data - Making timely decisions in the context of a workflow. - Maintaining focus. - Assessing the accuracy, neatness and thoroughness of the work assigned. - Learning new tasks and completing tasks in situations that have a speed or productivity quota. - Remembering and adhering to processes and protocols. - Applying established protocols in a timely manner. Working Conditions and Physical Requirements: - Remaining in a stationary position, often standing or sitting for prolonged periods. - Communicating with others to exchange information. - Repeating motions that may include the wrists, hands, and/or fingers. - Assessing accuracy, neatness, and thoroughness of work. - Must be able to provide a dedicated, secure work area. - Must be able to provide high-speed internet access/connectivity and office setup and maintenance. - No adverse environmental conditions are expected. Base compensation ranges from $90,000 to $120,000 per year. Specific offers are determined by various factors, such as experience, education, skills, certifications, and other business needs. Cotiviti offers team members a competitive benefits package to address a wide range of personal and family needs, including medical, dental, vision, disability, and life insurance coverage, 401(k) savings plans, paid family leave, 9 paid holidays per year, and 17-27 days of Paid Time Off (PTO) per year, depending on specific level and length of service with Cotiviti. For information about our benefits package, please refer to our Careers page. Date of Posting: 2/3/2026 We anticipate that the application window will close on 4/3/2026, but the application window may change depending on the volume of applications received or close immediately if a qualified candidate is selected. #LI-REMOTE #LI-AK1 #senior

Position Title: InfoSec Engineer (Access & Permissions Mgmt.) Department: IT Information Security Job Description: OU Health is hiring an Information Security Engineer for IT, Architecture and InfoSec Network security team. This role will be responsible for implementing and maintaining security solutions, and requires using common IT Cyber and InfoSec tools to diagnose problems and work with related teams to remediate. This position also assists in strategic planning, integration of security functions, and continuous improvement of security solutions. The role also actively participates in strategic planning and provides 24x7 on-call support with other members of the security engineering staff. Finally, this position will be heavily involved with the engineering of Privileged Access Management solutions NOTE: This position may only be performed remotely from Arkansas, Kansas, Missouri, Oklahoma, and Texas. Please only apply if you live and work full-time in one of the USA states listed above, or plan to relocate to one of these states before starting your employment with OU Health. State locations and specifics are subject to change as our hiring requirements shift. ​This position may be filled as an Information Security Engineer I, II, or III depending on individual qualifications including education, experience, and/or certifications. Essential Responsibilities Responsibilities listed in this section are core to the position. Inability to perform these responsibilities with or without an accommodation may result in disqualification from the position. - Deploy, implement, document, and maintain security solutions. - Resolve security engineering-related tickets in ServiceNow, ensuring timely resolution and adherence to SLAs. - Develop and maintain comprehensive process documentation. - Provide knowledge, coordination, and communication for security engineering projects. - Identify and implement opportunities for process improvement and automation within the security engineering framework. - Support the building of technology operational models and workflows for the business. - Collaborate with IT teams and business units to ensure proper access controls and integration with other systems. - Provide vendor management, service level definition, and management for security engineering technologies. - Provide feedback on business case proposals, analysis of technologies, and project plans. - Assist in security awareness training related to engineering. - Support strategic contingency planning from a security perspective. - Participate in regular business meetings and workshops to ensure knowledge transfer. - Provide 24x7 on-call support based on security engineering staff rotation. - Adhere to and support OU Health IT standards, policies, and procedures. - Maintain and protect confidentiality regarding all aspects of patient care and employee information. General Responsibilities - Performs other duties as assigned. Minimum Qualifications Education Requirements: Bachelor’s Degree required. Experience Requirements: - 0-3 years of experience in Security Engineering required. - Experience with various security services and tools, I.e. network protocols, firewalls, IDS/IPS, SIEM, logging, Active Directory, DLP, etc. - Experience in managing multiple high-risk projects, including those involving external vendors. License/Certification/Registration Requirements: - One or more advanced security certifications are required or must be obtained within 36 months from the hire date. Desired certifications include CCSP, CISM, GSEC. - Other security or IT certifications are highly desirable, such as CEH, CHFI, CISA, CISM, CRISC, CCNA Knowledge/Skills/Abilities Required: - Knowledge of cloud services and methodologies is preferred. - Understanding of SSO, MFA, PAM, least privilege concepts. - Knowledge of supported operating systems (Windows server and VMware ESX) network technology (Route, Switch, Firewall, VPN), utilities, vendor products, diagnostic techniques, applicable communications protocols, applicable hardware configurations, vulnerability management - Knowledge of applicable programming languages, and scripting. - Must have security regulation and security framework knowledge. Examples include CIA triad, HIPAA, HITECH, HITRUST, NIST, ISO, and COBIT - Strong technical problem-solving skills with strong attention to detail. - Excellent communication, leadership, and teamwork skills. - Ability to implement process improvements and automation solutions within security. - Leadership skills to establish and maintain business relations with technical resources, customers, business partners, vendors, and other IT personnel. #CB Current OU Health Employees - Please click HERE to login. OU Health is an equal opportunity employer. We offer a comprehensive benefits package, including PTO, 401(k), medical and dental plans, and many more. We know that a total benefits and compensation package, designed to meet your specific needs both inside and outside of the work environment, create peace of mind for you and your family.