• Work within a small team of developers who are specialists in Rust, Go, Swift, and Security Development • Implement new security features for the next generation of 1Password and develop secure libraries to share common security-critical code across our applications • Assist in security design efforts or scoping initiatives for new features by identifying major tasks and breaking down, estimating, and planning work • Demonstrate leadership in security development and act as a trusted point of contact for management and other developers • Code, test, debug, deliver and maintain production software systems for new and existing product features • Collaborate with a variety of teams across our hybrid core architecture from Design to QA, as well as security engineering for design guidance and secure coding practices • Work with your teammates to communicate technical requirements to stakeholders and solve technical problems in a scalable and realistic way • Mentor junior and new team members by helping them understand team expectations, providing technical guidance, sharing knowledge, and engaging in pair programming sessions • Review code for others to maintain high code quality, knowledge share within the team, and support creating a safe environment of giving and receiving feedback • Stay informed about the latest industry trends, technologies, and best practices in security development

We are looking for a passionate, driven security leader to join our team. This is a remote position. Reporting to the Chief Technology Officer, the Chief Information Security Officer will be responsible for leading security and technology initiatives to successful outcomes and ensuring the integrity, confidentiality, and availability of company information and systems. Additionally, this leader will be responsible for overseeing the IT operations, managing the IT team, and establishing and maintaining best practices in information technology, asset management, while providing security and technology compliance advisory to other business units. Responsibilities: - Work closely with Chief Technology Officer, Chief Compliance Officer, Legal Counsel, and other executive leaders to develop and enhance the overall information security program, with a specific focus on engineering and architecture, threat management, identity and access management, vendor management, and regulatory compliance matters. - Own tactical execution of strategic direction and vision of the information security program - Analyze business priorities and risk exposure to ensure protection of critical systems and data assets. - Develop and maintain security metrics and goals - Draft information security program policies and procedures to ensure compliance with best practices and regulatory requirements - Manage expectations of our leadership, customers, third-party partners and employees - Direct and oversee information governance activities, including SOC 2 audits, NYDFS Part 500 requirements, EU/DORA requirements, cybersecurity risk assessments, Penetration Tests, program enhancements, and other industry best-practices and regulatory expectations. - Lead information security-related committees and working groups - Manage incident response program, including business continuity/disaster recovery program and security incident preparedness - Manage Endpoint Security - Manage third-party risk assessments and other risk related audit deliverables - Represent the company in discussions with auditors and regulators - Manage security vendor / supplier relationships - Manage a team of information technology and security professionals, hire and train new employees, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members - Manage expenses and budgets for information security department; build and present credible business cases for security initiatives and investments or other IT related initiatives - Lead training and awareness efforts across the organization and build a culture of compliance around information security and data privacy - Continuously monitor trends to anticipate and plan for information security risks - Provide positive and collaborative leadership to all departments (e.g., sales, engineering, product management, legal, compliance, finance, customer success) - Other duties may be assigned as needed Requirements: - 8+ years of hands-on, technical security experience, with 4+ years in a role leading teams/programs - Experience working with global, cross-functional teams - Experience leading security compliance projects (e.g., SOC 2 audits, cybersecurity risk assessments, regulatory requirements) - Working knowledge of effective systems architecture and implementations ( Cloud, Hybrid Cloud, DevOps, Open-Source) - Working knowledge of secure AI use and best-practices - Knowledge of security standards / frameworks (e.g., NYDFS Part 500, DORA, GDPR, NIST CSF, etc.) - Practical knowledge of securing remote work environments. - Experience with tools and practices such as GPG key management and remote identity authentication. - Hands on Endpoint Security management (Mac OS) - Knowledge of applicable laws and regulations (e.g., SOX, GLBA, etc.) - Excellent oral and written communication skills - Ability to thrive in a fast-paced, collaborative environment - Strong organizational and time management skills, including demonstrated ability managing teams and establishing goals and priorities - Able to work remotely and collaborate with colleagues in different time zones - BS or MS in Computer Science, Computer Security, Computer Engineering, or other technology-related field Preferred: - Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certification - Experience in the crypto industry or working at a fintech company with payments industry experience a plus - Experience working at an audit and / or advisory services firm What We Offer: - Collaborate with a team of intelligent, enthusiastic individuals. - Thrive in a rapidly expanding crypto company with global reach, where your contributions make a tangible impact. - Work remotely with a generous vacation policy, including the opportunity to take a sabbatical and select your own holidays. - Access to continuous learning and development opportunities, supported by professional development reimbursement - The base salary range for this position is $200,000–$250,000 per year (based on experience, location, and qualifications), plus variable compensation through the MBO incentive program with on-target total compensation up to $345,000. We offer 100% employer-paid medical and dental and a robust benefits package that includes telemedicine, life and disability insurance, vision coverage, 401(k), travel assistance, and more. - Option to receive payment in cryptocurrency, along with a crypto match program. - Stock option awards are available to all employees. - Home office allowance, reimbursement for internet/cell expenses, and complimentary Amazon Prime and Spotify subscriptions. IMPORTANT NOTICE: We are committed to a safe and secure hiring process. All roles and communications are shared only through our official channels and with employees of BitPay, and applications are posted via our official careers page. We will not message you via social media direct messages or websites not affiliated with BitPay to recruit or collect personal information. To protect yourself from fraud, please ensure that you are applying to BitPay through our official BitPay Career Page and take the following steps if you notice anything suspicious. BitPay will never ask you to: - Install remote-access tools (TeamViewer, AnyDesk, etc.) - Share SSN or banking details before a formal, written offer from BitPay People Ops - Interview via personal email domains, text, or messaging apps - Pay fees, purchase equipment, or send money/crypto/gift cards for any reason How to verify legitimate BitPay recruiting: - Emails will come only from @bitpay.com (e.g., peopleops@bitpay.com or name@bitpay.com) - Interviews are conducted via Google Meet links ending in meet.google.com - Open roles are listed at bitpay.com/careers/ If you receive a suspicious message claiming to be BitPay: - Do not click links or provide information - Report as spam/phishing to your email provider - Verify the role at www.bitpay.com/careers BitPay is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Staff Security Engineer L6 (SOC) serves as a senior technical leader for advancing Inovalon's detection, response, and automation capabilities across the enterprise, cloud, and SaaS environments. As a subject matter expert in Security Operations, SIEM, SOAR, and security engineering, the engineer provides deep technical expertise in security monitoring, incident response, threat detection engineering, and automation to strengthen Inovalon's overall security posture. The Staff Security Engineer L6 is expected to remain current on emerging threats, adversary tactics, cloud and identity risks, and evolving security operations technologies. Working closely with SOC analysts, engineering, IT, and cloud teams, this position drives proactive security operations by implementing scalable monitoring, automation, and response capabilities that improve visibility, reduce manual effort, and accelerate containment of threats. The Staff Security Engineer L6 also contributes to continuous improvement of SOC processes, metrics, and tooling to ensure alignment with enterprise risk management, compliance obligations, and operational excellence. Duties and Responsibilities - Lead the strategic implementation of security standards in alignment with security policies. - Provide technical expertise and direction for the selection and implementation of a diverse suite of product security controls and countermeasures. - Provide technical leadership to recommend appropriate information security frameworks, requirements, direction, and system recommendations. - Stay abreast of security best practices and technologies, and foster the growth of team members by providing training, guidance, and mentoring. - Design, develop, and maintain SOAR playbooks and automated response workflows to improve detection, triage, and containment across endpoint, network, identity, and cloud environments. - Integrate and optimize SIEM, EDR, vulnerability management, identity, and ticketing platforms (e.g., Rapid7, CrowdStrike, ServiceNow, Azure, email security) to enable end-to-end automated incident response. - Engineer and tune security detections, enrichment pipelines, and correlation logic to reduce false positives and improve MTTD/MTTR through automation and orchestration. - Develop and maintain automation scripts and APIs to support SOC operations, including automated containment (isolate host, disable account, block IP/domain), enrichment (threat intel, asset context), and reporting. - Build and maintain SOC automation use cases such as phishing response, suspicious login triage, malware containment, vulnerability prioritization, and insider-risk monitoring. - Collaborate with SOC analysts, threat hunters, and engineering teams to identify manual processes and convert them into automated workflows, increasing SOC efficiency and consistency. - Maintain and optimize SOAR platform health, integrations, and playbook performance, including version control, documentation, and continuous improvement lifecycle. - Create and deliver automation metrics and dashboards (automation coverage, time saved, incident response time reduction, false-positive reduction) for SOC leadership and executive reporting. - Work with leadership, customers, and stakeholders in both IT and Information Security to develop requirements based on a changing threat landscape and new digital capabilities. - Build security into product delivery pipeline (DevSecOps) using scripting. - Perform architecture reviews, identify security risks, recommend, and implement mitigations. - Research, recommend, and implement effective security controls for cloud-native services. - Discover and implement untapped functionality from security tools and services. - Work autonomously and proactively seek out opportunities to build security capabilities across our platforms. - Automate security throughout the development lifecycle (DevSecOps) by enabling security tools, technologies, and best practices for agile development. - Document security and compliance issues. - Present findings to clients, including technical teams and executive leadership, providing clear explanations of vulnerabilities, the potential impact on the business, and recommended mitigation strategies. - Adhere to all confidentiality, HIPAA, regulatory, and other such policies, procedures, and requirements as outlined within Employer’s Operating Policies and Procedures in all ways and at all times with respect to any aspect of the data handled or services rendered in the scope of work. - Maintain compliance with Inovalon’s policies, procedures, and mission statement, and fulfill those responsibilities and/or duties that may be reasonably provided by Inovalon for the purpose of achieving operational and financial success. Qualifications - A minimum of years of experience in software and security engineering. - 5+ years of experience in one of these programming languages such as JavaScript, Python, Golang, and PowerShell. - 5+ years’ experience in building security test automation utilities (security as code) and environments. - 5+ years’ experience with cloud native technologies (Azure, AWS, GCP) and secure configurations. - 3+ years’ experience in security system administration (installation, configuration, upgrade, and support). - 3+ years of experience in application security architecture and risk assessments. - Experience with OWASP TOP 10, NIST CSF, and MITRE ATT&CK frameworks. - One or more of the certifications: CISSP, CEH, OSCP. - Preferred: AWS Cloud certifications. - Cloud Security and Governance, Risk, and Compliance GRC, Thick Client Thin Client VAPT Knowledge/Hands on about DevSecOps/DevOps Knowledgeable about Data Protection. Education - Required: Bachelor of Science in an engineering or technical discipline. - Preferred: Bachelor of Science in a cybersecurity discipline or a master's in an engineering or technical discipline with cybersecurity coursework. Physical Demands and Work Environment - Sedentary work (i.e., sitting for long periods of time). - Frequently or constantly to lift, carry, push, pull, or otherwise move objects and repetitive motions. - Subject to inside environmental conditions. - Travel for this position will include less than 5% locally, usually for training purposes. Benefits - Inovalon offers a competitive salary and benefits package. - In addition to the base compensation, this position may be eligible for performance-based incentives. - The actual base pay offered may vary depending on multiple factors including, but not limited to, job-related knowledge/skills, experience, business needs, geographical location, and internal equity. - Inovalon invests in associates to help them stay healthy, save for long-term financial goals, and manage the demands of work and personal commitments. - Benefits package may include health insurance, life insurance, company-paid disability, 401k, 18+ days of paid time off, and more. Base Compensation Range $151,800 — $185,000 USD Equal Opportunity Employer Inovalon is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

Job DetailsLevel: ExperiencedJob Location: REMOTE (United States) - Remote, VA 22211Position Type: Full TimeEducation Level: Bachelor's DegreeTravel Percentage: Occasionally Job Shift: DayJob Category: Professional ServicesBMA is seeking a Cybersecurity Engineer to support the DLA Cybersecurity Web/App Vulnerability Management Support Services program. This is a fully remote position and contingent on contract award. Job Summary BMA is seeking a Cybersecurity Engineer (CE) to support our DLA Cybersecurity Web/App Vulnerability Management Support Services contract. The CE provides advanced cybersecurity (CS) engineering support for the Cybersecurity Web/Application Vulnerability Management Branch supporting DLA’s J6 Information Operations (IO) Directorate. The CE supports the assessment, analysis, and remediation of CS vulnerabilities across DLA enterprise IT, Cloud, and Operational Technology (OT) environments. The CE performs CS engineering and vulnerability analysis activities to ensure the confidentiality, integrity, and availability of DLA information systems (IS). The role focuses on evaluating system architectures, identifying security weaknesses, conducting CS assessments, and recommending risk-based mitigation strategies to improve the overall CS posture of DLA systems. The CE supports the evaluation of CS compliance with federal and DoD policies and provides technical expertise in system design, security engineering, vulnerability analysis, and CS architecture reviews. The CE works closely with Program Managers (PMs), Information System Security Managers (ISSMs), system administrators (SA), network engineers (NE), and Authorizing Officials (AOs) to ensure CS controls are properly implemented and maintained throughout the system lifecycle. Key responsibilities include CS engineering and system security design. Provide CS engineering support for the planning, design, development, testing, and integration of DLA information systems. Analyze system architectures and infrastructure to identify CS risks and recommend improvements to system security design. Integrate CS engineering principles into enterprise IT, cloud environments, and OT systems. Support secure system architecture development and CS engineering documentation. Conduct vulnerability assessment and risk analysis. Conduct CS vulnerability assessments across DLA IT, Cloud, and OT environments. Evaluate system configurations and architectures to identify potential vulnerabilities and security weaknesses. Perform risk assessments to determine the likelihood and impact of identified CS threats. Develop mitigation strategies and technical recommendations to reduce system risk and improve CS posture. Provide information assurance engineering support. Perform analysis of existing and emerging information systems to evaluate compliance with DoD and federal CS policies. Conduct CS assessments and security test and evaluation activities to validate compliance with CS standards. Support CS engineering reviews for both classified and unclassified information systems. Provide technical analysis of proposed CS policies and assess their impact on system architectures and security operations. Conduct CS compliance and security control validation. Evaluate compliance of DLA systems with CS policies, standards, and regulatory requirements. Identify areas of non-compliance and recommend remediation actions. Support implementation of security controls aligned with enterprise CS architecture. Assist with development and maintenance of CS standards, guides, and implementation documentation. Provide CS documentation and reporting. Develop CS engineering documentation including risk assessment reports, architecture assessments, and security engineering analyses. Produce implementation documentation and technical reports supporting CS engineering efforts. Document vulnerability findings and recommended mitigation strategies. Provide status updates and technical reports supporting project activities and CS operations. Perform OT security engineering. Evaluate CS risks associated with DLA OT environments including industrial control systems and facility-related control systems. Assess OT system architecture, network configurations, and system interfaces for potential vulnerabilities. Provide CS engineering recommendations for OT system protection and risk mitigation. Clearance Requirement There is a Secret security clearance requirement for this role at time of proposal submission. Required Skills & Certifications DoD Approved Baseline Certification (DoD 8570/8140) Information Assurance Management (IAM) Level III such as ISACA Certified Information Security Manager (CISM), ISC2 Certified Information Systems Security Professional (CISSP), EC-Council Certified Chief Information Security Officer (C-CISO), or GIAC / SANS GIAC Security Leadership Certification (GSLC). DoD 8570/8140 Information Assurance System Architecture and Engineering (IASAE) Level III such as the ISC2 Certified Information Systems Security Professional – Information Systems Security Architecture Professional (CISSP-ISSAP). Computing Environment (CE) Certification: one or more of the following Microsoft Certified Solutions Associate (MCSA) or Expert (MCSE), Cisco Certified Network Associate (CCNA), Microsoft Azure Security Technologies, Amazon Certified Security, or other relevant computing environment certification. 10+ years of relevant information technology experience supporting cybersecurity or information assurance programs. 5+ years of Operational Technology (OT) cybersecurity experience. Demonstrated experience performing cybersecurity engineering activities including system security design, vulnerability assessment, and risk analysis. Experience supporting cybersecurity compliance assessments within large enterprise IT environments. Strong analytical and problem-solving skills related to cybersecurity engineering challenges. Experience working with enterprise IT infrastructure, network security, and cloud-based systems. Experience with STIG compliance cycles, vulnerability management, and POA&M governance. Strong technical writing skills producing RMF artifacts, policy/procedure documents, and audit-ready evidence packages. Strong facilitation skills for IPTs/WG sessions and cross-functional coordination. Desired Skills & Certifications TS with SCI eligibility. Experience supporting DoD or DLA program offices. Experience supporting DoD or DLA environments. BS or BA in Information Technology, Cybersecurity, Computer Science, Engineering, Business Administration, or a related field. Project Management certification required, such as Project Management Professional (PMP) or equivalent recognized project management certification. One or more of the following DoD-Approved CSSP Analyst Certifications: EC-Council Certified Ethical Hacker, EC-Council CSA Certified SOC Analyst, CompTIA Cybersecurity Analyst (CySA+), GIAC or SANS GCIA GIAC Certified Intrusion Analyst, or GIAC or SANS GCIH GIAC Certified Incident Handler. Current Risk Management Professional certification such as one or more of the following: PMP-RMP, ISACA Certified in Risk and Information Systems Control (CRISC), ISACA Certified Information Systems Auditor (CISA), ISACA Certified Information Security Manager (CISM), ISC2 Certified in Governance, Risk and Compliance (CGRC), or Risk and Insurance Management Society Certified Risk Management Professional (RIMS-CRMP). Other Duties Able to travel within a week's notice. This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. Overview BMA is an employee-owned small business headquartered in Huntsville, AL that provides superior customer service by empowering all levels of our staff to make timely decisions to produce high-quality results. BMA fosters an environment of passion, precision, and dedication in order to fulfill our commitments to our partners, government, and country. Benefits We believe that our employees well-being is paramount to our success so our benefits package has been crafted with that in mind. We offer multiple healthcare coverage options to include low deductible, high deductible, and plans eligible for our Health Savings Account (HSA) option. Along with medical coverage, employees have dental, vision, accident & illness, short- and long-term disability all available to them. BMA proudly maintains a 401(k) plan with an industry leading 6% match that can include profit sharing based on company performance. Lastly, being an employee-owned company means that BMA offers a 100% Employee Stock Ownership Plan (ESOP), providing eligible employees the opportunity to earn stock in BMA, subject to plan eligibility and vesting requirements. AAP & EEO Statement Beshenich Muir & Associates, LLC (BMA) is an Equal opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, religious creed, gender, sexual orientation, gender identity, gender expression, transgender, pregnancy, marital status, national origin, ancestry, citizenship status, age, disability, protected Veteran Status, genetics or any other characteristics protected by applicable Federal, State, or Local Law. Qualifications