• Develop open-ended questions and answers based on hypothetical cyber incident scenarios to evaluate test subjects, focusing on coherence, justification, and technical soundness.

Job Title:  Cybersecurity SME - Lead Location:  Remote Summary: The program modernizes defense financial management by replacing legacy systems with a standardized Oracle E-Business Suite ERP solution. Established through federal legislation, it improves financial accountability, standardizes business processes, and supports better decision-making. The system provides a unified platform for multiple organizations and users, using SAFe methodology to support ongoing development and program management activities.  Responsibilities:  - Perform CCRI / vulnerability assessment / penetration testing on networks, databases, computer applications, and IT frameworks - Perform CCRI / vulnerability assessment / penetration testing on networks, databases, computer applications and IT frameworks - Requirements:  - Requires 7 years IT experience - Requires 5 years DOD Cybersecurity experience - Command Cyber Readiness Inspection certification in at least one of the following areas: Retina scan analysis, Operating Systems (Windows, Unix), Boundary defense (network policy, router, firewall), Internal defense (L2 switch, L3 switch), DNS (policy, BIND/Windows), HBSS (remote console, AV, ABM, PA, HIPS, ePO), Traditional security (Common, Basic, NCV, SCV), Wireless communications (BES, handhelds) - Knowledge and understanding of DOD security regulations and DISA STIGs - Strong knowledge of SCAP, RMF - Relevant certification from a nationally recognized technical authority - DISA FSO certified CCRI Team Lead and certification in penetration testing such as: Licensed - Penetration Tester (LPT), Certified Expert Penetration Tester (CEPT), Certified Ethical Hacker (CEH), Global Information Assurance Certification Penetration Tester (GPEN) - Tenable Certified NESSUS Auditor - Requires to possess a DOD SECRET Clearance and be eligible for an IT-II Non-Critical Sensitive security clearance or Tier 3 (T3) - Requires 5 years of Oracle EBS R12.2 platform experience - Must have Experience in assessing security controls and conducting authorization reviews for large, complex organization Preferred Qualifications:  - DISA FSO certified CCRI Team Lead and penetration testing certifications such as Licensed Penetration Tester (LPT), Certified Expert Penetration Tester (CEPT), Certified Ethical Hacker (CEH), Global Information Assurance Certification Penetration Tester (GPEN) - Tenable Certified NESSUS Auditor - Minimum 5 years of Oracle EBS R12.2 platform experience

Greenlight is the leading family fintech company on a mission to help parents raise financially smart kids. We proudly serve more than 6 million parents and kids with our award-winning banking app for families. With Greenlight, parents can automate allowance, manage chores, set flexible spend controls, and invest for their family’s future. Kids and teens learn to earn, save, spend wisely, and invest. At Greenlight, we believe every child should have the opportunity to become financially healthy and happy. It’s no small task, and that’s why we leap out of bed every morning to come to work. Because creating a better, brighter future for the next generation depends on it. We are seeking an experienced and motivated Staff Product Security Engineer to join our growing Security team. This individual will be responsible for the end-to-end security of our consumer products, digital platform and an emerging hardware device line. The Staff Product Security Engineer will drive security review, threat modeling programs, lead penetration testing, manage PSIRT operations, champion secure AI adoption and establish security guardrails for AI powered products and AI assisted development workflows within a highly regulated financial services environment. This role reports to the Senior Manager of Product Security. Your day-to-day: - Lead security architecture/design review and threat modeling sessions with product and engineering teams using STRIDE, PASTA and attack tree methodologies. - Translate threats into actionable, risk-rated engineering remediations prioritized by severity. - Conduct hands-on penetration testing and security assessments across our full product stack producing actionable reports for engineering and leadership. - Red-Team our AI powered products and development tools to test for prompt injection, data exfiltration, MCP server exploitation, and tool misuse. Probe AI guardrails to ensure they hold. - Drive PSIRT Operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers and on-call incidents. This includes managing zero day findings, driving remediation, collaborating with engineering to patch or mitigate with compensating controls. - Shape the posture of our AI assisted development environment defining and enforcing enterprise policies for claude and cursor. - Partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features, briefing executives on emerging AI threats, mentoring junior security engineers and collaborating with the AI team on securing ML pipelines. - Champion Security Culture by running developer training on secure coding with AI assistants, evangelizing security by design for products and ensuring every engineer understands that product security is an enabler and not a gate. What you’ll bring to the team: - 10+ years of product security experience spanning application security, cloud security, and secure SDLC. you will have full SDLC experience from design through development, deployment and incident response. - Expert level Threat Modeling using STRIDE, PASTA or equivalent across web, mobile, cloud, embedded and AI systems. - Hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware. You think like an attacker and you can provide it through published research, CVE discoveries, bug bounty results or red-team engagements. - PSIRT operational experience from vulnerability intake and triage. You are fluent in CVE, CVSS, FIRST PSIRT frameworks. - Deep hands down AI security expertise and expert level understanding of OWASP Top 10 for LLM, API, Web, Mobile and have practical experience with MITRE. - Strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor. - You understand MCP security risks and know how to architect enterprise guardrails that enable safe AI-assisted development. You have defined policies for AI generated code, secrets scanning, and DLP for outbound AI traffic. - Strong programming ability enough to review code, build security tools, automate workflows and be credible with the engineering teams you partner with. - Ability to influence without authority, mentor without managing , and communicate complex risks in a language that resonates with engineers, product managers, legal and compliance and executives alike. Preferred experience: - Hardware and embedded security experience with knowledge of secure boot, firmware integrity, hardware root of trust, and IoT threat modeling experience. - Experience in the Financial industry, knowledge of PCI DSS, COPPA or demonstrated ability to learn regulated domains quickly. Work perks at Greenlight: - Medical, dental, vision, and HSA match - Paid life insurance, AD&D, and disability benefits - Traditional 401k with company match - Unlimited PTO - Paid company holidays and pop-up bonus holidays - Professional development stipends - Mental health resources - 1:1 financial planners - Fertility healthcare - 100% paid parental and caregiving leave, plus cleaning service and meals during your leave - Flexible WFH, both remote and in-office opportunities - Fully stocked kitchen, catered lunches, and occasional in-office happy hours - Employee resource groups Our stance on salaries: Greenlight provides a competitive compensation package with a market-based approach to pay and will vary depending on your location, experience and skill set. The total compensation package for this position will also include a discretionary performance bonus, equity rewards, medical benefits, 401K match, and more. Greenlight conducts continuous compensation evaluations across departments and geographies to ensure we are keeping our pay current and competitive. The estimated base pay range for this position in (NY, CA, WA): $165,000-200,000 The estimated base pay range for this position in (CO): $165,000-185,000 Who we are: It takes a special team to aim for a never-been-done-before mission like ours. We’re looking for people who love working together because they know it makes us stronger, people who look to others and ask, “How can I help?” and then “How can we make this even better?” If you’re ready to roll up your sleeves and help parents raise a financially smart generation, apply to join our team. Greenlight is an equal opportunity employer and will not discriminate against any employee or applicant based on age, race, color, national origin, gender, gender identity or expression, sexual orientation, religion, physical or mental disability, medical condition (including pregnancy, childbirth, or a medical condition related to pregnancy or childbirth), genetic information, marital status, veteran status, or any other characteristic protected by federal, state or local law. Greenlight is committed to an inclusive work environment and interview experience. If you require reasonable accommodations to participate in our hiring process, please reach out to your recruiter directly or email recruiting@greenlight.me.

Job Summary As a Medical Device and IoMT Security Specialist, this role reports to the Manager of Endpoint Security. This role develops, engineers, and maintains the Medical Device/IoMT Security Program for the Cybersecurity Risk Management Department. This role is expected to have expert level knowledge of medical device and IoMT security technologies. The specialist will be responsible for identifying and remediating security gaps, the continued improvement of existing controls, mentoring and collaborating with other Cyber Security, Clinical Engineering, and Information Technology team members to secure the many information technology assets and data of Community Health Systems. The specialist will collaborate with architects to design and implement solutions that better protect CHS Medical Devices and data. Essential Functions - Design, engineer, manage, review, and recommend improvements for new and existing Medical Device, and IoMT security solutions, configurations and technologies. Develop and maintain security standards based on National Institute of Standards and Technology (NIST) recommendations, specifically NIST 800-53. - Identify Medical Device and IoMT vulnerabilities and make recommendations for key Cyber Security stakeholders - Develop and improve policies, standards, and processes for the identification and prioritization of threat remediation as well as processes and methodologies for metrics and KPIs related to medical device/IoMT protections, security and compliance. - Provide technical guidance to enterprise Cyber Security and Information Technology teams regarding the impact of medical device security controls in order to drive issues to remediation and develop systemically secure configurations. - Assist in developing and documenting an overall medical device and IoMT protection strategy including defining control standards, asset management standards, and enhancement opportunities. - Other duties and responsibilities as assigned by cybersecurity leadership. Qualifications - Bachelor’s or Master’s Degree in Cyber Security, Computer Science, Information Systems (or other related field), or equivalent work experience. - 5+ years of IT or information security, and - 3+ years of Medical Device/IoMT security - Experience with design and delivery of Medical Device and IoMT security solution strategies based on knowledge of the industry, as well asn Medical device IoMT leading security practices. - Experience in design and deployment of network security solutions and controls in industrial networks, including network zoning, segmentation and isolation designs and implementation. - Advanced knowledge of security principles, issues, techniques and implementations across medical device and IoMT security platforms. - Proactive identification and solving of complex problems - Strong understanding of medical device and IOMT system development to provide technical leadership for multifunctional projects and initiatives. - Strong ability to work on and prioritize multiple, concurrent projects while meeting aggressive deadlines in a fast-paced environment. - Willingness to participate in cross-functional training and support - Effective communication of technical concepts to a non-technical audience. - Excellent written and verbal communication skill #LI-RK1