• Ensure the security and safety of all business information, both at rest and in transit. • Work with Policy and Compliance to build and maintain IT networks and systems that adhere to government/contractual requirements. • Partner with engineering and DevOps on secure architecture. • Partner with Compliance and Legal on regulatory requirements. • Manage Vulnerability review and work with IT operations to regularly perform internal and external scans and audits and fix any identified issues to ensure IT security. • Manage Infrastructure Security. • Enhance and maintain the current network per IT policy. • Analyze security breaches to determine root cause, then mitigate any discovered issues. • Participate in architecture reviews and provide security approvals. • Manage security incident policy and response plan execution. • Provide quarterly and security assessment reviews. • Conduct all 3rd party vendor security assessment. • Manage and maintain perimeter defense systems (firewalls, VPN tunnels, etc.). • Maintain and administer security awareness training curriculum for employees. • Lead certification efforts for SOC 2, SOX ITGC Audits. • Work cross-functionally within the company to fulfill security requirements.

• Lead and manage Kong Cybersecurity Programs across OCISO • Establish, develop and track KPIs • Collaborate with engineering, product, and business stakeholders to define, prioritize, and deliver technical solutions. • Present complex technical challenges and resolutions to leadership and stakeholders. • Stay current on regulatory and industry standards (for example, ISO 27001, PCI-DSS, FedRAMP, NIST 800-53) to inform risk and control strategies. • Build strategies for issue and risk mitigation, contingency planning, and compliance adherence. • Demonstrate ownership and autonomy in managing programs and delivering high-quality results.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Lead Penetration Tester is an experienced offensive security professional who reports directly to the Director of Offensive Security. In this client-facing role, you will lead and execute penetration testing engagements for MSSP customers, serve as an escalation point for other penetration testers, and help ensure high-quality, defensible deliverables across the team. - Lead and execute penetration tests primarily across web applications, external APIs, and networks, performing manual testing, exploitation, and validation beyond automated scanning. - Serve as the primary escalation point for other penetration testers to unblock investigations, validate exploitation paths, and review findings for accuracy and consistency. - Conduct scoping calls with customers, confirm rules of engagement, and manage the pentest lifecycle. - Present findings to engineering teams and executive stakeholders, translating technical issues into remediation priorities. - Contribute to internal offensive security tooling, playbooks, templates, and scripts. Qualifications - Minimum 2 years of verifiable experience as a professional penetration tester in a full-time role. - Direct experience in pentesting web applications, external web APIs, and networks. - Experience in one or more of the following categories: - Mobile Applications - Cloud Infrastructures (AWS, Azure, GCP) - GenAI/ML - Desktop (Thick Client) Applications - Vishing/Phishing - Secure Code Reviews - Strong exploitation and validation skills with technical abilities above verifying scan results. - Ability to produce clear and precise penetration test reports with reproducible steps and screenshots of evidence to provide practical remediation guidance effectively with customers. - Ability to mentor and uplift other Offensive Security team members through technical guidance, review, and structured feedback. - Must be currently based in the United States. No sponsorship available for this position. Benefits - Supportive leadership and a clear growth path - 100% of employee medical premiums are covered by the employer and discounted family insurance options - Dental and Vision Benefits - PTO and Sick Time + 11 paid Holidays - 401K retirement option with company match - Company-paid Life Insurance - Annual Subscription to TalkSpace (online counseling & therapy service)

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Director of Information Technology is hands on to lead and scale our IT, security, cloud, and infrastructure capabilities as we continue to grow as a SaaS health technology company. This role is critical to ensuring the reliability, security, and compliance of our platforms while enabling productivity across the organization. - Own and operate corporate IT systems including endpoint management, identity and access management, collaboration tools, and internal applications. - Design, implement, and maintain scalable, secure, and reliable cloud infrastructure leveraging AWS, Entra, and or cloud native platforms. - Oversee networking architecture including VPNs, firewalls, segmentation, and connectivity between cloud and corporate environments. - Establish IT standards, policies, and procedures to support a growing, distributed workforce. - Foster a culture of Infrastructure as Code (IaC) using tools like Terraform and Ansible to eliminate manual bottlenecks. - Lead the company’s information security program, including policies, risk management, incident response, and security operations. - Ensure compliance with applicable regulatory and industry standards such as HIPAA, SOC 2, ISO 13485, and other customer or partner requirements. - Partner with Compliance and Engineering teams to support audits, risk assessments, and vendor security reviews. - Drive security awareness and training across the organization. - Lead DevOps strategy including CI/CD pipelines, infrastructure as code, monitoring, logging, and reliability practices. - Partner closely with Engineering to improve system availability, performance, scalability, and cost optimization. - Establish and track SLOs, SLAs, and operational metrics for production systems. - Own disaster recovery, business continuity, backup, and resiliency planning. - Build, mentor, and manage a high-performing team across IT operations, cloud engineering, and security. - Serve as a trusted partner to Engineering, Product, Finance, and Operations leaders. - Manage vendors and service providers, including MSPs, security tools, and cloud partners. - Support due diligence and integration activities related to customer security reviews, partnerships, or acquisitions. - Develop and execute an IT and infrastructure roadmap aligned with company growth and business objectives. - Own budgeting, forecasting, and cost management for IT, security, and cloud infrastructure. - Evaluate and implement tools and technologies that improve efficiency, security, and scalability. Qualifications - Bachelor’s degree in a relevant field such as Computer Science, Information Technology, Management Information Systems, Engineering, or a related technology discipline. - 8–12+ years of experience in IT, infrastructure, cloud engineering or DevOps, with at least 5 years in a leadership role. - Strong experience operating SaaS platforms in cloud environments preferably AWS. - Demonstrated ownership of security and compliance programs in regulated environments (healthcare strongly preferred). - Hands-on knowledge of: - Identity and access management (SSO, MFA, RBAC) - Cloud networking and security architecture - CI/CD pipelines and infrastructure as code (Terraform, CloudFormation, etc.) - Endpoint management and corporate IT tooling - Proven ability to scale systems and processes in a growing organization. Requirements - Experience in health tech, medical devices, or regulated SaaS environments. - Familiarity with HIPAA, SOC 2 Type II, ISO 13485, or similar frameworks. - Experience supporting remote-first or distributed teams. - Strong vendor management and audit support experience. Leadership Competencies - Security-first and risk-aware mindset. - Strong operational discipline and attention to detail. - Clear communicator who can translate technical concepts for non-technical stakeholders. - Pragmatic, hands-on leader who balances speed with reliability and compliance. - Collaborative partner with a customer- and employee-centric approach.