Role Description We have an opening for a full-time Security Control Assessor to join our talented, dynamic team in support of the Department of Veterans Affairs. As a Security Control Assessor, you will be trusted to support the delivery of our cybersecurity solutions and services. In this role, you will be a part of a security control assessment team working on the tasks outlined below. Veterans are encouraged to apply. Responsibilities: - Lead a small team in coordinating and conducting security control assessment activities, stakeholder interviews, and report generation. - Conduct independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37). - Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks. - Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network. - Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations. - Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers). - Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy. - Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. - Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). Qualifications - Bachelor's degree in computer science, electronics engineering or other engineering or technical discipline is required, and will accept relevant experience in lieu of degree. - 2+ years hands-on experience with Cybersecurity policy, risk management, or security and privacy control assessments. - Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). - Knowledge of system and application security threats and vulnerabilities. - Knowledge of Personally Identifiable Information (PII), Payment Card Industry (PCI), and Personal Health Information (PHI) data security standards. Requirements - Experience with security control assessments within the VA using the NIST Risk Management Framework (RMF) is a plus. - Certifications such as SCA and CISA are a plus. - Exceptional written and verbal communication skills. - Strong planning, organizational, and time management skills. - Exceptional analytical and conceptual thinking skills. - Ability to work collaboratively with a team of peers. Benefits - Traditional and HSA-eligible medical insurance plans. - 100% employer-paid dental and vision insurance options. - 100% employer-sponsored STD, LTD, and life insurance. - 5% 401(k) company matching. - Flexible schedules and teleworking options. - Paid holidays and PTO Accrual Plans. - Paid Parental Leave. - Professional development and career growth opportunities. - Team and company-wide events, recognition, and appreciation.

Job Title: RIT Co-op Department: Information Security - Governance, Risk, & Compliance Location: Remote SUMMARY: As a participant in the RIT paid Co-Op you will gain exposure and experience in the healthcare field, covering a multitude of areas within Information Security - Governance, Risk, & Compliance. RESPONSIBILITIES: - Provides work experience directly related to student’s course of study and career interests. - Student is given specific responsibilities related to the field of study and department in which he/she is a co-op. - Allows student to learn through active engagement and meaningful activities. - Performs other duties as assigned. REQUIRED QUALIFICATIONS: - Student of RIT. - Background in the field of study which coincides with the department utilizing the co-op. PREFERRED QUALIFICATIONS: - Dependent upon the department utilizing the co-op, specific skills or qualifications may be preferred EDUCATION: LICENSES / CERTIFICATIONS: PHYSICAL REQUIREMENTS: S - Sedentary Work - Exerting up to 10 pounds of force occasionally Sedentary work involves sitting most of the time, but may involve walking or standing for brief periods of time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met. For disease specific care programs refer to the program specific requirements of the department for further specifications on experience and educational expectations, including continuing education requirements. Any physical requirements reported by a prospective employee and/or employee’s physician or delegate will be considered for accommodations. PAY RANGE: $20.00 - $20.00 CITY: Rochester POSTAL CODE: 14617 The listed base pay range is a good faith representation of current potential base pay for a successful full time applicant. It may be modified in the future and eligible for additional pay components. Pay is determined by factors including experience, relevant qualifications, specialty, internal equity, location, and contracts. Rochester Regional Health is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity or expression, national origin, age, disability, predisposing genetic characteristics, marital or familial status, military or veteran status, citizenship or immigration status, or any other characteristic protected by federal, state, or local law.

Role Description Fresenius Medical Care’s Cyber Security Operations Center (CSOC) is seeking a highly experienced Principal Analyst. The Principal Cyber Security Analyst specializing in Digital Forensics serves as the senior technical authority for forensic investigations across the enterprise. This role leads complex incident response cases, conducts advanced forensic analysis of endpoints, servers, cloud environments, and networks, and provides strategic insight to reduce organizational risk. The Principal Analyst acts as the highest level escalation point for investigative matters and mentors other analysts in evidence handling, methodology, and tooling. This is a U.S.-based remote position supporting Fresenius Medical Care’s global Cyber Security Operations Center. Qualifications - Minimum Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent professional experience). - 10+ years in Incident Response/DFIR, including leadership of complex, enterprise scale investigations. - Mastery of Windows and Linux internals, authentication flows, common persistence mechanisms, and lateral movement TTPs. - Proficient in Python or PowerShell for automation and artifact analysis. - Excellent written and verbal communication—able to brief executives clearly under time pressure. Requirements - Cloud & Identity: Sentinel/Splunk, Microsoft 365/Azure logs, AWS/GCP logging, Entra/Okta audit trails. - Network: Zeek, Suricata, Brim/Wireshark, PCAP/flow analytics. - Experience in evidence handling, legal hold/eDiscovery coordination, and working with Legal/HR/Privacy. - Industry certifications (one or more): GCFA, GCFE, GNFA, GREM, GCIH, CISA, CISSP, Azure Security, AWS Security (preferred). - Experience with Zero Trust controls, identity threat detection, and SaaS forensics (O365, Google Workspace) (preferred). - Familiarity with EPSS/SSVC, threat modeling, and purple team/ATT&CK evaluation practices (preferred). - Background in regulated environments (e.g., healthcare, financial services, manufacturing) and associated audit expectations (preferred). Benefits - Comprehensive benefits package including medical, dental, and vision insurance. - 401(k) with company match. - Paid time off. - Parental leave. - Potential for performance-based bonuses depending on company and individual performance. Physical Demands and Working Conditions The physical demands and work environment characteristics represent those typically encountered while performing essential duties. Reasonable accommodation may be made as needed. This is a remote role with availability expected during core hours and during escalations as required. Supervision Provides technical leadership and mentorship to threat engineers and SOC analysts globally. Does not directly manage staff.

cFocus Software seeks a Cybersecurity Compliance Analyst to join our program supporting the National Institutes of Health (NIH). This position is remote. This position requires a Public Trust clearance. Qualifications: - Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related discipline. - 5–7 years of experience supporting cybersecurity compliance, risk management, or information security programs. - Familiarity with NIST Risk Management Framework (RMF). - Experience supporting NIST SP 800-53 security control implementation. - Experience preparing and maintaining RMF documentation including SSPs and POA&Ms. - Understanding of FISMA compliance requirements and federal cybersecurity policies. - Strong analytical and documentation skills. Duties: - Support cybersecurity compliance activities across NCATS systems and infrastructure. - Assist with implementation and documentation of NIST SP 800-53 security and privacy controls. - Coordinate with system owners, developers, and infrastructure teams to ensure systems meet federal security requirements. - Maintain compliance documentation and assist with system authorization packages. - Provide training, support, and guidance to NCATS personnel on cybersecurity compliance requirements. - Assist developers, engineers, and project stakeholders in implementing NIST SP 800-53 Rev.5 security controls. - Support security control mapping and tailoring activities based on FIPS-199 system categorizations. - Provide documentation support for RMF artifacts including System Security Plans (SSP), Security Assessment Plans (SAP), - Security Assessment Reports (SAR), and Plans of Action and Milestones (POA&M). - Assist with privacy control implementation and data protection requirements. - Participate in system design discussions and provide compliance recommendations. - Support security and privacy compliance for NCATS research programs and associated IT systems. - Assist with preparation of FIPS-199 documentation and system registration within NIH GRC repositories. - Conduct Privacy Impact Assessments (PIA) and Third-Party Web Application (TPWA) assessments. - Assist the NCATS ISSO and Privacy Coordinator with privacy incident response, policy implementation, - and security data calls. - Maintain and update security and privacy documentation to ensure alignment with federal requirements. - Assist with system assessment readiness and authorization preparation activities. - Support development and maintenance of Authority to Operate (ATO) documentation. - Conduct pre-assessment reviews of security controls and compliance artifacts. - Assist with independent security assessments and remediation tracking. - Support development of system authorization artifacts including SSPs, contingency plans, configuration management plans, and incident response documentation. - Provide cybersecurity compliance support to NCATS system owners and users. - Assist with training programs related to security compliance and RMF processes. - Support vulnerability remediation tracking and audit preparation activities. - Provide end-user guidance on access control, monitoring requirements, and cybersecurity best practices.