Job Title: RIT Co-op Department: Information Security - Governance, Risk, & Compliance Location: Remote SUMMARY: As a participant in the RIT paid Co-Op you will gain exposure and experience in the healthcare field, covering a multitude of areas within Information Security - Governance, Risk, & Compliance. RESPONSIBILITIES: - Provides work experience directly related to student’s course of study and career interests. - Student is given specific responsibilities related to the field of study and department in which he/she is a co-op. - Allows student to learn through active engagement and meaningful activities. - Performs other duties as assigned. REQUIRED QUALIFICATIONS: - Student of RIT. - Background in the field of study which coincides with the department utilizing the co-op. PREFERRED QUALIFICATIONS: - Dependent upon the department utilizing the co-op, specific skills or qualifications may be preferred EDUCATION: LICENSES / CERTIFICATIONS: PHYSICAL REQUIREMENTS: S - Sedentary Work - Exerting up to 10 pounds of force occasionally Sedentary work involves sitting most of the time, but may involve walking or standing for brief periods of time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met. For disease specific care programs refer to the program specific requirements of the department for further specifications on experience and educational expectations, including continuing education requirements. Any physical requirements reported by a prospective employee and/or employee’s physician or delegate will be considered for accommodations. PAY RANGE: $20.00 - $20.00 CITY: Rochester POSTAL CODE: 14617 The listed base pay range is a good faith representation of current potential base pay for a successful full time applicant. It may be modified in the future and eligible for additional pay components. Pay is determined by factors including experience, relevant qualifications, specialty, internal equity, location, and contracts. Rochester Regional Health is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity or expression, national origin, age, disability, predisposing genetic characteristics, marital or familial status, military or veteran status, citizenship or immigration status, or any other characteristic protected by federal, state, or local law.

Role Description Fresenius Medical Care’s Cyber Security Operations Center (CSOC) is seeking a highly experienced Principal Analyst. The Principal Cyber Security Analyst specializing in Digital Forensics serves as the senior technical authority for forensic investigations across the enterprise. This role leads complex incident response cases, conducts advanced forensic analysis of endpoints, servers, cloud environments, and networks, and provides strategic insight to reduce organizational risk. The Principal Analyst acts as the highest level escalation point for investigative matters and mentors other analysts in evidence handling, methodology, and tooling. This is a U.S.-based remote position supporting Fresenius Medical Care’s global Cyber Security Operations Center. Qualifications - Minimum Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent professional experience). - 10+ years in Incident Response/DFIR, including leadership of complex, enterprise scale investigations. - Mastery of Windows and Linux internals, authentication flows, common persistence mechanisms, and lateral movement TTPs. - Proficient in Python or PowerShell for automation and artifact analysis. - Excellent written and verbal communication—able to brief executives clearly under time pressure. Requirements - Cloud & Identity: Sentinel/Splunk, Microsoft 365/Azure logs, AWS/GCP logging, Entra/Okta audit trails. - Network: Zeek, Suricata, Brim/Wireshark, PCAP/flow analytics. - Experience in evidence handling, legal hold/eDiscovery coordination, and working with Legal/HR/Privacy. - Industry certifications (one or more): GCFA, GCFE, GNFA, GREM, GCIH, CISA, CISSP, Azure Security, AWS Security (preferred). - Experience with Zero Trust controls, identity threat detection, and SaaS forensics (O365, Google Workspace) (preferred). - Familiarity with EPSS/SSVC, threat modeling, and purple team/ATT&CK evaluation practices (preferred). - Background in regulated environments (e.g., healthcare, financial services, manufacturing) and associated audit expectations (preferred). Benefits - Comprehensive benefits package including medical, dental, and vision insurance. - 401(k) with company match. - Paid time off. - Parental leave. - Potential for performance-based bonuses depending on company and individual performance. Physical Demands and Working Conditions The physical demands and work environment characteristics represent those typically encountered while performing essential duties. Reasonable accommodation may be made as needed. This is a remote role with availability expected during core hours and during escalations as required. Supervision Provides technical leadership and mentorship to threat engineers and SOC analysts globally. Does not directly manage staff.

cFocus Software seeks a Cybersecurity Compliance Analyst to join our program supporting the National Institutes of Health (NIH). This position is remote. This position requires a Public Trust clearance. Qualifications: - Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related discipline. - 5–7 years of experience supporting cybersecurity compliance, risk management, or information security programs. - Familiarity with NIST Risk Management Framework (RMF). - Experience supporting NIST SP 800-53 security control implementation. - Experience preparing and maintaining RMF documentation including SSPs and POA&Ms. - Understanding of FISMA compliance requirements and federal cybersecurity policies. - Strong analytical and documentation skills. Duties: - Support cybersecurity compliance activities across NCATS systems and infrastructure. - Assist with implementation and documentation of NIST SP 800-53 security and privacy controls. - Coordinate with system owners, developers, and infrastructure teams to ensure systems meet federal security requirements. - Maintain compliance documentation and assist with system authorization packages. - Provide training, support, and guidance to NCATS personnel on cybersecurity compliance requirements. - Assist developers, engineers, and project stakeholders in implementing NIST SP 800-53 Rev.5 security controls. - Support security control mapping and tailoring activities based on FIPS-199 system categorizations. - Provide documentation support for RMF artifacts including System Security Plans (SSP), Security Assessment Plans (SAP), - Security Assessment Reports (SAR), and Plans of Action and Milestones (POA&M). - Assist with privacy control implementation and data protection requirements. - Participate in system design discussions and provide compliance recommendations. - Support security and privacy compliance for NCATS research programs and associated IT systems. - Assist with preparation of FIPS-199 documentation and system registration within NIH GRC repositories. - Conduct Privacy Impact Assessments (PIA) and Third-Party Web Application (TPWA) assessments. - Assist the NCATS ISSO and Privacy Coordinator with privacy incident response, policy implementation, - and security data calls. - Maintain and update security and privacy documentation to ensure alignment with federal requirements. - Assist with system assessment readiness and authorization preparation activities. - Support development and maintenance of Authority to Operate (ATO) documentation. - Conduct pre-assessment reviews of security controls and compliance artifacts. - Assist with independent security assessments and remediation tracking. - Support development of system authorization artifacts including SSPs, contingency plans, configuration management plans, and incident response documentation. - Provide cybersecurity compliance support to NCATS system owners and users. - Assist with training programs related to security compliance and RMF processes. - Support vulnerability remediation tracking and audit preparation activities. - Provide end-user guidance on access control, monitoring requirements, and cybersecurity best practices.

Role Description As a member of the Information Security team, the Cybersecurity Analyst intern is responsible for supporting SecOps efforts to protect the company from intrusions, malware, threat actors, and other forms of cyber attacks. The cybersecurity analyst intern will also be involved in supporting efforts to automate, integrate, and aggregate the data and systems needed to optimize and accelerate analysis. - Researches emerging threats and vulnerabilities to aid in the identification of network incidents, and supports the creation of new architecture, policies, standards, and guidance to address them. - Provides incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary. - Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies. - Conducts network monitoring and intrusion detection analysis using various computer network defense (CND) tools, such as intrusion detection/prevention systems (IDS/IPS), firewalls, host-based security system (HBSS), etc. - Reviews alerts and data from sensors and documents formal, technical incident reports. - Tests new computers, software, switch hardware and routers before implementation to ensure security. - Conducts log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources. - Deploys cloud-centric detection to detect threats related to cloud environments and services used by the organization. - Correlates activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity. - Works with threat intelligence and/or threat-hunting teams. Qualifications - Current enrollment in a Bachelor's degree program in computer science, engineering, information systems or another related discipline strongly preferred. - Knowledge of analyzing threat event data, evaluating malicious activity, documenting unusual files and data, and identifying tactics, techniques and procedures used by attackers. - Strong problem-solving and trouble-shooting skills. - Self-motivated and possessing a high sense of urgency and personal integrity.