• Perform security and privacy risk and impact analysis for system additions (ex. new hardware, software, or services), significant changes to systems, and network- and system-level requests for control changes and exceptions. • Support cybersecurity policy and procedure development, risk awareness, and control implementation training initiatives by creating and delivering online and in-person content. • Support continuous assessment and monitoring of NLR's security and privacy posture by observing and reporting trends in risks assessed or observed among NLR'S information systems. • Provide NLR colleagues with technical direction and coaching to remedy security and privacy control weaknesses. • Analyze, prioritize, and report on the results of control weakness remediation. • Champion cybersecurity and privacy best practices to technical and non-technical audiences. • Participate in projects that improve the effectiveness and efficiency of NLR's cybersecurity program, including but not limited to workflow improvements, management tool enhancements, program or NLR strategic initiatives, and user awareness training.

• Collaborate with Detection, Security, and Software Engineers to proactively defend Tanium Cloud's services. • Build and operate Tanium Cloud's detection and response engineering in Azure, AWS, and Kubernetes for detections, analysis, and responses as automation as code using DevOps methodologies. • Continuously evaluate and enhance the design and effectiveness of Cloud and Kubernetes security measures and establish an ongoing program to advance security and close gaps in our defensive posture. • Proactively characterize unauthorized activity and malicious behaviors in our cloud and container infrastructure and systems through code, testing, and automation. • Develop tailored detection policies, perform testing, and implement automation to observe, evaluate, enhance, and review security information using SecDataOps and best practices. • Proactively integrate the latest security threats, vulnerabilities, and industry trends to enhance security detection measures and generate intelligence driven hunts. • Work together with the engineering, IT, and other security groups to create solutions that are expandable and adaptable to protect Tanium Cloud against threats ranging from low-level actors to national cyber-threat agents. • Build, cultivate, and maintain positive relationships with internal customers to identify and facilitate solutions to increase the impact of the team's work. • Be on periodic on-call for triage of critical events from detections and systems.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description - Lead the DevSecOps strategy by defining how application security controls, testing, and policy enforcement are embedded into CI/CD pipelines, including AI-assisted development workflows and agent-driven automation, to support rapid, secure software delivery. - Architect security-by-design patterns for modern and AI-assisted application development, including secure frameworks, reusable controls, and pipeline integrations that developers can adopt with minimal friction. - Partner with engineering and platform teams to integrate security requirements into build, test, deployment workflows, and AI-enabled development workflows, ensuring emerging AI coding practices align with secure SDLC expectations and aligning security outcomes with business and delivery objectives. - Establish security governance and guardrails for AI-driven development trends, including LLM-assisted coding, autonomous DevOps agents, and AI-generated code, ensuring appropriate review, traceability, and risk management as these capabilities expand across the organization in coordination with AI governance and engineering teams. - Design and evolve application security telemetry and detection, ensuring meaningful signals flow into enterprise monitoring and response capabilities while minimizing noise and operational overhead. - Provide architectural leadership and mentorship, working with other Security Architects and cross-functional teams to align AppSec initiatives with enterprise security and technology strategies. Qualifications - Framework fluency, including OWASP Top 10, ASVS NIST CSF 2.021, and MITRE ATT&CK, with the ability to operationalize them within DevSecOps workflows. - Technical Experience: 5–10 years of progressive experience in application development, platform engineering, or application security, with demonstrated ownership of designing and embedding scalable application security capabilities into DevSecOps pipelines. - Strategic application security mindset with the ability to translate risk, threats, and regulatory requirements into practical DevSecOps controls that scale across teams. - Hands-on DevSecOps experience, including integrating SAST, DAST, SCA, IaC scanning, secrets detection, and policy enforcement into CI/CD pipelines. - Strong automation and pipeline integration skills, leveraging scripting, APIs, AI tooling, and security platforms to streamline secure development and reduce manual processes. - Cloud-native application security expertise, including secure design patterns for AWS and SaaS platforms, identity-driven access controls, and secure service-to-service communication. - Influential communication and leadership skills, with experience guiding developers, mentoring engineers, and aligning technical security decisions with business priorities. - Promote a culture of diversity and inclusion, value different ideas and opinions, and listen courageously, remaining curious in all that you do. - Able to work remotely with access to a high-speed internet connection and located in the United States or Puerto Rico. Requirements - Bachelor's Degree in IT Security, Computer Science or related field (preferred). - Security or architecture certifications, such as CISSP, ISSAP, CSSLP, CASP+, CASE or relevant GIAC certifications (preferred). - Proven experience delivering architecture artifacts, such as secure reference architectures, threat models, and developer-facing security standards that improve adoption and consistency (preferred). - Proven experience in CI/CD Pipeline Technologies, such as GitHub, JFrog Xray, Wiz, SonarCube, etc. (preferred). Benefits - Estimated Salary: Minimum: $112,000 MidPoint: $151,000 Maximum: $190,000, plus annual bonus opportunity. - 401(k) plan with a 2% company contribution and 6% company match. - Work-life balance with vacation, personal time, and paid holidays.

• Lead implementation and sustainment of NIST SP 800-171 controls and CMMC Level 2 practices. • Develop and maintain compliance artifacts: SSPs, POA&Ms, Asset inventories, boundary definitions, Network and data flow diagrams. • Conduct internal gap assessments and readiness reviews for CMMC. • Support evidence collection and technical walkthroughs during audits. • Translate compliance requirements into actionable technical work items. • Design, implement, and harden on-premise systems supporting CUI environments (Windows/Linux servers, AD/Entra ID hybrid, virtualization, network segmentation). • Implement and tune technical security controls, including: Identity & access management (MFA, least privilege, RBAC), Endpoint security (EDR, device hardening, patching), Vulnerability scanning and remediation, Centralized logging and monitoring (SIEM), Secure configuration baselines (CIS/STIG-aligned). • Partner with IT infrastructure to implement network security controls (firewalls, VLANs, NAC, secure remote access). • Support secure system builds, change management, and incident response in CUI environments. • Help integrate security into on-prem and hybrid architectures (VMware/Hyper-V + cloud where applicable).