Title: Senior Manager, Cyber Security Location: Emeryville, California time type Full time job requisition id R2587 Peetniks are passionate and authentic, learners and doers, committed to the pursuit of better. The only thing we love more than coffee is our people. Peet’s is seeking a Senior Manager, Cyber Security to lead and mature the company’s enterprise cyber security program. This role is responsible for the strategy, execution, and day-to-day management of information security capabilities that protect Peet’s people, customers, and information assets. The Senior Manager will partner closely with IT, Digital, Legal, Compliance, and business leaders to enable secure business outcomes while managing risk in a pragmatic, business-aligned manner. Reporting to Director of Infrastructure and Security, this role focuses exclusively on cyber security and IT risk management and serves as a hands-on leader who can operate both strategically and tactically. Salary $160,000 – $180,000 Location Emeryville, CA – Hybrid, 3 days onsite Responsibilities - Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization. - Facilitate information security governance through implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board. - Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices. - Create, communicate and implement a risk-based process for vendor risk management, including assessment and treatment for risks that may result from partners, consultants and other service providers. - Develop and manage information security budgets and monitor them for variances. - Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users. - Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders through the enterprise on identifying acceptable levels of residual risk. - Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls. - Liaise with the JDE Peets global security and enterprise architecture teams to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures. - Coordinate information security and risk management projects with resources from the IT organization and business unit teams. - Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations. - Ensure that security programs are compliant with relevant laws, regulations and policies to minimize or eliminate risk and audit findings. - Liaise among the information security team and Peet’s corporate compliance, audit, legal and HR management teams as required. - Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings. - Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation. - Act as an escalation point for complex security issues and risk decisions. Financial Discipline and Vendor Management: - Identifying the right balance of in-house versus professional services consultants to meet the demand for services - Negotiate favorable software and professional services contracts with reputable vendors - Drive effective governance and engagement with partners and suppliers to ensure cost effectiveness and timely deliverables - Keep informed of issues and risks across all technology organizations, anticipate impact, and mitigate risks Critical Skills & Behaviors for Success Results-orientation: - Gets things done, with both a short and long-term view in mind - Pragmatic and outcome-oriented, leveraging data to make decisions - Thrives in a fast paced, agile environment with excellent organizational skills and ability to re-prioritize on a consistent basis - Excellent planning and organizational skills, along with a high degree of detail orientation - A hands-on and adaptable leadership style with commitment to driving results Collaboration focus in all interactions: - Provide coaching and learning opportunities to teams ensuring leading edge practices - Influential to colleagues and peers coming from a “we” orientation - Collaborative with the ability to build trusting relationships across a diverse and potentially global workforce. Essential Skills/Knowledge: - Ability to communicate clearly and concisely - Considerable people management skills; capable of acting as leader, advisor, mentor, and coach - Excellent analytical and critical thinking skills - Business and stakeholder relationship building experience - Responsiveness to change and leads as a change agent Essential EQ/IQ Requirements: - Contributes as an integral part of the management team of the organization - Accepts change and is flexible, focusing on action and outcomes - Makes complex decisions for tough problems; embraces collaboration and teamwork - Thrives within a fast-paced work environment; perseveres with tenacity - Manages multiple projects, separating mission critical from the non-strategic with minimal supervision - Tackles issues and challenges as they arise; doesn’t avoid confrontation - Embraces a spirit of hospitality with fellow employees and external members - Demonstrates respect and promotes a supportive environment Qualifications Skills and Professional Requirements - Bachelor’s degree in computer science, engineering, information systems, business, or a related discipline is required - 10+ years of progressive experience in information security, IT risk, or cyber security roles. - 5+ years of experience leading and managing security teams, including direct and matrixed resources. - CISSP certification is a plus - Expertise in PCI, SOX, and HIPAA security requirements and the certification process for each. - Experience with Cisco, Juniper, Palo Alto Networks, Meraki, Trustwave, Microsoft and their network security technology capabilities. - Familiarity with cloud environments (Azure preferred) and associated security controls. - Experience with Operational Technologies (OT) security in a manufacturing environment - Experience partnering with Legal, Compliance, Audit, and HR on security and risk matters. - Direct experience endpoint detection and response providers - Direct experience with cloud- based SIEM providers - Experience with identifying and selecting security technologies to enable best in class security capabilities This description outlines the role’s essential functions but may evolve with business needs. What We Offer: We’re proud to offer a comprehensive package for full-time employees, including: - Recharge Time – Paid vacation, holidays, and sick days. - Health & Wellness – Medical, dental, and vision coverage. - Future You – 401(k) plan with generous match program to help you save. - Peace of Mind – Life insurance, disability, and options for HSAs and FSAs. - Everyday Perks – Free coffee, fresh baked goods, and discounts. - Growth & Support – Career development and an Employee Assistance Program when you need it. The target annual base salary range for this position is $160k –180$k. The actual base salary offered will depend on a variety of factors, including the applicant’s qualifications, years of relevant experience, specific and unique skills, level of education, certifications or licenses, other legitimate non-discriminatory business factors, and the geographic location of the role. In addition to base pay, individuals in this position may also be eligible to earn bonuses. Additional Information At Peet’s, we believe in creating an inclusive workplace where everyone feels welcome. We are proud to be an Equal Opportunity Employer. We welcome qualified applicants of all backgrounds and do not discriminate based on race, color, creed, religion, gender, age, marital status, national origin, sexual orientation, gender identity, citizenship status, disability, genetic information, uniform service, veteran status, or any other category protected under federal, state, or local laws. Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local ordinances.

Title: Information Security Engineer 6 Location: US-CA-Fremont Requisition ID 194406 Work Location Model Virtual Flex Work Location Fremont-CA Work Country United States The group you’ll be a part of The Cyber Security Engineer will support the Information Security team in safeguarding Lam’s information system infrastructure and associated business systems, Operational Technology (OT) environments, and engineering/manufacturing environments. The impact you’ll make Lam Research is looking for a Security Engineer to join our team. The Cloud Security Engineer is responsible for performing services and activities to support Lam Information Security programs. This role will focus on owning and developing Lam’s cloud security posture and configuration vulnerability management across Azure. The Cloud Security Engineer will drive agentless and agent-based coverage, integrate findings to Microsoft Sentinel and ServiceNow and lead remediation across resource owners. This role blends engineering depth, program ownership, and focuses on automation and measurable risk reduction. What you’ll do - Own configuration, policy, and governance for Microsoft Defender for Cloud or other CSPM tools - Manage and operate cloud security posture management (CSPM) platforms (such as Wiz, Orca, or Defender for Cloud) including configuring policies, monitoring findings, analyzing risks, and working with stakeholders to remediate vulnerabilities - Provide technical expertise in interpreting findings, correlating them to risk and translating them into actionable remediation plans - Perform security reviews and architecture assessments of cloud solutions to identify gaps and recommend mitigation strategies - Develop KPIs and executive reporting metrics to measure cloud security program effectiveness and communicate outcomes to leadership - Work closely with Information Systems, Cloud Operations, and other Infosec teams to assure remediation and architecture changes to align with security recommendations - Contribute to the development and implementation of security principles, standards, baselines, and blueprints tailored for Azure Who we’re looking for - Solid foundation in Information Security Engineering with deep hands-on experience in Azure security - Experience in one or more of the following tools: Defender for Cloud, Wiz, Orca - Bachelor’s degree or Advanced Degree in Computer Science, Information Technology, Cybersecurity, or related discipline - 7+ years of experience in an Information Security role - 5+ years of experience with Microsoft Azure - Strong vulnerability management fundamentals - At least one of the following processional certifications required: Security+, CISSP, CISA, CISM, CEH, OSCP, GMON - Ability to communicate effectively, both verbal and written to a variety of audiences (immediate team, management, other business units) to provide guidance and direction when resolving technical challenges Preferred qualifications - Experience within a global semiconductor company or equivalent industry experience preferred - Ability to break down and understand complex problems and develop innovative ways to address them - Strong people and team/relationship building skills, work with cross functional global teams - Microsoft Certified: Azure Security Engineer Associate or similar Azure-focused certifications preferred Our commitment We believe it is important for every person to feel valued, included, and empowered to achieve their full potential. By bringing unique individuals and viewpoints together, we achieve extraordinary results. Lam Research ("Lam" or the "Company") is an equal opportunity employer. Lam is committed to and reaffirms support of equal opportunity in employment and non-discrimination in employment policies, practices and procedures on the basis of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex (including pregnancy, childbirth and related medical conditions), gender, gender identity, gender expression, age, sexual orientation, or military and veteran status or any other category protected by applicable federal, state, or local laws. It is the Company's intention to comply with all applicable laws and regulations. Company policy prohibits unlawful discrimination against applicants or employees. Lam offers a variety of work location models based on the needs of each role. Our hybrid roles combine the benefits of on-site collaboration with colleagues and the flexibility to work remotely and fall into two categories – On-site Flex and Virtual Flex. ‘On-site Flex’ you’ll work 3+ days per week on-site at a Lam or customer/supplier location, with the opportunity to work remotely for the balance of the week. ‘Virtual Flex’ you’ll work 1-2 days per week on-site at a Lam or customer/supplier location, and remotely the rest of the time. #LI-BW2 Salary CA San Francisco Bay Area Salary Range for this position: $137,000.00 - $287,000.00. The above salary range for this position is relevant to applicants that reside or work onsite in the California, San Francisco Bay Area only. Salary offers will depend on factors that include the location you work from, your level, education, training, specific skills, years of experience and comparison to other employees already in this role. Actual salary may vary from salary offered due to numerous factors including but not limited to unpaid time off, unpaid leave, company mandated shutdown, and other relevant factors. Our Perks and Benefits At Lam, our people make amazing things possible. That’s why we invest in you throughout the phases of your life with a comprehensive set of outstanding benefits.

• Driving the adoption of HPE Cybersecurity solutions across mid-to-large enterprise accounts. • Combining deep cybersecurity and networking technical acumen with strategic sales skills to identify, qualify, and close business opportunities. • Collaborating with HPE Networking account teams, solution architects, and partner ecosystems to position our Cybersecurity offerings effectively and deliver customer success. • Creating and managing a sales pipeline, identifying and developing leads resulting in New Logoes and account expansion. • Supporting strategic account development and solution positioning with cross-functional teams.

• Produce all required DOD compliance documentation for RMF, Audit Response and Remediation, Cyber Task Orders, Required Scorecards, Privacy documentation, and other compliance requirements as detailed in the DSCA CYBR Service Catalog. • Draft and coordinate cybersecurity-related documentation to meet required standards, controls, and metrics. • Support all steps of the RMF process (Steps 0-6) required to gain and maintain DOD Information Network (DODIN) and agency commercial network authority to operate. • Assist in categorization, control selection, implementation, and tailoring support, as well as support of assessments from the ISSO role. • Prepare and validate controls in eMASS packages for assessment and review. • Ensure that control requirements are well-defined and that necessary documentation and evidence are gathered for validation and assessment. • Work in the DOD GRC tool Enterprise Mission Assurance Support Service (eMASS) to support control validation. • Conduct continuous monitoring of information systems to detect vulnerabilities, threats, and security incidents. • Utilize security tools and technologies to perform regular scans, assessments, and analysis of system vulnerabilities. • Maintain and update continuous monitoring processes and procedures to ensure they are effective and aligned with organizational requirements. • Assist in the configuration and maintenance of security tools and technologies provided by the CSSP. • Assist in the detection, analysis, and response to cybersecurity incidents. • Participate in incident response activities, including triage, containment, eradication, and recovery. • Document and report on incident response activities, providing detailed analysis and recommendations for improvement. • Provide support to the Watch Officer in monitoring and managing cybersecurity events and incidents. • Maintain situational awareness of the organization's security posture and emerging threats. • Assist with the performance of daily and ad hoc/on-demand vulnerability scans, monthly audit scans, and monthly discovery scans. • Provide weekly vulnerability compliance reporting to ISSMs. • Review and adjust assets, subnets, credentials, and policies to properly manage C5ISR provided Assured Compliance Assessment Solution (ACAS) solutions. • Track and ensure configuration compliance of Enterprise Security Services (ESS) Suite with RMF, ATO, and Inspection requirements. • Assist with the maintenance of completed security waiver forms in coordination with EADSD and ISSM (PMO). • Work with TSD to implement effective scanning, COAMS System Registration, and Continuous Monitoring Scoring (CMRS) Tagging. • Maintain and update Ports, Protocols, and Services Management (PPSM) records, including emergency and exception requests. • Support the maintenance and accuracy of DoD Allow List entries. • Maintain accurate and up-to-date documentation of all RMF, IT, and FISCAM controls validation activities. • Prepare and submit regular reports on the status of security controls, RMF activities, and DevSecOps pipeline security. • Provide detailed documentation and evidence to support security assessments and audits. • Support the maintenance and configuration needed to maintain accurate ingestion of logs from all assets. • Provide summaries of events/incidents, including time of event/incident, anomalous activity identified, asset names and IPs, affected users, and POC for outreach/additional actions. • Complete Cybersecurity Incident Reporting Forms and assist with the detection and analysis of cybersecurity events and incidents. • Support accurate IR POC list, accurate hardware/software and IP inventory, and accurate summary of event/incident. • Document efforts involved in mitigating cybersecurity-related events/incidents that occur within the enterprise. • Support the generation of performance monitoring reports to monitor asset availability. • Support the generation of system health and security posture reports for system owners and ISSMs. • Support accurate hardware and software inventory, accurate ingestion of logs from all assets, and accurate system performance and security posture baselines. • Conduct specified areas of focus/detail for trend analysis. • Support migration information provided by affected system ISSM and report vulnerabilities to appropriate system ISSMs/POCs. • Assist with the reporting to outside agencies, including JFHQ, battle stations, external leadership, and other DOD Agencies. • Support the correlated agency-level POA&Ms with the coordination of POA&Ms from DSCA to outside entities. • Help complete the Cybersecurity Incident Reporting Form, including additional inputs such as personnel logs, system logs, event logs, and accurate software and hardware inventory list.