Collectors is the leading creator of innovative technology that provides value-added services for collectors worldwide. We grade, authenticate, vault, and sell millions of record-setting collectibles, all while modernizing and digitalizing the process to further our mission of helping collectors pursue their passions. We’re always on the lookout for talented people to join our growing team. Our services span collectible trading cards, autographs, comic books, coins, video games, event tickets, and memorabilia. Our subsidiaries include PSA, PCGS, Beckett, SGC, and Card Ladder. Since our founding in 1986, we have graded and authenticated millions of items. We employ more than 3000 people across our headquarters in Santa Ana, California and offices in New Jersey, Texas, Florida, Japan, Shanghai, Hong Kong, Canada, Mexico, Germany, and France. As part of our interview process, we request that candidates have their cameras on during video interviews. This helps foster meaningful conversation and allows us to create an experience that closely resembles our standard working environment. Certain interview steps may take place by phone. For remote roles, and at our discretion, candidates may be asked to participate in an on-site interview as part of the final stages of the process. We understand there may be occasional circumstances requiring accommodation and are happy to discuss them as needed. Your recruiter will be able to clarify expectations and answer any questions you have. We’re transforming the collecting experience with technology that brings authentication, grading, and trading into the modern era. Our products are equalizing the playing field by providing tools that make complex research analytics — including pricing, scarcity reports, and historic sales data — accessible to every collector, old or new. Our engineering mission is to democratize technology while promoting innovation, collaboration, and continuous learning throughout the organization. We're seeking engineers to utilize advanced technology in agile settings, with a focus on improving the customer experience for every collector. Collectors Cybersecurity team is committed to utilize cybersecurity, risk and privacy best practices on our platforms, leveraging signal intelligence and observability at scale to protect our customers, employees and our brand. We’re looking for a Cloud Security Engineer to join our Cybersecurity team to partner with the broader Product and Tech org and drive secure by default architectures and ensure the security and integrity of our infrastructure. You’ll report to the VP of Cybersecurity. Remote or hybrid candidates will also be considered. We believe that there is significant value in in-person collaboration. If you live within a 1 hour commuting distance to one of our offices, you will be required to be onsite most of the time. This will be discussed further as part of the recruiting process. What You’ll Do: - Security Design Reviews/Threat Models: Ensure security guardrails are integrated into our platforms by conducting thorough reviews of design, implementations and code - Collaboration and Engineering Guidance: Provide proactive guidance and education to platform engineering and product teams on available security controls and their appropriate use to help prevent vulnerabilities, striving for secure by default paradigms - Partner with platform engineering and product teams to identify the appropriate remediations and compensating controls, sometimes getting creative when the “textbook remediation” is not viable - Expertise in Cloud Security: Serve as a trusted advisor, offering cloud security expertise to enable platform engineering and product teams to make informed decisions - Automated Analysis and Secure Frameworks: Scale security efforts by integrating automation for the identification, prioritization, and remediation of vulnerabilities - Empower platform engineering teams through automation, security guidance, tooling, patterns, and training to scale security practices across the organization - Partner with application security and incident response teams to identify and implement security tooling to detect security vulnerabilities and risks at scale - Lead by example and be a champion of all company policies, including safety, attendance & security Who You Are: - 3+ years of experience in Cloud Security, with a focus on securing AWS and GCP environments - Proficient in Terraform analysis and knowledgeable about common cloud security vulnerabilities/misconfigurations - Working knowledge of one or more general purpose programming/script languages, preferably Python - Excellent problem-solving skills, with the ability to work independently and handle multiple tasks - The ability to drive clear next steps when encountering ambiguous spaces without clear lines of ownership - Experience with cloud security testing tools and methodologies (CSPM, Penetration Testing) - Familiarity with major compliance frameworks, such as PCI, NIST, ISO, SOX, and experience assisting in audits - Bachelors in CS, Cybersecurity or related fields and certifications such as GCIH, CISSP, CSSLP, GSSP or any other professional or Specialty AWS certification (e.g., AWS Solutions Architect Professional or Security Specialty) is good to have Salary Range: The salary range for this position is $107,642-$174,759. Actual compensation on this range varies based on a variety of non-discriminatory factors, including location, job level, experience, and skill set. This role may be eligible for bonuses, commissions, or other forms of compensation, please ask your recruiter for details. Reasons To Join Us: - Health Insurance: All full-time employees are eligible to enroll in Medical, Dental, and Vision - Additional Benefits: Full-time employees are eligible for fertility, commuter, and educational assistance benefits - 401(K) Matching Plan: We are proud to offer a competitive 401k matching plan to our employees to support their future financial goals - Vacation: All salaried employees are eligible for flexible time-off - Holiday Pay: All regular, full-time employees are eligible for ten company paid holidays - Employee Discounts: Employees receive discounts on select grading services for approved submissions - Flexible Hours: Many of our teams offer flexible schedules with varying shifts and will work with you to accommodate your needs - Fun Working Environment: Our team members are invited to participate in celebrations, holiday events, and team building activities - Additional Resources from our technology team: Collectors Tech Blog, Our Engineering Story Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. #Li-Remote #Bi-Remote #Bi-Hybrid There is no deadline, as this role accepts applications on an ongoing basis. Candidates must be authorized to work in the United States. Collectors uses e-Verify to validate your ability to work legally in the United States. We are aware that there are instances where individuals are receiving job offers that fraudulently allege to be from Collectors or one of our business units. This type of fraud can be carried out through false websites, through fake e-mails claiming to be from the company or through social media. We never ask for personal information such as your bank account, Social Security numbers or National IDs, nor do we send or request payments for the purchase of business-related equipment. If you suspect fraud, please reach out to jobs@collectors.com. We are committed to equal employment opportunity regardless of race, color, ethnicity, ancestry, religion, national origin, gender, sex, gender identity or expression, sexual orientation, age, citizenship, marital or parental status, disability, veteran status, or other class protected by applicable law. We believe that a team that represents a variety of backgrounds, perspectives, and skills will better service the diverse community of collectors we support. If you require an accommodation to apply or interview with us due to a disability or special need, please email people@collectors.com. U.S. residents: for disclosures relating to personal information we collect during the employment application and recruitment process, please see our Privacy Notice for U.S. Applicants. If you are based in California, you can read information for California residents here.

About the Company At Torc, we have always believed that autonomous vehicle technology will transform how we travel, move freight, and do business. A leader in autonomous driving since 2007, Torc has spent over a decade commercializing our solutions with experienced partners. Now a part of the Daimler family, we are focused solely on developing software for automated trucks to transform how the world moves freight. Join us and catapult your career with the company that helped pioneer autonomous technology, and the first AV software company with the vision to partner directly with a truck manufacturer. Meet the Team The Safety & Regulatory – Product Cybersecurity team is responsible for ensuring the security, integrity, and resilience of Torc’s autonomous vehicle platform across the full product lifecycle. As a Product Cybersecurity Architect 1, you will play a key role in embedding cybersecurity into the foundation of our autonomous driving systems. You’ll work closely with Compute Platform and Autonomy teams to develop cybersecurity elements of the Torc Safety Case and ensure security is built into our systems from conception through deployment. This role requires a deep understanding of software cybersecurity principles, a proactive approach to building cybersecurity in, and the ability to work cross-functionally with various departments to integrate robust cybersecurity measures into our products. What You’ll Do - Perform cybersecurity assurance activities such as static analysis, dynamic analysis, and fuzz testing. - Perform attack surface analysis at varying levels of software and hardware abstraction. - Collaborate with product development teams to embed cybersecurity into software development activities. - Focus on ensuring compliance with best practices and industry standard requirements pertaining to software security activities defined by the AVCDL. - Prepare and present evidence in the safety case to demonstrate readiness to launch new products or release new software versions from a software security perspective. - Train internal stakeholders on software security practices and act as a resource where expert software security assistance is needed. What You’ll Need to Succeed - Bachelor's degree in computer science, electrical engineering, or related technical field plus demonstrated competences and technical proficiencies typically acquired through 0–3+ years of experience. - Strong understanding of cybersecurity principles and practices. - Strong understanding of software cybersecurity activities such as static analysis, dynamic analysis, and fuzz testing. - Experience with software analysis tools such as CodeQL, libfuzzer, honggfuzz, UBSan, and ASan. - Experience using programming languages such as C and C++. - Proficiency in recognizing software/hardware weaknesses and security vulnerabilities. - Knowledge of Unix-like operating systems and software. - Knowledge of computer networking protocols, network security principles, and practices. Bonus Points - Experience developing safety-critical, cyber-physical systems in industries such as automotive, medical or aerospace. - Experience with embedded programming. - Experience with designing secure test plans. - Knowledge of secure coding standards & guidelines such as CERT C++ and MISRA C++. - Knowledge of cybersecure development lifecycles such as the Microsoft SDL, A Versatile Cybersecurity Development Lifecycle (AVCDL), or similar. Work Location: For this position, we are open to hiring in either the Ann Arbor, MI OR Blacksburg, VA (U.S.) office work locations in a hybrid capacity. We are also open to hiring Remote in the United States Perks of Being a Full-time Torc’r Torc cares about our team members and we strive to provide benefits and resources to support their health, work/life balance, and future. Our culture is collaborative, energetic, and team focused. Torc offers: - A competitive compensation package that includes a bonus component and stock options - 100% paid medical, dental, and vision premiums for full-time employees - 401K plan with a 6% employer match - Flexibility in schedule and generous paid vacation (available immediately after start date) - Company-wide holiday office closures - AD+D and Life Insurance At Torc, we’re committed to building a diverse and inclusive workplace. We celebrate the uniqueness of our Torc’rs and do not discriminate based on race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, veteran status, or disabilities. Even if you don’t meet 100% of the qualifications listed for this opportunity, we encourage you to apply. Our compensation reflects the cost of labor across several geographic markets. Pay is based on a number of factors and may vary depending on job-related knowledge, skills, and experience. Torc's total compensation package will also include our corporate bonus and stock option plan. Dependent on the position offered, sign-on payments, relocation, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. Hiring Range for Job Opening US Pay Range $108,900—$130,700 USD

• Establish and operationalize security controls for emerging Artificial Intelligence and Machine Learning capabilities across the enterprise. • Embed security into AI solution design, protecting AI models and data pipelines, and enabling secure adoption of AI use cases across business and technology functions. • Work closely with Digital, Data, AI, Security Architecture, Engineering, and Cyber Defense Operations teams to define secure AI architecture patterns, implement guardrails, and ensure AI platforms operate within client’s cybersecurity, risk, and governance standards. • Define secure architecture patterns for AI and machine learning solutions, ensuring protection of models, training pipelines, inference environments, and supporting data flows. • Establish secure integration patterns for AI services across enterprise applications, APIs, cloud platforms, and data environments. • Review AI solution designs to ensure alignment with enterprise security architecture standards and secure-by-design principles. • Support implementation of secure controls across AI development, testing, deployment, and production environments. • Identify, assess, and mitigate AI-specific threats including model poisoning, prompt injection, adversarial attacks, unauthorized model access, data leakage, and misuse of AI outputs. • Define and implement security guardrails for AI model access, API usage, prompt controls, and secure interaction with enterprise data sources. • Establish controls to protect sensitive training data, embeddings, prompts, and inference outputs across AI workflows. • Support validation of third-party AI services and external model integrations from a cybersecurity risk perspective. • Establish AI security standards, engineering guardrails, and governance practices aligned with regulatory requirements, enterprise risk expectations, and responsible AI principles. • Partner with Digital and AI teams to enable secure AI use cases where security accelerates responsible business adoption rather than acts as a blocker. • Support creation of AI security review checkpoints for new AI initiatives, pilots, and production deployments. • Contribute to enterprise AI security policies, reference architectures, and operational standards. • Collaborate with Cyber Defense Operations to operationalize AI-related detection, monitoring, and response capabilities. • Support development of monitoring use cases for AI misuse, abnormal model behavior, unauthorized access, and suspicious data movement. • Define logging and telemetry requirements for AI platforms to improve visibility and incident readiness. • Support integration of AI platform telemetry into enterprise detection and monitoring tools where applicable. • Work closely with Security Architecture, Cloud Engineering, Data teams, Application teams, and AI program owners to ensure consistent security adoption. • Support security reviews for AI vendors, AI-enabled SaaS platforms, and internally developed AI capabilities. • Provide technical guidance to project teams on secure AI implementation and operational controls.

• Partner closely with engineering teams across the company to reduce security risk throughout the software development lifecycle • Contribute to initiatives that strengthen NerdWallet’s security posture by improving tooling, workflows, and standards that help engineers build secure software while maintaining a great developer experience • Help scale NerdWallet’s application security program through automation, tooling, and developer enablement • Partner with engineering and product teams to identify and remediate security gaps across multiple systems while balancing business priorities • Build tools, processes, and automation that improve security posture visibility for engineers and leadership • Review pull requests and provide actionable guidance on secure coding practices • Support operational work during security investigations or incidents affecting applications • Help integrate security practices into the secure development lifecycle (SDLC) across teams