• Own and drive compliance initiatives end-to-end across eIDAS, NIS2, ETSI standards, and ISO 27001. • Conduct and coordinate internal audits, gap analysis, and remediation plans. • Prepare and support external certification audits and qualification requests (LSTI, ANSSI, or equivalent bodies). • Build and maintain compliance documentation frameworks that scale with the business. • Monitor regulatory developments and proactively assess their impact on Yousign. • Contribute to the security of the Yousign product: participate in security reviews, threat modeling, and vulnerability assessments on product features. • Participate in threat assessments, security reviews, and incident response when needed. • Collaborate with Engineering and Product teams to embed security best practices into development and operations. • Support the detection and investigation of fraudulent use patterns on the Yousign platform. • Contribute to defining and improving fraud prevention mechanisms in collaboration with Product and Engineering. • Participate in the weekly on-call rotation to handle unplanned compliance and security topics. • Mentor teammates and contribute to raising the bar on compliance practices across the team. • Identify and implement automation opportunities to reduce manual toil and increase team velocity.

• Own our threat awareness across every surface • Collect, monitor, filter, enrich, and relay external signals: dark web, threat feeds, CVEs, vendor advisories • Track what's happening inside: corporate systems, cloud infrastructure, IdP, messaging and communication, endpoints, and application behavior • Be the first to know when something looks wrong — and be able to explain it clearly • Build a library of business cases for visibility and monitoring, then implement them • Start with Sumo Logic, grow into Elastic • Take ownership of our Sumo Logic SIEM: collectors, pipelines, data quality, and detection logic • Work toward integrating our Elastic/APM stack to extend visibility into product and platform behavior • Tune signal over noise — don't just ingest everything, make what we have trustworthy • Build solutions where they don't exist • Extract security-relevant data from sources that weren't designed to provide it • Write scripts, build pipelines, and create custom solutions when tools don't cover the gap • Show daily progress — small improvements compound • Make visibility actionable • Brief leadership regularly on attack surface, unusual activity, and emerging threats • Translate technical signals into clear, decision-ready information • Identify problems early enough that we can act, not just react

Role Description Phoenix Cyber is looking for a SOAR Consultant to support a commercial client. This is a 100% remote, work-from-home position anywhere in the continental United States. - Provide technical expertise and real-life experience in creating innovative solutions within the cybersecurity space - Develop and implement automations in response to security incidents - Proactively collaborating, developing, and designing security orchestrations with SMEs/engineers, vendors, and project stakeholders - Ability to navigate and adapt to a fast-paced ever-changing environment with a team of like-minded, cross-functional individuals Qualifications - Minimum 2 years of SOAR experience - Expert knowledge of SOAR technologies - Demonstrated proficiency in cyber security platforms: SOAR, SIEM, IDS/IPS, DLP, WAF, Endpoint Security - Degree in a STEM related discipline and/or a minimum 5 years of cybersecurity experience - Cybersecurity consulting experience - Nice to Have: Experience with Palantir - Nice to Have: Experience with PowerBI Company Description Phoenix Cyber is a national provider of cybersecurity engineering services, operations services, sustainment services and managed security services to organizations determined to strengthen their security posture and enhance the processes and technology used by their security operations team. Phoenix Cyber is an equal opportunity employer and complies with Executive Order 11246, Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veteran's Readjustment Assistance Act (VEVRAA), all amendments to these regulations, and applicable executive orders, federal, and state regulations. Applicants are considered without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, and/or veteran status. Phoenix Cyber participates in E-Verify to confirm the employment eligibility of all newly-hired employees. To learn more about E-Verify, including your rights and responsibilities, go to https://www.e-verify.gov/ Salary range is flexible.

• Experiencia de 5 – 6 años en SAP Security y GRC • Rol técnico, gestión de usuarios y autorizaciones para sistemas SAP • Diseño de roles y remediación de conflictos de separación de deberes • Revisión de autorizaciones críticas • Garantizar alta conformidad y soporte al usuario • Traducción de especificaciones funcionales a diseño de rol SAP • Soporte/liderazgo en proyectos de diseño de rol SAP • Soporte al proceso de gestión de cambios • Soporte en aceptación de usuarios finales y validación técnica