• Improve Socket's security posture across the board. Own application security, cloud infrastructure hardening, operational security, and IT security. Write code and build tooling that makes the secure path the default path for engineers. Roll out identity and access controls, close gaps across the stack, and continuously reduce risk. • Assess, prioritize, and drive the security roadmap. Figure out what matters most, balance quick wins with longer-term improvements, and execute across many fronts in parallel. You won't wait to be told what to work on. You'll develop a clear picture of where Socket's risks are and make steady progress against them. • Run incident response and external security operations. Build and run a 24/7 security incident response process. Own the security@ inbox, triage inbound vulnerability reports, manage pentests, and coordinate fixes. When you can fix something directly, you do. • Maintain compliance and drive new certifications. Maintain our existing SOC 2 compliance. Drive new certifications (ISO 27001, etc.) as needed for enterprise customers. • Raise security awareness and culture across the org. Train engineers to write more secure code. Run phishing simulations. Build trust with engineering teams so that security feels like an enabler, not a blocker. Make people want to do the right thing rather than resenting security as a tax.

About Us Socket helps devs and security teams ship faster by cutting out security busywork. Thousands of orgs use Socket to safely find, audit, and manage open source code. Our customers — from Anthropic to xAI, and Figma to Vercel — love Socket (just check out their tweets to see for yourself!) Founded by Feross Aboukhadijeh, a long-time open source maintainer with software downloaded over a billion times a month, Socket has raised $65M in funding from top angels, operators, and security leaders. About the Role We're hiring a Security Engineer to own security across the company. This is a senior IC role covering application security, cloud infrastructure, operational security, IT, compliance, and incident response. Socket is a security company, and our internal security posture matters both for protecting the company and for the credibility of what we sell. This role is a rare combination: full ownership of a critical function, a company with real traction, and a deeply relevant problem space. As Socket grows, so will the security function, and you'll shape what that looks like. What You'll Do - Improve Socket's security posture across the board. Own application security, cloud infrastructure hardening, operational security, and IT security. Write code and build tooling that makes the secure path the default path for engineers. Roll out identity and access controls, close gaps across the stack, and continuously reduce risk. - Assess, prioritize, and drive the security roadmap. Figure out what matters most, balance quick wins with longer-term improvements, and execute across many fronts in parallel. You won't wait to be told what to work on. You'll develop a clear picture of where Socket's risks are and make steady progress against them. - Run incident response and external security operations. Build and run a 24/7 security incident response process. Own the security@ inbox, triage inbound vulnerability reports, manage pentests, and coordinate fixes. When you can fix something directly, you do. - Maintain compliance and drive new certifications. Maintain our existing SOC 2 compliance. Drive new certifications (ISO 27001, etc.) as needed for enterprise customers. - Raise security awareness and culture across the org. Train engineers to write more secure code. Run phishing simulations. Build trust with engineering teams so that security feels like an enabler, not a blocker. Make people want to do the right thing rather than resenting security as a tax. What You'll Bring - You've owned security broadly at a growth-stage company, or you're a strong software engineer who's moved into security and is ready to own the function end-to-end. - You can ship production TypeScript. When the engineering org is heads-down on product work, you unblock yourself by writing code, standing up tooling, and modifying infrastructure rather than filing tickets and waiting. - You have breadth across security domains (AppSec, CloudSec, OpSec) and you're comfortable learning fast where gaps exist. - You're fluent in cloud infrastructure (we use GCP): VPCs, IAM, secret management, networking. - You're a self-directed operator who figures out what matters most and executes across many fronts without waiting to be told what to do. You move fast, find leverage, and get a lot done with a little. - You have the communication and teaching skills to make an entire engineering org care about security, not by blocking people, but by earning trust and making the secure path the easy path. We know how important clarity is when looking for a new role, so we've put together a read-me about the Interview Process at Socket. Benefits: Our benefits are crafted to support you and your family, so you can take care of what matters most and thrive in and outside of work. We offer: - Market competitive salary bands - Meaningful equity program - Comprehensive health benefits for you and your family - Flexible time-off, holidays, and winter shutdown to rest & recharge - Paid parental leave - Remote-first, with quarterly team off-sites At Socket, we - Pursue Excellence: We set ourselves apart by consistently delivering work of exceptional quality and distinction. - Move with urgency and focus: We prioritize swift, decisive action. - Think rigorously: We care about being right and it often takes reasoning from first principles to get there. We value alternative perspectives and have constructive discussions. - Trust and amplify: We overtrust, always assume good intent, and give specific feedback to help each other improve. - Feel a strong sense of ownership: We wear many hats and feel a strong sense of overall ownership of the company and we're non-territorial regarding our nominal domains. - Are customer obsessed: We relentlessly prioritize the needs of our customers, striving to exceed their expectations and delight them at every interaction.

The DoW Healthcare Management System Modernization (DHMSM) Program is looking for an experienced ISSO/ISSE to join our cyber team in support of the continued development, sustainment, and deployment of the Military Health System (MHS) GENESIS system. MHS GENESIS is deployed globally to over 3700 locations at 138 Medical Treatment Facilities (MTFs), serving 190K users, providing 1100+ clinical workflows delivering medical electronic health record (EHR) capabilities for nearly 10M beneficiaries. WHAT YOU WILL BE DOING The ISSO supports the Cybersecurity Leads with all Risk Management Framework (RMF) Authorization and Sustainment related functions to include Interim Authorization to Test (IATT), Authority to Operate (ATO), Annual Security Review (ASR), Risk Assessment (RA) and Continuous Monitoring (ConMon) activities for all assigned systems. Responsibilities include, but are not limited to, the following: - Maintaining RMF Authorizations for all assigned ATOs including any required IATT, ATO, ASR, RA and ConMon related activities and assisting team members with unassigned ATOs as required. - Primary cybersecurity review of system architecture and technical artifacts (to include PPSM, diagrams, STIGs, compliance evidence, and policy documentation) - Developing, updating and working with Cybersecurity Leads and LPDH partners to ensure implementation of cybersecurity policies and procedures, and developing any other required cybersecurity related documentation. - Ensuring assigned systems meet requirements to obtain required authorizations and approvals including IATT, ATO, and ASRs from the assigned Authorizing Official (AO) - Understanding all DOW and DHA RMF policies, procedures, and guidance and keeping up with all changes. - Ensuring eMASS record is maintained in accordance with DHMHSM and DHA requirements. - Assisting with the development of templates and recommending other tools to support risk management and ATO activities, as needed. - Working with CyberOps to ensure all assets are scanned properly and that any scan issues are resolved in a timely manner. Tracking all issues. - Developing and Maintaining Plans of Action and Milestones (POA&Ms) and Risk Acceptances for all assigned ATOs and ensuring POA&Ms received from other teams meet all DHA requirements. - Tracking vulnerability remediation statuses and POA&M closures on a weekly basis for metrics reporting. - Periodically evaluating the effectiveness of all Assessment Procedures for RMF security controls to ensure operational security posture is maintained. - Supporting cybersecurity compliance assessment efforts by providing systems engineering and documentation support. - Ensuring all DoW and DHA cybersecurity-related documentation is current and accessible to properly authorized individuals. - Assisting Cybersecurity Leads in ensuring the project meets identified milestones and requirements. - Contributing to the development of cyber strategies and any associated documentation. - Ensure all users have requisite security clearances and access authorization. - Provide Subject Matter Expertise for customer inquiries. FACTORS FOR SUCCESS - BS degree and 8-12 years of prior relevant experience - US Citizen with Active Secret Clearance or higher – required. Contract requirement. - Minimum of 5 years’ hands-on experience on Defense Health Agency projects in a cybersecurity role. - DoW 8570 Certification - Proficiency in eMASS - Prior experience with DoW Accreditation and tools such as eMASS, ACAS, CMRS and HBSS - Knowledge of networks, cyber defense toolsets and processes. Strong understanding of related technologies and significant knowledge of networking technologies, operating systems, and security tools, tactics, techniques, and procedures. - Attention to detail - Excellent written and verbal communication skills and the ability to effectively interact and work with internal team members, vendors and clients. - Experience with network and network security assessments and documenting the results using NIST SP 800-53A (Rev 5), completing security plans and recommending Security Controls for Federal Information Systems - Strong ability to document recommendations to correct security weaknesses resulting from security assessments and tracking implementation of corrective actions - Experience developing network and network security policies and system security documentation and procedures - Experience with DoW Information Assurance Vulnerability Management (IAVM) Program - Experience with Cloud - Experience with Containers - Scripting knowledge: PowerShell, Python, Shell Scripting HOW YOU WILL STAND OUT FROM THE CROWD - PMP Certification - A high degree of proficiency in eMASS - DHA A&A Experience - Proficiency in ACAS/NESSUS, SCAP - Experience with Cloud - Experience with Containers - Experience with the DoW Information Assurance Vulnerability Management (IAVM) Program If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares. Original Posting: March 18, 2026 For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above. Pay Range: Pay Range $107,900.00 - $195,050.00 The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Are you ready to open a world of opportunity in human resources services and talent mobility? Our clients include some of the largest and most recognized brands in the world. They’re innovators and leaders in their industries, making life-enhancing breakthroughs every day. We help them tap into those opportunities by placing their exceptional people where they need to be, anywhere in the world. When it comes to service, we set the bar for exceptional … and then we raise it with fresh ideas, leading tools and innovative approaches, and it’s all grounded in our values of truth, love, and integrity. We’re looking for exceptional people who share those values along with our passion for delivering the highest levels of service. If that sounds like you, and if you’re ready for a new career opportunity, we’d like to hear from you! Here’s to the world ahead.   We are seeking a visionary and business-aligned Chief Information Security Officer (CISO) to serve as a key member of the Graebel and IT leadership team. The CISO will provide the strategic roadmap and executive leadership for a world-class Enterprise Security Program that enables business innovation while aggressively mitigating risk. This role directs the end-to-end planning, implementation, and governance of a resilient information security strategy. The CISO architects a culture of security that protects our global reputation, digital assets, and competitive advantage. The CISO is the primary authority for enterprise-wide cyber risk evaluations, regulatory compliance alignment, and security incident management. Part of our Graebel Senior Leadership Team and reporting to the CIO, with direct advisory access to the Executive Committee and Board, this leader must be an expert communicator capable of translating complex technical threats into financial and operational impact for all levels of leadership throughout the organization. We are committed to fair and transparent compensation. The salary range for this role is based on several factors including experience, skills, and qualifications and is $245,000 to $275,000. Essential Duties and Responsibilities - Strategic Leadership: Oversight of Enterprise Information and cyber security policy, strategy, and execution driving a risk-based resilience model. - Executive Influence: Interfaces with senior leadership and the Board of Directors to ensure information security is quantified in financial and business impact terms and aligned with strategic priorities. - Stakeholder Communication: Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders, serving as a primary advocate for digital trust. - Talent Cultivation: Supervise recruitment, development, retention, engagement, and organization of security staff, fostering a high-performance culture of continuous learning. - Environment Management: Oversight of core security and infrastructure systems, managed security providers, and the security posture of the end-to-end supply chain. - Policy & Governance: Develop, implement, maintain, and oversee enforcement of IT policies, procedures, and associated plans for system security administration and user system access based on Zero Trust architecture and industry-standard frameworks (e.g., NIST, ISO). - Incident Orchestration: Accountable for security operations, incident oversight, identification, and response, focusing on rapid recovery and business continuity. - Revenue Enablement & Customer Trust: Partner with Sales and Product teams to serve as an executive-level security advocate during the sales cycle; directly engage with key customers and prospects to articulate the company’s security posture and build the "Digital Trust" necessary to accelerate contract closures. - Cross-Functional Collaboration: Collaborate with the wider IT department and business unit leaders on embedding security-by-design into enterprise and end-user processing technology. - Cultural Transformation: Create a culture of cyber security awareness both within the IT organization and driving measurable behavioral changes for the business; proactively evaluates security trends, emerging AI-driven threats, and vulnerabilities to mitigate risk. - Awareness & Advocacy: Oversees, develops, and delivers dynamic, role-specific security awareness training. Initiates, facilitates, and promotes activities to foster a shared responsibility model within the organization and related entities. - Strategic Partnerships: Promote and oversee strategic security relationships between internal resources and external entities, including suppliers, partner organizations, and industry peer groups. - Third-Party Risk Management (TPRM): Participates in the development, implementation, and ongoing compliance monitoring of all business associate, client, and supplier agreements to ensure rigorous security concerns, requirements, and responsibilities are addressed legally and technically. - Market Intelligence: Remain informed on cyber risk trends and issues; advise, counsel, and educate executive and management teams on their potential impact to brand equity and shareholder value. - Privacy & Compliance Integration: Works closely with Data Privacy leadership to ensure alignment between security and Global Data Privacy programs (e.g., GDPR, CCPA) including policies, practices, and investigations; acts as a strategic liaison to the Compliance and Legal departments. - Risk Quantification: Responsible for periodic information security risk assessment, analysis, mitigation, and remediation utilizing data-driven risk modeling. Responsible for development and implementation of an integrated security enterprise risk management plan. - Executive Communication: Interact with excellent written and communication skills, able to operate at both a visionary strategic level and high-impact operational level.