• SOC Operations Support: Monitor security alerts and events within the SOC, contributing to real-time threat detection and response. Participate in incident triage, investigation, and resolution to ensure minimal downtime and data integrity. • Cybersecurity Configuration Management: Design, implement, and maintain secure configurations for hardware, software, and cloud environments. Ensure compliance with standards such as ISO 27001, NIST, or Singapore's Cybersecurity Act. • Troubleshooting and Problem Resolution: Diagnose and resolve complex security issues, including misconfigurations, unauthorized access attempts, and system anomalies. Use debugging tools and methodologies to root-cause problems and prevent recurrence. • Team Collaboration and Training: Work closely with SOC analysts and other departments to enhance overall security posture. Provide guidance and training to junior staff on cybersecurity engineering. • Continuous Improvement: Evaluate and recommend new tools, processes, and technologies to improve vulnerability scanning efficiency and SOC effectiveness. Participate in tabletop exercises and simulations to refine response protocols

Our Mission Our mission is to SAVE AND IMPROVE LIVES BY EMPOWERING HEALTHCARE CONSUMERS. Come be part of remarkable. Overview How you can make a difference The Cyber Defense Operations Team Principal (CDOT) serves as the senior technical authority within the Cyber Defense Operations Team, responsible for ensuring the accuracy, quality, and threat‑informed rigor of all escalations and investigations. This role leads the review of high‑risk activity across CDOT Escalations, Insider Threat, and Cloud/AI Response queues, and ensures alignment with the organization’s detection, response, and visibility strategy. The Principal partners closely with ATR, Cyber Defense Engineering, and the Cyber Visibility Principal to strengthen detection fidelity, improve operational workflows, and drive continuous improvement across the Cyber Defense ecosystem. What you’ll be doing Operations - Lead validation of all CDOT escalations to ensure accuracy, completeness, and threat‑informed decision‑making. - Own triage oversight for the CDOT Escalations, Insider Threat, and Cloud/AI Response queues, ensuring high‑risk activity receives appropriate scrutiny and routing. - Coordinate response actions across CDOT, ATR, IR, and partner teams for high‑severity events. - Ensure sensitive investigations follow legal, HR, and IR requirements. Detection - Validate detection fidelity across traditional, cloud, and AI‑driven signals, ensuring alignment with ATR’s threat‑informed detection strategy. - Review cloud‑specific detections (Azure AD, AWS, GCP, SaaS) for accuracy, coverage, and alignment to cloud attack paths. - Validate AI‑generated detections and behavioral analytics for accuracy, bias, and operational usefulness. - Identify and escalate visibility gaps—including cloud telemetry, identity logs, and AI anomaly signals—to the Cyber Visibility Principal. - Partner with Cyber Defense Engineering and the Visibility Principal to refine detection logic, improve signal quality, and build new controls where systemic issues are identified. Response - Lead triage and validation for cloud and AI‑driven escalations, including identity compromise, privilege escalation, token abuse, and anomalous workload activity. - Serve as the escalation authority for determining when events require ATR deep‑dive analysis or CIRP activation. - Ensure escalations involving cloud or AI signals include complete investigative context and meet elevated scrutiny standards. Playbooks - Ensure operational playbooks accurately reflect CDOT response procedures, including cloud and AI‑driven scenarios. - Collaborate with ATR, Cyber Defense Engineering, and the Visibility Principal to develop new playbooks where gaps exist or new capabilities emerge. - Validate SOAR playbooks for correctness, safety, and alignment with escalation thresholds. - Identify automation opportunities and partner with Cyber Defense Engineering to build safe, reliable automated controls. Quality - Perform regular QA reviews of CDOT investigations, escalations, and triage decisions to track and improve CDOT performance. - Define and uphold standards for investigative documentation, evidence handling, and escalation quality. - Provide technical coaching to analysts to strengthen investigation quality, hypothesis development, and threat‑informed reasoning. Threat Alignment - Maintain alignment between CDOT detection priorities and ATR’s threat‑informed roadmap, including cloud‑focused and AI‑enabled threats. - Ensure CDOT workflows reflect current adversary tradecraft and MITRE ATT&CK coverage (enterprise, cloud, and emerging AI‑related techniques). - Surface systemic detection, tooling, or workflow gaps to ATR, CDE, and Detection Engineering. Metrics & Continuous Improvement - Define and track metrics for detection quality, false‑positive reduction, cloud/AI detection accuracy, and escalation fidelity. - Provide leadership with insights on recurring detection failures, operational bottlenecks, and systemic issues. - Lead post‑incident detection reviews to ensure lessons learned translate into improved cloud and AI detection logic. Partnership - Partner with Cyber Defense Engineering and the Visibility Principal to identify and escalate opportunities for improvement in detection logic, telemetry coverage, and automation. - Collaborate with ATR, CDE, and Detection Engineering to build new controls, refine detection content, and improve operational workflows. - Support cross‑team coordination to ensure high‑severity issues receive appropriate leadership attention. What you will need to be successful - 7+ years of experience in Security Operations, Incident Response, Threat Detection, or related cyber defense functions. - Deep expertise in cloud security (Azure, AWS, GCP) and identity‑centric attack patterns. - Strong understanding of AI‑driven detection models, behavioral analytics, and anomaly‑based detection. - Demonstrated ability to lead complex investigations and validate high‑risk escalations. - Strong knowledge of MITRE ATT&CK (enterprise and cloud matrices). - Experience with SIEM, SOAR, EDR, and cloud telemetry sources. - Excellent communication skills, with the ability to translate technical findings into clear, actionable guidance. Preferred - Experience partnering with detection engineering, threat intelligence, or cyber visibility teams. - Experience developing operational playbooks and automation workflows. - Prior experience in a Principal, Lead Analyst, or senior escalation role within a SOC or Cyber Defense team. - Relevant certifications (GCIA, GCED, GCTI, GCIH, Azure/AWS security certifications, etc.) #LI-Remote This is a remote position. Salary Range $137,500.00 To $182,000.00 / year Benefits & Perks The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including: - Medical, dental, and vision - HSA contribution and match - Dependent care FSA match - Uncapped paid time off - Paid parental leave - 401(k) match - Personal and healthcare financial literacy programs - Ongoing education & tuition assistance - Gym and fitness reimbursement - Wellness program incentives Onboarding & Travel This is a remote role, with an in-person onboarding training component. New team members must participate in Trailhead, HealthEquity’s immersive onboarding experience Trailhead is designed to foster meaningful connections, support your integration into the organization, and equip you with a strong understanding of our business. Trailhead participation is a key expectation of this role. Trailhead is held onsite at our headquarters once per quarter. HealthEquity covers all required travel and accommodations. This role may begin with a virtual, self-paced onboarding experience, followed by a mandatory onsite Trailhead session at a later date. HealthEquity is committed to providing reasonable accommodations to team members with qualifying disabilities. Should you be selected for this role and require an accommodation, we will put you in touch with our Benefits Team so you can begin the accommodation request process. Why work with HealthEquity HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth. Join us and discover a work experience where the person is valued more than the position. Click here to learn more. You belong at HealthEquity! HealthEquity, Inc. is an equal opportunity employer, and we are committed to being an employer where no matter your background or identity – you feel welcome and included. We ensure equal opportunity for all applicants and employees without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, status as a qualified individual with a disability, veteran status, or other legally protected characteristics. HealthEquity is a drug-free workplace. For more information about our EEO policy, or about HealthEquity’s applicant disability accommodation, drug-free-workplace, background check, and E-Verify policies, please visit our Careers page. HealthEquity uses Microsoft Copilot to transcribe screening interviews between candidates and their direct Talent Partner for note taking and interview summaries. By scheduling a screening interview with us, you consent to Microsoft Copilot’s AI technology recording and transcribing your interview with your Talent Partner. This information will be reviewed for accuracy and then used by HealthEquity to summarize the interview, ensure accuracy, and facilitate our hiring process. We take privacy seriously. You have the option to opt out. If you wish to opt out of this Microsoft Copilot transcription, please notify your Talent Partner in advance of the interview. If we do not receive an opt-out request from you, we will assume that you consent to the use of Microsoft Copilot. At HealthEquity, our goal is to save and improve lives by empowering healthcare consumers. This shared purpose inspires everything we do, including how we approach hiring. Our process is designed to get to know the real you: your skills, experiences, and potential to make a difference. We value honesty, originality, and the courage to do the right thing, even when it is not the easiest path. Showing up as your authentic self reflects these values and helps us build something truly remarkable together. As AI is becoming a common tool throughout the application process, we want to be clear about its appropriate use at HealthEquity. Using AI to support resume writing, research, or interview preparation is perfectly acceptable, provided the content is accurate and genuinely represents your qualifications and skills. For other key parts of our interview process, however, it is important that the ideas, communication, and work you share reflect your own voice, experiences, and thinking. We ask that you participate in our live interviews and complete any assessments without AI assistance unless instructions explicitly indicate otherwise or a specific exception is discussed and approved in advance. This approach ensures fairness, celebrates your individuality, and allows your authentic perspective to shine. Behaviors that do not align with these guidelines may result in disqualification from the hiring process or termination of employment if later discovered. We appreciate your understanding and look forward to learning about the unique contributions only you can bring to HealthEquity. HealthEquity is committed to your privacy as an applicant for employment. For information on our privacy policies and practices, please visit HealthEquity Privacy.

cFocus Software seeks a SOC Manager to join our program supporting the Housing and Urban Development. This position is remote. This position requires a Public Trust clearance. Qualifications: - Bachelor’s Degree or Higher in Cyber Security or related field and Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM). - 7+ years managing a security operations team, ensuring the effective monitoring, detection, and response to cybersecurity incidents. - Managing a team providing security systems and tools management related to on premise, cloud and hybrid cloud technologies. - Expertise in Managing the delivery of Security Operations Center activities and operations, Cyber Security tool implementation, operations and maintenance, cyber and threat tools, platforms, platform management, configuration management implementation and custom tools configuration; supporting Threat Intelligence, DevSecOps; directing, managing, implementing, and executing business and technology related solutions; Cyber, IT and business strategy, planning, IT Security and Compliance with Federal Government related rules and regulations, and industry standards. - Experience in security operations, network security, incident response, threat analysis, and cybersecurity tools like EDR, SIEM, SOAR, IDS/IPS, DLP and log analysis. - In-depth knowledge of cybersecurity technologies, threat landscapes, and incident response protocols. - Ability to analyze security incidents, identify root causes, and implement preventive measures. - Managing and executing technologies and processes that affect assigned global Information Protection capability, such as issue identification and resolution, documentation, integration with other tools, gap resolution, gap assessment, and continuous improvement of the capability. - Keeping the infrastructure current, making recommendations, and participating in the implementation and continuous improvement of technologies and services for the agencies information security domains. - Advising and supporting project teams, application owners, and other Information Security teams on information security controls. - Preparing, maintaining and updating security documentation, policies, processes and controls including Information Security Governance.

• Own and execute the Continuous Diagnostics and Mitigation (CDM) program for enterprise infrastructure, including both Windows and Linux environments. • Manage and enforce patch management cadence across all infrastructure systems, tracking compliance and driving remediation of gaps. • Establish and maintain configuration baselines for servers, endpoints, and network-adjacent systems; monitor for drift and enforce corrections. • Coordinate vulnerability remediation by triaging scan results, prioritizing findings, and working with Systems and Network teams to implement fixes within defined SLAs. • Conduct and manage access reviews, ensuring appropriate permissions, removing stale accounts, and documenting findings. • Continuously monitor infrastructure security posture using available tools (SIEM, endpoint protection, vulnerability scanners) and escalate anomalies as appropriate. • Prepare and maintain operational evidence to support internal and external audits, ensuring Infrastructure Operations can demonstrate compliance with frameworks such as CMMC, SOC2, and ISO 27001. • Create, update, and maintain detailed documentation for security operations processes, controls, and remediation activities. • Collaborate with the Cybersecurity team to align operational execution with governance requirements, audit findings, and evolving security standards. • Collaborate with Systems Administrators and Systems Engineers to ensure security practices are integrated into daily infrastructure operations rather than treated as separate workstreams. • Identify opportunities to automate and improve security operations workflows, reducing manual effort and increasing consistency. • Provide Tier 2/3 escalation support for security-related infrastructure issues and end user support requests that exceed Help Desk capabilities. • Stay current with evolving threats, vulnerabilities, and industry best practices to continuously improve the organization's security posture.