• Research into threats (such as root/jailbreak and hiding thereof, app tampering, runtime tampering, etc.) in mobile phone operating systems and applications on Android / iOS / Harmony OS Next. • Work with the team to develop protection mechanisms through reverse engineering, vulnerability research, exploitation and mitigation techniques and mobile/embedded development. • Work with the team to perform penetration test on V-Key’s products and applications. • Work with the team to script attacks and defences for mobile devices in general and for mobile applications. • Develop customer-facing security attack and defense demonstrations. • Work with the team on security solutions architectures involving not just the mobile device, but also other networked components, leveraging authentication protocols (OAuth2, FIDO2, etc.), and understanding and assessing cryptographic protocols and algorithms as needed.

• Implement and maintain cloud security controls in AWS and Azure environments in support of Enhanced Domain Awareness systems. • Ensure compliance with NIST 800-53 Rev. 5, FedRAMP, and DoD IL 2/4/5 security requirements. • Configure and manage Identity and Access Management (IAM) solutions and enforce least-privilege access. • Perform vulnerability assessments and support remediation activities across cloud-hosted resources. • Monitor cloud environments using SIEM and cloud-native security tools to detect and respond to threats. • Support Zero Trust architecture and continuous monitoring initiatives. • Collaborate with DevOps, infrastructure, and application teams to integrate security into the development and deployment lifecycle.

• Support security design and installation projects throughout North, South, and Central America, including new sites and expansion projects, post-occupancy projects, and technology upgrade projects. • Manage all aspects of project delivery, including collaborating with key stakeholders, managing multiple projects, and scopes of work. • Identify project schedule, scope parameters, and oversee security design and implementation per client design requirements and standards. • Manage early project initiation activities and develop project security scope, schedule, critical deliverables, and requirements. • Manage scheduling, status, and tracking of critical project tasks, issues, and deliverables. • Assist with the bid and award process. • Review bid leveling documentation and provide feedback on the award recommendation. • Evaluate SOW responses and prepare evaluation reports, to include evaluation criteria, scoring, and recommendation details. • Perform security site evaluations of potential client properties and review proposed design concepts. • Apply client system design standards to in-progress site design, collaborate with client owner and user group stakeholders to define use cases and verify functional requirements, and produce a security functional specification for the project. • Review all security system design documentation for compliance with published security requirements, technical standards, and installation standards. • Collaborate with project teams and stakeholders while managing site activation activities for physical security among project parties and stakeholders to drive schedule, quality, and cost.

Role Description We’re looking for a Senior Cybersecurity Engineer to design, build, and operate preventative and detective security controls and automation across our AWS‑first and enterprise environments. Reporting to the CISO, this role implements guardrails, platforms, and integrations and partners with infrastructure, platform, and application teams to embed security by default in our AWS cloud and enterprise environments. The role will perform hands-on engineering in multiple security domains including: - Network security - Endpoint security - Email security - Data security - Vulnerability management - Container security - Identity and access management Qualifications - 7+ years in security engineering with production AWS (multi‑account/Organizations) and automation‑first delivery. - Domain experience in at least three of the following: - Network security (segmentation, routing, firewall, proxy, WAF) - Endpoint security (EDR/EPP, hardening, health attestation) - Email security (phishing protection, authentication, inbound/outbound controls) - Data security (classification, DLP, encryption, key management) - Vulnerability management (scanning, prioritization, remediation pipelines) - Container security (image scanning, runtime policy, supply chain) - Identity and access management (policy design, federation, least privilege) - IaC proficiency (Terraform preferred) and Python for automation; CI/CD integration experience (e.g., GitHub Actions, GitLab, CodePipeline). - Experience with root‑cause analysis and remediation of control failures (not incident RCA). - Demonstrated ability to independently drive complex projects to completion, as well as collaborate effectively with a complex set of stakeholders. Requirements - Design, implement, and maintain controls in AWS (IAM, KMS, VPC, GuardDuty, Security Hub, Detective, CloudTrail/CloudWatch), network, endpoint, email, data security, vulnerability, and identity domains. - Define SLOs for control availability, latency, coverage, and drift; implement telemetry to continuously measure those SLOs. - Partner with infrastructure, platform, and application teams to build IaC modules (Terraform/CloudFormation) and platform automations (e.g., Python/Lambda, Step Functions) to enforce guardrails (account vending, baseline hardening, logging enablement, key policies, SCPs) using Git. - Implement break‑glass patterns and least‑privilege workflows that are auditable and reversible. - Engineer data pathways (e.g., CloudTrail, VPC Flow, ECS audit, identity logs) into SIEM/MDR tooling; ensure completeness, timeliness, and schema quality. - Translate Detection and Response Lead feedback on false positives/gaps into logging or control adjustments. - Own scanners/integrations, asset coverage, tagging standards, and develop risk‑based remediation pipelines (ticketing, auto‑remediation for low‑risk classes). - Partner with owners to remove friction (pre‑approved windows, canaries, rollbacks). - Engineer least‑privilege patterns, permission boundaries, conditional access, and automated key/secret lifecycle (rotation, discovery, usage attestations). - Provide ready‑to‑consume roles/policies to teams. - Maintain runbooks, design docs, and reusable modules; ensure changes are versioned, peer‑reviewed, and tested. - Participate in control‑health and platform on‑call (e.g., logging ingestion failures, drift, outages). - Escalate security events to the Detection & Response Lead/MDR. Benefits - Employee Ownership Program - every eligible employee shares in the financial rewards that grow when the company grows. - Professional development opportunities. - Owner Referral Program. - Work from home reimbursement for remote/hybrid roles. - Canary emergency financial assistance program. - Comprehensive medical, dental, vision insurance. - Life/AD&D Insurance. - Confidential, Employee Assistance Program. - Health Savings Account, includes company contribution. - Short-term disability. - Voluntary benefits - supplemental accident, critical illness, hospital insurance. - Employee discounts. - 401(k) Plan with company match contribution. - Addition Wealth Financial Wellness Program. - Various Time Off Programs. - 11 company paid holidays.