• Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), review their outputs, and assist the development team with remediation strategies. • Configure and manage security tools such as Checkmarx and leverage GitHub's native security features to scan vulnerabilities in the codebase and dependencies. • Ensure integration of security scans within our CI/CD pipelines to identify vulnerabilities early in the development process. • Implement and enforce security best practices for containerization within AWS ECS and ECR environments, focusing on secure configurations, image scanning, and robust access control measures. • Lead the coordination and management of vulnerability scanning and remediation efforts across the application stack, encompassing the codebase, containers, and AWS infrastructure. • Conduct thorough penetration testing on products and systems, including web applications and services, to identify and exploit security flaws. • Participate in triage calls with cross-functional teams and effectively communicate vulnerability details, risks, and potential impacts to stakeholders.

• leitest komplexe Projekte im Bereich Cybersecurity und IT-Risiken innerhalb eines internationalen Programms • bringst deine Expertise in Informationssicherheit ein und steuerst die Umsetzung sicherheitsrelevanter Anforderungen • koordinierst Ad-hoc-Anfragen und priorisierst Aufgaben zur Einhaltung von Projektzeitplänen • strukturierst Projekte und planst Ressourcen für eine erfolgreiche Umsetzung • überwachst IT- und Business-Projekte und stellst sicher, dass IT-Risiken und Sicherheitsaspekte berücksichtigt werden • steuerst die Zusammenarbeit zwischen verschiedenen Stakeholdern und förderst eine effektive Kommunikation • entwickelst kreative Lösungsansätze für komplexe Herausforderungen im Cybersecurity-Umfeld • kommunizierst Anforderungen und Änderungen im IT- und Cyber-Risiko-Referenzrahmen und integrierst diese in Projekte und Assets

• Identify, analyze, track, and communicate new and emerging federal, state, and sponsor research security legislation, policies, requirements, and resources. • Interpret complex regulatory guidance and provide clear recommendations to University leadership, researchers, and staff. • Facilitate compliance with federal, state, sponsor, and institutional research security requirements, including health research–specific compliance obligations and implementation of requirements related to health research data. • Provide high-level support related to research security aspects of sponsored projects. • Conduct initial reviews of international outside activities and agreements to assess research security and compliance considerations. • Support the development, revision, and implementation of University policies, guidance documents, and resources related to research security. • Develop educational materials and provide outreach, training, and advisory support to researchers and staff to promote awareness and compliance. • Serve as a subject matter expert on research security matters and advise internal stakeholders on risk mitigation and best practices. • Provide program management for sponsored projects, including coordinating project activities, engaging researchers and stakeholder groups, supporting recruitment efforts, and developing reports, products, and resources. • Coordinate user testing and stakeholder feedback processes to inform project deliverables and continuous improvement efforts. • Manage multiple priorities in a dynamic regulatory environment while maintaining accuracy and attention to detail.

• You will aid our Product Managers in developing secure and resilient product designs. • You’ll become a respected advisor to our software engineers and you’ll help them solve security & compliance problems without limiting product functionality or adding tech debt. • You will design, build, and introduce security tooling that improves assurance of code in our pipelines and accelerates time to deployment of code. • You’ll focus on training and education with your software engineering counterparts to improve velocity and security of our developed code. • You’ll conduct threat modeling exercises and work closely with product & engineering to address the risks that you’ve identified. • Your input as a security practitioner will be valuable for our Product Management team as we develop tooling to help our clients’ security and IT teams manage their use of our platforms.