ABOUT IREX IREX is an independent nonprofit organization dedicated to building a more just, prosperous, and inclusive world by empowering youth, cultivating leaders, strengthening institutions, and extending access to quality education and information.POSITION SUMMARY The Cybersecurity Specialist, under the supervision of the Project Senior Technical Advisor, will be hired as a consultant to perform some or all activities including (1) conducting and writing organizational cybersecurity risk assessments, following Center for Internet Security Controls Framework (CIS Controls v8.1), (2) Open Source Intelligence Analysis (OSINT) (3) vulnerability assessments, (4) penetration testing (black box), (5) and developing and delivering Security Awareness Programs (SAP) and ad-hoc trainings in coordination with beneficiary organizations’ needs. IREX will prioritize candidates whose native language(s) are either Spanish, Arabic, Chinese, Urdu, Korean, Russian, or French with experience working on information security, in particular, organizational cybersecurity. However, all candidates who can perform the above-mentioned tasks are encouraged to apply regardless of language abilities. Consultant(s) will be hired on a rolling basis based on project needs. Please note this position is based on the needs of the project, with an expected approximate engagement between 20 and 100 days per year, pending the consultant’s technical skills, relevant language capabilities, and qualifications to fulfill the required tasks. DUTIES AND RESPONSIBILITIES - Plan, manage, and conduct organizational assessments; propose recommendations for improvement; provide guidance, training, mentoring, and support to improve organizational security posture; and provide guidance, training, mentoring, and support to improve organizational security posture for project beneficiaries. - Draft Organization Security Risk Assessment (OSRA) reports geared towards both non-technical and technical audiences. - In collaboration with the Project Director and/or Deputy Project Director, develop organizational Action Plans (APs) based on OSRA findings and in consultation with beneficiary organization executive leadership to help improve beneficiary security postures rooted in organizational assessment findings. - Lead design efforts with assigned beneficiaries on tailored Security Awareness Program (SAP), ensuring that beneficiaries learn, internalize, use, and spread appropriate cybersecurity awareness practices. - Lead the design of specialized training as needed. - Collaborate with SOC team members on services specifically designed for beneficiaries. - Develop, draft, and update documentation, including policies, procedures, baselines, guidelines, etc., in collaboration with beneficiary organizations. - Write technical and programmatic reports on activities and program implementation. - With supervision, provide input to internal/external reports, presentations, and other products. - Contribute to monitoring and evaluation activities, including data management and analysis, as assigned. - Draft correspondence with stakeholders. Guidance and/or approval before engaging stakeholders may be required. - Perform additional duties as assigned. SKILLS AND EXPERIENCE Organizational Assessments - Assessments Execution: Experience leading end-to-end security audits, comparing current technical controls against organizational policies and industry benchmarks. - Framework Guided Assessments: Deep understanding of organizational assessment standards, conducting comprehensive gap analyses and risk assessments against industry standards such as CIS CSC, NIST CSF, and ISO 27001. - Vulnerability Scanning: Experience administering scanning tools (e.g., Tenable Nessus, Qualys, Rapid7) to continuously discover web application and endpoint vulnerabilities. - Risk Analysis and Reporting: Experience quantifying technical vulnerabilities into business risk for non-technical stakeholders and C-suite executives. Remediation Processes - Cross-Functional Remediation: Proven track record of coaching/mentoring beneficiary technical staff to address assessment-identified gaps (recommendations), patches, and configuration changes without disrupting business continuity. - Policy & Control Evaluation: Experience acting as the primary technical liaison during external assessments to review the effectiveness of current security controls and policies. Security Awareness Programs - Phishing Simulations: Experience designing, executing, and analyzing regular social engineering campaigns to test and improve employee resilience against malicious emails. - Curriculum Development: Experience creating engaging, role-specific security training modules and company-wide communications using platforms like KnowBe4 or Infosec IQ. - Culture & Metrics Tracking: Experience monitoring key performance indicators (KPIs) such as simulation click rates, reporting rates, and training completion percentages to report program developments to executive leadership. Other - Very strong verbal, written, and listening communication skills (in English). - Ability to work independently on assigned efforts. - Strong interpersonal skills and experience developing solid professional relationship - Ability to work under pressure and manage multiple activities. Preferred: - Existing, trust-based relationships with a wide array of stakeholders working for civil society organizations, human rights organizations, and independent media, or any relevant experience. - Bachelor’s degree in information or computing sciences. - Fluency in Spanish, Arabic, Russian, and/or French **this position is a remote position** To apply please submit a full CV alongside a separate document summarizing of relevant experience, along with a proposed daily rate (in $ USD). IREX is seeking individual consultants but would also welcome applications from consulting/security firms that are interested in providing these services. IREX may at its discretion ask for additional information, including references. Issuing this call does not commit IREX to select any applicant/expert. IREX may hire more than one applicant/expert from this call. IREX may accept multiple bidders and partial bids for the services requested. IREX reserves the right, based on the availability of funding and consultant performance, to increase the duration and/or enter into subsequent contractual agreements with the selected candidates for up to 5 years without re-publicizing the opportunity. Prior to any engagement, you will be asked to provide references. IREX will not extend an offer until the reference check is completed. IREX conducts anti-terrorism database clearances on candidates who accept employment offers. IREX is committed to a diverse and inclusive workplace and inclusive hiring practice. IREX is an equal-opportunity employer. NO PHONE CALLS PLEASE

Role Description Die APT-ONE GmbH mit Sitz in Berlin ist ein auf Cyber Security spezialisiertes Beratungshaus, das Unternehmen dabei unterstützt, ihre IT-, OT- und KI-Systeme wirksam vor digitalen Bedrohungen zu schützen und sicher für die Zukunft aufzustellen. Bei uns bist du richtig, wenn: - du ein attraktives Fixgehalt kombiniert mit einer leistungsorientierten und überdurchschnittlichen Gewinnbeteiligung erhalten möchtest. - du flexibel und ortsunabhängig arbeiten willst und gleichzeitig an hochrelevanten Projekten in den Bereichen Cyber Security, IT Security und KI-Sicherheit mitwirken möchtest. - du durch anspruchsvolle Projekte tiefgehende Expertise in modernen Sicherheitsarchitekturen, Security Operations, Risikomanagement und technologischen Zusammenhängen aufbauen und dich kontinuierlich weiterentwickeln möchtest. Aufgaben: - Du verbindest Cloud-Security-Expertise mit Beratung, steuerst Projekte eigenständig, bereitest Risiken und Ergebnisse adressatengerecht auf und entwickelst die Kundenbeziehung sowie weiteren Absicherungsbedarf proaktiv weiter. - Durchführung von Cloud Security Assessments und Architektur-Reviews (AWS, Azure, GCP) - Konzeption und Implementierung von Cloud Security Posture Management (CSPM/CNAPP) - Entwurf und Umsetzung von Identity & Access Management (IAM) Strategien inkl. Zero-Trust-Ansätzen in Cloud-Umgebungen - Sicherheitsbewertung und Härtung von Container- und Kubernetes-Umgebungen - Prüfung und Absicherung von Infrastructure-as-Code (Terraform, CloudFormation, Pulumi) - Beratung zur sicheren Multi-Cloud-Architektur und Cloud-Migration - Integration von Security in CI/CD-Pipelines (DevSecOps): SAST, DAST, SCA, Secret Scanning und Policy-as-Code - Aufbau und Optimierung von DevSecOps-Prozessen in Zusammenarbeit mit Entwicklungs- und Platform-Teams - Erstellung von Security-Konzepten, Risikoanalysen und technischen Dokumentationen - Unterstützung bei Cloud-bezogenen Sicherheitsvorfällen und Forensik Qualifications - Mindestens 6 Jahre Berufserfahrung im Bereich Cloud Security oder Cloud Engineering mit Sicherheitsfokus - Tiefgehende Kenntnisse in mindestens zwei der drei großen Cloud-Plattformen (AWS, Azure, GCP) – Azure bevorzugt - Nachweisbare Erfahrung mit IAM-Architekturen, Conditional Access, Entra ID (Azure AD) und Federation - Fundierte Kenntnisse in Container-Sicherheit (Docker, Kubernetes, Service Mesh) - Erfahrung mit CSPM-Tools (Prisma Cloud, Defender for Cloud, Wiz oder vergleichbar) - Praktische Erfahrung mit Infrastructure-as-Code Security Scanning (tfsec, Checkov, KICS) - Erfahrung mit DevSecOps-Toolchains und deren Integration in CI/CD-Pipelines (z. B. GitLab CI, GitHub Actions, Azure DevOps) - Relevante Zertifizierungen erwünscht: CCSP, AWS Security Specialty, AZ-500, CCSK, CKS - Verhandlungssichere Deutsch- und Englischkenntnisse Benefits - Fixgehalt ab 80.000 € mit Gewinnbeteiligung bis zu 70.000 € - Flexible Arbeitszeiten und Remote-Arbeit - 30 Tage Urlaub - IT-Equipment wie Apple MacBook - Regelmäßige Teamevents - Corporate Benefits wie betriebliche Altersvorsorge, betriebliche Krankenversicherung, Shopping- und Mitarbeiterrabatte

• Join our team at Prominent Edge • Support the DoD and the intelligence community • Leverage best-of-breed open source technologies to provide innovative user-centric solutions • Contribute to a positive company culture

Job Description Are You Ready to Make It Happen at Mondelēz International? Join our Mission to Lead the Future of Snacking. Make It Uniquely Yours. You provide software and applications expertise, and be responsible for implementation of the solutions. How you will contribute You will oversee the planning and execution of software and applications. To do so, you will manage an internal team and partner with external suppliers and use your deep technical and market knowledge and thorough understanding of our business goals find and deploy the right software and application solutions for the future. You will support programs to implement regional and global software and application strategies, offer input to financial planning and controls for software and applications on a regional and global level, collaborate with management and follow-up on requisitions, purchase orders, invoices, and payments, explores opportunities to leverage scale and drive savings, and ensure that support service level objectives and key performance indicators are accomplished. What you will bring A desire to drive your future and accelerate your career. You will bring experience and knowledge in : - Managing staff and line responsibilities - Managing large-scale software and application services - Service delivery, support and excellence - Program/Project management with experience managing multiple projects for budgets, resources, schedules and quality - General technical background - Understanding of integration and how different applications talk to each other - Process and service orientation - Business processes Are You Ready to Make It Happen at Mondelēz International? Join our Mission to Lead the Future of Snacking. Make It Uniquely Yours. Serve as the subject matter expert (SME) for Active Directory and Microsoft Entra ID, providing deep technical leadership across design, operations, and continuous improvement of enterprise identity platforms. This role focuses on the long-term health, resilience, and security posture of AD and Entra ID by applying product- and platform-principles-treating identity as a scalable, reliable service that delivers consistent value to the business. You will design, optimize, and sustain global AD/Entra ID platforms, lead response to complex identity incidents, and drive modernization through automation, standardization, and Zero Trust alignment-while ensuring operational stability. How you will contribute You will collaborate with internal engineers, architects, and strategic partners to deliver secure, reliable IAM capabilities at enterprise scale. Operating within a product & platform model, you will help define technical standards, roadmaps, and reusable capabilities that improve service quality, reduce operational risk, and enable downstream applications and business teams. You will continuously identify opportunities to enhance the AD/Entra ID platforms through automation, design optimization, and process improvement, while supporting global deployments, changes, and incident response in alignment with security best practices and compliance requirements. What you will bring Job Description - Design, implement, and sustain enterprise-grade Active Directory and Microsoft Entra ID platforms using product and platform engineering principles. - Lead the evolution of AD forests, domains, trusts, and domain controller configurations with a focus on stability, scalability, and resilience rather than large-scale migrations. - Act as the technical authority during major incidents, providing Level 3 escalation support, deep root-cause analysis, and durable preventive controls. - Drive platform reliability and service quality, including SLA/OLA adherence across internal support tiers and external vendors. - Forecast platform capacity and infrastructure needs, supporting global expansions, consolidations, and targeted modernization initiatives when required. - Design, implement, and govern Conditional Access, Privileged Identity Management (PIM/PAM), Zero Trust controls, and high-risk identity protection policies. - Design, operate, and continuously optimize Entra Connect / Azure AD Connect topology, synchronization rules, upgrades, and identity lifecycle flows. - Build and maintain PowerShell and Microsoft Graph API automation to enforce standards, reduce manual effort, and improve operational efficiency. - Apply product mindset to platform capabilities-defining reusable patterns, technical guardrails, and reference architectures consumed by application and infrastructure teams. - Mentor and guide L2 engineers through design reviews, troubleshooting techniques, and operational best practices. - Partner with audit, risk, and compliance teams to produce actionable reporting and remediate AD/Entra ID-related findings. - Lead Problem Management activities to eliminate recurring production issues and strengthen platform maturity. - Prioritize work based on risk, impact, urgency, and cost, balancing operational demands with long-term platform improvements. - Present identity platform health, security posture, and architectural recommendations to technical and business stakeholders. - Make risk-based decisions when deviations from standards are required, including defining appropriate compensating controls. More about this role What you need to know about this position: Skills and Qualifications - 7+ years of experience designing, implementing, and operating Active Directory and Microsoft Entra ID at enterprise scale. - Expert knowledge of multi-domain and multi-forest environments, trusts, FSMO roles, schema management, and advanced AD operations. - Deep expertise in AD, Entra ID, PKI, Conditional Access, PIM/PAM, B2B/B2C, and integrations with platforms such as CyberArk, Ping, and Venafi. - Strong understanding of Zero Trust security principles and their practical application within identity and access management. - Solid background in systems architecture, networking, and virtualization across Microsoft and mixed-technology environments. - Experience operating within product, platform, or service-oriented models, emphasizing reliability, scalability, and consumer outcomes. - Proven ability to collaborate across engineering, security, infrastructure, and vendor teams in time-critical environments. - Strong analytical, organizational, and documentation skills. - Excellent written and verbal communication skills, with the ability to influence stakeholders through clear, data-driven recommendations. - Customer-centric mindset with the ability to communicate complex technical concepts with clarity and impact. - Experience with IAM governance and compliance frameworks (CIS, and NIST). - Working knowledge of Agile, and DevSecOps methodologies, as well as ITIL practices (Incident, Change, and Problem Management). - Demonstrated commitment to continuous learning and professional development. Bonus Points - CISSP - Microsoft Certifications - ITIL 4 Foundations Certification (Incident, Change, and Problem Management) No Relocation support available Business Unit Summary At Mondelēz International, our purpose is to empower people to snack right by offering the right snack, for the right moment, made the right way. That means delivering a broad range of delicious, high-quality snacks that nourish life's moments, made with sustainable ingredients and packaging that consumers can feel good about. We have a rich portfolio of strong brands globally and locally including many household names such as Oreo, belVita and LU biscuits; Cadbury Dairy Milk, Milka and Toblerone chocolate; Sour Patch Kids candy and Trident gum. We are proud to hold the top position globally in biscuits, chocolate and candy and the second top position in gum. Our 80,000 makers and bakers are located in more than 80 countries and we sell our products in over 150 countries around the world. Our people are energized for growth and critical to us living our purpose and values. We are a diverse community that can make things happen-and happen fast. Mondelēz International is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation or preference, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. Job Type Regular Software & Applications Technology & Digital