Job Description Are You Ready to Make It Happen at Mondelēz International? Join our Mission to Lead the Future of Snacking. Make It Uniquely Yours. You work with the information security team as a competent and experienced information security and compliance specialist. How you will contribute You will assess information security risks in line with internal policy and external best practices, and support security of information and IT assets by testing security systems and applying security standards, policies, and procedures. Under the guidance of global information security lead, you will implement cyber security technology and provide day-to-day business support. If relevant to your role, you will manage third-party providers to ensure that any internal or third-party adhere to standards. You will also provide information security training to appropriate teams. What you will bring A desire to drive your future and accelerate your career. You will bring experience and knowledge in: - Information security, compliance and risk management - Security solutions and their applicability to Mondelēz International - Security strategies, awareness campaigns, policies/standards and governance - Communicating effectively with technical specialists, leaders and peers - Analytical and problem-solving abilities - Being a team player by supporting and leading to achieve common goals More about this role What you need to know about this position: What extra ingredients you will bring:- Education / Certifications: Job specific requirements:- Travel requirements: Work schedule: No Relocation support available Business Unit Summary At Mondelēz International, our purpose is to empower people to snack right by offering the right snack, for the right moment, made the right way. That means delivering a broad range of delicious, high-quality snacks that nourish life's moments, made with sustainable ingredients and packaging that consumers can feel good about. We have a rich portfolio of strong brands globally and locally including many household names such as Oreo, belVita and LU biscuits; Cadbury Dairy Milk, Milka and Toblerone chocolate; Sour Patch Kids candy and Trident gum. We are proud to hold the top position globally in biscuits, chocolate and candy and the second top position in gum. Our 80,000 makers and bakers are located in more than 80 countries and we sell our products in over 150 countries around the world. Our people are energized for growth and critical to us living our purpose and values. We are a diverse community that can make things happen-and happen fast. Mondelēz International is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation or preference, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. Job Type Regular Information Security Technology & Digital

Role Description Procuramos um(a) Cybersecurity Operations Manager com forte experiência técnica e capacidade de liderança para gerir operações de segurança num ambiente dinâmico e desafiante. Esta função é ideal para quem combina expertise em cibersegurança com competências de gestão de equipas, garantindo uma resposta eficaz a incidentes e a melhoria contínua da postura de segurança. Responsibilities - Supervisionar as operações diárias de cibersegurança, garantindo a rápida resolução de pedidos e incidentes. - Coordenar, priorizar e gerir atividades da equipa de security operations. - Liderar processos de resposta a incidentes, incluindo contenção, erradicação, recuperação e análise pós-incidente. - Investigar alertas e eventos de segurança, realizar análise de causa raiz e propor ações corretivas. - Implementar, otimizar e manter ferramentas como SIEM, EDR, IDS/IPS, gestão de vulnerabilidades e DLP. - Identificar lacunas de segurança e propor melhorias na deteção, resposta e postura global de segurança. - Colaborar com equipas multidisciplinares para alinhar objetivos, políticas e processos de segurança. - Comunicar riscos, conclusões técnicas e recomendações a stakeholders técnicos e não técnicos. - Mentorar e apoiar a equipa, promovendo partilha de conhecimento e melhoria contínua. Qualifications - Experiência sólida com ferramentas de security operations (SIEM, EDR, IDS/IPS, vulnerability management, endpoint protection). - Conhecimentos robustos em segurança de redes, endpoints e cloud. - Experiência comprovada em liderança de equipas técnicas em ambientes exigentes. - Fortes competências de organização, priorização e gestão de tempo. - Excelente capacidade de comunicação e relacionamento interpessoal. - Perfil proativo, autónomo e orientado a resultados. - Experiência abrangente em processos de operações de cibersegurança. - Mínimo de 2 anos em funções de liderança ou team lead. - Experiência em incident response, investigação de ameaças e root cause analysis. - Certificações valorizadas: CISSP, CISM, GIAC (GCIH, GCIA). - Conhecimentos em frameworks e compliance: ISO 27001, NIST, GDPR. What We Value - Capacidade de tomar decisões sob pressão em contextos críticos. - Visão estratégica aliada a uma forte componente operacional. - Compromisso com a excelência e evolução contínua na área de segurança. Keywords - Cybersecurity - Security Operations - SIEM - EDR - IDS - IPS - Vulnerability Management - DLP - Incident Response - Threat Investigation - Root Cause Analysis - Network Security - Cloud Security - Endpoint Protection - Leadership - ISO 27001 - NIST - GDPR - CISSP - CISM - GIAC

*Position is Eligible for Remote / Work from Home Opportunity* Department: Systems Security Telecommuting Eligible: Yes Job Grade: E11 As a condition of employment physical work location must be in one of the 50 states or the District of Columbia. Notice of Collection & Privacy Policy for Applicants Residing in California: California Applicant Privacy Policy | Noridian (noridiansolutions.com) Job Title Security Operations Analyst II Job Summary Security Operations Analysts are responsible for monitoring, detecting, and responding to cybersecurity threats and incidents across the enterprise. They perform threat analysis, incident response, and proactive threat hunting while ensuring compliance with Centers for Medicare & Medicaid Services (CMS) Acceptable Risk Safeguards (ARS) 5.1, National Institute of Standards and Technology (NIST) 800-53, and Federal Information Systems Management Act (FISMA) standards. The team works to continuously improve security processes, tools, and automation, with a focus on advanced monitoring, containment and remediation activities. Essential Functions (Key Duties/Responsibilities/Accountabilities) - Performs initial triage and investigation of alerts generated by System Information and Event Management (SIEM), Endpoint Detection and Response (EDR), Data Loss Prevention (DLP), and other monitoring tools using critical thinking, problem-solving, and the MITRE ATT&CK framework. - Monitors network, host, and application alerts for indicators of compromise or policy violations. - Vulnerability intake and classification. Manages the intake and classification of security vulnerabilities. - Researches and classifies software patch updates. - Creates and updates incident tickets in accordance with defined SLAs and escalation procedures. - Participates in continuous monitoring operations, including log correlation and alert tuning. - Maintains detailed documentation of all alerts, investigations, and response activities. - Supports daily and weekly reporting of security operations metrics and trends. - Adheres to established playbooks and incident handling procedures. - Maintains basic knowledge of cyber threat landscapes and emerging attack vectors. - As assigned, provides after-hours support by responding to and assisting with incidents as part of an on-call or escalation rotation. - Conducts advanced analysis and correlation of events across multiple data sources (endpoint, network, identity, and cloud). - Performs threat hunting activities leveraging MITRE ATT&CK and other intelligence frameworks. - Leads containment and eradication steps for medium-severity incidents. - Coordinates with IT and Security Engineering for incident response, remediation, and lessons learned. - Develops and refines security operations use cases and detection rules to reduce false positives and improve alert quality. - Maintains and improves security operations playbooks, runbooks, and standard operating procedures. - Conducts quality review of Analyst I investigations and provides coaching and feedback. - Contributes to weekly threat reports, metrics, and situational awareness briefings. - Participates in vulnerability management reviews and validation scans. - Collaborates with the Governance, Review and Compliance (GRC) team to support compliance evidence collection related to continuous monitoring controls. Non-Essential Duties and Functions - Other duties as assigned. Minimum Qualifications - Bachelors degree in Information Technology, Cybersecurity, or related field OR equivalent work experience determined by Human Resources. - 3 years of experience in security operations, threat detection, or incident response. - Hands-on experience with EDR, SIEM, Intrusion Detection System/Intrusion Prevention System, and SOAR platforms. - Understanding of incident lifecycle (detect, analyze, contain, eradicate, recover) and NIST 800-53 - Proficiency in interrupting network packets, logs, and endpoint telemetry. - Working knowledge of MITRE ATT&CK and its application to detection logic, automation, and threat modeling. - Strong attention to detail, communication, and documentation skills. - Strong analytical and critical-thinking skills with ability to prioritize under pressure. Preferred Qualifications - CompTIA Security+, CySA+, or equivalent entry-level certification - 4 years experience in security operations, threat detection, or incident response. Environment and Cognitive/Physical Demands - Office environment - Ability to read, hear, speak, keyboard, reason, communicate effectively and problem solve - Requires prolonged sitting and telephone usage - Requires the use of office equipment such as computer terminals, telephones, copiers and printers - Infrequent lifting to 20 pounds - Infrequent stooping Segregation of Duties Every employee is responsible to perform their duties and responsibilities in accordance with Noridian values, policies and procedures, including but not limited to, Segregation of Duties Principles, HIPAA, Security and Privacy, CMS requirements, the Noridian Compliance Program, and any other applicable laws, rules and regulations. Statement of Other Duties This document describes the essential functions, requirements, and responsibilities of this job, and is not intended to be a complete list of all tasks and functions. Employees may be requested to perform job related tasks other than those specifically listed in this description and may be required to perform any task requested by the supervisor or management. Total Rewards Package: Health, Dental and Vision Insurance, Voluntary Insurance Plans, Health Savings and Flexible Spending Accounts, 401k and Company Match, Company-paid Life Insurance, Education Assistance Program, Paid Sick Leave, Paid Holidays, Increasing PTO Accrual Plan, Medical/Parental/Disability Leave, Workers Compensation, Retiree Benefits, Severance Package, Employee Assistance Program, Financial and Health Wellness Benefits, Casual Dress, Open Office Setting, and Online Learning System. CMS Access Compliance and Regulation Contingency Statement Some positions require compliance with (i) federal and agency specific regulations and related clauses included in Noridian's prime contracts with the Government, (ii) background checks, and (iii) eligibility for a government-issued identification card. An employee in this position may be required to possess a “Federal Identification Card” (Federal ID) as a condition of employment. Federal ID’s may include one of the following: Personal Identity Verification (PIV) card, Personal Identity Verification-Interoperable (PIV-I) card, a Local-Based Physical Access Card issued by CMS, or a Local-Based Physical Access Card issued by another Federal agency and approved by CMS. Obtaining a Federal ID and continued eligibility for this position may require the successful completion of a Federal Background Investigation performed by the Federal Government and a residency requirement that you have lived in the United States at least three out of the last five years. Failure to obtain a Federal ID may result in the removal from the position or termination of employment. Equal Employment Opportunity Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by state or federal law. The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c) Below is the salary range for potential new hires. Salary Range: The pay range for this position is $52,120.20 – $85,724.33 per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors. Other Compensation: Incentive Plan & Lifestyle Benefit This job will be closed 04/13/2026 at 8:00AM CST. No further applications will be considered.

• Own the log ingestion pipeline end-to-end: identify gaps, build feeds, validate parsing, maintain coverage dashboards • Close the federal logging gap and stand up commercial logging across AWS, Azure, Entra ID, and SaaS • Activate and configure SecOps SOAR capabilities including Domain-Wide Delegation, marketplace integrations, and bidirectional response actions • Build and maintain SOAR playbooks for major incident types such as phishing, malware, account compromise, lateral movement, and cloud-specific threats • Develop and maintain operational dashboards for SOC metrics, alert volumes, MTTA/MTTR, and coverage status • Manage Google SecOps RBAC • Build and deploy production detection rules mapped to MITRE ATT&CK within the first year • Develop custom parsers for AWS-native security services including GuardDuty, Security Hub, Inspector, WAF, CloudTrail, and VPC Flow Logs • Establish a detection lifecycle including proposal, testing, deployment, tuning, and retirement • Conduct quarterly detection quality reviews to measure false positive rates, coverage gaps, and rule health • Develop alert threshold optimization to reduce noise and analyst fatigue • Drive SentinelOne deployment across Azure VMs in commercial environments and all federal endpoints • Configure and operationalize Cloud Funnel for log export into Google SecOps • Build correlation rules between EDR alerts and SIEM detections • Manage SentinelOne RBAC groups and policy configuration • Coordinate with IT on agent deployment, health monitoring, and version management • Serve as senior escalation point for SOC incidents, ensuring investigations are thorough and reports include root cause, remediation actions, credential rotation plans, and follow-up timelines • Improve MTTA and MTTR through process optimization, better tooling, and analyst development • Lead quarterly tabletop exercises and after-action reviews • Maintain and improve incident response runbooks for all major incident categories • Integrate incident response workflows with Jira Service Management for tracking and escalation • Operationalize monthly scanning cadence across all environments using tools such as Nessus, AWS Inspector, and Azure Defender • Define and enforce remediation SLAs by severity: Critical within 72 hours, High within 7 days, Medium within 30 days • Build consolidated vulnerability dashboards in Google SecOps • Track SLA compliance and report metrics to the CISO • Coordinate remediation with engineering and infrastructure teams • Serve as primary technical interface with MSSP partner for 24/7 SOC coverage • Define and hold the MSSP accountable to SLAs, alert quality, and escalation procedures • Review MSSP deliverables such as dashboards, reports, and playbooks for quality and completeness • Manage the transition from the previous MSSP and ensure no coverage gaps • Provide day-to-day technical direction to SOC analysts by setting priorities, assigning tasks, and reviewing work products • Ensure incident response reports, playbooks, and dashboards meet quality standards before delivery to leadership or external stakeholders • Drive OKR execution for SOC-related objectives including logging coverage, detection counts, incident response metrics, and vulnerability SLA compliance • Identify skill gaps and development opportunities for junior analysts • Establish and enforce SOC processes that are documented, repeatable, and auditable