• Support the maintenance of a comprehensive security compliance program aligned with laws, regulations, and industry best practices. • Maintain and optimize key programs like Third Party Risk Management and Security Awareness Training. • Apply expertise in GDPR, HIPAA, PCI DSS, NIST 800-171/CMMC, ISO 27001, SOC2, and FedRAMP controls as well as U.S. state privacy regulations to ensure practices remain compliant and up to date. • Support internal audits, partnering with stakeholders to remediate findings. • Support external audits (e.g., SOC 2) through preparation and planning, monitoring and remediation coordination, documentation and follow-up tracking. • Bring a structured, methodical approach to assisting with cross-functional project implementation. • Stay current on emerging threats, regulations, and security best practices to strengthen compliance posture.

• Assist in the implementation of technical security requirements defined by Serve’s Cyber Security Program. • Implement security hardening standards and continuous assessment criteria for Serve’s IT and product infrastructure stack. • Work with IT Service Engineering and Product Engineering teams to further develop and maintain a secure architecture framework within Google cloud environment. • Assist in the implementation and monitoring of build and runtime security measures for Google cloud infrastructure. • Implement or further tune existing security tooling to prevent or detect hardware and software vulnerabilities and common security misconfigurations. • Assist with managing enterprise EDR Platforms as an administrator, creating detection rules, automating response workflows, conducting event correlation and performing incident root cause analysis. • Conduct research on emerging vulnerabilities, threats, IOCs, IOAs, TTPs working to develop controls and build countermeasures as a response. • Perform security reviews on Serve products and services to assess the adoption and implementation of secure design principles. • Conduct comprehensive vulnerability assessments on cloud infrastructure and enterprise business systems, providing clear recommendations and guidance on remediation and providing support for implementation of mitigating actions as required. • Partner with cross-functional technology teams to strengthen enterprise-wide detection, security orchestration, automation, and response capabilities. • Contribute to Serve’s Security Awareness Program by building out content, conducting phishing simulation exercises and providing follow up actions to strengthen org-wide security awareness. • Participate in Cyber Security on-call rotation as a security subject matter expert as required.

• Analyze and respond to cybersecurity attacks • Identify, assess and prioritize security events • Investigate new attack techniques • Develop effective defense strategies in collaboration with the team • Improve detection mechanisms and optimize the service, e.g., through automation and incident enrichment • Provide active support to customers on security-related matters

The rate of pay for this position will depend on the successful candidate’s work location and qualifications, including relevant education, work experience, skills, and competencies. Annual Rate: $117,700.00 - $196,200.00 for Waltham, MA location Benefit Overview: This position offers a comprehensive benefits package including medical, dental, and vision insurance, a 401(k) with company match, paid time off, parental leave and potential for performance-based bonuses depending on company and individual performance. PURPOSE AND SCOPE: Fresenius Medical Care’s Cyber Security Operations Center (CSOC) is seeking a highly experienced Principal Analyst The Principal Cyber Security Analyst specializing in Digital Forensics serves as the senior technical authority for forensic investigations across the enterprise. This role leads complex incident response cases, conducts advanced forensic analysis of endpoints, servers, cloud environments, and networks, and provides strategic insight to reduce organizational risk. The Principal Analyst acts as the highestlevel escalation point for investigative matters and mentors other analysts in evidence handling, methodology, and tooling. This is a U.S.-based remote position supporting Fresenius Medical Care’s global Cyber Security Operations Center. PRINCIPAL DUTIES AND RESPONSIBILITIES: - Lead enterpriselevel forensic investigations involving malware, insider threats, credential compromise, data exfiltration, fraud, and targeted attacks. - Act as technical commander during priority incidents, directing scoping, containment, eradication, and rootcause analysis in partnership with IR, IT, and Cloud teams. - Conduct rootcause, impact, and attribution analysis for major cyber events; drive corrective and preventive actions. - Lead postincident reviews and oversee closure of remediation tasks, translating findings into hardening and control improvements. - Develop and maintain forensic methodologies, chainofcustody procedures, and evidencehandling standards. - Serve as the primary liaison with Legal, Privacy, HR, and external law enforcement during escalated or sensitive investigations. - Correlate forensic artifacts with threatintelligence insights to identify adversaries, campaigns, and TTPs. - Establish and maintain forensicreadiness strategies, including tooling optimization, logging enhancements, and dataretention standards. - Develop lightweight tools and scripts (Python/PowerShell) for artifact parsing, timeline generation, triage capabilities, and cloudlog normalization. ​ PHYSICAL DEMANDS AND WORKING CONDITIONS: - The physical demands and work environment characteristics represent those typically encountered while performing essential duties. Reasonable accommodation may be made as needed. This is a remote role with availability expected during core hours and during escalations as required. ​ SUPERVISION: - Provides technical leadership and mentorship to threat engineers and SOC analysts globally. Does not directly manage staff. ​ EDUCATION: - Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent professional experience). ​ EXPERIENCE AND REQUIRED SKILLS: - 10+ years in Incident Response/DFIR, including leadership of complex, enterprise scale investigations. - Cloud & Identity: Sentinel/Splunk, Microsoft 365/Azure logs, AWS/GCP logging, Entra/Okta audit trails. - Network: Zeek, Suricata, Brim/Wireshark, PCAP/flow analytics. - Experience in evidence handling, legal hold/eDiscovery coordination, and working with Legal/HR/Privacy. - Mastery of Windows and Linux internals, authentication flows, common persistence/mechanisms, and lateral movement TTPs. - Proficient in Python or PowerShell for automation and artifact analysis. - Excellent written and verbal communication—able to brief executives clearly under time pressure. ​ Preferred: - Industry certifications (one or more): GCFA, GCFE, GNFA, GREM, GCIH, CISA, CISSP, Azure Security, AWS Security. - Experience with Zero Trust controls, identity threat detection, and SaaS forensics (O365, Google Workspace). - Familiarity with EPSS/SSVC, threat modeling, and purpleteam/ATT&CK evaluation practices. - Background in regulated environments (e.g., healthcare, financial services, manufacturing) and associated audit expectations. ​ Fresenius Medical Care maintains a drug-free workplace in accordance with applicable federal and state laws. Fresenius Medical Care is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sexual orientation, gender identity, parental status, national origin, age, disability, military service, or other non-merit-based factors