Description What is VBG: Veteran Benefits Guide has been proud to serve our nation’s service members for more than 10 years. Founded by a U.S. Marine Corps Veteran, VBG assists Veterans through the challenging VA claims process to efficiently secure their hard-earned benefits. Now operating with more than 225 team members nationwide, VBG has helped over 55,000 Veterans through the VA claims process. The company is dedicated to honoring service and supporting the Veteran community through ongoing advocacy, community partnerships, and meaningful opportunities within its workforce. What we are looking for: The Senior Cyber Risk Analyst is responsible for leading enterprise cyber risk management activities, maintaining security and IT policy governance, and providing clear, actionable risk insights to senior leadership. This role partners closely with technology, legal, product, and business teams to identify, assess, and remediate cyber risks across the organization. This position is open to candidates located in the following states: Arizona (AZ), Washington (WA), Nevada (NV), Utah (UT), Illinois (IL), Ohio (OH), New Jersey (NJ), Virginia (VA), North Carolina (NC), and Florida (FL). Essential Functions: Reasonable accommodation may be provided to enable individuals with disabilities to perform essential functions. - Own and maintain the organization’s information security and IT policies, ensuring align with industry standards and are functionally enforceable in the organization. - Develop risk posture reporting for senior leadership, including risk assessments, control effectiveness, and risk register updates, tailoring depth and messaging to technical and executive audiences - Manage the control framework and library by identifying control gaps across technology domains and leading annual control testing and enterprise security assessments - Lead enterprise cyber risk management activities including identifying and quantifying cybersecurity risks using standardized risk rating methodologies - Maintain the enterprise risk register and oversee cybersecurity remediation efforts while advising on compensating controls and interim risk treatment strategies - Partner cross-functionally with legal, technology, product, and business teams to understand regulatory obligations, risk tolerance, and remediation priorities - Coordinate and facilitate cross-functional remediation discussions while tracking progress and driving accountability for risk reduction - Own the third-party risk management process, including vendor security questionnaires, risk assessments of new and existing vendors, and development of remediation plans to address identified security gaps - Ability to work independently and drive end-to-end initiatives with minimal supervision - Understanding of DevOps, security architecture, and security configurations, enabling effective collaboration with engineering, product, and infrastructure teams to identify and mitigate risks - Adaptability and resilience in an evolving environment - Stay current with emerging threats, regulatory changes, and industry best practices in risk management, compensating controls, and enterprise technologies. - Proven ability to translate complex technical risks into clear business impacts and actionable, risk-based recommendations for stakeholders. - Excellent analytical, written, and verbal communication skills with the ability to influence decision-making across technical and non-technical audiences Qualifications or competencies: - One or more industry-recognized certifications such as CompTIA Security+, CISA, CISM, CISSP, or equivalent - Hands-on experience with GRC tools (Archer, ServiceNow GRC, Vanta, etc.) and formal risk assessment methodologies - Strong working knowledge of risk management frameworks (NIST, ISO, and CIS) and regulatory requirements for HIPAA compliance - Broad security domain expertise, including cloud environments, SDLC, application security, data protection and enterprise architecture. Education and previous work experience: - 5+ years of experience in cyber risk management, control assurance, or information security governance - Bachelor's degree or equivalent work experience in Information Technology, Cybersecurity, or a related discipline Position type: This is a full-time position. Days and hours of work are Monday through Friday, 8 a.m. to 5 p.m. EEO: Veteran Benefits Guide provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, national origin, ancestry, physical disability, mental disability, medical condition, marital status, sex (including pregnancy, childbirth, breastfeeding or related medical conditions), gender (including gender identity and gender expression) genetic characteristic, sexual orientation, registered domestic partner status, age, military or veteran status, hairstyle or hair texture, reproductive health decision making, or any other characteristic protected by federal, state, or local laws.

• Prepare technical diagrams, architecture documentation, and threat models; • Analyze system, application, and integration architectures from a security perspective; • Perform technical risk assessments and recommend security controls; • Design secure solutions for cloud, applications, and infrastructure; • Support development, infrastructure, and DevOps teams in implementing controls; • Assess security configurations (hardening, baselines, CIS Benchmarks); • Support audit, compliance, and vulnerability management processes; • Conduct threat modeling, risk analysis, and provide recommendations for internal systems and third-party vendors; • Advanced knowledge of OWASP Top 10, CWE, NIST, and security standards; • Experience performing security-focused code reviews to assist development teams in remediating vulnerabilities; • Develop scripts and automations for vulnerability analysis and mitigation;

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description Our clients rely on us to fiercely protect their intellectual property. To support the company’s rapid growth, we seek a Senior Investigator for our Special Investigations Unit to lead complex investigations aimed at dismantling criminal operations worldwide. The ideal candidate has proven success in using OSINT techniques to identify threat actors and attribute their actions. The successful candidate will be able to function in a broad-based, fast-paced, high-energy environment while executing impactful investigations. Applicants are strongly encouraged to submit a cover letter along with their resume. This will provide you with a greater opportunity to stand out and advance in our selection process. - Conduct comprehensive investigations into potential intellectual property (IP) infringement using advanced open-source intelligence (OSINT) techniques and methodologies. - Utilize various online resources, including social media platforms, websites, forums, and dark web monitoring tools, to gather relevant information. - Leverage effective search strategies to uncover hidden infrastructure and key individuals or organizations engaged in counterfeiting, trademark and copyright infringement, and other IP crimes. - Analyze code and perform network traffic analysis to understand the functionality of illicit websites, devices, and applications, and identify their creators. - Develop scripts using Python (or similar) to automate repetitive investigative tasks. - Translate findings into actionable reports summarizing findings and making well-reasoned recommendations for further investigation or enforcement. - Write detailed criminal referrals based on investigative findings to support legal actions and enforcement efforts. - Stay current on emerging trends and techniques in the OSINT field and intellectual property infringement. - Collaborate with internal and external stakeholders, including intelligence analysts, field investigators, attorneys, and law enforcement, to build strong cases. - Present findings and recommendations to clients, effectively communicating complex information and gathering their requirements to ensure alignment on investigative goals. - Stay current on evolving intellectual property laws and regulations, emerging trends, and technological advancements. Qualifications - Minimum of 3 years of experience conducting high-stakes OSINT investigations. - Proven ability to conduct and document named attribution investigations, moving beyond infrastructure analysis to establish threat actor identities supported by open source, behavioral, and technical evidence. - Demonstrated expertise in advanced OSINT techniques, including social engineering, infiltration, data mining, automation, and dark web analysis. - Proficiency in network traffic analysis and understanding of network protocols. - Experience in reading and analyzing code to understand the functionality of websites, devices, and applications. - Basic proficiency in Python (or similar) to develop scripts for automating investigative tasks. - Excellent written and verbal communication skills in English, with the ability to tailor reports and presentations with complex findings to diverse audiences. - Ability to conduct investigations involving foreign languages. - Strong critical thinking and problem-solving skills. - Ability to work autonomously with minimal oversight. - Ability to manage and prioritize multiple investigations simultaneously. - Basic understanding of intellectual property laws and regulations, with the ability to translate legal concepts into actionable investigative strategies. - A passion for intellectual property protection and a strong ethical compass. Benefits - Flexible work environment. - Comprehensive benefits package designed to support the health, well-being, and financial security of our employees and their families. Company Description IP House is redefining how the world combats illicit trade and intellectual property theft—delivering scalable, end-to-end solutions that empower global brands and rights holders through innovation, strategic expertise, and a relentless commitment to global enforcement. Achieving this ambitious mission requires the collaboration of an exceptionally talented team. We believe our people are the foundation of everything we do—and we invest accordingly. From day one, we foster a culture rooted in continuous learning, professional growth, and shared excellence. Here, you’ll have the opportunity to shape a fast-scaling organization with a strong reputation for results—and room to grow with it. Join us in safeguarding the brands, content, and innovations that shape our world. IP House is an equal opportunity employer dedicated to fostering a respectful, collaborative, and inclusive work environment.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description What You Will Do: - Monitor security tools and platforms to identify potential threats, suspicious behavior, and operational anomalies. - Support vulnerability assessments and penetration testing activities while working closely with senior security staff. - Maintain accurate and current documentation for security policies, procedures, and incident response plans. - Research emerging cyber threats, evolving attack vectors, and industry best practices to inform security decisions. - Ensure compliance requirements are automated and stored in a declarative format using Compliance as Code approach. - Assist with hardening configurations in operational platforms by applying container security strategies and granular network segmentation policies. - Support the team with log analysis, security reporting, and improvements to security tooling. What You Will Learn: - How cybersecurity teams defend against real world threats in a mission critical environment. - How security monitoring tools, SIEM platforms, and threat detection workflows operate in practice. - How to integrate security tooling and workflows into the software development and deployment process using modern CI and CD practices. - Strategies for securing discrete workloads in shared computing environments such as Kubernetes, Docker, and vCenter. - Best practices for using LLMs to support security engineering and security architecture. Qualifications - Currently pursuing a bachelor or master’s degree in Cybersecurity, Computer Science, Information Technology, or a related field. - Foundational understanding of networking concepts including TCP/IP, DNS, firewalls, and VPNs. - Foundational understanding of DevSecOps tooling and concepts including CI and CD, DAST, SAST, and provenance. - Strong analytical and problem-solving skills with keen attention to detail. - Familiarity with automation and container orchestration platforms such as Ansible, Kubernetes, and vCenter. - Ability to communicate technical concepts clearly in both written and verbal formats. - Eagerness to learn and stay current with the evolving cybersecurity landscape. Requirements - Hands-on experience with security tools such as SIEM platforms, vulnerability scanners, or endpoint detection solutions. - Capture-the-Flag competition experience or personal projects showing practical knowledge of DevSecOps concepts. - Experience with development tooling (Git) and scripting languages such as Python, Bash, or PowerShell. - Familiarity with Infrastructure-as-Code concepts (Terraform, CloudFormation). - Familiarity with cloud security concepts (AWS, Azure, or GCP). - Familiarity with automation and container orchestration platforms (Ansible, Kubernetes, vCenter). Physical & Work Environment - Must be capable of remaining stationary for 50% of the time; occasional movement within the office environment may be required. - The role involves continuous interaction with computers and other office productivity equipment. Equal Opportunity Employer Ridgeline International is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by applicable law.