• Build, lead, and continuously mature Aledade’s Governance, Risk & Compliance program. • Own and maintain the enterprise risk management framework and risk registry, facilitating reviews and reporting to leadership and the Audit Committee. • Lead Aledade’s compliance certification programs, including SOC 2, HIPAA, SOX/ITGC, HITRUST, and CPRA. • Manage audit preparedness and execution for external assessments, ensuring evidence collection and readiness across business and technology teams. • Oversee the Vanta Trust platform, including continuous control monitoring, automation of evidence gathering, and Trust Center management. • Develop and enforce policies and standards, ensuring clarity, adoption, and alignment with frameworks such as NIST, ISO 27001, HIPAA, and AI RMF.

• Coordinate Security Operations Center (SOC) operations, ensuring continuous monitoring, rapid response and alignment with company security policies; • Assess and optimize incident response processes, implementing automation, playbooks and metrics to increase efficiency and reduce response times; • Conduct detailed incident analyses to identify root causes, impacts and propose corrective and preventive measures; • Administer SIEM, SOAR and other monitoring solutions, ensuring integration and effectiveness in threat detection; • Work with cyber defense, GRC, IAM and infrastructure teams to coordinate actions during incidents and improve overall security posture; • Prepare technical and executive reports on incidents, trends and implemented improvements; • Train SOC analysts and other stakeholders on incident response best practices and tool usage; • Stay up to date on new attack techniques, response frameworks (e.g., NIST, MITRE ATT&CK) and market trends.

Information Security Engineer We are seeking an Information Security Engineer to help drive enterprise-level information security initiatives and embed information security across our operations. In this role, you will design, implement, and maintain robust security infrastructure and controls to protect the organization's computer networks, systems, and data from cyber threats. You will build and manage security tools, conduct vulnerability assessments, and respond to security incidents. You will also advise the business on cyber security matters. This is primarily a remote position, with occasional in-person responsibilities held at our Bristol, UK office. The ideal candidate is an experienced security specialist who: - Blends technical skills with business awareness - Comfortable working across multiple areas of security and excited to learn more - Has some familiarity with compliance (PCI, GDPR) and protection (NIST and ISO 27001) frameworks - Partners cross-functionally to drive security, automation, and continuous improvement - Communicates effectively across technical and non-technical stakeholders - Evangelizes a proactive security culture organization-wide Key responsibilities: System Design & Implementation: - Design and deploy secure, scalable and reliable security tools Monitoring & Threat Detection: - Monitor systems for security incidents - Analyze and troubleshoot alerts - Tune alerting systems Incident Response: - Respond to security incidents - Conduct investigations and coordinate cross-functional response - Identify vulnerabilities and/or gaps in security posture - Coordinate and track remediation of any issues identified Vulnerability Management: - Perform regular vulnerability assessments - Identify and remediate weaknesses - Implement and maintain controls aligned with internal standards Penetration Testing: - Coordinate the company’s penetration tests with internal and external stakeholders - Identify, surface, and track issues with the relevant system owners Automation & Scripting: - Develop scripts to automate security tasks and improve efficiency - Identify processes where automation can be leveraged to create efficiencies Security Awareness & Training: - Educate internal teams on security responsibilities, procedures, and controls - Help select appropriate security training modules - Track completion of training requirements Cross-Functional Collaboration & Enablement: - Contribute to creation and updates of security policies and procedures - Engage with stakeholders across Engineering, Product, Legal, and HR to support security initiatives - Support vendor risk and third-party security assessment activities As well as being a part of something exciting everyday, you will also receive the following benefits: - Annual bonus scheme dependent on individual and company performance - Annual salary of £50,000 - £60,000 - 25 days holiday each year (+ bank holidays + 1 day after each year of service with up to a max. of 30 days) - Workplace pension scheme - Private medical insurance (upon 30 days of employment) - 7 hours per day, 35 hours per week - A remote first culture - Great work-life balance with our Flexi-time policy - Family Friendly policies (Enhanced Maternity and Paternity Pay and Shared Parental Leave). - A chance to develop with an allocated company training budget - Bike2Work Scheme - Lifeworks, an Employee Assistance Programme which offers wellbeing, family and financial support services, such as assessments, resources and even 1:1 counselling sessions. It also offers interesting perks such as discounts on gyms, restaurants, high street retailers and cinema tickets - A strong commitment to employee wellbeing including mental health first aiders - Employee referral scheme with generous financial reward - Bonusly colleague reward scheme #LI-Remote Salary range, depending on experience: £50,000—£60,000 GBP

Role Description Celestial Innovations Group (CIG) is seeking a skilled Cortex XSIAM Security Engineer to deploy, configure, and operationalize Palo Alto Networks Cortex XSIAM for federal and enterprise clients. This role is at the center of CIG's AI-driven Security Operations practice, enabling clients to modernize their SOC by consolidating SIEM, XDR, SOAR, UEBA, ASM, and TIP capabilities into a single, converged platform. The Cortex XSIAM Engineer will serve as a subject-matter expert (SME) throughout the full platform lifecycle: - Requirements gathering and architecture design - Deployment, integration, and continuous optimization - Driving measurable improvements in threat detection and incident response times for government and commercial clients Qualifications - 3+ years of hands-on experience with Palo Alto Networks Cortex XDR or Cortex XSIAM in an enterprise or federal environment - Demonstrated experience deploying or administering SIEM platforms (Splunk, Microsoft Sentinel, IBM QRadar, or equivalent) - Proficiency with XQL or comparable query languages for log analysis and threat hunting - Working knowledge of SOAR concepts and experience building security automation playbooks - Understanding of EDR, NDR, and UEBA technologies and how they feed into a converged SOC platform - Familiarity with MITRE ATT&CK framework and its application to detection engineering - Active Secret clearance (minimum); TS/SCI preferred for federal engagements - Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field, OR equivalent professional experience Requirements - Lead end-to-end deployment of Cortex XSIAM for federal and enterprise clients, including data source onboarding, log ingestion, and normalization - Integrate XSIAM with existing security ecosystem tools including firewalls, endpoints, cloud platforms, identity providers, and ticketing systems - Configure data pipelines to ingest and normalize telemetry from diverse sources (endpoints, network, cloud, identity) into XSIAM's unified data model - Migrate clients from legacy SIEM platforms to Cortex XSIAM, ensuring continuity of detection coverage and compliance reporting - Build and tune correlation rules, behavioral analytics, and ML-based detection models within XSIAM to reduce false positive rates and improve detection fidelity - Develop and maintain XSIAM analytics leveraging XQL (Extended Query Language) to extract actionable insights from security telemetry - Map detection content to MITRE ATT&CK framework, ensuring coverage across all relevant tactics, techniques, and procedures (TTPs) - Configure AI SmartScoring and technique-based incident grouping to reduce alert fatigue and prioritize analyst workload effectively - Design, build, and maintain SOAR automation playbooks within XSIAM to automate triage, enrichment, and remediation workflows - Leverage Cortex Marketplace content packs and develop custom integrations as needed to support client-specific security processes - Implement dev/prod playbook lifecycle management to ensure safe testing and controlled promotion of automation content - Continuously improve automation coverage, targeting measurable reductions in manual analyst workload - Serve as escalation point for complex incident investigations, using XSIAM causality chains and full attack-story visualizations to support rapid remediation - Coordinate with client SOC teams during active incidents, leveraging XSIAM's embedded automation and enrichment capabilities - Support Attack Surface Management (ASM) functions to proactively identify and remediate client exposure - Utilize integrated Threat Intelligence Platform (TIP) capabilities, including Unit 42 threat feeds, to enrich alerts and inform response priorities - Serve as a trusted technical advisor to federal and commercial clients on XSIAM capabilities, roadmap, and SOC modernization strategy - Produce SOC performance dashboards, compliance reports, and executive summaries within XSIAM to support client governance requirements - Conduct training and knowledge transfer sessions to build client SOC team proficiency on the XSIAM platform - Support CIG business development efforts by contributing to proposals, demos, and technical capability briefings for prospective clients Benefits - 401(k) - Competitive salary - Dental insurance - Health insurance - Paid time off - Vision insurance Preferred Qualifications - Palo Alto Networks Certified Security Automation Engineer (PCSAE) or Cortex XSIAM-specific certification - Experience with federal compliance frameworks including NIST SP 800-53, RMF, DISA STIGs, and CDM program requirements - Familiarity with Zero Trust Architecture principles (NIST SP 800-207, CISA ZT Maturity Model) and how XSIAM supports ZTA adoption - Experience integrating Cortex XSIAM with Palo Alto Networks NGFW, Prisma Cloud, or Zscaler platforms - Knowledge of cloud security telemetry sources (AWS, Azure, GCP) and their ingestion into XSIAM - Exposure to Python or JavaScript for custom XSIAM integration development or automation scripting - Prior experience supporting federal SOC operations or DHS CDM program environments - CISSP, CEH, CompTIA Security+, or equivalent security certification Technical Skills & Tools - SOC Platforms - Cortex XSIAM / XDR - Cortex XSOAR - SIEM platforms - XQL query language - EDR / NDR / UEBA - Security Frameworks - MITRE ATT&CK - NIST SP 800-53 / RMF - NIST SP 800-207 (Zero Trust Architecture) - CISA Zero Trust Maturity Model - DISA STIGs - Integrations & Tools - Palo Alto NGFW / Prisma - Zscaler ZIA / ZPA - Microsoft Sentinel / Azure - ServiceNow / Ticketing systems - AWS / Azure / GCP Flexible work from home options available.