• Reporting to the General Counsel this position provides strategic and operational legal support across legal issues in cybersecurity, data privacy, artificial intelligence, and data governance. • Develop, implement, and maintain the organization's comprehensive data governance and security, privacy and compliance frameworks and policies. • Serve as the Privacy Officer and primary legal and operational authority on HIPAA, including Privacy Rule and Security Rule requirements. • Ensure adherence to global, federal, state and emerging privacy laws (GDPR, CPRA, etc.), as applicable. • Advise executive leadership on cybersecurity risk, mitigation, data governance, and regulatory obligations. • Lead internal audits, risk assessments, and incident response planning. • Manage relationships with outside counsel, regulators, and third-party vendors on compliance matters. • Educate staff on data handling, privacy practices, and security threats. Organize and oversee employee training programs on data privacy, security protocols, and HIPAA obligations. • Monitor evolving federal and state data privacy legislation and assess organizational impact. • Draft and enforce internal data security policies, procedures, and Business Associate Agreements (BAAs). • Represent the organization in regulatory investigations or breach notification proceedings, remediation efforts, and regulatory notifications.

• Strategic development of the Hamburg, Ruhr area, Rhineland and Leipzig regions • Position pco as an MSP and MSSP • Identify target customers and manage the full sales cycle – from initial contact to closing • Develop solutions combining Modern Infrastructure, Cyber Security, Cloud Services and Managed Services in collaboration with Consulting and Presales • Continuously build and actively manage a robust pipeline • Increase pco's visibility through client meetings, relationship building and on-site presence • Actively contribute ideas to open up new customer segments

• Own threat modeling across our entire surface area: multi-tenant training infrastructure, sandboxed execution environments, API surfaces, and internal tooling • Design and implement zero-trust networking, identity, and access control across distributed GPU clusters and cloud infrastructure • Build secure-by-default patterns for our platform engineers — auth, secrets management, supply chain integrity, container hardening • Architect tenant isolation and data boundary enforcement for hosted RL training workloads (customers run arbitrary code in our environments) • Develop security frameworks specific to AI infrastructure: model weight protection, training data isolation, checkpoint integrity, gradient privacy • Secure the RL training loop end-to-end — from environment execution in sandboxes to reward signal verification and model artifact storage • Build detection and prevention for AI-specific attack vectors: prompt injection across agentic pipelines, model exfiltration, adversarial environment manipulation • Scope, manage, and run point on external penetration tests across our platform, hosted training infrastructure, and liquid compute layer • Build and maintain an internal red-teaming practice — automated and manual — targeting our most critical systems • Drive vulnerability management: triage, remediation SLAs, and root cause analysis • Build security monitoring and alerting across infrastructure (distributed clusters, Kubernetes, cloud) and application layers • Implement runtime security for containerized training workloads and sandboxed environments • Own incident response — build the playbooks, run the drills, lead the post-mortems • Design audit logging and forensic capability across all customer-facing systems • Drive SOC 2 Type II readiness and other compliance frameworks required by enterprise customers • Own the security narrative for customer-facing materials — questionnaires, architecture reviews, trust documentation • Partner with GTM to unblock enterprise deals that depend on security posture.

Title: Cyber Security Logistics Specialist SME II Program Summary: KBR’s Mission Engineering Division delivers complex technical solutions and expert support to the U.S. Department of Defense, specializing in modeling and simulation, cyber transformation, air vehicle mission integration, and lifecycle support. As a trusted partner with a proven history in mission technology, KBR collaborates closely with clients to develop innovative and effective solutions. With a strong ethical framework, KBR prioritizes data security, privacy, and responsible information management to ensure mission success. Job Summary: The CyberLOG Specialist SME II will support the cybersecurity initiatives and provide support to the Defense Health Agency (DHA) Risk Management Executive Division. Roles and Responsibilities: - Reviews and updates the Detailed Architecture Diagram, Detailed Hardware/Software Inventory, and other system artifacts to determine the DoD IT type. - Develops the baseline set of impact values (low, moderate, or high) for the medical devices. - Identifies common controls associated with the inherited controls in the Security Plan. - Documents responsibilities associated with the inherited controls in the Security Plan. - Initiates the tailoring process in eMASS to modify the control set to account for conditions affecting the specific system more closely. - Adds relevant supplemental security controls and marks extraneous or impertinent controls as “Not Applicable”. - Identifies security controls to be monitored on an ongoing basis. - Reviews site/organization change control policies. - Documents the method of applying policies to specific controls. - Coordinates with the IV&V Team to clarify information required for Special Access Programs. - Leads the execution of the self-assessment activities. - Completes applicable checklists in assessing the NIST SP 800-53 Revision 4 controls. - Documents upload self-assessment checklist results and artifacts documentation in eMASS. - Provides support with remediation and mitigation efforts. - Creates the Risk Assessment Report. - Coordinates with the ISSM to confirm the completion of the Security Authorization Package prior to eMASS submission. - Assists program leadership with status reports, white papers, weekly activity report, and other ad hoc requirements as necessary. - Performs other job-related duties as assigned ​Basic Qualifications: - Bachelor’s Degree in Information Technology or Cybersecurity, or an equivalent combination of education and experience in lieu of a degree. - 8 years of experience. - Federal government contracting experience required - Must possess a Security+ or other IAT Level I, II / IAM Level I, II certification. - Ability to maintain an Active DoD Secret clearance. Preferred Qualifications: - Working knowledge of eMASS. - Working knowledge of Risk Management Framework. - Working knowledge of DHA mission and environment. - Working knowledge of DoD Networks. - Working knowledge of the DoD orders process. - Working knowledge of USCYBERCOMMAND and JFHQ-DODIN Cyber Tasking Orders (CTO). - Working knowledge of researching and writing white papers, compliance reports, and assessment reports in support activities for defining policy. - Working knowledge of developing briefing materials, administrative, and logistic support. - Working knowledge of Microsoft Office Suite. - Working knowledge of Combatant Commands. - Excellent communication and presentation skills (verbal and written) enabling precise conveyance of information across all customer sections and proper enunciation of the English language. - Excellent Senior Leadership and General Officer / Flag Officer (GO/FO) leadership briefing skills. - Excellent interpersonal, organizational, and critical thinking/problem solving skills. - Ability to be flexible, dependable, and multi-task with evolving priorities. - Ability to provide excellent customer service. - Ability to sign and abide by a non-disclosure agreement. Work Location: North Charleston, SC or Remote Compensation: $107,600 - $161,400 The salary range posted is based on the national average. The offered rate will be based on the selected candidate’s location, knowledge, skills, abilities, and/or experience, contract affordability, and in consideration of internal parity. Benefits: KBR offers a selection of competitive lifestyle benefits which could include a 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule. We support career advancement through professional training and development. Belong, Connect and Grow at KBR At KBR, we are passionate about our people and our Zero Harm culture. These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company. That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together. KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.