Overview Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing Results that Matter. Come work with the best! We offer opportunity, unique challenges, and clear-sighted commitment to the mission. SPA: Objective. Responsive. Trusted. The Space and Intelligence Division provides professional services to the US Space Force, Combatant Commands, Intelligence Community, and NASA. Our work includes enterprise architectural assessments, systems engineering and integration, test, planning and execution, cost estimating and analysis, acquisition support, and cybersecurity. We are trusted partners developing approaches and concepts to meet emerging high priority needs, assessing cutting-edge technologies, and supporting capabilities for our National Defense. Come join the fastest growing Division at Systems Planning and Analysis, Inc.! The Space Systems Group (SSG), part of SPA’s Space and Intelligence Division, provides timely and objective assessments and recommendations integrating technical, operational, programmatic, policy and business analysis. We focus on our key clients in the Space community including the US Space Force’s Space Systems Command (USSF/SSC), one of the three designated Field Commands under USSF. We work tirelessly to provide integrated solutions based on information and communications throughout the chain of command. We provide clear and consistent analysis and recommendations which are aligned to strategic and leadership goals while balancing the ability to execute on time and on budget within the technical communities. Come join an organization responsible for being a key enabler of Spacepower! SPA has an immediate need for an Information System Security Manager (ISSM). Responsibilities The Information Systems Security Manager (ISSM) is responsible for the end-to-end cybersecurity posture of the KM Platform across all environments, classifications, and mission systems—current and future. This role leads the cybersecurity branch within Systems Engineering and directs a team of ISSEs/ISSOs to ensure security is not a compliance afterthought, but a continuously enforced, operational capability embedded into the platform. The ISSM owns the integrity of the platform’s authorized boundary, ensuring that security remains consistent, scalable, and resilient as the platform evolves. This role establishes and enforces the security model that enables application teams to deliver rapidly and confidently by removing security as a source of variability, rework, or delay. Core Responsibilities - Lead and manage the cybersecurity function, providing direction, prioritization, and oversight for all ISSE/ISSO personnel supporting the platform - Own and maintain the platform’s cybersecurity posture across all environments (IL4, IL5, IL6, and classified), ensuring alignment with ATO requirements and mission needs - Establish and enforce a consistent security baseline that persists across applications, environments, and time, eliminating variability in how security is applied - Govern all changes to the platform through a structured security impact and configuration management process to preserve the integrity of the authorized boundary - Oversee continuous monitoring, vulnerability management, and remediation processes to ensure risks are identified, prioritized, and resolved proactively - Ensure application onboarding integrates security requirements from the start and that enforcement is automated through DevSecOps pipelines (e.g., scanning, SBOM, policy enforcement) - Enforce least-privilege access, workload isolation, and auditability across all platform users, systems, and data - Serve as the primary authority and interface for cybersecurity with government stakeholders, Authorizing Officials, and external auditors - Drive standardization of security practices across teams, ensuring predictable, repeatable paths to production without rework or ambiguity - Integrate cybersecurity into platform engineering, DevSecOps, and operational workflows to enable secure continuous delivery at scale Expected Outcomes - Security is a built-in, continuously enforced capability of the platform, not a variable introduced by individual teams or deployments - The platform maintains sustained ATOs across environments, with changes introduced without degrading the authorized boundary or requiring rework - Application teams experience predictable, frictionless paths to production, with clear and stable security requirements that do not change midstream - Vulnerabilities are identified early and resolved proactively, minimizing operational risk, audit findings, and mission impact - All platform changes are controlled, assessed, and introduced without unintended security consequences, preserving system stability and trust - Access, data, and workloads are securely isolated and auditable, reducing risk exposure and ensuring accountability across users and teams - The software supply chain is transparent and continuously monitored, with full visibility into dependencies and associated risks - Cybersecurity enables speed, not delay, allowing rapid, secure delivery of mission capabilities without sacrificing assurance - The cybersecurity team operates as a high-performing, unified function, delivering consistent outcomes across all environments and programs Qualifications Qualifications: - Active Top Secret clearance - Bachelor’s degree in relevant field of study from an accredited institution - 10 years of relevant hands-on experience - Demonstrated experience leading a cybersecurity program or function, including directing ISSE/ISSO personnel and managing security strategy across multiple environments or classifications - Proven ability to own and maintain a system’s cybersecurity posture, ensuring alignment with ATO requirements and governing security frameworks across IL4–classified environments - Hands‑on background establishing and enforcing consistent security baselines, conducting security impact assessments, and governing changes through structured configuration‑management processes - Deep experience overseeing continuous monitoring, vulnerability management, remediation workflows, and automated enforcement of security requirements within DevSecOps pipelines - Strong track record interfacing with government cybersecurity stakeholders and auditors, communicating and defending security decisions, and ensuring predictable, secure paths to production

• Own and mature Hex’s security and privacy compliance program across SOC 2, ISO 27001, ISO 27701, HIPAA, GDPR, CCPA, PCI DSS, and other frameworks relevant to our business • Ensure continuous audit readiness: maintain controls, gather evidence, manage auditors, and implement improvements. • Track regulatory and industry changes, advising Hex leadership on impact and recommended responses. • Maintain and develop core security policies, standards, and procedures, tailoring them to Hex’s real operating environment. • Own Hex’s risk management lifecycle: identify, assess, track, and drive mitigation of security, privacy, operational, and regulatory risks. • Build lightweight but effective governance processes, ensuring clear ownership, documentation, and accountability. • Serve as the primary owner of customer and prospect security questionnaires, risk assessments, and contractual security provisions. • Manage and improve Hex’s Trust Center / trust portal, ensuring accurate and compelling communication of Hex’s security posture. • Lead internal and external audits from planning through remediation. • Own Hex’s third-party risk management program, including vendor assessments, reviews, and ongoing monitoring. • Define and run security awareness training tailored to Hex’s environment.

• Architect and implement PBAC and RBAC solutions, including policy models, roles, decision engines, enforcement points, and policy‑as‑code frameworks. • Design and operationalize fine‑grained authorization for applications, services, APIs, and data platforms, enabling contextual and attribute‑based access decisions. • Develop an identity security framework for AI, defining identity controls, access constraints, and governance models for AI agents, models, datasets, and prompt flows. • Integrate PBAC with workload identity, service‑to‑service authentication, and distributed access decisioning within modern cloud and microservice environments. • Partner with application and platform teams to embed authorization-by-design into solution architecture, code, and deployment pipelines. • Evaluate and implement fine grained authorization policies & custom RBAC roles; defining their integration points and governance processes. • Develop automated tooling for policy validation, simulation, testing, and versioning to ensure consistent enforcement and safe policy deployment. • Ensure authorization architecture aligns with risk, compliance, and regulatory requirements while supporting performance, reliability, and developer usability. • Stay current on emerging trends in authorization engineering, zero trust, AI access governance, and modern identity security paradigms.

Ready to be pushed beyond what you think you’re capable of? At Coinbase, our mission is to increase economic freedom in the world. It’s a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform — and with it, the future global financial system. To achieve our mission, we’re seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company’s hardest problems. Our work culture is intense and isn’t for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there’s no better place to be. While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported. The AppSec team is looking for a Senior Security Engineer to revolutionize how we scale Identity and Access Management (IAM) reviews. In this role, you will have the autonomy to treat security as an engineering problem and stay at the forefront of applying AI to cybersecurity. Your mission is to move our organization away from manual processes toward a proactive, automated security posture. By building the foundations of a next-generation IAM review system, you will design and deploy frameworks that enforce least-privilege at scale and leverage AI to identify risks that human oversight might miss. What you’ll be doing (ie. job duties): - Design, develop, and maintain internal tools and services (primarily in Go) to automate the IAM lifecycle and security review processes. - Build "Guardrails-as-Code" to detect and remediate overly permissive roles or misconfigurations across a diverse set of in-house developed and SaaS applications. - Prototype and implement AI-driven solutions (such as LLM-based analysis or anomaly detection) to categorize access patterns and provide intelligent recommendations for rightsizing permissions. - Create developer-centric tools that allow engineering teams to manage their own access securely, reducing friction while maintaining strict security standards. - Serve as the subject matter expert for complex IAM architecture decisions, ensuring that automation logic aligns with industry frameworks (like Zero Trust and NIST). What we look for in you (ie. job requirements): - Demonstrated ability to responsibly use generative AI tools and copilots (e.g., LibreChat, Gemini, Glean) in daily workflows, continuously learn as tools evolve, and apply human-in-the-loop practices to deliver business-ready outputs and drive measurable improvements in efficiency, cost, and quality. - Bachelor’s or Master’s in Computer Science, Computer Engineering, Cybersecurity, or a related field. - Deep understanding of IAM primitives (Service Accounts, OIDC, SAML, RBAC vs. ABAC). - Strong proficiency in Python, Go, or Node.js. Experience with Git, CI/CD pipelines, and writing clean, maintainable code. - Experience in leveraging LLMs to enable self-serve and autonomous capabilities. - Familiarity with microservices architecture. Nice to haves: - Demonstrated experience managing workforce access, logging, and auditing in a fast-paced hyper-growth environment (FinTech or crypto preferred), with a strong understanding of navigating strict regulatory landscapes, such as SOX compliance. - Experience with data engineering basics (SQL, Snowflake, or Databricks) to analyze large-scale access logs. - Background in Application Security. Job #: P76231 #LI-Remote Pay Transparency Notice: The target annual base salary for this position can range as detailed below. Total compensation may also include equity and bonus eligibility and benefits (including medical, dental, and vision). Annual base salary range (excluding equity and bonus): $191,100—$191,100 CAD Please be advised that each candidate may submit a maximum of four applications within any 30-day period. We encourage you to carefully evaluate how your skills and interests align with Coinbase's roles before applying. Commitment to Equal OpportunityCoinbase is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the Employee Rights and the Know Your Rights notices by clicking on their corresponding links. Additionally, Coinbase participates in the E-Verify program in certain locations, as required by law. Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations[at]coinbase.com to let us know the nature of your request and your contact information. For quick access to screen reading technology compatible with this site click here to download a free compatible screen reader (free step by step tutorial can be found here). Global Data Privacy Notice for Job Candidates and ApplicantsDepending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available here. By submitting your application, you are agreeing to our use and processing of your data as required. For US applicants only, by submitting your application you are agreeing to arbitration of disputes as outlined here. AI DisclosureFor select roles, Coinbase is piloting an AI tool based on machine learning technologies to conduct initial screening interviews to qualified applicants. The tool simulates realistic interview scenarios and engages in dynamic conversation. A human recruiter will review your interview responses, provided in the form of a voice recording and/or transcript, to assess them against the qualifications and characteristics outlined in the job description. For select roles, Coinbase is also piloting an AI interview intelligence platform to transcribe and summarize interview notes, allowing our interviewers to fully focus on you as the candidate. The above pilots are for testing purposes and Coinbase will not use AI to make decisions impacting employment. To request a reasonable accommodation due to disability, please contact accommodations[at]coinbase.com