The Regional Retread Service Technician provides technical service and quality assurance across assigned Goodyear retread locations to ensure consistent, high-quality production. This role supports both company-owned and authorized plants through root cause analysis, equipment maintenance, and continuous process improvements. Serving as the primary point of contact for manufacturing concerns, the technician delivers hands-on technical support and training in production systems and business management practices. Why This Role Matters - Drives consistent, high‑quality retread production across the Goodyear retread network. - Improves plant performance through root cause analysis, process optimization, and equipment support. - Acts as the key technical and communication link between Goodyear and retread locations. What You Will Do - Plan and deliver equipment installation expertise, preventive maintenance support, and manufacturing audits across assigned retread locations. - Provide hands-on technical support, root cause analysis, and field training to ensure consistent, high-quality, like-new retread products. - Serve as the primary point of contact for retreaders, communicating Goodyear standards, new equipment, and manufacturing procedures. - Drive continuous improvement by challenging plants to enhance key production indicators, quality performance, and cost competitiveness. - Support manufacturing process optimization through equipment, layout improvements, and lean manufacturing practices. What We’re Looking For - Bachelor’s degree or equivalent experience, including 10+ years in retread plant management, training, or tire technology. - 5+ years of experience in a retread or tire manufacturing environment, with hands-on exposure to plant operations and systems. - Background in industrial or mechanical engineering, or equipment maintenance within a manufacturing setting. - Proven process improvement experience, supported by strong communication skills, mechanical aptitude, and proficiency in Microsoft Office/SPC tools. Additional Details - Traveling Requirement: Yes - 70% - Relocation Approval: Yes - Sponsorship: No #ManufacturingCareers #TechnicalSupport #RetreadIndustry #ContinuousImprovement #QualityAssurance #FieldService #LI-JT1 Goodyear offers a competitive pay and comprehensive total rewards package designed with your physical, financial, and emotional wellbeing in mind. The pay range for this position is $91,869.00 - $170,615.00 However, base pay offered may vary depending on factors such-as job-related knowledge, skills, experience, and market location. You will also be eligible for a number of benefits, including medical, prescription, dental, vision, 401(k), life insurance, disability, tuition assistance, sick and vacation time, as well as tire discounts. You will receive more information on our Total Rewards if selected to interview. Goodyear is one of the world's largest tire companies. It employs about 68,000 people and manufactures its products in 51 facilities in 19 countries around the world. Its two Innovation Centers in Akron, Ohio, and Colmar-Berg, Luxembourg, strive to develop state-of-the-art products and services that set the technology and performance standard for the industry. For more information about Goodyear and its products, go to Goodyear.com. If you need reasonable accommodation to complete the online application, or any other part of the employment process, please contact the Goodyear Candidate Care Line at 330.796.4500. Goodyear is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to any characteristic protected by law.

• Design, implement, and manage secure AWS cloud architectures, including networking, IAM, and service configurations. • Develop and enforce cloud security standards, policies, and guardrails across AWS environments. • Implement automated security controls using tools like Terraform, AWS Config, Security Hub, GuardDuty, and Inspector. • Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines (DevSecOps). • Monitor and respond to security events using SIEM and cloud-native logging tools (CloudWatch, CloudTrail, AWS Security Hub, etc.). • Conduct threat modeling, risk assessments, and security architecture reviews for AWS-based applications and services. • Maintain and optimize identity and access management across AWS accounts using IAM, SSO, SCPs, and Organizations. • Manage data protection strategies, including encryption (KMS), DLP, and secure key management. • Support compliance initiatives (e.g., SOC 2, HIPAA, ISO 27001, or FedRAMP) with evidence collection and policy implementation.

Role Description ICF is looking for an enthusiastic Senior Security Engineer to join our team and help with ensuring our environments and applications meet Federal Security Standards. If you are a Security Engineer interested in applying your expertise in Security Engineering in a consulting environment, then this may be the role for you. This position requires that the job be performed in the United States. If you accept this position, you should note that ICF does monitor employee work locations and blocks access from foreign locations/foreign IP addresses, and also prohibits personal VPN connections. Our core work hours are 10am - 4pm Eastern Time with the option to start earlier or work later depending on your time zone. However, please note our client is on the east coast and may sometimes start a meeting earlier than 10:00 which may require your participation. Travel for a conference or to another ICF location for collaboration may be required once a year. What You Will Do: - Work on multiple products and develop and present secure solutions and advice to technical teams and leadership. - Assess risks and advise on security standards, best practices, and solutions. - Maintain security quality and customer satisfaction. - Document vulnerabilities and work with developers to correct them. - Ensure all documentation and appropriate steps are taken and approved for highly secure production applications and environments. Responsibilities: - Perform Static Application Security Testing (SAST) to identify potential vulnerabilities in the application code and infrastructure. - Perform Dynamic Application Security Testing (DAST). - Create and update threat models for FISMA systems. - Assist and lead security incident response. - Assist with documentation of System Security plan and Contingency Plans for related projects. - Ensure security systems are up to date and create documentation and planning for all security-related information, including incident response and disaster recovery plans. - Review policies and procedures for compliance with applicable standards; identify areas of improvement for finding remediation. - Interact with senior level management, including the ISSO. - Use security assessment tools such as Nessus, Snyk, AWS GuardDuty, and AWS Inspector. - Apply a demonstrated understanding of cryptography to secure web applications and data at rest. - Work with development teams to review and correct code written in higher level programming languages and scripts. - Work with DevOps teams to securely harden Linux based machines and cloud infrastructure. Qualifications - Bachelor’s Degree. - 5+ years of professional security engineering experience. - Candidate must be able to obtain and maintain a Public Trust. - Candidate must reside in the U.S., be authorized to work in the U.S., and all work must be performed in the U.S. - Candidate must have lived in the U.S. for three (3) full years out of the last five (5) years. Requirements - Hands-on experience that includes: - NIST 800‑53 security controls. - System hardening and implementation of DoD STIGs. - Leading incident response activities. - Data management and applied cryptography. - Cloud security and infrastructure (AWS, Azure, and/or GCP). - Awareness of OWASP Top Ten and CWE Top 25. - Linux command line usage (e.g., bash, sh, zsh). - Scripting in Python, Perl, or similar languages. - Prior experience in consulting or healthcare is an advantage but not essential. - Strong engineering background. - Application architecture experience. - Federal Government contracting work experience. - One or more of the following certifications is preferred: - OSCP/OSCE/OWSE. - CISSP. - GPEN. - GXPN. - Security +. - CEH. Benefits - Good leadership and team-working skills. - Highly effective analytical, problem-solving, and decision-making capabilities. - Excellent communication and interpersonal skills to interface effectively at all levels of the business. - Organized, detailed oriented and able to prioritize and multi-task. - Ability to self-organize, prioritize and conduct work on multiple projects under tight deadlines in a fast-paced environment. - Prior experience working remotely full-time. Company Description ICF is a global advisory and technology services provider, but we’re not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future. We can only solve the world's toughest challenges by building a workplace that allows everyone to thrive. We are an equal opportunity employer. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO policy.

Posición: Chief Information Security Officer Enfoque: Gobernanza, Gestión de Riesgos y Continuidad del Negocio. Buscamos un(a) CISO con trayectoria en diseño de arquitecturas resilientes en AWS y marcos de gobernanza (NIST, ISO 27001) para una Fintech que se encuentra en fase de crecimiento. La misión principal será estructurar e implementar el Sistema de Gestión de Seguridad de la Información bajo estándares como ISO 27001, asegurando que la operación nunca se detenga. Responsabilidades ● Tomar decisiones de alto nivel sobre la Política de Seguridad de la Información y su contenido. ● Aprobar el resultado de las revisiones de seguridad relevantes. ● Aprobar las solicitudes de excepciones que presenten valor de riesgo medio o bajo relacionadas con el Cuerpo Normativo de Seguridad de la Información. ● Coordinar anualmente una valoración de riesgo para identificar nuevas amenazas y vulnerabilidades de los activos además de identificar los controles apropiados para mitigar cualquier nuevo riesgo. ● Verificar que la Política de Seguridad de la Información, las Normas, los Procedimientos, Documentos Técnicos y Anexos sean revisados al menos una vez al año y de manera que los cambios en los objetivos del negocio o el entorno de riesgos queden reflejados. ● Asegurarse que los terceros con quien se comparte información sean manejados de acuerdo a los estándares definidos por la compañia. ● Convocar el Comité de Seguridad de la Información con objeto de informar acerca de los aspectos más relevantes de seguridad a la Dirección Corporativa. ● Mantener actualizado y distribuir el Plan de Respuesta ante Incidentes ● Confirmar anualmente con las diferentes unidades del negocio que cualquier nuevo canal aceptado para recibir tarjetas de crédito o débito ha sido incluido en el alcance del proceso. Cualquier cambio en el alcance debe ser actualizado en la Política de Seguridad de la Información. ● Mantener actualizada la documentación de riesgos y activos de seguridad de la información. ● Cuando el objeto está relacionado a Protección de Datos, deberá: o Fijar y aprobar anualmente los objetivos de nivel de riesgo de seguridad aceptable: Los objetivos deben ser vigentes y estar alineados con el propósito y la estrategia de la organización, ser medibles o estimables y coherentes con las presentes directrices. Se deberá verificar de forma anual la evolución de dichos objetivos. o Identificar a los Propietarios de los riesgos: pues son los conocedores de los riesgos inherentes y significativos del área y los activos que es responsable. ●Definir y aprobar los niveles de riesgo de la organización: así como los planes de tratamiento de riesgo, asumiendo las funciones de propietario del riesgo. ●Aprobar las medidas correctivas resultantes del análisis de riesgos formalizadas en el plan de tratamiento de riesgos. o ●Proporcionar los recursos necesarios para asegurar el cumplimiento de los objetivos de seguridad. ● Liderar el ciclo de vida de cumplimiento de PCI-DSS, desde el escaneo de vulnerabilidades hasta la auditoría anual de cumplimiento. ● Establecer políticas de seguridad alineadas con el cumplimiento regulatorio. ● Supervisar la implementación de tecnologías de tokenización, cifrado punto a punto. ● Garantizar la seguridad en el ciclo de vida de desarrollo (backend y frontend). ● Monitorear patrones de tráfico para detectar intentos de inyección, sniffing o ataques de denegación de servicio dirigidos a la pasarela.