Location: All locations in the United States Work Arrangement: Remote, Hybrid, or In-office In support of our growing Risk Advisory practice, we are seeking an experienced CMMC Certified Assessor (CCA) to support and perform CMMC assessments engagements across our client base. This role is ideal for someone who enjoys hands‑on assessment work, working closely with clients, and building deep technical expertise within a collaborative environment. A Day in the Life As a CMMC Certified Assessor, you will support and perform assessments while working closely with Lead Assessors and client teams. A typical day may include: - Supporting and performing CMMC Level 2 assessments in alignment with CMMC and DoD requirements. - Evaluating control design and operating effectiveness and helping identify gaps and deficiencies. - Gathering, reviewing, and validating assessment evidence and maintaining clear, well‑organized documentation. - Contributing to high‑quality workpapers and assessment deliverables aligned with firm methodology and standards. - Interacting directly with client personnel to obtain evidence, clarify requirements, and answer questions. - Supporting Leads with project execution, timelines, and engagement coordination. - Staying current on evolving CMMC guidance, DoD updates, and cybersecurity compliance trends. Who You Are - You have a Bachelor’s degree in Information Security, Information Systems, Computer Science, Cybersecurity, a related field. - You hold an active CCA (CMMC Certified Assessor) certification, including adjudicated Tier 3 background. - You have 3+ years of experience in cybersecurity, compliance, risk management, or GRC, preferably in consulting or client‑facing roles. - You have hands‑on experience supporting or performing CMMC readiness efforts and/or assessments. - You have working knowledge of CMMC requirements, assessment objectives, and evidence expectations. - You are detail‑oriented with the ability to manage tasks across multiple engagements. - You are interested in continuing to grow within CMMC and cybersecurity compliance. - You have the ability to travel up to 15%, as needed. Must be authorized to work in the United States now or in the future without visa sponsorship. Making an Impact Together People join Eide Bailly for the opportunities and stay because of the culture. At Eide Bailly, we've built a collaborative workplace based on integrity, authenticity, and support for one another. You'll find opportunities for education and career growth, a team dedicated to your success, and benefits that put your family's needs first. Hear what our employees have to say about working at Eide Bailly. Compensation: $80,000-$125,000 Our compensation philosophy emphasizes competitive and equitable pay. Eide Bailly complies with all local/state regulations regarding displaying ranges. Final compensation decisions are dependent upon factors such as geography, experience, education, skills, and internal equity. Benefits Beyond base compensation, Eide Bailly provides benefits such as: generous paid time off, comprehensive medical, dental, and vision insurance, 401(k) profit sharing, life and disability insurance, lifestyle spending account, certification incentives, education assistance, and a referral program. Next Steps We'll be in touch! If you look like the right fit for our position, one of our recruiters will be reaching out to schedule a phone interview with you to learn more about your career interests and goals. In the meantime, we encourage you to learn more about us on Facebook, Twitter, Instagram, LinkedIn or our About Us page. For extra assistance in your job search journey, explore EB Career Resources—a complimentary external tool that offers career exploration, resume workshops, interview prep and other professional development options. Eide Bailly LLP is proud to be an affirmative action/equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, veteran status, or any other status protected under local, state or federal laws #LI-MB1 #LI-REMOTE

Location: All locations in the United States Work Arrangement: Remote, Hybrid, or In-office In support of our growing Risk Advisory practice, we are seeking an experienced Lead CMMC Certified Assessor (LCCA) to play a key role in expanding our CMMC assessment capabilities. This opportunity is best suited for someone with deep IT audit expertise and an entrepreneurial mindset who is interested in helping build and shape a growing practice. We are looking for a proven assessor who enjoys client engagement, mentoring others, and contributing beyond delivery – someone motivated by influence, growth, and impact. A Day in the Life As a Lead CMMC Certified Assessor, you will serve as a trusted advisor to clients while helping develop and scale our CMMC services. A typical day might include: - Leading and performing CMMC Level 2 assessments in alignment with CMMC and DoD requirements. - Evaluating control design and operating effectiveness, identifying gaps and vulnerabilities, and documenting observations and findings. - Serving as engagement lead, providing project planning, delivery oversight, quality control, and budget management. - Communicating project status, risks, and financials to clients and internal stakeholders. - Mentoring and supporting assessors and consultants as the practice grows. - Collaborating with firm leadership on practice development, go‑to‑market strategy, and business development activities. - Contributing to internal growth initiatives, sales calls, presentations, and thought leadership. - Staying current on evolving CMMC guidance, DoD updates, and cybersecurity compliance trends. Who You Are - You have a Bachelor’s degree in Information Security, Information Systems, Computer Science, Cybersecurity, or a related field. - You hold an active LCCA (Lead CMMC Certified Assessor) certification, including adjudicated Tier 3 background. - You have 5+ years of experience in cybersecurity, compliance, risk management, or GRC, preferably in consulting or client‑facing roles. - You have hands‑on experience with CMMC readiness and/or assessments. - You have strong understanding of CMMC requirements, assessment objectives, and evidence evaluation. - You can manage multiple client engagements while maintaining attention to detail and quality. - You have an entrepreneurial mindset with interest in shaping offerings, methodology, and delivery models. - You have the ability to travel up to 15%, as needed. Must be authorized to work in the United States now or in the future without visa sponsorship. Making an Impact Together People join Eide Bailly for the opportunities and stay because of the culture. At Eide Bailly, we've built a collaborative workplace based on integrity, authenticity, and support for one another. You'll find opportunities for education and career growth, a team dedicated to your success, and benefits that put your family's needs first. Hear what our employees have to say about working at Eide Bailly. Compensation: $105,000-$165,000 Our compensation philosophy emphasizes competitive and equitable pay. Eide Bailly complies with all local/state regulations regarding displaying ranges. Final compensation decisions are dependent upon factors such as geography, experience, education, skills, and internal equity. Benefits Beyond base compensation, Eide Bailly provides benefits such as: generous paid time off, comprehensive medical, dental, and vision insurance, 401(k) profit sharing, life and disability insurance, lifestyle spending account, certification incentives, education assistance, and a referral program. Next Steps We'll be in touch! If you look like the right fit for our position, one of our recruiters will be reaching out to schedule a phone interview with you to learn more about your career interests and goals. In the meantime, we encourage you to learn more about us on Facebook, Twitter, Instagram, LinkedIn or our About Us page. For extra assistance in your job search journey, explore EB Career Resources—a complimentary external tool that offers career exploration, resume workshops, interview prep and other professional development options. Eide Bailly LLP is proud to be an affirmative action/equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, veteran status, or any other status protected under local, state or federal laws #LI-MB1 #LI-REMOTE

Cribl does differently. What does that mean? It means we are a serious company that doesn’t take itself too seriously; and we’re looking for people who love to get stuff done, and laugh a bit along the way. We’re growing rapidly - looking for collaborative, curious, and motivated team members who are passionate about putting customers first. As a remote-first company we believe in empowering our employees to do their best work, wherever they are. As the data engine for IT and Security many of the biggest names in the most demanding industries trust Cribl to solve their most pressing data needs. Ready to do the best work of your career? Join the herd and unlock your opportunity. Why You’ll Love This Role ​We are seeking a talented and experienced Staff AI Security Engineer to help build Cribl’s new AI Systems team. In this pivotal role, you will design, implement, and operationalize security and governance frameworks that enable rapid AI adoption to scale safely across Cribl’s internal systems and workflows. This is a foundational role on a newly established team tasked with providing the shared infrastructure, security guardrails, and reusable patterns needed to turn AI from fragmented experimentation into durable company capabilities. You will be instrumental in bringing security, governance, and safety to Cribl’s rapidly expanding AI footprint, including API tokens, secrets management, MCP security, shadow AI mitigation, AI telemetry, and compliance readiness. The team’s mandate is to provide the “paved road” for AI at Cribl: secure access, governed integrations, reusable workflows, and a platform that enables teams to move faster without creating security, compliance, or operational risk. This role will be part of the Corporate AI Systems team and will report directly to the Chief Information Security Officer (CISO). It will partner closely with stakeholders across Security, Enterprise Applications, Product, Engineering, IT, Legal, and the various business teams adopting AI to ensure Cribl’s AI capabilities scale securely and pragmatically. As An Active Member Of Our Team, You Will... As the Staff AI Security Engineer, you will be the foundational builder of Cribl’s AI security and governance layer. Your key responsibilities will include: - AI Security Architecture & Governance: Define, threat model, and operationalize the security architecture for Cribl’s internal AI platform, including standards, controls, approval patterns, and secure-by-design guidance for AI use cases before they scale into production. - Shadow AI Discovery & Remediation: Partner with Business Operations to maintain visibility into AI tools, licenses, API tokens, MCP servers, and ad hoc workflows in use across the company, and monitor for ungoverned or high-risk patterns that require remediation. - MCP Security & Registry Management: Own the framework for vetting MCP servers, maintaining an approved registry, defining risk tiers, and enforcing secure connection patterns as MCP adoption expands across teams. - Secrets, Identity & Token Protection: Establish secure patterns for secrets management, non-human identities, scoped credentials, OAuth-based access, and token governance to enforce least-privilege access and reduce credential exposure in AI builds. - Prompt Injection Defense & Safe Execution Controls: Design and deploy guardrails for prompt injection defense, deterministic validation, human-in-the-loop approvals, and additional controls for high-risk workflows that combine sensitive data, untrusted content, and external action. - AI Telemetry, Detection & Incident Response: Partner on building Cribl as the observability backbone for AI systems, including telemetry pipelines, abuse detection, audit trails, threat hunting, and incident response patterns for AI-specific security events. - Compliance & Customer Governance Readiness: Partner with Cribl’s Compliance team to drive documentation and control readiness for AI-related obligations and customer scrutiny, including NIST AI RMF, ISO 42001, EU AI Act readiness, AI acceptable use standards, and customer-facing AI governance materials. - Secure AI-Assisted Corporate Engineering Enablement: Establish the security controls required for AI-assisted internal development, secure coding practices, secrets management, SCA/SAST/DAST expectations, and review patterns for AI-generated code and workflows. - Risk Metrics & Security Effectiveness: Define and track the metrics that matter most for AI security, including shadow AI exposure, control coverage, incident trends, security review turnaround, and reduction of high-risk patterns as the platform scales across the company. - We are a remote-first company and work happens across many time-zones - you may be required to occasionally perform duties outside your standard working hours. If You’ve Got It - We Want It - Staff-level security engineering experience: 7+ years of experience in security engineering, application security, cloud security, identity and access management, detection engineering, or related technical security roles, with a track record of building practical controls that scale. - AI security fluency: Strong hands-on experience with modern LLM and agentic systems, including threat models for prompt injection, tool use, model access, RAG, AI coding tools, and API-driven integrations. - Identity, secrets, and governance depth: Proven experience with OAuth, service identities, secrets management, RBAC / ABAC / scoped permissions, auditability, and secure-by-default architecture patterns. - Security architecture judgment: Experience designing risk-tiered controls, approval models, and protective guardrails that balance innovation with real-world compliance and operational needs. - Detection and incident response mindset: Ability to operationalize telemetry, define actionable detections, investigate security signals, and build pragmatic response paths for new threat surfaces. - Compliance and customer trust orientation: Familiarity with frameworks and customer expectations relevant to enterprise AI governance, including NIST AI RMF, ISO 42001, SOC 2, GDPR, SOX, or adjacent control environments. - Cross-functional communication: Strong written and verbal communication skills, with the ability to simplify risk, controls, and tradeoffs for engineers, business stakeholders, and senior leaders alike. - Builder mentality: You are comfortable creating the first version of the registry, the standards, the playbooks, and the guardrails. Ambiguity energizes you. - Outcome orientation: You care about materially reducing risk while enabling useful AI adoption. You understand that security only works if it is practical enough to be used. - Preferred Qualifications - Experience with AI development tools like Claude Code, AWS Bedrock, or similar enterprise AI platforms. - Experience with MCP, skills, API security, gateway technologies, or tool-use architectures for AI agents. - Familiarity with multi-agent workflow design, workflow security patterns, and human-in-the-loop orchestration controls. - Experience with SCA / SAST / DAST, secrets management, SIEM / telemetry pipelines, and secure software delivery controls. - Familiarity with enterprise systems such as Salesforce, NetSuite, Workday, Jira, Confluence, Slack, Google Drive, and Glean, especially where AI workflows introduce differentiated risk. - Experience operating in a high-growth, remote-first B2B SaaS environment. - Comfort partnering closely with Security, IT, GTM Ops, Finance, People, Legal, and Support stakeholders. - Good jokes, or maybe better, bad jokes. - A love for goats. Salary Range ($128,000 - $200,000) The salary for this role is dependent on geographic location. The salary offered within the range described will be based on the individual candidate’s job-related knowledge, skills, and experience. In addition to a competitive salary, Cribl also offers a generous benefits package which includes health, dental, vision, short-term disability, and life insurance, paid holidays and paid time off, a fertility treatment benefit, 401(k), equity, and eligibility for a discretionary company-wide bonus. #LI-KJ1 #LI-Remote Bring Your Whole Self Diversity drives innovation, enables better decisions to support our customers, and inspires change for the better. We’re building a culture where differences are valued and welcomed, and we work together to bring out the best in each other. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying. Interested in joining the Cribl herd? Learn more about the smartest, funniest, most passionate goats you’ll ever meet at cribl.io/about-us.

• Lead the execution of cybersecurity risk assessments across products, SaaS platforms, infrastructure, cloud environments, vendors, and business processes • Apply NIST RMF (800‑37, 800‑30, 800‑53), ISO 27001/27701/22301, and internal Blue Yonder cybersecurity standards in all assessments • Maintain and enhance the enterprise risk register, ensuring all risks are documented, categorized, and monitored • Develop and drive risk‑response plans, collaborating with system owners, product teams, engineering, and cloud operations • Validate mitigation effectiveness and track remediations through closure • Provide expert recommendations on security controls, configuration standards, and compensating controls • Build KPIs, KRIs, dashboards, and reporting mechanisms to measure risk posture and program performance • Present risk trends, escalations, and mitigation progress to senior leadership • Ensure compliance with internal policies such as Cybersecurity Policy, Access Control Policy, Acceptable Use, and Information Classification Standards • Partner with Threat & Vulnerability Management, Application Security, Security Architecture, and GRC teams to ensure unified risk strategy and visibility • Collaborate with Legal, Compliance, and Commercial teams on contract risk requirements and customer security obligations • Promote a risk‑aware culture by educating stakeholders on risk principles, threat landscapes, and security responsibilities • Contribute to ongoing training and awareness initiatives aligned with Blue Yonder’s enterprise security program