Role Description This role supports Jet Aviation’s cybersecurity compliance program, with a focus on third-party risk management, vendor assessments, and broader compliance initiatives. The successful candidate will contribute to evaluating vendor security postures, maintaining risk documentation, supporting customer-facing security requirements, and strengthening overall compliance processes. - Support third-party risk management activities, including vendor cybersecurity risk assessments and reviews - Maintain accurate and up-to-date documentation within governance, risk, and compliance (GRC) systems - Assist in preparing and reviewing responses to customer cybersecurity questionnaires - Track and follow up on remediation actions for identified vendor compliance gaps - Collaborate with cross-functional teams (e.g., Procurement, Legal, IT) to ensure consistent third-party cybersecurity practices - Contribute to internal audits and compliance reviews related to vendor risk and regulatory requirements - Support risk assessment activities by gathering, organizing, and analysing relevant data - Assist with general cybersecurity compliance tasks, including policy adherence and regulatory alignment - Represent Jet Aviation as one company internally and externally, including engagement with industry groups, regulatory bodies, and the General Dynamics network Qualifications - 1–3 years of experience in IT, cybersecurity, compliance, or a related field - Foundational understanding of third-party risk management and cybersecurity frameworks (e.g., NIST SP 800-53, ISO 27001) - Familiarity with vendor risk assessments, security questionnaires, and compliance documentation - Strong organizational skills with the ability to manage documentation effectively - Good communication and interpersonal skills, with the ability to collaborate across teams and with external vendors - Proficiency in Microsoft Office tools (Excel, Word, PowerPoint) - Basic data analysis and reporting capabilities Requirements - Detail-oriented with a proactive approach to supporting compliance and risk management activities - Eagerness to learn and stay current with evolving cybersecurity trends and regulatory requirements - Self-motivated, with the ability to take initiative and work independently - Clear and effective communicator, able to convey technical and compliance information to diverse audiences - Demonstrates strong personal values aligned with Jet Aviation’s principles of Trust, Honesty, Alignment, and Transparency Benefits Join our team in a fully remote (work-from-home) role supporting global operations, with a stable and predictable schedule. You will work fixed hours aligned to U.S. Eastern Time (8:00 AM – 4:00 PM ET), equivalent to approximately 8:00 PM – 4:00 AM Philippines time (subject to daylight saving adjustments). As a permanent night shift position, this role offers consistency and predictability in working hours.

• Own and evolve how Bridgewater identifies, understands, and prioritizes security exposures. • Overhaul vulnerability and exposure management program by applying an adversarial mindset and sound engineering judgment. • Separate signal from noise, explain why something matters, and drive remediation that measurably reduces attack surface and enterprise risk. • Design and engineer scalable solutions that integrate vulnerability data, asset context, threat intelligence, and risk scoring into a coherent system. • Translate technical findings into clear, defensible narratives for stakeholders.

• Lead a high-performing team of offensive security researchers, supporting professional development and team wellbeing through regular video check-ins. • Facilitate regular and transparent communication via weekly and event-driven status updates covering achievements, challenges, team needs, and research progress. • Create a collaborative and supportive team environment by promoting documentation, knowledge sharing, and technical presentations. • Organize and lead engaging weekly team calls for resource sharing, brainstorming research directions, and collaborative problem-solving. • Mentor junior researchers and new hires, supporting strong onboarding, continuous learning, and ongoing professional growth. • Manage technical recruitment activities, including interviewing and evaluating candidates. • Conduct performance reviews, provide feedback, and communicate outcomes to leadership. • Plan and manage the team’s budget, covering travel, training, and conference opportunities. • Attend leadership meetings and coordinate cross-team initiatives; align team objectives with organizational priorities. • Oversee and guide the identification, analysis, and exploitation of vulnerabilities in modern operating systems, kernel components, and complex software ecosystems. • Direct research in reverse engineering, proof-of-concept exploit development, and bypassing advanced security mitigations. • Set technical priorities for the team, balancing current research objectives with exploration of new attack surfaces and technologies. • Ensure research stays current with evolving attack techniques, mitigations, and emerging technologies. • Encourage dissemination and publication of impactful research and adaptive approaches to industry-wide software/security updates.

cFocus Software seeks a Senior Security Engineer to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance. Qualifications: - Active Public Trust clearance - B.S. Computer Science, Information Technology, or a related field - 8+ years of Security Engineering experience - Strong experience with Microsoft Sentinel (SIEM) operations and engineering - Experience with Microsoft Defender for Endpoint (MDE) and Defender for Identity (MDI) - Knowledge of AWS logging (CloudTrail, VPC Flow Logs) and cloud security monitoring - Experience with log ingestion, normalization, and schema mapping - Understanding of incident response, threat detection, and SOC operations - Familiarity with NIST frameworks (800-53, 800-61, 800-92) and Zero Trust principles - Experience with detection engineering and threat hunting methodologies - Preferred certifications include but are not limited to - GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications - Microsoft Sentinel or Microsoft security platform certifications - Relevant cloud security certifications (e.g., AWS security) - Privacy certifications (e.g., CIPP/US, CIPM) where applicable Duties: - Review Microsoft Sentinel log ingestion, pipeline health, and monitoring coverage - Validate, develop, and tune detection use cases aligned with MITRE ATT&CK - Identify telemetry gaps and ensure proper ingestion and normalization of logs - Coordinate remediation activities with CBO IRM staff - Support vulnerability prioritization and patch governance validation - Validate log routing, transformation, and normalization (e.g., Cribl or similar tools) - Provide technical support during security incidents and escalation events - Support detection engineering, threat hunting, and SOC automation initiatives - Ensure alignment with Microsoft Defender (Endpoint, Identity) and AWS log sources