• Manage and lead security initiatives, new processes, security scrums and demos, to expand and mature capabilities for the organization. • Identify and track internal and external assets to identify potential risks. Communicate these risks to internal and external stakeholders and build a plan of action. • Research and evaluate vendor and open source tools and their security and manage their compliance with security practices. • Manage and collaborate with internal and external teams to answer customer questionnaires, compliance audits and represent security internally and externally. • Oversee security awareness and phishing campaigns, and drive security maturity initiatives. • Define and own GenAI security, policies, standards, governance, monitoring, integrations. • Manage security architecture and security engineering for GenAI systems and their integrations in CI/CD, including LLMs, RAG, agents, APIs, and integrations. • Design, implement, and improve controls for access management, data protection, prompt injection, misuse, and model-related threats. • Conduct threat modeling, design reviews, access reviews, and security assessments. • Build or guide security tooling, automation, and secure development practices for AI and product teams. • Establish monitoring and lead response for AI-specific and traditional security threats. • Lead incident response, including investigation, containment, remediation, and lessons learned. • Coordinate vulnerability management, including identification, prioritization, remediation tracking, and partnership with engineering teams. • Support core security operations including security alert response and cross-functional security coordination. • Represent security in internal and external meetings to discuss security analysis, findings and security/compliance responses. • Review past incidents and identify attack trends. Finetune and reconfigure alerts based on prior incidents to improve detection.

• Own, build, and scale the team and systems for Censys’ corporate security infrastructure • Own company security needs from endpoint provisioning to deploying tools that improve our overall security posture while keeping things simple for all employees • Manage the Security team; delegate day-to-day workloads and ensure coverage of critical functions during PTO to maintain a high SLA • Own the complete endpoint lifecycle including provisioning, application deployment, security controls, and asset retirement • Work closely with internal teams to enforce compliance across endpoints and help users understand how security policies impact their daily work • Manage and secure cloud environments and coordinate security configuration of software and tools • Develop and deliver Security Awareness Training to internal users • Collect and create documentation for security processes and build out a knowledge base for the team • Design, implement, and manage the company’s Data Loss Prevention (DLP) program, including policies, tooling, and enforcement across endpoints, cloud, and email • Own and operate the insider threat program, including behavioral monitoring, investigation workflows, and coordination with Legal, HR, and senior leadership as required • Partner with engineering and infrastructure teams to ensure security telemetry and logging coverage meets both operational and compliance requirements • Lead the development and implementation of Censys’ compliance strategy to achieve and maintain compliance with ISO 27001, SOC 2 Type 2, UK NCSC Cyber Essentials+, and CMMC, in partnership with the Security and Operations teams • Develop, review, and update organizational policies and procedures to align with compliance and governance requirements • Oversee timely responses to security questionnaires and other sales requests relating to organizational and product security and privacy • Validate and respond to inbound legal process as required by federal law • Assist in the procurement process to review proposed purchases for security and privacy concerns • Manage control and process libraries • Conduct ongoing risk assessments • Other duties as assigned

Role Description This position works daily on the End Point Security for user devices. This includes working with: - Anti-Virus and Endpoint Detection and Resolution (EDR) applications such as McAFee, Cylance, and Windows Defender - Disk encryption solutions (Microsoft BitLocker and McAfee) - Tracking systems (Computrace/Absolute) for Microsoft Windows devices Responsibilities include: - Troubleshooting client agent issues, reporting, and managing exception processes - Daily management of security audits and corresponding remediation - Updating SCCM/Tanium and GPO to roll out updates and changes to the security configuration of devices - Supporting client software installation/configuration - Troubleshooting application issues that may be impacted by security tools Specific tasks include: - Detecting and installing AV and EDR agents on all required devices - Configuring white list for application protection - Configuring security settings to meet security requirements - Performing application upgrades and patches - Monitoring application health - Performing standard practices to test all updates and changes prior to agent deployment - Following ITIL and THR change management practices - Running weekly reports on encrypted devices - Locking computers that remain un-encrypted based upon security standards - Providing security with weekly reports - Working with application vendor to resolve issues - Providing technical assistance to other team members - Providing on-call after hours support Qualifications - Bachelor's Degree in Computer Science, Information Technology/Systems, Business or related field OR 4 years relevant experience in lieu of a degree (Required) - 6 Months experience working in a large enterprise environment managing end points, specifically security products, including antivirus, disk encryption on Windows - Remediation of HRV (High Risk Vulnerabilities) experience (Highly Preferred) - Anti-virus and EDR experience (Preferred) - CISSP - Certified Information Systems Security Professional Upon Hire (Highly Preferred) - MCSA - Microsoft Certified System Administrator Upon Hire (Preferred) Requirements - Full-time, Day shift; 40 hours, Monday – Friday, 8:00am to 5:00pm - Primarily Remote – must live in the Dallas-Fort Worth Metroplex Benefits - 401k - PTO - Medical - Dental - Paid Parental Leave - Flex spending - Tuition reimbursement - Student Loan forgiveness - Several other benefits - Delivery of high quality of patient care through nursing education, nursing research and innovations in nursing practice - Strong Unit Based Council (UBC) - A supportive, team environment with outstanding opportunities for growth

• Support ensuring compliance with information security policies and regulations; • Support the implementation of governance with business and Technology areas on matters related to information security and cyber risk; • Assist in creating and formatting security-related documents that need to be frequently updated, modified, stored and made available for reference and audit purposes; • Work closely with other information security teams to ensure the overall effectiveness of C&A's information security program; • Support the information security maturity assessment process for vendors; • Assist with information security awareness activities for associates and third parties; • Support the development and measurement of information security metrics;