• Ensure security controls are deployed, operating effectively, and aligned with organizational security policies and standards. • Monitor, review, analyze, and respond to security alerts generated from various security platforms. • Tune and optimize security alerts to reduce false positives and improve detection effectiveness. • Ensure assets are properly onboarded and reporting into required security monitoring and vulnerability management tools. • Lead and support the vulnerability management lifecycle, including: Conducting regular vulnerability scans using automated tools, Analyzing scan results and prioritizing findings based on risk, Working closely with infrastructure, application, and development teams to remediate vulnerabilities and validating fixes, Perform and manage web application security scans, interpret findings, and provide clear remediation guidance to development teams. • Monitor threat intelligence feeds and external advisories to identify emerging threats, vulnerabilities, or risks relevant to the organization. • Participate in incident response activities, including identification, containment, eradication, and recovery efforts. • Assess, develop, and apply updated or strengthened security measures to respond to changing threats, regulatory and business requirements, enhancing both cloud and on-premises security posture. • Work with IT, engineering, and business teams to develop, review, and implement secure configurations, standards, and policies. • Assists project teams in the implementation of security measures to meet UBC cybersecurity policies and external governances, e.g., HIPAA, GDPR, CCPA. • Maintain accurate and up-to-date security documentation for systems, applications, and processes. • Collaborate with other security team members on security initiatives and best practices Support annual security initiatives and defined deliverables aligned with the organization’s security roadmap. • Participate in special projects and perform additional duties as assigned.

Role Description - Perform C and C++ code reviews and structured vulnerability analyses in accordance with security framework/certification requirements (e.g., OCP S.A.F.E., EMVCo). - Translate vulnerability analysis findings into clear and actionable input for the security testing team, aligning results with applicable scheme thresholds and evaluation metrics. - Perform embedded testing on devices under evaluation e.g. firmware reversing, MITM, interface probing, etc. - Contribute to technical aspects of evaluation projects by working with a project manager, technical lead, and other project team members to ensure compliance, technical rigor, and timely delivery. Qualifications - Bachelor’s degree in Computer Science, Computer Engineering or Electrical Engineering or equivalent experience. - Minimum of 2 years of experience in the security evaluation domain. - Proven proficiency in at least two of the following: C, C++, Assembly. - Experience with secure embedded systems, such as Smart Cards, Secure Elements, System-on-Chips (SoCs), Trusted Execution Environments, smart light, remote control, ECUs, etc. - Good understanding of low-level computer architecture, security concepts, embedded system architecture, OS internals, Trusted Execution Environments. - Good understanding of practical cryptography algorithms and protocols. - Able to develop exploits for embedded devices. - Excellent interpersonal and communication skills; thrives in team environments with diverse stakeholders (technical teams, project managers, and customers). - Experience with Android, Java, and Kotlin is a plus. - Willingness to travel to clients in North America, Europe, or Asia. Requirements - Santa Clara, CA Pay Range: MIN $122,000.00 - MAX $184,000.00 Benefits - Keysight is an Equal Opportunity Employer.

Role Description A hands-on position that helps maintain and improve UBC's Cybersecurity program. Perform Threat Intelligence analysis, assist the incident response team with investigations, ensure the security and compliance of information system assets, while maturing the overall Cybersecurity program. Ensure the security of information system assets and protect them from intentional or inadvertent access, disclosure, or destruction in accordance with company policies and industry standards such as ISO 27000, HIPAA, GDPR, and CCPA. Ensure employees understand and adhere to necessary procedures to maintain security. Must be able to weigh business needs against security concerns and articulate issues and options to management. Performs risk assessments for sensitive internal and external systems and perform threat modelling. Job Responsibilities - Ensure security controls are deployed, operating effectively, and aligned with organizational security policies and standards. - Monitor, review, analyze, and respond to security alerts generated from various security platforms. - Tune and optimize security alerts to reduce false positives and improve detection effectiveness. - Ensure assets are properly onboarded and reporting into required security monitoring and vulnerability management tools. - Lead and support the vulnerability management lifecycle, including: - Conducting regular vulnerability scans using automated tools, - Analyzing scan results and prioritizing findings based on risk, - Working closely with infrastructure, application, and development teams to remediate vulnerabilities and validating fixes, - Perform and manage web application security scans, interpret findings, and provide clear remediation guidance to development teams. - Monitor threat intelligence feeds and external advisories to identify emerging threats, vulnerabilities, or risks relevant to the organization. - Participate in incident response activities, including identification, containment, eradication, and recovery efforts. - Assess, develop, and apply updated or strengthened security measures to respond to changing threats, regulatory and business requirements, enhancing both cloud and on-premises security posture. - Work with IT, engineering, and business teams to develop, review, and implement secure configurations, standards, and policies. - Assist project teams in the implementation of security measures to meet UBC cybersecurity policies and external governances, e.g., HIPAA, GDPR, CCPA. - Maintain accurate and up-to-date security documentation for systems, applications, and processes. - Collaborate with other security team members on security initiatives and best practices. - Support annual security initiatives and defined deliverables aligned with the organization’s security roadmap. - Participate in special projects and perform additional duties as assigned. Qualifications - Bachelor’s degree in computer related field, or 4 – 6 years equivalent experience. - 3 – 5 years of relevant working experience, preferably in IT Security. - Certification in Information Security (GIAC - GSEC, Security+, CISSP, CompTIA CySA+ or equivalent) preferred. - Familiarity with external regulations, e.g., GDPR, 21CFR part 11, HIPAA, Sarbanes-Oxley. - Strong understanding of information security principles and frameworks. - Strong experience in vulnerability management, including scanning, remediation coordination, and verification. - Hands-on experience with automated vulnerability scanning tools, including web application scanning solutions. - Understanding of web application security concepts (i.e., OWASP Top 10) and common attack techniques. - Familiarity with domain structures, user authentication, and digital signatures. - Experience with various on-premises and cloud security controls and systems (i.e., MS Intune, MS ATP, MS Purview, Active Directory, IAM). - Strong documentation and communications skills. - Experience in research and analysing findings. - Experience as part of an incident response team. - Digital Forensics experience is a plus. - Programming and scripting experience is a plus. - Experience with cloud architecture is a plus. - Experience or comprehension of AI tools and various uses is a plus. - Demonstrated ability to coordinate with various teams for project/activity completion, work in a team environment, sharing workloads and responsibilities. - Ability to work in a flexible environment where requirements and procedures continuously evolve. - Ability to multi-task and manage time effectively. - Flexible hours, with availability for after-hours support as needed. - Participate in on-call rotation to respond to security alerts as needed. Benefits - Competitive salaries - Growth opportunities for promotion - 401K with company match* - Tuition reimbursement - Flexible work environment - Discretionary PTO (Paid Time Off) - Paid Holidays - Employee assistance programs - Medical, Dental, and vision coverage - HSA/FSA - Telemedicine (Virtual doctor appointments) - Wellness program - Adoption assistance - Short term disability - Long term disability - Life insurance - Discount programs

• Assist in conducting security assessments for new and existing third parties and partners • Support subject matter experts in explaining and documenting the risk management process and timelines • Perform initial screening and documentation of potential risks for proposed vendor products/services • Assist in scheduling and preparing for periodic reviews of vendor adherence to Amex GBT standards • Input and track information in the Amex GBT GRC tool to support vendor review workflow • Support internal security compliance audit through evidence gathering • Collaborate with Information Security team members to gather and compile security-related information • Assist in preparing reports and dashboards for the Third-Party Cyber Security team