Role Description The OT Security Manager will lead the development and execution of cybersecurity strategy for Operational Technology environments, establishing an OT Security Center of Excellence and driving best practices. Your responsibilities include: - Deploying and managing the Claroty platform to enhance visibility, risk management, and secure remote access across industrial sites. - Collaborating with operations, engineering, IT, and executive stakeholders to ensure secure and compliant industrial environments. - Managing a team of cybersecurity engineers and acting as a strategic advisor for digital transformation. - Monitoring evolving threats, guiding investment decisions, and fostering a security-by-design culture while managing risks related to connectivity, IACS, and third-party integrations. Qualifications - Solid understanding of cybersecurity frameworks relevant to OT (NIST CSF, ISA/IEC 62443, ISO 27001). - Knowledge of network architecture, segmentation, and firewalling in OT networks. - Understanding of OT environments, protocols (e.g., Modbus, OPC, DNP3), and systems (e.g., SCADA, DCS, PLCs). - Hands-on knowledge of Claroty platform (especially xDome and SRA) would be a plus. - Familiarity with legacy OT systems and their cybersecurity limitations. - Understanding of IT/OT convergence and hybrid cybersecurity strategies. Requirements - Proficiency in risk assessment, threat modeling, and vulnerability management specific to OT. - Additional languages (e.g., Portuguese, French, Swedish) are a plus, depending on site locations and stakeholder geography. Benefits - Premium suite of health and wellness programs for you and your family, including medical, dental, vision, disability, and life insurance. - Generous 401(k) plan with matching company contributions. - Paid time off and paid holidays per year.

Role Description The Information Security Intern will assist the Governance Risk & Compliance Analysts and Information Security Engineers with daily operational tasks including key controls that use the following technologies: - Microsoft Office 365 - Active Directory - Varonis - Splunk - Crowdstrike - Proofpoint The intern will be given tasks to complete independently with limited supervision in support of the overall security environment work including third party risk assessments. The internship will take place in a remote capacity. Qualifications - Currently enrolled in accredited undergraduate college - Ability to communicate effectively both orally and in writing - Good project management skills - Strong interpersonal, teamwork, and leadership skills - Good analytical, conceptual and problem solving skills to evaluate business problems and apply knowledge to identify appropriate solutions - Must be eager to learn, self-motivated, flexible, accountable and can effectively handle multiple tasks at one time - Excellent organizational and time-management skills - Knowledge of computers to operate effectively with PowerPoint presentations, Excel spreadsheets, and Microsoft Office products Requirements - Internship will run from ~06/2026 through ~12/2026

Role Description We’re looking for a GRC Analyst to help ensure our cloud services meet key public sector security and compliance standards (including FedRAMP and PBMM). In this role, you’ll play a critical part in enabling government customers to securely and confidently use our platform. You’ll work across engineering, security, and compliance teams to support audits, maintain authorization status, and continuously improve our security posture. What you’ll get to do - Support FedRAMP & NIST Compliance - Support authorization, compliance, and continuous monitoring activities - Interpret and apply security controls and control enhancements - Keep key documentation up to date, including system security plans, policies, and control descriptions - Track compliance against established baselines (Low / Moderate / High) - Partner on audits and assessments - Work cross-functionally to ensure we’re always audit-ready: - Coordinate and support third-party audits (including 3PAO assessments) - Gather and review evidence from engineering, infrastructure, and operations teams - Respond to auditor questions and information requests - Help track remediation efforts and support closure of identified gaps - Contribute to annual assessments, penetration test reviews, and vulnerability reporting - Contribute to continuous monitoring - Help maintain a strong and consistent compliance posture by: - Supporting monthly FedRAMP continuous monitoring activities - Reviewing vulnerability scans and tracking remediation progress - Coordinating incident reporting and change management impacts - Ensuring changes follow approved compliance processes - Identifying and escalating potential compliance risks - Collaborate across teams - You’ll act as a bridge between technical and non-technical stakeholders: - Partner with Cloud Engineering, DevOps, Security Operations, Legal, and Product teams - Translate technical controls into clear, audit-ready documentation - Support internal reporting and briefings on compliance status and risk - Support governance and documentation - Maintain organized compliance evidence repositories - Assist with internal audits and readiness assessments - Contribute to updates of policies and standards aligned to federal requirements - Support responses to customer and government security questionnaires Qualifications - Experience in GRC, cybersecurity compliance, or audit support (typically 2+ years) - Familiarity with frameworks such as FedRAMP, NIST SP 800-53, or similar compliance programs - Experience working with auditors or assessment organizations (e.g., 3PAOs) is a plus - Exposure to cloud environments such as AWS or Azure Requirements - The FedRAMP lifecycle and continuous monitoring processes - NIST 800-53 control families - POA&M management and risk tracking - Analyzing technical controls and clearly documenting compliance - Working with compliance or GRC tools, ticketing systems, or evidence repositories Benefits - Excellent time away from work programs - Comprehensive wellness initiatives - Recognition through competitive pay and benefits - Opportunities for personal and professional growth - Commitment to community impact, including volunteer days and charity initiatives

Role Description As a Lead Security Engineer (Consultant) in Kainos, you will be responsible for leading our security engineering and security testing efforts across Kainos Platforms and Services. Your responsibilities will include: - Setting direction on our security testing methodology, engagement scoping, outputs, and tool/technology selections. - Developing junior security engineers. - Working with agile delivery teams to promote good security practices throughout the software development journey. - Sharing knowledge and educating customers and Kainos team members on good security practices. - Managing, coaching, and developing a small number of staff, focusing on performance management and career development. - Providing direction and leadership for your team while solving challenging problems together. Qualifications - Expertise in securing Web Applications and Cloud Platforms (e.g. AWS/Azure). - Expertise in testing software and infrastructure security using existing manual or automated security tools. - Expertise in assessing software and infrastructure source code from a security standpoint. - Expertise in Continuous Security, Continuous Integration, and Continuous Delivery techniques. - Knowledge of international security standards and regulations such as NCSC, NIST, CIS, PCI, GDPR, OWASP ASVS, HIPPA, SOC2, etc. - Knowledge of typical cyber security attack vectors (e.g. OWASP Top 10, SQL, XSS, XXE, MITM, etc.) and ability to articulate threats and risks via threat modelling exercises/workshops. - Excellent communication skills, with the ability to convey security complexities to audiences of various technical abilities. - Demonstrated ability in managing, mentoring, and coaching team members and the wider community. - Good programming or scripting experience across Windows/Linux/MacOS. - Stays up to date with new threats and attack types. Requirements - Penetration testing qualifications (e.g. OSCP, CREST, TIGER or equivalent). - Experience of working with external penetration test companies to translate report findings into actionable tasks. - Experience with security tools (e.g. Burp Suite, OWASP-ZAP, NMAP, Nessus, Kali, Metasploit, etc.). - Knowledge about main cyber security areas (e.g. OSINT, network scanning, enumeration, sniffing, session hijacking, social engineering, firewalls, honeypots, IDS/IPS/WAF/AV/DLP, Cryptography/PKI, IoT threats, trojans/viruses/worms/backdoors/ransomware, etc.). - Active participation in knowledge sharing activities, both within the team and at a wider level. - Active involvement in the security community – conference speaking, sharing knowledge externally. - Experience of working in an Agile environment. Benefits - People-first culture where ideas are valued and growth is supported. - Opportunity to be part of a diverse, ambitious team that celebrates creativity and collaboration.