• Manage inbound security questionnaires/RFIs and coordinate inputs across IT, Legal, Engineering, and other stakeholders • Maintain and continuously improve a centralized library of standardized, policy-aligned security responses • Track questionnaire/RFI status, deadlines, and follow-ups to ensure accurate, on-time delivery • Support the end-to-end third-party vendor risk lifecycle, including onboarding, periodic reviews, and offboarding • Conduct vendor security risk assessments using established frameworks and questionnaires (e.g., SIG, CAIQ, custom templates) • Maintain the vendor risk register, including risk ratings, evidence requests, remediation actions, and review schedules; escalate high-risk findings • Coordinate audit readiness activities (e.g., SOC 2 Type II, TISAX, internal audits), including continuous evidence collection and audit calendars • Serve as a point of contact during audit fieldwork by scheduling walkthroughs, gathering artifacts, and tracking auditor requests • Track audit findings and management responses and follow remediation commitments through closure; help update control narratives, policies, and procedures • Monitor and track vulnerabilities (scans, penetration tests, threat intel), maintain the vulnerability register, drive follow-ups, and produce status reporting.

Role Description Provide enterprise cybersecurity systems engineering, integration, and modernization support for HHS cybersecurity initiatives related to Post-Quantum Cryptography (PQC), Zero Trust (ZT), and enterprise security interoperability. - Support analysis, coordination, and integration of cybersecurity technologies, systems, and enterprise security architectures across HHS environments. - Assess interoperability, dependencies, and integration considerations between cybersecurity tools, cryptographic technologies, governance processes, and enterprise systems. - Support implementation planning and coordination for cybersecurity modernization initiatives involving PQC readiness, cryptographic agility, and Zero Trust alignment. - Assist in evaluating system configurations, security architecture alignment, and technical dependencies across enterprise environments. - Collaborate with technical and program stakeholders to support secure, scalable, and interoperable cybersecurity modernization efforts. - Support enterprise cybersecurity engineering activities across cloud, hybrid, and on-premises environments, as applicable. Qualifications - Support enterprise cryptographic discovery, dependency analysis, and interoperability assessment activities associated with cybersecurity modernization and PQC readiness initiatives. - Support discovery and inventory activities related to cryptographic assets across enterprise environments. - Assess and review data related to cryptographic dependencies across enterprise systems, applications, and network environments to identify vulnerable cryptographic implementations and technologies impacted by PQC migration requirements. - Assist in identifying legacy systems, applications, and technologies that may not support PQC algorithms or cryptographic agility principles. - Support interoperability assessments and dependency analysis related to enterprise cryptographic modernization initiatives. - Assist with the evaluation of operational impacts, integration dependencies, and transition considerations associated with PQC modernization efforts. Requirements - Support planning, coordination, and technical integration activities associated with Post-Quantum Cryptography modernization initiatives. - Support the development of migration strategies and implementation roadmaps for transitioning enterprise cybersecurity environments toward PQC-capable solutions. - Assist with implementation planning for TLS 1.3 adoption and other modern cryptographic protocols. - Support evaluation of vendor documentation, product roadmaps, and PQC readiness statements for enterprise technologies and security platforms. - Assist with architecture reviews to support future-state cybersecurity environments, incorporating cryptographic agility principles. - Assist with the development of technical standards, implementation guidance, and engineering baselines supporting PQC migration and modernization activities. - Support evaluation of emerging cybersecurity technologies, standards, and modernization approaches related to PQC implementation considerations. Benefits - Support testing, validation, and technical assessment activities associated with cybersecurity modernization and PQC readiness initiatives. - Assist with the development of testing procedures, interoperability assessments, and validation criteria for PQC-capable technologies and modernization initiatives. - Support review of test results, operational impacts, compatibility considerations, technical risks, and recommended remediation approaches. - Support pilot implementations, proof-of-concept activities, and technical coordination efforts related to PQC migration and cybersecurity modernization planning. - Support risk identification, impact assessments, and technical analysis associated with enterprise cybersecurity modernization efforts. Documentation, Reporting & Stakeholder Coordination - Support operational visibility, technical documentation, reporting, and stakeholder coordination activities across cybersecurity modernization initiatives. - Assist with the development and maintenance of technical documentation, implementation procedures, engineering diagrams, architecture artifacts, and operational guidance. - Support preparation of reports, technical summaries, status updates, technical briefings, leadership presentations, and decision support materials. - Document identified risks, issues, dependencies, implementation considerations, and recommendations associated with PQC migration and cybersecurity modernization activities. - Support the development of inventory reports, migration-related documentation, dashboards, trackers, and reporting artifacts required for federal reporting and compliance activities. - Communicate technical concepts, modernization impacts, and interoperability considerations clearly to both technical and non-technical stakeholders. - Contribute to continuous improvement efforts supporting enterprise cybersecurity modernization, systems integration, and governance alignment.

Title: Project Coordinator II, Security Location: California, United States Job Description: Location: This is a 100% remote position. The position may be hybrid if the employee is local, in the San Diego, California region. Hybrid work model: 60% remote, 40% on-site as needed. General Summary The Project Coordinator will be part of an established team providing comprehensive project coordination of security projects. The role requires experience with supporting small through large-scale projects from inception through completion. Supervision Level: Reports to Director, Network Communications. Responsibilities: - Provides project support, including meeting coordination and project progress tracking. - Maintains documentation, meeting minutes, action items, deliverables, purchase orders, material shipments, return authorizations, and change orders. - Collaborates with internal and external stakeholders to understand project needs and meet requirements. - Assists project managers with preparing work orders documents, budgets, schedules, statement of work, and project plans. - Prepares summaries and detailed project reports for management and project team members. - Communicates project milestones, progress, and deliverables. - Conducts audits to ensure accuracy, quality, and completeness of project scopes. - Monitors budgets, forecasts, and develops monthly variance reports. - Provides Request for Information and Request for Proposal support as needed. - Identifies and raises issues and risks; recommends actions to resolve. - Performs other duties as assigned.

• Own and maintain cloud infrastructure across AWS and container-based environments • Design, build, and maintain infrastructure using Infrastructure as Code tools such as Terraform • Support with future replatforming and infrastructure modernisation initiatives, including migration from Heroku to AWS container platforms • Manage vulnerability remediation processes including CVE tracking, security patching, and maintaining regular patching cadences • Support operational resilience (OR), disaster recovery (DR), backup strategies, and business continuity planning • Help maintain and improve security and compliance processes aligned with ISO27001 framework • Improve system reliability, scalability, resilience, and performance across the Mast platform • Troubleshoot infrastructure, platform, networking, and security related issues across environments • Contribute to incident response processes and ongoing operational improvements • Build systems and tooling that automate infrastructure management and operational workflows wherever possible • Implement and maintain observability tooling including monitoring, logging, alerting, and tracing • Building tools and platforms that enable product teams to provision resources autonomously (self-service) • Building and maintaining CI/CD pipelines and deployment workflows to improve developer experience and delivery velocity • Introducing guardrails for self-service cloud engineering by development teams