Title: Junior Test & Security Information Assurance (IA) Engineer Location: United States Job Description: Responsibilities for this Position Junior Test & Security Information Assurance (IA) Engineer ID: 2026-72646 US-AZ-Scottsdale US-Telework-Telework Required Clearance: Secret Posted Date: 5/18/2026 Category: Engineering-Systems Employment Type: Intern Conversion Hiring Company: General Dynamics Mission Systems, Inc. Basic Qualifications Requires a Bachelors degree in Engineering, or a related Science, Technology or Mathematics field. Also requires 8+ years of job-related experience, or a Master's degree plus 6 years of job-related experience. These are the foundational skills and qualifications we expect you to bring on day one: Required Skills & Qualifications Category Requirements Coding Demonstrated competencies in software development and the SDLC in python. Software Testing Demonstrated understanding of software testing principles including test case design, defect management, and test reporting Test Tools Hands-on experience or academic exposure to JIRA or similar defect tracking tools Automation Familiarity with test automation concepts and scripting for test execution IA/Cybersecurity Foundational understanding of Information Assurance principles and vulnerability management concepts Scanning Tools Familiarity with ACAS or similar vulnerability scanning platforms Compliance Basic understanding of STIGs and DoD security compliance frameworks Scripting Ability to write, test, and iterate scripts for system configuration and automation tasks in powershell, bash or similar. Cloud Familiarity with AWS or equivalent cloud environments for testing and development purposes Documentation Ability to produce clear, thorough, and professional technical documentation Process Understanding of Agile/Scrum, SDLC, and STLC methodologies Analytical Strong analytical skills including requirements analysis, root cause analysis, and risk assessment Communication Clear and professional written and verbal communication skills for stakeholder reporting and team collaboration CLEARANCE REQUIREMENTS: Department of Defense Secret security clearance is required at time of hire. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information. Due to the nature of work performed within our facilities, U.S. citizenship is required. Responsibilities for this Position ABOUT THE ROLE Are you a technically curious, detail-oriented engineer ready to make an impact on mission-critical systems? We are looking for a Junior Test & Security Information Assurance (IA) Engineer to join our growing team. In this dual-function role, you will contribute to both software quality assurance and cybersecurity / vulnerability management efforts in support of a dynamic defense program. You will work alongside experienced engineers, collaborate with cross-functional teams, and play a direct role in ensuring the reliability, security, and compliance of critical systems. This is an excellent opportunity for an early-career engineer to build a strong technical foundation across software testing and information assurance two of the most in-demand disciplines in the defense and government contracting space. WHAT YOU'LL EXPERIENCE In this role, you will be actively engaged in meaningful, hands-on work from day one. Here is what your day-to-day experience will look like: Software Testing & Quality Assurance Test Execution - Execute test cases both manually and through automation tools, ensuring software performs as designed - Accurately record and track test results across testing phases - Reproduce and isolate defects and bugs to support effective debugging by development teams - Perform regression testing after defect fixes to ensure no new issues are introduced - Conduct smoke testing and sanity testing on new software builds before full test cycles begin - Validate and verify that reported defects have been properly resolved Defect Management - Log clear, detailed defect reports in JIRA, the team's issue-tracking platform - Assign appropriate severity and priority ratings to identified defects - Collaborate directly with developers to investigate and resolve issues - Track defects from initial discovery through full resolution and closure - Analyze defect trends and contribute to root cause analysis efforts Documentation & Reporting - Maintain accurate and up-to-date test documentation throughout the project lifecycle - Produce Test Summary Reports at the conclusion of each testing phase, summarizing results, metrics, and quality disposition - Report test progress and key metrics to stakeholders in a clear, concise manner - Maintain Requirements Traceability Matrices (RTM) to ensure all requirements are covered by corresponding test cases Continuous Improvement - Identify opportunities to improve test processes and methodologies - Actively contribute to the development and maintenance of automation frameworks and test infrastructure Information Assurance & Cybersecurity Vulnerability Management - Support the establishment and maintenance of a vulnerability scanning cadence for the unclassified (unclass) lab environment - Manage ACAS scanning activities including plugin management, scan execution, and results review - Coordinate scanning schedules and remediation activities with the lab team - Use and maintain the BRIM Tool (or equivalent) for vulnerability data processing within the VMP Plan Automation & Scripting - Develop, iterate, and test scripts to automate the configuration of PitBull systems for ACAS scanning compatibility - Work toward packaging automation scripts into RPM packages for streamlined, repeatable deployment - Test automation scripts within the AWS cloud environment Compliance & STIG Remediation - Review systems against applicable STIGs to assess compliance posture - Identify non-compliant findings and coordinate with relevant teams to drive remediation - Document compliance status and track remediation actions to closure IA Documentation & Stakeholder Coordination - Document and finalize the Least Privilege approach for scanning users, incorporating SME feedback through structured review cycles - Deliver finalized IA documentation to the VMP Team - Update and maintain the Container Best Practices document to incorporate input from the ASU Capstone project and NCDSMO container security guidance WHAT SETS YOU APART These are the additional skills, experiences, and qualities that will make you stand out as a top candidate: Category Differentiators Advanced Tools Experience with the BRIM Tool or equivalent vulnerability management processing tools RPM Packaging Demonstrated experience packaging Linux scripts or applications into RPM packages for deployment Container Security Working knowledge of container security best practices and familiarity with NCDSMO container security guidance PitBull Familiarity Prior experience working with PitBull mandatory access control systems in a classified or DoD environment Dual Discipline Experience Hands-on experience working across both software testing/QA and cybersecurity/IA functions Cross-Domain Knowledge Understanding of cross-domain solution environments and associated security requirements Continuous Improvement Mindset Demonstrated initiative in identifying process improvements and proposing innovative solutions Collaboration with SMEs Experience participating in or facilitating technical review cycles with subject matter experts #LI-Hybrid Salary Note This estimate represents the typical salary range for this position based on experience and other factors (geographic location, etc.). Actual pay may vary. This job posting will remain open until the position is filled. Combined Salary Range USD $88,300.00 - USD $90,700.00 /Yr.

• Apoyas en la implementación del Sistema Integrado de Gestión de Seguridad y Salud en el Trabajo y Medio Ambiente (SIG HSE). • Realizar el agendamiento de exámenes ocupacionales y/o revisión de conceptos médicos • Participas y gestionas las actividades de los equipos SST (COPASST, Brigadas de emergencia). • Elaboras y actualizas los documentos de SST (políticas, procedimientos, marco legal, protocolos, etc.). • Gestionas proveedores y compras del área HSE. • Realizas el onboarding HSE de manera periódica. • Manejas las inspecciones locativas • Diseñas e implementas los procesos, programas y documentos del sistema de gestión medioambiental • Aseguras la lectura y aceptación de políticas HSE • Realizas seguimiento en reportes de accidentes y enfermedades laborales. • Actualizas los indicadores periódicos de HSE sugiriendo planes de acción. • Participas en auditorías internas y externas del SG-HSE que contrate la empresa. • Manejas y das seguimiento a los sistemas de vigilancia inscritos en el (SIG-HSE). • Brindas acompañamiento integral a las solicitudes de los colaboradores generando la mejor experiencia.

• Lead cyber risk assessments and control reviews, identifying gaps and driving remediation through to closure • Act as a bridge between GRC and technical teams, confidently challenging and validating control design and implementation • Own and maintain the Internal Control Framework, ensuring it remains relevant and up to date, and act as the focal point for internal controls within Digital Technologies, including coordination with external auditors • Drive the implementation of new controls to ensure compliance with regulations the company is subject to • Partner with Digital Technology, Enterprise Risk Management, Legal & Compliance, and Internal Audit to embed security into business processes and decision-making

Title: Senior DevSecOps / Security Engineer - Application & Cloud (Ecommerce) Location: Remote United States Department Information Technology Employment Type Full Time Location Remote Workplace type Fully remote Compensation $150,000 - $180,000 / year Job Description: Senior DevSecOps / Security Engineer - Application & Cloud (Ecommerce) Department: Information Technology Employment Type: Full Time Location: Remote Compensation: $150,000 - $180,000 / year Description At Thorne, we work to deliver high-quality, science-backed solutions to empower individuals to take a proactive approach to their well-being. Each day begins with a mission to help others discover and achieve their best health. We count on our team members to challenge and push the boundaries to make that happen. At Thorne, you'll be joining a team of more than 750 passionate individuals committed to our cause of providing superior health solutions at every age and life stage. Thorne is seeking a Senior DevSecOps / Security Engineer - Application & Cloud (Ecommerce) to secure and scale our digital platforms, including Thorne.com, mobile applications, and emerging AI capabilities. This role sits at the intersection of application security, DevSecOps, and AWS cloud infrastructure, with a strong focus on protecting ecommerce systems, customer data, and high-traffic web applications. The ideal candidate will balance remediations and hands-on execution, ensuring systems are resilient, performant, and secure, while embedding security throughout the development lifecycle. RESPONSIBILITIES Application & Ecommerce Security - Identify and remediate vulnerabilities in Java-based applications (Spring Boot, APIs, microservices) - Address OWASP Top 10 and ecommerce-specific risks, including: o Injection (SQL/NoSQL), XSS, CSRF o Broken authentication / session management o Business logic flaws (checkout, pricing, promotions, abuse scenarios) o Account takeover, credential stuffing, bot attacks - Secure checkout flows, payment integrations, subscriptions, and customer data handling - Conduct secure code reviews and support threat modeling for new features API & Integration Security - Secure REST/GraphQL APIs (authentication, authorization, rate limiting) - Prevent API abuse, scraping, and data exfiltration - Implement and enforce secure patterns (OAuth2, JWT, token management) DevSecOps & CI/CD Security - Implement and manage security tooling in CI/CD pipelines: o SAST (Java-focused), DAST, SCA (dependencies), secrets scanning - Secure build and deployment pipelines - Enforce secure coding standards and automate policy checks - Own infrastructure-as-code security (Terraform) for app environments AWS Cloud Security (Critical) - Secure application workloads on AWS (EKS/ECS, EC2, Lambda, API Gateway, S3, RDS) - Implement and validate: o IAM roles and least privilege access o Network segmentation (VPCs, security groups, private/public boundaries) o Secrets management (AWS Secrets Manager, Parameter Store) o Data protection (encryption at rest/in transit) - Partner with Infra to ensure alignment with enterprise guardrails, while owning app-layer cloud security Runtime Protection & Detection - Implement and tune WAF, bot protection, and rate limiting for ecommerce surfaces - Partner with Infra on CrowdStrike coverage for application workloads - Support detection and response improvements for: o Web/app-layer attacks o API abuse - Triage and remediate findings from: o Pen tests o Purple team exercises o Assumed breach scenarios Security Program Execution - Translate security findings into prioritized engineering work - Partner with external security testing partners on risk prioritization (CTRM) tied to business impact - Drive adoption of security best practices across engineering teams - Act as a bridge between Ecom, Infrastructure, and external security partners WHAT YOU NEED Application & Ecommerce Security - Identify and remediate vulnerabilities in Java-based applications (Spring Boot, APIs, microservices) - Address OWASP Top 10 and ecommerce-specific risks, including: - Injection (SQL/NoSQL), XSS, CSRF - Broken authentication / session management - Business logic flaws (checkout, pricing, promotions, abuse scenarios) - Account takeover, credential stuffing, bot attacks - Secure checkout flows, payment integrations, subscriptions, and customer data handling - Conduct secure code reviews and support threat modeling for new features API & Integration Security - Secure REST/GraphQL APIs (authentication, authorization, rate limiting) - Prevent API abuse, scraping, and data exfiltration - Implement and enforce secure patterns (OAuth2, JWT, token management) DevSecOps & CI/CD Security - Implement and manage security tooling in CI/CD pipelines: - SAST (Java-focused), DAST, SCA (dependencies), secrets scanning - Secure build and deployment pipelines - Enforce secure coding standards and automate policy checks - Own infrastructure-as-code security (Terraform) for app environments AWS Cloud Security (Critical) - Secure application workloads on AWS (EKS/ECS, EC2, Lambda, API Gateway, S3, RDS) - Implement and validate: - IAM roles and least privilege access - Network segmentation (VPCs, security groups, private/public boundaries) - Secrets management (AWS Secrets Manager, Parameter Store) - Data protection (encryption at rest/in transit) - Partner with Infra to ensure alignment with enterprise guardrails, while owning app-layer cloud security Runtime Protection & Detection - Implement and tune WAF, bot protection, and rate limiting for ecommerce surfaces - Partner with Infra on CrowdStrike coverage for application workloads - Support detection and response improvements for: - Web/app-layer attacks - API abuse - Triage and remediate findings from: - Pen tests - Purple team exercises - Assumed breach scenarios Security Program Execution - Translate security findings into prioritized engineering work - Partner with external security testing partners on risk prioritization (CTRM) tied to business impact - Drive adoption of security best practices across engineering teams - Act as a bridge between Ecom, Infrastructure, and external security partners WHAT WE OFFER - Competitive compensation - 100% company-paid medical, dental, and vision insurance coverage for employees - Company-paid short- and long-term disability insurance - Company- paid life insurance - 401k plan with employer matching contributions up to 4% - Gym membership reimbursement - Monthly allowance of Thorne supplements - Paid time off, volunteer time off and holiday leave - Training, professional development, and career growth opportunities