• Take technical command of critical (P1) incidents, defining response strategy, prioritization, and business trade-offs. • Coordinate complex, multi-vector investigations across endpoint, identity, email, cloud, network, and applications. • Perform or direct advanced forensic analysis, ensuring chain of custody and proper interaction with legal and privacy teams. • Design, evolve, and maintain the Incident Response capability, including processes, tools, integrations, metrics, and readiness roadmap. • Mentor junior and mid-level professionals, lead tabletop exercises and crisis simulations, and represent the function to executives, auditors, and regulators. • Manage relationships with strategic vendors and partners (DFIR, CSIRT, Threat Intelligence), conducting POCs and technical evaluations when needed. • Define and maintain detection standards and conventions, including naming, severity, lookback windows, and cost/performance boundaries. • Plan and execute the detection roadmap aligned to key risks, threats, and organizational objectives (e.g., coverage of top TTPs). • Establish quality metrics and technical gates, such as minimum accuracy, mandatory testing, cross-review, and promotion criteria for production. • Lead purple teaming initiatives, continuous control validation and detection of emerging techniques; guide hypothesis-driven hunting. • Serve as a technical reference in detection code reviews, mentor the team, and represent the topic in technical committees and executive forums. • Evaluate SIEM/XDR/NDR tools, frameworks, and architectures, conducting POCs and adopting detection-as-code at scale. • Define content standards, detection architecture, and coverage strategy based on the MITRE ATT&CK framework. • Ensure operational quality through SLOs, effectiveness metrics, and advanced detection testing.

Role Description The Cybersecurity Intern will assist the cybersecurity team in enhancing our cybersecurity posture, ensuring that our systems and data remain secure from potential threats. The successful candidate provides technical cybersecurity support, investigates alerts, assists with internal audits, and closes tickets efficiently. This position requires strong analytical skills, basic knowledge of cybersecurity standards and principles, and the ability to interface effectively with all levels of the organization. The successful candidate must possess strong communication and organizational skills. Location: Remote with possibility to be onsite, 10% Travel Responsibilities - Work closely with Cybersecurity and Technology teams to ensure cybersecurity controls align with organizational goals and regulatory requirements. - Support and enforce governance and compliance frameworks to align with industry standards and regulations. Specifically, CMMC & Cyber Essentials. - Utilize Rapid7’s InsightIDR security center for incident detection and response, authentication monitoring, and endpoint visibility. - Utilize Rapid7’s InsightVM to identify vulnerabilities and leverage Action1 to deploy patches to remediate vulnerabilities identified. - Assist with audits and assessments to ensure adherence to compliance requirements. - Monitor various cybersecurity platforms and provide support for security related incidents, responding using the defined procedures. - Enforce and advocate IT security related policies and procedures to ensure compliance with regulatory and customer cybersecurity requirements. - Research emerging threats and vulnerabilities to aid in the identification of network incidents. - Other duties as assigned. Qualifications - Pursuing a degree in Cybersecurity, Computer Engineering, or related technical field. - Basic understanding of Threat Actor tactics, risk management principles and methodologies. - Excellent analytical, problem-solving, and decision-making skills. - Effective communication and interpersonal skills, with the ability to collaborate with cross-functional teams. - Ability to follow detailed procedures and policies. - Ability to work independently, managing multiple tasks and deadlines in a fast-paced environment. - Experience in IT systems administration or cybersecurity is beneficial. Benefits - Health and disability insurance - 401(k) match - Flexible spending accounts - EAP - Paid time off - Company-paid holidays

• Act as the primary engineer for Okta, managing advanced configurations including custom authorization servers, adaptive MFA, and conditional access policies. • Design and maintain automated joiner-mover-leaver (JML) workflows using Okta Workflows, SCIM, or custom API scripts to eliminate manual provisioning errors. • Standardize and implement SSO integrations utilizing SAML 2.0, OIDC, and OAuth 2.0, ensuring secure token exchange and scoping. • Design, audit, and refine Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) models across all enterprise SaaS platforms. • Monitor and remediate unauthorized data sharing, public file exposure, and "shadow IT" API integrations within our SaaS ecosystem. • Lead quarterly user access reviews (UARs) and provide evidentiary support for security frameworks such as SOC 2 Type II, ISO 27001, and GDPR. • Leverage SSPM tools or native security centers to continuously audit and harden SaaS application configurations. • Analyze Okta System Logs and SaaS audit logs to detect anomalous behavior (e.g., impossible travel, credential stuffing, unauthorized data exfiltration). • Collaborate with the SOC team to ensure critical IAM and SaaS logs are correctly ingested into our SIEM for real-time alerting.

Role Description We are looking for a Security GRC (Governance, Risk, and Compliance) Engineer to drive data compliance governance and audit execution. This role focuses on building practical, enforceable, and auditable controls around data access, data lifecycle, product data usage, and cross-border data flows. This is a hands-on, execution-focused role working directly with data systems and audit processes (not a policy-only role). Responsibilities - Data Compliance Governance - Support US data compliance requirements (e.g., CCPA, EO 14117) - Perform gap analysis and define remediation plans - Design and implement controls for: sensitive data classification, access governance, data lifecycle management - Build processes for data subject rights (deletion, access, portability) - Participate in product and engineering reviews (e.g., DPIA) - Support compliance for new features, data use cases, and vendor/cross-border scenarios - Compliance & Audit Execution - Support SOC 2 readiness and audit execution - Conduct access reviews, log validation, and anomaly detection - Maintain audit records and generate compliance reports - Build or improve automated evidence collection (e.g., scripting) - Work with internal teams and external auditors to provide audit evidence Qualifications - Authorized to work in the United States - Mandarin preferred for day-to-day collaboration - Bachelor’s degree or above in Computer Science, Information Security, or a related technical field - 3–5 years of experience in Security, GRC, Data Security, or Data Compliance - Hands-on experience with at least one compliance framework (e.g., SOC 2, CCPA, GDPR, 14117), beyond policy or documentation - Practical experience in data compliance governance, including: sensitive data identification and classification, access control and access governance, data lifecycle management (storage, usage, deletion, portability) - Ability to work with data systems (e.g., databases, data flows, APIs) and translate compliance requirements into technical implementations - Basic technical capability (e.g., Python, Golang, or scripting) to support audit automation, data validation, or tooling - Strong cross-functional communication skills, with the ability to work closely with engineering, product, data, and infra teams Requirements - Relevant certifications such as CISSP, CISM, or CIPP/US - Experience in SaaS / e-commerce platforms (e.g., Shopify ecosystem) or third-party integrations - Background in data governance, data platforms, or analytics - Familiarity with cross-border data transfer compliance - Understanding of web accessibility standards (e.g., WCAG, ADA) and related privacy/security considerations Benefits - Pay: $120,000.00 - $160,000.00 per year - 401(k) matching - Flexible schedule - Health insurance - Paid time off - Vision insurance