• Write comprehensive articles on a variety of topics including Zero Trust architecture, threat intelligence, cloud security, (CSPM/CWPP), and incident response • Demonstrate the ability to adapt tone and technical depth to speak to diverse audience, from C-suite executives (CISCOs) to hands-on SOC analysts • Have a firm grasp on writing effective, high-CTR titles that resonate with the cybersecurity community and attract high-authority press • Successfully implement feedback from editors and clients to ensure 100% technical accuracy • Deliver content that doesn't just explain "what" a threat is, but provides actionable strategies for improving a client's security posture

Role Description Evaluates application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms. - Responsible for the build, integration, and operation of security architecture components. - Identifying security tools, secure configurations, and processes in order to support security standards and compliance requirements. - Have the technical depth to be hands on to remediate security vulnerabilities and/or develop technical solutions to security compliance areas. - Work closely with the infrastructure architecture, development architecture, technical operations, and development teams to ensure changes are well designed and coordinated across the enterprise. - Explains and demonstrates vulnerabilities to application owners, and provide recommendations for mitigation. - Conducts and coordinates vulnerability assessments of software application under development. - Identifies additional application security related tools, conducts tool analysis, and provided recommendations. - Trains developers and other relevant team members on Secure Code Development as well as other security protocols as needed. Qualifications - Bachelor’s Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. - 5-10 years of experience as an Application Security Developer, Application Security Analyst, or equivalent. Requirements - Experience with Nessus, Appscan, DB Protect, Venafi, and BURP. - Experience with performing analysis of security scan results and implementing remediations to correct findings. - Experience with AIX, RedHat Linux, Agile preferred. Benefits - Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. - The compensation displayed for this role is a general guideline based on these factors and is unique to each role. - Monetary compensation is one component of ASM's overall compensation and benefits package for employees. Company Description - It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. - We affirm our commitment to these fundamental policies. - All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. - All decisions on employment are made to abide by the principle of equal employment.

Role Description Enforces application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms. - Provides support for the implementation and integration of Okta identity services within federal environments. - Responsible for configuring authentication, authorization, MFA, and application onboarding. - Supports user provisioning, federation setup, and secure access workflows for cloud and on-premises systems. - Works closely with cybersecurity, infrastructure, and application teams to ensure identity integrations meet federal security expectations and align with Zero Trust principles. Qualifications - Bachelor’s Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. Master’s Degree preferred. - 5-7 years of experience in a relevant field. - Experience configuring Okta components such as SSO, MFA, and application integrations. - Understanding of SAML, OIDC, and other identity federation standards. - Ability to onboard enterprise applications into Okta. - Familiarity with identity lifecycle processes such as provisioning, de-provisioning, and access management. - General understanding of federal identity/security expectations (least privilege, audit readiness, secure authentication). - Experience modernizing identity services for federal agencies. - Hands-on experience integrating Okta with cloud platforms (AWS, Azure, M365). - Familiarity with Zero Trust identity architectures. - Ability to automate identity workflows or configurations using scripts or orchestration tools. Requirements - Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. - The compensation displayed for this role is a general guideline based on these factors and is unique to each role. - Monetary compensation is one component of ASM's overall compensation and benefits package for employees. EEO Requirements - It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. - We affirm our commitment to these fundamental policies. - All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. - All decisions on employment are made to abide by the principle of equal employment. Physical Requirements - The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. - Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions. Disclaimer The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.

• Provide cloud security capabilities that are proactive, preventive-focused models that address modern threats, including those driven by AI-enabled attack techniques. • Expanding into next-generation security domains such as AI/ML security, container security, and advanced threat detection and response. • Design and implement cloud security controls that reduce risk and improve prevention, detection, and response capabilities. • Contribute to securing multi-cloud and hybrid environments across AWS, Azure, GCP, and on-premise infrastructure. • Implement security controls for AI/ML workloads, including protecting data pipelines, model services, and AI-integrated applications. • Identify and help mitigate AI-specific risks such as prompt injection, data poisoning, and model/data leakage. • Apply DevSecOps and Infrastructure-as-Code (IaC) practices to integrate security into CI/CD pipelines. • Partner with product and platform teams to implement secure architecture patterns and cloud security standards. • Utilize CNAPP platforms and related tools to identify and remediate risks across cloud, container, and AI environments. • Implement and maintain security controls for containerized environments, including Kubernetes cluster configuration, image scanning, and runtime protection. • Support monitoring, detection, and response capabilities, including integration with cloud-native telemetry and security tooling. • Participate in threat modeling and risk assessments (Attack Surface Management, Data Security Posture Management, etc.) for cloud-native and AI-enabled systems. • Develop and maintain automation solutions to improve security coverage and operational efficiency. • Deploy and manage infrastructure using Infrastructure-as-Code (IaC) tools and best practices. • Contribute to security initiatives and projects, helping deliver measurable improvements to the organization’s security posture. • Support security operations and internal service requests, contributing to continuous process improvement.