• Development, maintenance, advocacy, and compliance for security architecture and DevSecOps framework and policy instruments such as directives, frameworks, policies, standards, and guidelines. • Security architecture subject matter expertise in the one or more following domains: Secure application development processes and tools. • Secure business architecture. Secure data architecture. Secure application architecture. Secure technology architecture. • Consultation, evaluation, and delivery of digital service products throughout the solution development life cycle (SDLC) for conformance to IMT cybersecurity policy instruments including formulation of options and recommendations. • Conduct security review, consult, and advise on secure coding, secrets management, on-premises, Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), and third-party hosted solutions with verbal and written report. • Provide security advice to business and technical stakeholders, including senior executives. • Participate in projects as an information security subject matter expert with a focus on security architecture and security capabilities within a DevSecOps framework to protect digital service development and operations. • Participate in the identification of information security requirements, as well as the development of strategies and solutions to meet these requirements across the organization. • Facilitate or perform identification, assessment, and treatment of information and technology security threats and risks.

• Act as the technical Cyber Security specialist for OT/ICS environments, supporting high-criticality industrial operations across different companies within the Cosan Group; • Lead initiatives to expand OT security monitoring, including onboarding new plants, industrial networks, critical assets, and operational technologies into the monitoring ecosystem; • Develop and refine detection use cases for industrial environments, using OT monitoring platforms, SIEM, EDR and specialized threat detection solutions; • Perform industrial network architecture analyses, evaluating segmentation, zones and conduits, communication flows, and adherence to security best practices for ICS environments; • Participate in defining and reviewing secure architectures for new industrial projects, operational expansions, and OT digital transformation initiatives; • Support identification, analysis and assessment of cyber threats, vulnerabilities and exposures in industrial environments, proposing prioritized mitigation plans based on risk; • Work with Engineering, Automation, Network and Operations teams to implement security controls for OT environments; • Provide technical support for the cyber incident response process involving industrial systems, contributing root cause analysis, containment and corrective actions; • Conduct technical assessments of maturity, hardening, industrial network segmentation and compliance with market frameworks and standards; • Manage vendors and partners specialized in OT security, ensuring technical quality, governance and continuous evolution of contracted services; • Prepare executive reports and presentations for different organizational levels, communicating risks, metrics, progress and investment needs; • Support the definition of the Group's OT Cyber Security strategy, contributing to the advancement of industrial security maturity.

Role Description We are looking for an experienced and talented DevSecOps engineer with a focus on MS SQL and Internet Information Server to join our team! As our DevSecOps engineer, you will be working with a team of highly skilled and experienced engineers across multiple teams including development, implementation and integration, and secure operations who are delivering and operating systems for Bechtel Nuclear, Security & Environmental global business unit. These systems support our global customers and projects as they have a positive impact on cleaning up the environment, maintaining national and global security, generating sustainable energy, and returning to space. Major Responsibilities - Build, install, and support various MS SQL Server, Oracle and Mongo DB environments meeting current technical and security standards. - Support code deployments in all environments. - Support systems tests for security, performance, and availability. - Help monitor systems, provide support, and develop ways to improve these systems. - Provide technical guidance and educate team members on operational and security requirements. - Brainstorm for new ideas and ways to improve system delivery and security. - Help with regular system patching including operating system, database, application framework, and other layers. - Help with service account maintenance including password renewal/retrieval from the password vault and updating the impacted systems. - Work with all teams to achieve business objectives. Qualifications - Requires bachelor's degree (or international equivalent) and 2-5 years of relevant experience or 6-9 years of relevant work experience. Requirements - Cloud migration and operation experience, focusing on Microsoft Azure and Azure.gov as cloud provider. - Oracle RDMS including but not limited to import/export, migrations, backup restore, basic troubleshooting, user management and tablespaces. - Working understanding of code and scripts. - Working understanding of US Government data classifications and related security frameworks including but not limited to Controlled Unclassified Information (CUI), Official Use Only (OUO), and Risk Mitigation Framework (RMF). - Knowledge of application externalization technologies and methodologies including but not limited to SSL certificates, Single Sign On (SSO) interactions, and API gateway and externalizations. - Knowledge of Windows server administration for Windows 2019 and higher. - Knowledge of PowerShell scripting or other scripting languages to automate processes during deployment, operations, and maintenance. - Knowledge of best practices and IT operations in an always-up, always-available service mentality. - Familiar with UNIX/Linux administration. - Familiar with Oracle Fusion Middleware (including maintenance and patching) a plus. - Familiar with VMWare virtual server environment and VCenter. - Passionate about technology, automation, security, and eager to learn and share. - Ability to work independently and as part of multiple teams. - Ability to multi-task, be self-motivated, work well independently and with multiple teams, experience working in high-pressure environments, and able to meet deadlines. - Ability to work occasionally after normal business hours. Benefits - Robust benefits to ensure our people thrive. - Programs to enhance our culture. - Time to recharge.

Role Description TrendAI Research is seeking a Vulnerability Researcher to join our industry-leading research team. TrendAI Research supports a global customer base including leading security product vendors, software and high-tech manufacturers, telecommunications providers, and large enterprise customers with a set of industry-leading technical data feeds, research products, and engineering services. - Research newly discovered vulnerabilities in a wide range of software products - Reverse engineer and research network protocols, file formats, and software - Develop proof-of-concept files and code - Produce reports describing software vulnerabilities and detection of attack vectors - Develop signatures for network traffic-based attack detection - Monitor security industry publications, news groups and other online sources for newly discovered security vulnerabilities and emerging threats - Implement new and improve existing tools to automate and streamline the vulnerability research process - Collaborate with other vulnerability researchers on research, analysis and report production Qualifications - Functional understanding of TCP/IP protocol stack and higher-level networking protocols - Experience in static and dynamic reverse engineering of x86 binaries (amd64 is a plus) - Knowledge in a variety of operating systems Requirements - Ability to analyze and describe vulnerabilities and attack methods - Familiarity with tools such as IDA Pro, OllyDbg, WinDbg, gdb and Wireshark - At least two of C/C++, assembly language, Java, Python, and shell scripting - Ability to learn new detection signature languages quickly - Excellent oral and written communication skills - Reliable and dependable team player - Great attention to detail and personal quality assurance - Self-directed, self-motivated with the ability to work with minimal supervision Preferred Professional Designation/Certification - Bachelor's or Master's degree in computer science or a related field preferred but not required Preferred Experience - Industry experience performing similar technical role preferred but not required Benefits - Group benefits program with health and dental coverage - Telehealth Virtual Health Services - Life Insurance - Short & Long Term Disability - Pre-partum, maternity, parental and medical leave - Critical Illness Insurance - Mental Health Wellness Program - Wellness Incentive Program - Retirement Savings Programs with company match - Paid Time Off - 14 Annual Holidays - Tuition Assistance - Employee Resource Groups