- Own the design, roadmap, and execution of the client's infrastructure and cybersecurity programs, aligned to HIPAA, NIST, SOC 2, PCI, and internal InfoSec standards - Oversee secure-by-default architectural design across all platforms - Manage infrastructure budget, team resourcing, and resource allocation - Serve as a strategic partner to product, legal, and engineering leadership - Lead, mentor, and manage the Infrastructure and Security team with sprint-based delivery practices and measurable throughput - Drive a shift from reactive to proactive operations by building organizational visibility into workload, capacity, and priorities - Own the InfraSec support request intake and triage process - Establish cross-functional prioritization cadence with Engineering, Product, Data, and Leadership - Act as a hands-on technical leader contributing directly to security and infrastructure design, review, and implementation - Serve as senior escalation point for complex deployments, secure architecture, and incident resolution - Champion engineering self-service for routine InfraSec operations with appropriate guardrails - Maintain cybersecurity policies and documentation aligned with applicable standards - Own audit readiness for HIPAA, SOC 2 Type 2, PCI SAQ-D, and internal InfoSec assurance engagements - Lead Vanta implementation and ongoing compliance automation - Lead third-party and vendor risk assessments; maintain the vendor security catalog - Conduct ongoing vulnerability assessments, threat detection, and mitigation - Own and maintain incident response and disaster recovery plans - Drive continuous risk-management education across the organization - Manage identity and access governance across employees, contractors, and systems - Maintain endpoint protection coverage (CrowdStrike, Tenable) aligned to applicable control frameworks

Role Description The Sr. Information Security Manager is the owner and coordinator for Omnicell’s security engineering & automation capabilities and core security tooling stack, with emphasis on Qualys, Netskope, DLP, Vectra, or equivalent. This role defines the strategy, roadmap, standards, and operating model for these capabilities and ensures they deliver effective controls, meaningful metrics, and integrated workflows for SecOps. The Sr. Information Security Manager leads tooling strategy, engineering direction, and cross-team execution working through influence, governance, and hands-on technical expertise. The role drives vulnerability management, data protection, network detection, and offensive security (penetration testing and red team exercises), while building automation and process improvements across Omnicell’s SecOps technologies (SIEM, SOAR, EDR/XDR, ITSM, CMDB, and related tools). Key Responsibilities - Security Tool Ownership & Roadmap - Serve as service owner and primary authority for: - Qualys or equivalent vulnerability management - Netskope or equivalent SWG/CASB/ZTNA - Enterprise DLP or equivalent (endpoint, email, and/or cloud) - Vectra or equivalent NDR platform - Define and maintain tool strategy, roadmap, and standards, including policies, configurations, and integration patterns. - Coordinate with SecOps, Infrastructure, Cloud, Network, and Product/Cloud Security to prioritize backlogs and ensure tools support business and risk reduction objectives. - Vulnerability Management Leadership (Qualys or Equivalent) - Own the Qualys (or equivalent) operating model, including scan architecture, schedules, asset tagging, and authentication patterns across on-prem, cloud, and endpoint assets. - Define risk-based prioritization models, remediation SLAs, and exception processes in partnership with asset owners and SecOps. - Establish and maintain dashboards and reports for coverage, vulnerability aging, SLA performance, and risk trends; use these to drive accountability with IT and business stakeholders. - Data Protection & DLP Governance (Netskope and DLP Platforms) - Lead the design and governance of DLP and Netskope (or equivalent) policies to protect sensitive data (e.g., PHI, PII, confidential IP) across web, cloud apps, endpoints, and email. - Partner with Data Owners, Privacy, Legal, and Compliance to translate classification and regulatory requirements into implementable policies. - Oversee tuning strategy, rollout plans, and exception handling, balancing protection with business productivity. - Detection Engineering & SecOps Integration (Vectra and SecOps Stack) - Define and oversee detection engineering strategy for Vectra (or equivalent) NDR and related integrations into SIEM/SOAR and case management. - Work with SecOps to design and refine detections, correlation rules, and playbooks leveraging NDR, CASB/SWG, DLP, EDR/XDR, and vulnerability data. - Act as Tier 3 escalation for incidents involving these tools and ensure post-incident findings are translated into durable configuration, process, and automation improvements. - Metrics, Automation, and Process Improvement - Define and own KPIs/KRIs for security tooling, including: - Vulnerability remediation rates and SLA adherence - Tool and sensor coverage across environments - DLP incident volumes, false positive rates, and closure times. - Drive automation strategy and patterns using APIs, scripting (e.g., Python, PowerShell), and SOAR, guiding engineers who implement automations and contributing hands-on as needed. - Lead continuous improvement initiatives to reduce manual effort, improve data quality, and standardize workflows across SecOps and IT (e.g., standard runbooks, intake processes, and change patterns). - Cross-Functional Leadership, Documentation, and Enablement - Act as the primary point of contact for these tools with Infrastructure, Cloud, Network, Application Owners, and Product/Cloud Security. - Create and maintain SOPs, runbooks, architectures, and knowledge articles for security tools and workflows; ensure they are adopted and kept current. - Plan and deliver training, enablement, and communications for SecOps, IT, and other stakeholders on tool capabilities, dashboards, metrics, and best practices. - Support audits, certifications, and customer security assessments where these tools and metrics are in scope, ensuring consistent, evidence-backed responses. - Offensive Security – Penetration Testing and Red Team Exercises - Coordinate and oversee penetration testing and red team exercises (internal and third-party), aligning scope and objectives with key risks, products, and environments. - Ensure findings from offensive security activities are prioritized, tracked, and integrated into vulnerability management, detection engineering, and process improvements. - Partner with Product/Cloud Security, Infrastructure, and SecOps to design scenarios that validate controls, detections, and incident response playbooks. Qualifications - 8+ years in Information Security, with substantial experience in security engineering and/or SecOps, including ownership of enterprise security tools. - 3+ years acting as lead or service owner for at least two of: - Qualys or equivalent enterprise vulnerability management platform - Netskope or equivalent SWG/CASB/ZTN - Enterprise DLP solution - Vectra or equivalent NDR - Demonstrated experience defining roadmaps, standards, and metrics, and driving cross-functional implementation without direct people management authority. - Proven track record of delivering metric-driven improvements (coverage, risk reduction, SLA performance). - Deep knowledge of vulnerability management, web/cloud security, NDR, DLP, and offensive security (penetration testing/red teaming) concepts and operations. - Experience integrating tools with SIEM, SOAR, EDR/XDR, ITSM, and CMDB, and designing robust data flows and use cases. - Strong scripting and automation capability (e.g., Python, PowerShell, REST APIs) and experience guiding others in adopting automation patterns. - Familiarity with frameworks and regulations such as NIST CSF, CIS Controls, HITRUST, SOC 2, HIPAA and ability to map them to tooling capabilities. - Excellent analytical, communication, and collaboration skills; able to influence decisions and explain tradeoffs to both technical and nontechnical audiences. Preferred Qualifications - Advanced degree in Information Security, Computer Science, or related field, or MBA with technology focus. - Certifications such as CISSP, GIAC (GCIH, GCIA, GMON), CISM, or vendor certifications for Qualys, Netskope, Vectra, or major DLP platforms. - Experience in healthcare, medical devices, or other highly regulated environments. - Proven experience leading SOAR and automation initiatives, from design through rollout and operationalization. Working Conditions - Occasional off hours work for changes, maintenance, or high severity incidents. - Occasional travel (up to ~10–15%) for team meetings, workshops, vendor engagements, and audits.

Role Description Are you passionate about Firefox and the open Web? Do you want your contributions to have a positive impact on the world? Do you want the Web to be more secure by bringing state of the art web privacy features to everyone? - Automating, triaging, diagnosing and fixing web compatibility issues caused by Firefox's Enhanced Tracking Protection - Owning, delivering, prototyping or improving smaller-scale privacy-improving projects such as Copy Clean Link - Working to improve Protections UI, Site Identity, Site Permissions and Certificate Errors surfaces across Firefox - Consolidating and improving telemetry dashboards - Mitigating tracking, security or privacy issues (Bug 791594) - Collaborating with and learning from senior engineers to deliver more complex projects Qualifications - Currently enrolled in a Bachelor’s, Master’s, or Ph.D. degree program in Computer Science, Computer Engineering, or related technical field focusing on security, privacy, or software development - Strong communication skills and proficiency in English - Enthusiasm for conducting software engineering work in the open - Basic knowledge of core web technologies and how browsers work at a high level - An understanding of, and passion for, privacy and security on the web - Experience with programming in C/C++ or JavaScript - Drive for learning and delivering fundamental work across the entire stack Requirements - Actively contributed to the Mozilla mission and the codebase (Codetribute) - Experience advancing or collaborating on open-source initiatives - Proficiency with SQL Benefits - Flexible working hours - Competitive compensation depending on the number of hours - Participation in an open, remote-first culture including various social activities Company Description Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

• Own and lead the enterprise Business Continuity and Disaster Recovery (BC/DR) program, including strategy, governance, and execution. • Define and maintain BC/DR frameworks, policies, and standards, including RTO/RPO expectations, system tiering, and recovery strategies. • Drive enterprise-wide Business Impact Analysis (BIA) processes to identify critical services, dependencies, and recovery priorities. • Establish and oversee BC/DR testing strategy, including scenario design, execution, and continuous improvement of recovery capabilities. • Evaluate organizational resilience and identify gaps, risks, and opportunities to improve recovery readiness. • Advise leadership on resilience risks, recovery tradeoffs, and business continuity investment priorities. • Report on BC/DR readiness and testing outcomes to senior leadership and support board-level reporting. • Lead or support risk assessments for critical systems, strategic initiatives, and operational processes. • Define and evaluate risk related to policy exceptions, resilience gaps, and third-party dependencies. • Collaborate with business and technology leaders to embed resilience into operational processes and system design.