• Own and improve application security across the SDLC, including secure design reviews, threat modeling, security-focused code review, and CI/CD-integrated SAST, SCA, and secrets scanning. • Harden our AWS and Kubernetes/EKS environment, including IAM, network segmentation, workload identity, secrets management, admission control, and runtime security controls. • Secure and improve our Istio service mesh, including mTLS, authorization policies, ingress/egress controls, and service-to-service security patterns. • Build security guardrails as code, including policy-as-code, paved-road patterns, reusable templates, and self-service tooling that helps developers move quickly and safely. • Improve software supply-chain security through controls such as image signing, SBOMs, dependency visibility, artifact provenance, and secure build/release practices. • Drive vulnerability management end to end: triage, exploitability-based prioritization, remediation coordination with SRE and product engineering, and follow-through on penetration test findings. • Build and operate technical controls that support HIPAA and SOC 2, including access control, encryption, audit logging, evidence automation, and secure handling of sensitive health data. • Help shape the full lifecycle of security services, from design and deployment to operation, measurement, and continuous improvement.

• Du berätst und bewertest intern entwickelte sowie externe KI-Systeme, Generative-AI-Anwendungen, LLM-basierte Workflows und Agentensysteme aus Security-Perspektive • Du führst AI Threat Modeling, Risikoanalysen, Security Assessments und Architektur-Reviews für Software-, Cloud- und KI-Lösungen durch • Du entwickelst und etablierst Secure AI-by-Design- sowie Security-by-Default-Prinzipien und definierst Sicherheitsanforderungen für KI-gestützte Systeme • Du identifizierst und bewertest Risiken wie Prompt Injection, Jailbreaking, Data Leakage, Model Poisoning, Adversarial Attacks oder unsichere Agenten-Integrationen und entwickelst geeignete Schutzmaßnahmen • Du führst AI Red Teaming, technische Sicherheitsanalysen und Security Reviews durch und unterstützt die Absicherung von LLM-Plattformen, Agentic-AI-Lösungen und AI-Service-Integrationen • Du entwickelst automatisierte Security-Kontrollen und integrierst AI-Security-Prüfungen in DevSecOps-, CI/CD- und MLOps-Prozesse • Du etablierst Monitoring- und Detection-Mechanismen für KI-Anwendungen und analysierst Sicherheitsereignisse gemeinsam mit Security Operations Teams • Du berätst Entwicklungs-, Produkt- und Fachbereiche zur sicheren Nutzung von KI und unterstützt bei der Einführung neuer AI-Lösungen durch Schulungen, Standards und Best Practices

• You advise on and assess internally developed and externally sourced AI systems, Generative AI applications, LLM-based workflows, and agentic AI solutions from a security perspective • You conduct AI threat modeling, risk assessments, security reviews, and architecture assessments for software, cloud, and AI environments • You develop and implement Secure AI-by-Design and Security-by-Default principles and define security requirements for AI-powered systems • You identify and assess risks such as prompt injection, jailbreaking, data leakage, model poisoning, adversarial attacks, and insecure agent integrations, and develop appropriate mitigation strategies • You perform AI red teaming, technical security assessments, and reviews to strengthen the security of LLM platforms, agentic AI solutions, and AI service integrations • You build automated security controls and integrate AI security checks into DevSecOps, CI/CD, and MLOps processes • You establish monitoring and detection capabilities for AI applications and collaborate with Security Operations teams to investigate security events and abuse patterns • You advise engineering, product, and business teams on the secure use of AI and support the rollout of new AI solutions through training, standards, and best practices

Title: Lead Cybersecurity Risk Assessor (NIST / State Government) Location: Remote with Travel Throughout Florida Tagged: Cyber Security, Project Based Employment Type: Contract / Project-Based Position Summary We are seeking a Lead Cybersecurity Risk Assessor to support a large-scale public-sector cybersecurity assessment initiative involving multiple government entities across the State of Florida. The selected professional will serve as the technical lead responsible for planning, conducting, and overseeing enterprise cybersecurity risk assessments aligned with NIST SP 800-30, NIST SP 800-53 Rev. 5, and cybersecurity governance frameworks. This individual will lead assessment teams, conduct executive-level interviews, evaluate organizational controls, identify security risks, and develop strategic remediation recommendations. Candidates must possess substantial experience leading cybersecurity assessments within government, education, healthcare, or highly regulated environments. Key Responsibilities - Lead cybersecurity risk assessments across multiple organizations and locations. - Evaluate administrative, technical, and operational security controls. - Conduct executive interviews and stakeholder workshops. - Review cybersecurity policies, standards, procedures, and governance frameworks. - Perform risk identification, threat analysis, vulnerability assessments, and risk scoring. - Map findings to NIST Cybersecurity Framework and NIST 800-53 control families. - Develop remediation strategies, implementation roadmaps, and risk mitigation plans. - Prepare executive briefings, technical reports, and risk assessment documentation. - Provide quality assurance oversight for assessment teams and project deliverables. Required Qualifications - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field. - 10+ years of cybersecurity, risk management, or information assurance experience. - 7+ years leading enterprise cybersecurity assessments. - Demonstrated experience with NIST SP 800-30 and NIST SP 800-53. - Experience supporting state government, federal government, education, or public-sector organizations. - Strong report-writing and executive presentation skills. Preferred Certifications - CISSP - CISA - CRISC - CISM - CGEIT Candidates must be able to provide: - Detailed resume. - Descriptions of comparable cybersecurity assessment projects. - Scope, size, and complexity metrics for prior engagements. - Client references where permissible. - Examples of risk assessment methodologies utilized. - Evidence of participation in NIST-based assessment initiatives. Preferred Experience - Statewide cybersecurity assessment programs. - Education sector cybersecurity initiatives. - Government audit and compliance reviews. - Multi-site assessments involving 20+ locations. - Executive-level risk reporting and remediation planning. Job # 3714