• Support the design, implementation, and continuous improvement of security controls, policies, and processes aligned with HITRUST requirements • Maintain the HITRUST certification posture, supporting assessments, and ensuring controls remain effective and audit ready • Collaborate closely with teams around the world • Play a key role in demonstrating CSG’s security posture to auditors, customers, partners, and regulators • Drive process improvements related to HITRUST compliance program, including control implementation and monitoring, assessment, evidence management and audit readiness

• Provide customer support in resolving complex information security-related technical problems • Review, analyze, and recommend information security solutions based on customer needs, system requirements, and test results • Support Software Bill of Materials (SBOM) validation, including the use of SBOM validation tools and review of software component risk • Assist with supply chain risk management activities, including review of software, tools, vendors, dependencies, and cybersecurity risk documentation • Conduct systems security analysis, implementation support, testing, integration, and design assurance • Support security engineering activities across government systems, networks, applications, and cybersecurity products • Assist with configuration management, software engineering support, program design, integration, and testing of information security products and techniques • Evaluate and support security technologies, including guards, firewalls, intrusion detection systems, SIEM tools, endpoint and network security tools, and emerging cybersecurity technologies • Ensure security solutions are compatible with, or properly engineered into, the customer’s network design

• Act as the technical focal point for critical incidents and complex problems, and document them in the ITSM tool; • Perform advanced troubleshooting in FortiGate and FortiWeb environments; • Define and review security architectures and policies (firewall and WAF); • Implement and optimize security rules, VPNs and integrations; • Analyze security events and support incident response; • Provide technical support to mid-level and junior analysts and serve as a team reference; • Interact directly with customers in critical and strategic situations; • Create and evolve technical procedures, standards and best practices; • Drive continuous improvement of environments and operational processes; • Ensure technical quality of deliverables and comprehensive documentation of support activities; • Train and transfer knowledge to the technical team across all shifts, including procedures for off-hours support.

• Execute security testing on web applications, APIs, infrastructure, and cloud environments under supervision. • Assist with reconnaissance and attack surface mapping activities. • Participate in Red Team exercises and controlled attack simulations. • Perform analysis and validation of vulnerabilities identified by automated scanners. • Support Threat Hunting activities using SIEM, EDR data, and threat intelligence sources. • Investigate indicators of compromise (IOCs) and suspicious behavior. • Prepare technical documentation and executive reports on vulnerabilities and findings. • Collaborate with development and infrastructure teams to provide guidance on remediation. • Keep up to date with trends, TTPs (MITRE ATT&CK), campaigns, and new techniques used by malicious actors. • Take part in security research and development of proofs of concept (PoCs).