• Provide customer support in resolving complex information security-related technical problems • Review, analyze, and recommend information security solutions based on customer needs, system requirements, and test results • Support Software Bill of Materials (SBOM) validation, including the use of SBOM validation tools and review of software component risk • Assist with supply chain risk management activities, including review of software, tools, vendors, dependencies, and cybersecurity risk documentation • Conduct systems security analysis, implementation support, testing, integration, and design assurance • Support security engineering activities across government systems, networks, applications, and cybersecurity products • Assist with configuration management, software engineering support, program design, integration, and testing of information security products and techniques • Evaluate and support security technologies, including guards, firewalls, intrusion detection systems, SIEM tools, endpoint and network security tools, and emerging cybersecurity technologies • Ensure security solutions are compatible with, or properly engineered into, the customer’s network design

Role Description The EITS Security Risk Analyst is part of the Enterprise Information Technology Services, Information Security and Risk Management team and will work at an enterprise level to ensure a consistent delivery of information security and risk management services. This individual will act as a subject matter expert to the assigned business units on matters regarding information security and compliance with HIPAA, Joint Commission, DSRIP, COBIT, and state privacy laws. Qualifications - 5+ years - Doing AI Risk assessments and analyzing the risk. Identify, track, and report on remediation of risks and audit findings identified by internal and external risk assessors. - 5+ years - AI security review background, AI adaption knowledge for security risk review background. - A minimum of ten years of IT experience, with at least 7 years dedicated to IT/Cyber Security, including Solution Design and risk management. Requirements - AI Security: background in AI security reviews and knowledge of AI adaptation risks. - Security Risk Assessment: Ability to maintain and enforce security risk management frameworks and methodologies – leveraging risk management methodologies to assess applications (in house or vendor applications/ AI solutions and medical devices (bonus). - Risk Remediation Processes: Experience drafting risk acceptances, exceptions and tracking remediation items within GRC tools. - Translation Skills: Ability to turn business-level risk requirements into specific technical control specifications for engineering teams/business units etc. Benefits - Medical, dental & vision - Critical Illness, Accident, and Hospital - 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available - Life Insurance (Voluntary Life & AD&D for the employee and dependents) - Short and long-term disability - Health Spending Account (HSA) - Transportation benefits - Employee Assistance Program - Time Off/Leave (PTO, Vacation or Sick Leave) Company Description We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership.

• Act as the technical focal point for critical incidents and complex problems, and document them in the ITSM tool; • Perform advanced troubleshooting in FortiGate and FortiWeb environments; • Define and review security architectures and policies (firewall and WAF); • Implement and optimize security rules, VPNs and integrations; • Analyze security events and support incident response; • Provide technical support to mid-level and junior analysts and serve as a team reference; • Interact directly with customers in critical and strategic situations; • Create and evolve technical procedures, standards and best practices; • Drive continuous improvement of environments and operational processes; • Ensure technical quality of deliverables and comprehensive documentation of support activities; • Train and transfer knowledge to the technical team across all shifts, including procedures for off-hours support.

• Execute security testing on web applications, APIs, infrastructure, and cloud environments under supervision. • Assist with reconnaissance and attack surface mapping activities. • Participate in Red Team exercises and controlled attack simulations. • Perform analysis and validation of vulnerabilities identified by automated scanners. • Support Threat Hunting activities using SIEM, EDR data, and threat intelligence sources. • Investigate indicators of compromise (IOCs) and suspicious behavior. • Prepare technical documentation and executive reports on vulnerabilities and findings. • Collaborate with development and infrastructure teams to provide guidance on remediation. • Keep up to date with trends, TTPs (MITRE ATT&CK), campaigns, and new techniques used by malicious actors. • Take part in security research and development of proofs of concept (PoCs).