• Support the day-to-day security posture of systems and services across cloud and on-prem environments. • Review vulnerability findings from scanners, penetration tests, and other assessments, and help drive remediation to closure. • Partner with infrastructure, platform, and engineering teams on secure configuration, access control, logging, monitoring, and incident readiness. • Support compliance and assessment activities related to GovRAMP/FedRAMP, PCI DSS, internal reviews, and third-party examinations. • Use AWS security tooling effectively, support day-to-day security processes, and help translate security and compliance requirements into practical, durable operational outcomes. • Maintain documentation, procedures, and other operational artifacts so they stay aligned with the environment and current control expectations.

• Serve as a primary technical lead on client engagements involving Microsoft security, compliance, and data protection solutions • Design and implement data security, governance, and compliance strategies aligned with Microsoft 365 and Azure capabilities • Advise clients on secure adoption of Microsoft Copilot, including data exposure risks, governance controls, and compliance considerations • Architect and deploy solutions leveraging tools such as: Microsoft Purview, Microsoft Defender suite and Microsoft Sentinel • Translate regulatory and compliance requirements into actionable technical solutions (e.g., ISO frameworks, government regulations, internal controls) • Conduct data discovery, classification, and protection strategy design • Collaborate with project managers and stakeholders to deliver high-quality outcomes • Contribute to pre-sales efforts, including solution design, scoping, and level-of-effort estimates • Create technical documentation, implementation guides, and client training materials • Act as a subject matter expert (SME) and mentor to other engineers • Develop and refine repeatable offerings around data security, compliance, and Copilot readiness • Stay current on evolving Microsoft security, compliance, and AI governance capabilities

• Define, analyze, and review secure software architectures for centralized automotive computing platforms • Perform threat modeling and security architecture analysis for mixed-criticality, multi-tenant automotive software systems • Partner with safety architects to reason about the interaction between security controls, safety mechanisms, failure modes, and recovery behavior • Define OS security policy, access control, isolation, and privilege models across Android, Linux, QNX, and virtualized environments • Build security systems that maintain integrity and availability for safety-critical vehicle software • Analyze security trade-offs involving performance, latency, memory footprint, boot time, diagnosability, and functional safety requirements • Guide engineering teams on secure build, secure coding, threat mitigation, and security review practices • Collaborate across software, hardware, safety, security, and systems teams to meet NVIDIA and automotive industry standards

Role Description 10a Labs' Investigations Team is looking for a Senior Cyber Investigator to support critical safety incidents and conduct investigations across a range of cyber abuse areas. This role requires deep cybersecurity subject-matter expertise to detect and respond to malicious activity, assess threat actor behavior at the organizational level, and handle escalated cases requiring senior technical judgment. Investigations may involve exposure to harmful or disturbing content, including malicious code, exploit development, and content designed to facilitate cyberattacks. - Detect and investigate malicious uses and cyber abuse, including cases involving scaled data extraction, ransomware, and local and remote exploits. - Conduct org-level analysis of threat actor behavior, identifying patterns across cases to inform detection and mitigation strategies. - Handle escalated and technically complex cases, applying senior cybersecurity expertise to assess real-world harm potential. - Query internal data sources using SQL and Python and cross-reference open-source information (OSINT) to support investigations. - Document and share investigative findings and recommendations with internal stakeholders and client teams. - Support quality and consistency across the investigations team, providing guidance to junior investigators on ambiguous cases. - Respond to reactive escalations and on-call leads, including those not caught by existing safety systems. Qualifications - At least 5+ years of experience in cybersecurity, threat intelligence, Trust & Safety, national security, defense, intelligence, or law enforcement domains. - Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience. - Familiarity with LLM systems and how AI technology can be misused for cyber operations. - Deep subject-matter expertise in one or more of the following: scaled data extraction, ransomware, local and remote exploits, or offensive security operations. - Strong ability to assess the real-world harm potential of technical content, distinguishing genuine offensive uplift from benign or educational security research. - Strong SQL and Python proficiency for querying data and supporting detection workflows. - Proven experience conducting org-level threat actor analysis across large datasets. - Ability to rapidly context-switch across domains, modalities, and abuse areas in a fast-paced, ambiguous environment. - Ability to clear an insider-threat background check. Preferred Qualifications - Experience with threat intelligence frameworks such as MITRE ATT&CK. - Background in dark web monitoring, OSINT, or cross-platform threat analysis. - Experience scaling and automating detection and mitigation processes. - Full professional proficiency in Arabic, Chinese, Farsi, Portuguese, Russian, or Spanish. - Relevant certifications such as OSCP, GREM, or GCTI. Benefits - Salary Range: $115K–$140K, depending on experience and location. - Work Environment: Fully remote, U.S.-based. - Health Benefits: Comprehensive health, dental, and vision coverage. - Time Off: Generous PTO and paid holiday schedule. - Retirement: 401(k) plan.