• Provide DevSecOps platform services that integrate security, compliance, and monitoring into all phases of cloud infrastructure and data products lifecycle management • Integrate IT Security Office approved-automated security controls, orchestrating vulnerability management, administering policy compliance, and providing continuous monitoring • Maintain secure and stable systems that enable continuous integration and delivery and reduce operational risk and support enterprise agility • Perform continuous scanning of all source and executable repositories for evolving threats detected after services are implemented • Ensure all code and IaC changes are version-controlled, peer-reviewed, security-scanned, and approved before promotion to production • Maintain continuous monitoring and alerting for all production deployments, with rollback procedures in place • Provide CI/CD pipeline and workflows for building, testing, and deploying. Promote workloads across environments with automated controls and approvals • Integrate security and compliance checks into CI/CD pipelines • Document all DevSecOps processes, standards, and toolset configurations, and maintain version-controlled documentation accessible to stakeholders • Integrate change control gates into the automated CI/CD workflow, with appropriate controls to prevent unauthorized or unreviewed code deployments to production • Coordinate with AO teams to establish and maintain standards for DevSecOps processes and toolsets, ensuring integration and interoperability across the enterprise ecosystem • Facilitate integration with third-party development, operations, and security tools to enable end-to-end visibility and control • Provide comprehensive end-user guides and training content for containerized pipeline features and security practices for the development team members • Conduct regular review and updates of DevSecOps practices and toolsets to incorporate emerging technologies, threat intelligence, and lessons learned • Create DevSecOps metrics reports (example: deployment frequency, mean time to resolution, vulnerability remediation time) to demonstrate effectiveness and drive improvement

Role Description Reporting directly to Security Engineering Management and under the general supervision by Information Security Office Leadership, this role will be responsible for building, maintaining, and ensuring the availability of our Elasticsearch and security application stacks. General duties will include, but are not limited to: - Lead the design, deployment, patching, and maintenance of Elasticsearch, analytics, and automation infrastructure. - Create and maintain application stack documentation. - Collaborate with security operations, product development, and other engineering teams. - Support the lifecycle of security application stacks. - 24/7 availability during scheduled on call for emergencies. Qualifications - Strong understanding of Elasticsearch, Logstash, Kibana, and the Beats stack. - Experience with Python, BASH, and other programming/scripting languages. - Experience with Cloud platforms including AWS, Azure, GCP. - Experience with Containerized applications and supporting infrastructure (K8s, Docker, etc.) - Experience with Big data platforms, data lakes, and managing data at scale. - Experience with Linux administration (Debian, Ubuntu, RedHat). - Experience with Webservers, proxies, and load balancers. - Experience with Security hardening and vulnerability remediation. - Basic understanding of AI LLMs, ML, and related technologies. Requirements - Experience with the following technologies: - SAST, DAST - Linters - Terraform - Secrets management - Infrastructure as code - Systems Administration - Active Directory - Windows and Linux Servers. - Experience with the following technical concepts: - Sharding - ILM - HA/DR/Fault tolerance - Security Automation - Defense in depth/Zero Trust - Compliance requirements (NIST/PCI/HIPAA/etc.) - Experience with the following administrative concepts: - Agile/Scrum project management - Documentation/Learning management - Process management Working Condition Requirements - Remote Office environment - Ability to prioritize and organize effectively - Ability to work on multiple projects simultaneously - Ability to work both independently and with others - Ability to operate in a fast moving, team-oriented, collaborative environment with tight deadlines Pay Transparency TierPoint is committed to practices that promote pay equity and transparency. We provide a compensation range for roles that may be hired in locations with pay transparency law requirements. It’s important to note the pay range may be narrower than displayed, as various factors are used to determine the offered compensation package including skill set, level of experience, geographic locations, and other relevant factors- i.e. budgetary requirements. Pay Range $111,716.54 - $167,574.81

• Own how software ships and how our cloud infrastructure stays secure • Design and operate Azure CI/CD pipelines • Codify infrastructure and security policies • Drive remediation of security findings • Manage CI/CD & Release Engineering in Azure DevOps • Develop secure coding guidance and self-service security capabilities • Author and maintain cloud infrastructure as code using Terraform and/or Bicep • Facilitate threat modeling exercises and identify security design risks

• Provide effective network and administrative services for Red River’s growing customer base. • Provide front-line Engineering services for customers. • Assist Professional Services Operations team during installations at customer sites. • Support additional national projects. • Work closely with existing technical staff to support Red River’s Managed Services customers. • Comfortable running projects independently as well as working with the larger engineering team and project managers. • Support, troubleshoot, install, and configure routers, switches, and firewalls. • Deploy & troubleshoot security protocols across the network platform. • Develop and refine network and security configuration documentation for customers. • Maintain industry certifications as required. • Provide end user training on solutions. • Assist in developing, improving, and automating delivery methodologies. • Other business duties as assigned.