Title: Communications and Security Engineer Location: Fortitude Valley Australia Employees work in a hybrid mode Full-time State/Province: Queensland Business Group: DCS Legal Entity: AECOM Australia Pty Ltd Business Line: B&P - Buildings & Places Work Location Model: Hybrid Operating Group: International Job Description: Work with Us. Change the World. At AECOM, we''re delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world''s trusted infrastructure consulting firm, partnering with clients to solve the world's most complex challenges and build legacies for future generations. There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world. We''re one global team driven by our common purpose to deliver a better world. Join us. AECOM''s ICT & Security practice is growing, and we''re looking for experienced consultants to take on complex, high-stakes work across Defence and Federal Government. The roles sit at the Senior to Principal level, meaning you''ll lead design deliverables, represent your discipline in client meetings, and contribute to the technical quality of the team, not just execute tasks. The work spans physical security systems, passive (Layer 0 - Passive Infrastructure / Civil Infrastructure, OSP, external and internal cable containment, Layer 1 - structured cabling, fibre etc.) and active ICT infrastructure, and communications design, predominantly in environments governed by PSPF, ISM, and DSPF. If you''ve spent your career in built-environment advising, consulting, and guiding, and understand the difference between designing a system and deploying one, this role is for you. Lead the development of communications and security designs for Defence and Federal Government clients, from concept through to detailed, and construction documentation. Apply your working knowledge of AS/NZS 11801, AS/CA S009, DCCS, and DCRS to deliver compliant, buildable designs. Hold workshops and client design meetings, providing clear technical advice and manage stakeholder expectations. Mentor junior and intermediate staff and contribute to quality reviews across the broader practice. What we''re looking for: You''ll hold a tertiary qualification in electrical engineering, communications, or mechatronics, and have hands-on experience delivering integrated ICT infrastructure, structured cabling, OSP, and physical security systems in complex built environment projects. You''ll hold an AGSVA Baseline Security Clearance with a clear pathway to NV1. Candidates working towards RPEQ, SCEC registration, or RCDD/AVIXA accreditation will stand out, as will those with exposure to Systems Safety and WHS planning in regulated environments. Three to five years in a Defence environment is desirable, but the quality of your design experience matters more than the number of years. We''re one of the few firms in Australia with the scale, sector relationships, and technical depth to deliver at the intersection of ICT, security, and major infrastructure. You''ll work on projects that matter, with a team that takes quality seriously, in a practice actively investing in its people and capability. At AECOM, we are committed to maintaining a secure and trustworthy recruitment process and take any fraudulent hiring activity seriously. To support this commitment, all newly hired employees are required to attend an in-person Day 1 onboarding at an AECOM office location as a condition of employment. AECOM acknowledges the Traditional Owners and Custodians of the lands on which we, our clients and our communities live and work around Australia. We pay our respects to their cultures and to their Elders - past, present, and emerging. We are committed to connecting to Country in our work through meaningful engagement with First Nations peoples and businesses. Find out more about our Australian Reconciliation Action Plan here: https://aecom.com/au/our-vision-for-reconciliation/. About AECOM AECOM is the world's trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle - from advisory, planning, design and engineering to program and construction management. On projects spanning transportation, buildings, water, new energy and the environment, our public- and private-sector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise, a culture of equity, diversity and inclusion, and a commitment to environmental, social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $16.1 billion in fiscal year 2025. See how we are delivering sustainable legacies for generations to come at aecom.com and @AECOM. Freedom to Grow in a World of Opportunity You will have the flexibility you need to do your best work with hybrid work options. Whether you're working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed. You will help us foster a culture of equity, diversity and inclusion - a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients. AECOM provides a wide array of compensation and benefits programs to meet the diverse needs of our employees and their families. We also provide a robust global well-being program. We're the world's trusted global infrastructure firm, and we're in this together - your growth and success are ours too. Join us, and you'll get all the benefits of being a part of a global, publicly traded firm - access to industry-leading technology and thinking and transformational work with big impact and work flexibility. As an Equal Opportunity Employer, we believe in each person's potential, and we'll help you reach yours.

Title: Principal Med Device Security Engineer Location: Danvers United States Job Description: Full time job requisition id R-079174 At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit. Job Function: Technology Enterprise Strategy & Security Job Sub Function: Security & Controls Job Category: Scientific/Technology All Job Posting Locations: Alabama (Any City), Alabama (Any City), Alaska (Any City), Arizona (Any City), Arkansas (Any City), California (Any City), Colorado (Any City), Connecticut (Any City), Danvers, Massachusetts, United States of America, Delaware (Any City), Florida (Any City), Georgia (Any City), Hawaii (Any City), Idaho (Any City), Illinois (Any City), Indiana (Any City), Iowa (Any City), Kansas (Any City), Kentucky (Any City), Louisiana (Any City), Maine (Any City), Maryland (Any City), Massachusetts (Any City), Michigan (Any City), Minnesota (Any City) {+ 27 more} Job Description: Johnson & Johnson’s MedTech cybersecurity team is recruiting for an experienced Principal Product Security Engineer. The role can be remote-based or located onsite in Danvers, MA or Raritan, NJ. This role will require up to 10% travel. Are you passionate about security and interested in joining a community of collaborative colleagues working in a Patient First! culture? If that’s you, we have an immediate opportunity for a Principal Product Security Engineer to join the Product Cybersecurity team to help ensure security is implemented by design for this top-performing medical device company. This is an exciting opportunity to impact development initiatives that will shape future product development and industry standards. You will own the Product Security process for the products that you will support throughout the product development lifecycle which includes both pre-market and post-market processes engineering teams. If you are eager to leverage your security risk and compliance skills to make a difference and directly impact patient lives, this could be perfect for you. Purpose: The Principal Product Security Engineer will be responsible for implementation of J&J’s enterprise Product Security strategy and framework throughout the Heart Recovery portfolio of medical devices and supporting platforms. This role will join Abiomed, part of Johnson & Johnson MedTech, to provide technical expertise and strategic leadership in securing Impella heart pump technologies, next-generation cardiac support systems, and connected medical devices. This role is responsible for delivering security architecture, cryptographic controls, embedded system protections/controls, and threat mitigation techniques to ensure robust, regulatory-compliant security across the product lifecycle. Specific responsibilities include supporting heart recovery throughout a new product’s development phases, review product security requirements and recommend security design solutions, complete Quality documentation, threat modelling, coordinate third-party penetration testing, software architecture review and design recommendations, code analysis and other security testing work as needed. Additionally, this position will have post market responsibilities for Heart Recovery marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans, as well as responding to customer security questionnaires and reviewing security language within contractual agreements as needed. - Drive alignment to J&J Product Security’s overarching framework. - Support the Product Security strategy and objectives within Heart Recovery - Define and implement secure boot, firmware integrity validation, and anti-tamper mechanisms to protect Heart Recovery Device firmware against unauthorized modification. - Enforce cryptographic protocols for data-at-rest and data-in-transit, ensuring compliance with FDA cybersecurity requirements, NIST 800-175, FIPS 140-3, and IEC 62443. - Define and implement key management infrastructure (PKI, HSMs, TPMs, and secure enclave integration) for device identity, authentication, and software signing. - Develop real-time vulnerability assessment techniques for detecting security flaws in wireless communications (Bluetooth LE, NFC, Wi-Fi, 5G, proprietary RF) used in Heart Recovery’s medical devices. - Implement Zero Trust security for device-to-cloud connectivity, integrating mTLS and continuous authentication models into clinical applications. - Oversee secure OTA (over-the-air) update mechanisms, ensuring firmware rollbacks, code signing, and supply chain integrity validation. - Embedded Security & Secure Development Lifecycle: - Lead Secure Development Lifecycle practices, integrating threat modeling, static/dynamic analysis, fuzz testing, and formal verification into the development process. - Work with R&D Engineering to define hardware security architecture, including trust zones, hardware root of trust (HRoT), and secure microcontroller protections - Implement memory safety strategies to mitigate buffer overflows, side-channel attacks, and execution vulnerabilities in real-time operating systems (RTOS) and bare-metal firmware. - Respond to customer cybersecurity questionnaires and contractual language for post-market medical devices under your responsibility as necessary. Qualifications Required: - 8+ years industry experience in Information Security - 5+ years experience with embedded system, IOT, or medical device cybersecurity - Bachelor’s degree or equivalent - Experience generating Threat models without the use of threat modeling tools - Experience performing risk assessments utilizing CVSS 3.1 or higher, with STRIDE per element - Ability to write technical security requirements for embedded systems and web platforms based on the latest regulations - Understanding and execution of third-party penetration testing, vulnerability scanning, CVSS and/or other general security testing principles - Experience supporting regulatory security submissions, ensuring compliance with FDA Cybersecurity Guidance (2025), EU MDR, NIST 800-53, IMDRF, and AAMI TIR57. - Knowledge of real-time operating systems hardening techniques - Knowledge of cloud security principles - Ability to generate SBOMs from Software source code and Binaries, Firmware, and Operating Systems - Ability to generate pre-market risk assessments against the threat model leveraging STRIDE and post-market risk assessments via SCA SBOM scans. - Ability to generate the security architecture views for medical devices that could include: Global System View, Multi-Patient Harm View, Updateability/Patchability view and, detailing system boundaries, data flows, and external interactions to show risk mitigation, ensuring transparency, and supporting post-market management - Ability to translate technical security requirements into solutions - Ability to provide secure coding recommendations and execute reviews - Data privacy experience, including HIPAA and GDPR - Understanding of industry standards and certifications such as HITRUST & ISO 27001 - Ability to work autonomously and proactively seek out product security opportunities within heart recovery - Ability to lead large projects and proven ability to track to project plan timelines from a security perspective - Ability to create and deliver cybersecurity awareness campaigns and other communications - Creative problem-solving skills - Customer focus (internal & external) - Excellent communication and collaboration skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally - Strong leadership skills Preferred: - Experience leading or participating in formal security audits - Experience with Operating Systems such as QNX QOS, Yocto, Linux Ubuntu. Alpine - Familiarity with FDA and/or other global regulatory cybersecurity guidance requirements and submission process - Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques - Experience in cybersecurity pre-sales - Software development experience - CISSP, CISM, or other security certification - MS and/or advanced degree Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, please contact us via https://www.jnj.com/contact-us/careers or contact AskGS to be directed to your accommodation resource. #JNJTECH Required Skills: Product Security Preferred Skills: The anticipated base pay range for this position is : $102,000.00 - $177,100.00 Additional Description for Pay Transparency: Subject to the terms of their respective plans, employees are eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)). Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits: • Vacation –120 hours per calendar year • Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year • Holiday pay, including Floating Holidays –13 days per calendar year • Work, Personal and Family Time - up to 40 hours per calendar year • Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child • Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year • Caregiver Leave – 80 hours in a 52-week rolling period10 days • Volunteer Leave – 32 hours per calendar year • Military Spouse Time-Off – 80 hours per calendar year For additional general information on Company benefits, please go to: - https://www.careers.jnj.com/employee-benefits

• Own and operate application security across the SDLC. • Identify and assess application security risks, partnering with Engineering teams on remediation. • Perform secure code reviews (primarily .NET) and support secure development practices. • Lead threat modelling and security assessments across applications and automation workflows. • Adapt security practices to suit different team maturity levels, balancing uplift, standardisation and delivery needs. • Own and optimise AppSec tooling (SAST, DAST, SCA) across CI/CD pipelines. • Ensure effective security testing without impacting delivery velocity. • Own vulnerability visibility, prioritisation and reporting. • Define and apply secure design and development standards. • Establish Security Champions across development teams. • Mentor developers and uplift secure coding capability across teams.

Title: Threat Intelligence Investigator Location: San Mateo, CA (preferred) or San Diego, CA Hybrid Category: Corporate Security Job Description: Why Sony Interactive Entertainment? Sony Interactive Entertainment isn’t just the Best Place to Play — it’s also the Best Place to Work. Sony Interactive Entertainment (SIE) is the company behind the PlayStation brand. As a subsidiary of Sony Group Corporation, we’re part of a proud legacy of innovation and excellence. SIE is a dynamic technology company, delivering cutting-edge hardware and network services to more than 100 million people and an entertainment leader, home to some of the most beloved and recognizable intellectual properties (IP) in the world. Our role at SIE is to create and nurture the experiences under the PlayStation brand, a name synonymous with entertainment excellence and creativity. Threat Intelligence Investigator (Contract) * San Mateo, CA (preferred) or San Diego, CA (hybrid) - will require 2 -3 days onsite *Please note: This is a temporary position with an initial 12-month term and the possibility of extension, employed through our staffing partner, Yoh. The Role; The Threat Intelligence Investigator is a key member of the Corporate Security team responsible for receiving, evaluating, investigating, and escalating threats and security-related incidents across internal and external platforms. The successful candidate will leverage investigative methodologies, intelligence resources, and data systems to assess the credibility of global threats, support proactive risk management efforts, and collaborate with law enforcement agencies (LEA) and internal stakeholders to mitigate risk. This role supports investigations and threat management activities involving consumer platforms, employees, business operations, studios, assets, and the company’s reputation. The Investigator will also contribute to intelligence products, operational reporting, and proactive threat identification capabilities. Working closely with Consumer Services, Online Safety, Moderation, Human Resources, Legal, IT Operations, Engineering, GSOC, and relevant studios, the Investigator will help ensure effective and consistent investigative, intelligence, and threat management processes. This role is critical to identifying, analyzing, investigating, and escalating incidents that may impact SIE personnel, assets, business operations, or brand reputation. What You'll be Doing - Conduct investigations into threats targeting SIE platforms, services, and associated ecosystems, including internal incidents involving potential corporate security breaches, ensuring appropriate escalation and stakeholder engagement. - Conduct investigative enquiries into security incidents, threats, policy violations, and other corporate security matters, ensuring appropriate escalation, documentation, and stakeholder engagement. - Gather, review, preserve, and assess relevant investigative material, including CCTV footage, access control records, OSINT, internal reporting, and other available evidence sources. - Conduct interviews and information gathering with relevant stakeholders, witnesses, and involved parties to support investigative fact-finding and threat assessment activities. - Analyze investigative information to establish timelines, identify behavioral indicators, assess risk, and support informed operational decision-making. - Produce clear, accurate, and objective investigative documentation, reports, and case updates in accordance with established procedures and reporting standards. - Prioritize and manage cases end-to-end based on threat level and urgency, ensuring all investigative activity is accurately documented and integrated into case management and reporting mechanisms. - Receive, process, and evaluate threat reports using investigative tools and supporting resources to assess credibility and risk. - Develop and disseminate actionable intelligence to support threat management, risk mitigation, and informed decision-making across the organization. - Support strategic intelligence development activities through horizon scanning, trend monitoring, and collection of relevant threat intelligence to identify emerging risks impacting SIE employees, operations, studios, assets, and brand reputation. - Contribute to the production of intelligence reporting, threat trend analysis, and operational risk assessments that support proactive threat management, stakeholder awareness, and informed security decision-making across the organization. - Monitor and assess emerging threat trends, tactics, techniques, and procedures (TTPs), producing written intelligence assessments that support proactive threat management and maintain a forward-looking view of the corporate security threat landscape. - Act to safeguard people, assets, and business operations through timely and responsible decision-making. - Ensure compliance with SIE policies, procedures, and applicable global legal and regulatory requirements (such as the Digital Services Act). - Report credible threats to law enforcement and collaborate with relevant agencies, providing clear, evidence-based rationale in line with SIE protocols. - Build and maintain effective relationships with law enforcement, statutory bodies, industry partners, and internal stakeholders to support coordinated threat response and intelligence sharing. - Support knowledge sharing and capability building through training, presentations, and engagement with internal and external partners. - Prepare operational and performance management reports, highlighting trends, quality metrics, categorization, workload management, and other key operational insights to support continuous improvement initiatives. - Contribute to continuous improvement initiatives, including process refinement, post-incident debriefs, lessons learned activities, and operational maturity improvements. - Support additional investigations, threat-related activities, event security planning and execution, and other Corporate Security projects as required. - Participate in other duties aligned with Corporate Security operational requirements. - Possible travel required. What We're Looking for: - Prior experience in law enforcement, corporate security, intelligence, trust & safety, investigations, or a related operational field involving assessment, response, investigation, and management of threats or security incidents. - Demonstrated investigative knowledge/experience involving evidence gathering, investigative documentation, open-source research, and fact-finding. - Strong written and verbal communication skills, including the ability to communicate effectively with senior leadership and cross-functional stakeholders. - Strong OSINT and online investigation skills, with demonstrated analytical and critical thinking abilities, including the ability to assess ambiguous or uncertain situations. - Demonstrated ability to make informed decisions, multitask, and perform effectively in high-pressure situations within tight time constraints. - Understanding of current global events, international geography, online threat landscapes, and diverse cultures. - Knowledge of investigative processes, threat assessment methodologies, and intelligence development practices. - Ability to follow established policies, procedures, and investigative standards consistently. - Experience working with complex systems, investigative platforms, case management tools, or intelligence databases. - Knowledge of reporting and metrics tools (such as Tableau or similar platforms) is desirable. - Comfortable working independently and collaboratively within cross-functional global teams. - Highly self-driven, responsive, proactive, and capable of taking ownership of tasks through completion. - Must meet any state-required training or licensing qualifications where applicable. Nice to Have: - Bachelor’s Degree or higher in Emergency Management, Communications, Information Technology, Political Science, Criminal Justice, Intelligence Studies, or related field. - Experience in intelligence, corporate security, military, law enforcement, trust & safety, or investigative environments. - Demonstrated investigative and systems analysis/research experience supporting operational decision-making in threat intelligence, trust & safety, or corporate security environments. - Experience producing intelligence reporting, threat assessments, operational briefings, or strategic risk analysis products. - Familiarity with behavioral threat assessment concepts, workplace violence prevention, or protective intelligence methodologies is desirable.