• Participate in architecture and design reviews across the AMI product stack — metering devices, RF/cellular modules, gateways, cloud pipelines and SaaS portals — providing security guidance from the early stages of the development lifecycle. • Perform threat modeling (STRIDE, PASTA) across the AMI architecture, identifying attack surfaces and trust boundaries from the meter to the cloud. • Support firmware security standards and coordinate security testing of metering hardware, including firmware extraction/analysis and review of supply chain components. • Work with Cloud and DevOps teams to embed security controls into Infrastructure as Code (IaC) templates and CI/CD pipelines. • Execute or coordinate SAST, DAST and SCA testing in the CI/CD pipelines of NTG’s utility management applications and consumer portals. • Assess authentication, authorization and API security in multi-tenant SaaS portals intended for utility administrators, end customers and integration partners. • Serve as the primary point of contact between Security & Compliance and Product Development, ensuring requirements are implemented in practice — not just documented — and supporting evidence collection for audits across firmware, cloud and SaaS. • Provide technical support during product security incidents and post-incident reviews, converting findings into architectural improvements or engineering backlog items.

• Assist in designing and reviewing secure cloud architectures, landing zones, and guardrails in AWS and Azure environments. • Assess and recommend reference architectures and reusable security patterns aligned with standards and the risk posture. • Support the implementation and configuration of native cloud and third-party security controls, including IAM, CSPM, logging, and security posture management. • Assist in translating regulatory and internal security requirements into applicable technical controls within AWS and Azure environments. • Review logs, telemetry, and CSPM tool findings to identify issues that require remediation or architectural adjustments. • Assist in audit preparation by producing architectural artifacts, control evidence, and technical explanations. • Provide technical support during cloud-related security incidents, including scoping, investigation, and containment guidance.

• Provide leadership and oversight for field operations • Ensure personnel safety, operational effectiveness, and compliance with contractual requirements • Foster a positive, professional, and mission-focused work environment • Oversee daily field operations to ensure work is completed accurately, efficiently, and in accordance with contractual requirements • Monitor field workflow to ensure timely and accurate documentation and reporting • Resolve operational issues that arise during daily field activities • Conduct field audits and quality assurance reviews to verify compliance, completeness, and accuracy • Maintain program reference materials, operational documentation, policies, procedures, and project files • Provide guidance to field staff regarding operational procedures, safety protocols, and contractual requirements • Oversee field activities involving address verification, interviews with family members and sponsors, case management support, and wellness checks • Ensure timely identification, documentation, and reporting of sensitive situations, including suspected trafficking, abandonment, neglect, or other safety concerns • Coordinate with leadership to support operational readiness, risk mitigation, and continuous improvement • Perform other duties as assigned • Requires regular field oversight. Travel may be required to support operational needs.

Role Description The Security Engineer - Identity role exists to protect Hallmark’s digital assets and ensure the confidentiality, integrity, and availability of its information systems. This position is crucial in defending against cyber threats, mitigating vulnerabilities, ensuring secure access/authentication, and maintaining compliance with security regulations and industry standards. - Implement robust security measures and respond to security incidents. - Safeguard the company's reputation and operational continuity. - Support Hallmark’s mission by enabling a secure environment for business operations and innovation. Qualifications - Bachelor’s degree or 4 years’ professional work experience. - Experience in security tools and technologies, such as: - Firewalls - Zero trust solutions - Antivirus software - Vulnerability scanning tools - Access management tools - Authentication and authorization tools - Privileged access management tools - Security for various SAP systems - At least 4 years of experience in information security with: - Security operations - Incident response - Threat analysis - Familiarity with security frameworks and standards, such as NIST, ISO 27001, and CIS Controls - Experience handling moderately complex issues and problems. Requirements - Degree in Cybersecurity, Information Security, Computer Science, or a related field. - Certifications such as: - Certified Information Systems Security Professional (CISSP) - Certified Information Security Manager (CISM) - Certified Cloud Security Professional (CCSP) - Offensive Security Certified Professional (OSCP) - Certified Identity and Access Manager (CIAM) - Solid working knowledge of subject matter. - Experience with cloud security platforms (AWS, Azure, Google Cloud) and knowledge of securing cloud environments. - Proficiency in scripting and programming languages such as Python, PowerShell, or Bash for automation and security tool development. - Experience with security information and event management (SIEM) systems, endpoint detection and response (EDR) solutions, and advanced threat protection (ATP) tools. - In-depth understanding of identity and access management processes, including least privileged access. - Deep understanding of access methods such as single sign-on and multi-factor authentication and their use in developing a zero-trust model. - Deep understanding of privileged access management and how it can be used to limit access and risk in the case of a breach. - Understanding of how security works in SAP systems including S/4HANA, HANA, ECC, SCM, CRM, etc. Benefits - Salary range: $100,000 - $110,000. - U.S.-based remote role with access to virtual tools and team support. - Annual merit-based increases aligned with individual and company performance. - Competitive benefits package, including: - Medical, dental, and vision plans - Paid time off - 401K with company match - Profit-sharing