Drive and perform vulnerability management activities, including scanning, analyzing, reporting, and tracking network, container, application, and static code findings in collaboration with cross-functional teams.
Execute application security testing and findings analysis, including DAST, SAST, continuous threat exposure management activities, and targeted red teaming engagements.
Lead cyber risk management efforts by identifying risks, developing and reporting treatment plans, and maintaining the enterprise risk registry.
Oversee and drive the remediation of findings utilizing standard Plan of Action and Milestones (POA&M) processes resulting from both internal and external security controls assessment, vulnerability assessments, and security testing.
Execute and contribute to internal controls assessments for AIR web applications, secure data enclaves, general support systems, and other key systems to support internal and external client security requirements.
Respond to client data security and privacy questionnaires with accuracy and subject-matter expertise.
Perform and drive continuous monitoring activities to ensure ongoing compliance with internal policies and external regulatory requirements.
Support data governance by conducting information security plan reviews and contract reviews.
Serve as AIR’s HIPAA Security Officer, ensuring compliance with HIPAA Security Rule requirements.
Support third party risk management activities, including evaluating new software and artificial intelligence (AI) use cases.
Duties, responsibilities, and activities may change, or new ones may be assigned at any time based on business needs.

Requirements

Bachelor’s degree and at least 9 years of relevant experience in information security.
A major cybersecurity certification from ISC2, ISACA, OffSec, or SANS.
A minimum of 5 years of hands-on experience with vulnerability management and security testing tools, including DAST, SAST, and SCA.
At least 5 years of experience securing and testing cloud environments such as Azure, AWS, or Google Cloud.
A track record of 2+ years of experience conducting cyber risk and assurance activities, including applying relevant security frameworks.
Strong understanding of key standards, including NIST SP 800-53, 800-171, and 800-88.
The candidate should be able to obtain a Level 6C Security clearance (Public Trust Position).

Benefits

AIR’s Total Rewards Program designed to reward staff competitively and motivate them to achieve their critical mission.
Hybrid work flexibility to work from one of AIR’s U.S. office locations.
Occasional travel required for meetings, training sessions, and conferences.
Equal employment opportunity and affirmative action employer.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

vulnerability managementapplication security testingDASTSASTcontinuous threat exposure managementred teamingrisk managementinternal controls assessmentscloud securitysecurity frameworks

Soft Skills

collaborationcommunicationleadershipanalytical skillsattention to detailproblem-solvingclient engagementreporting

Certifications

Bachelor's degreecybersecurity certificationISC2 certificationISACA certificationOffSec certificationSANS certification