Numeris

• Multi-Cloud Engineering and Perimeter Hardening**Identity and Access: Design and maintain Microsoft Entra ID Conditional Access policies and cloud IAM boundaries.** • Endpoints and Intune: Configure endpoint security baselines and automated deployment workflows via Microsoft Intune.** • Data Protection: Implement and tune Microsoft Purview Data Loss Prevention (DLP) policies and compliance toolsets.** • Cloud Posture: Deploy technical security controls natively within AWS and Azure to continuously drive up our Secure Score.** • Automation, Vulnerability Management and SecOps.** • Sentinel and SOAR: Architect Microsoft Sentinel, building KQL queries and automated response playbooks to eliminate manual triage overhead.** • Vulnerability Lifecycle: Administer scanning tools, automate continuous asset discovery, and technically validate remediation efforts with IT infrastructure teams.** • Operations: Participate in a weekly on-call operational rotation with two team members to investigate and remediate technical escalations.** • Vendor Engineering: Partner directly with vendors to ensure our security tools are integrated and utilized to their maximum potential.** • Security Approvals and Operational Support.** • Access and Exceptions: Review, triage, and technically validate security exceptions, identity exclusions, and access requests.** • Technical Assessments: Evaluate third-party vendor software architectures to identify infrastructure risks.** • Awareness Training: Manage the KnowBe4 platform to deploy automated phishing simulations and training tracks.

• Monitoring Security Systems: Continuously monitor various security systems, including firewalls, intrusion detection systems, antivirus software, and others, to promptly detect and respond to any security incidents. • Security Incident Response: Take the lead in investigating security breaches and incidents, pinpointing their root causes, and developing strategies to prevent similar occurrences in the future. Collaborate closely with IT and business teams to ensure coordinated and effective response efforts. • Vulnerability Management: Identify and assess vulnerabilities present in systems and networks, collaborating with technical teams to mitigate risks through patch management and configuration changes. Thoroughly document findings and facilitate clear communication across teams to promptly address security weaknesses. • Security Policy Enforcement: Ensure the enforcement of robust security controls, policies, and procedures throughout the organization, guaranteeing compliance with relevant regulations, standards, and best practices. • Security Awareness Training: Support and contribute to security awareness initiatives and trainings aimed at educating employees on the best practices for maintaining information security, fostering a culture of security consciousness within the organization. • Security Risk and Vendor Assessments: Conduct comprehensive assessments of security risks and evaluate third-party vendor security measures to gauge the effectiveness of existing security controls and identify areas for enhancement. • Security Tool Evaluation: Assess and evaluate the suitability of new security tools and technologies to bolster the organization's overall security posture, ensuring that chosen solutions align with the organization's security objectives and requirements. • Lead end-to-end incident response activities, including detection, triage, containment, eradication, and post-incident analysis.

• Monitoring Security Systems: Continuously monitor various security systems, including firewalls, intrusion detection systems, antivirus software, and others, to promptly detect and respond to any security incidents. • Security Incident Response: Take the lead in investigating security breaches and incidents, pinpointing their root causes, and developing strategies to prevent similar occurrences in the future. Collaborate closely with IT and business teams to ensure coordinated and effective response efforts. • Vulnerability Management: Identify and assess vulnerabilities present in systems and networks, collaborating with technical teams to mitigate risks through patch management and configuration changes. Thoroughly document findings and facilitate clear communication across teams to promptly address security weaknesses. • Security Policy Enforcement: Ensure the enforcement of robust security controls, policies, and procedures throughout the organization, guaranteeing compliance with relevant regulations, standards, and best practices. • Security Awareness Training: Develop and implement security awareness training programs aimed at educating employees on the best practices for maintaining information security, fostering a culture of security consciousness within the organization. • Security Risk and Vendor Assessments: Conduct comprehensive assessments of security risks and evaluate third-party vendor security measures to gauge the effectiveness of existing security controls and identify areas for enhancement. • Security Tool Evaluation: Assess and evaluate the suitability of new security tools and technologies to bolster the organization's overall security posture, ensuring that chosen solutions align with the organization's security objectives and requirements.