• Design, deploy, and manage security tools and infrastructure to detect and prevent threats across cloud (AWS and GCP), corporate, and product environments. • Work collaboratively with engineering and product teams to integrate security into the SDLC (Secure Software Development Life Cycle) via threat modeling, code reviews, and automated testing. • Conduct security assessments, penetration testing, and vulnerability management to identify and remediate risks in our applications and services. • Serve as an escalation point for security incidents, assisting with investigation, response, and post-incident analysis to continuously improve our security posture. • Automate security tasks and implement 'security-as-code' practices to scale our security efforts efficiently. • Secure endpoints and manage Endpoint Detection and Response (EDR), Data Loss Prevention, MDM (Mobile Device Management), Zero Trust, Patching, and Configuration Management for corporate and production assets. • Stay current with the latest cybersecurity threats, trends, and technologies, recommending proactive measures to enhance defense mechanisms.

• Analyze security events from various sources and distinguish between normal and suspicious behavior. • Take ownership of Tier-3 incidents, provide technical case leadership and overall subject-matter coordination. • Support, coach and mentor less experienced team members. • Prioritize alerts according to customer SLAs and make informed escalation decisions. • Perform complex analyses, engage external expertise when needed, and uncover potential compromises. • Independently handle challenging security incidents and requests. • Provide Tier-3 consultation by phone and involve additional experts as required. • Ensure quality of tickets and processes; identify and communicate opportunities for improvement. • Contribute to the enhancement of security signals (improving signal-to-noise ratio). • Reliably respond to all inquiries related to major security incidents. • Lead incident investigations, conduct post-mortem analyses and define next steps. • Independently structure and prioritize your own tasks. • Professionally represent AWN to customers on technical matters.

• Own and maintain the IT and Security roadmap aligned to business needs, SOC 2 expectations, and customer requirements • Prioritize and sequence investments across identity, devices, endpoint protection, SOC 2 controls, and collaboration tooling • Define and communicate IT and Security standards, policies, and architectural decisions • Partner with leadership to develop budget forecasts and resourcing plans for IT and cybersecurity • Identify operational and compliance risks and propose mitigation strategies and tradeoffs • Administer collaboration and identity platforms (Google Workspace, Microsoft 365, Slack, IAM, MDM, endpoint protection, etc.) • Configure and manage onboarding/offboarding workflows and IT provisioning • Implement and maintain IT helpdesk processes (low-volume) • Support vendor evaluations, integrations, and continuous improvements across the IT stack • Maintain secure device and access management across remote environments • Execute SOC 2 readiness and evidence collection in partnership with external consultants • Maintain IT and security policies, documentation, and control evidence • Coordinate responses to client security questionnaires and due diligence requests • Support vendor risk management and access control processes • Monitor and support incident response workflows in collaboration with leadership and vendors • Implement incremental improvements to device management, identity tooling, and endpoint management • Support responsible adoption of AI tooling and assess operational risks on a practical basis • Document workflows and train internal users on IT processes and tools

• Own and evolve the company’s information security strategy, roadmap, and operating model. • Lead, mentor, and grow a high-performing information security team. • Establish clear priorities, metrics, and accountability for security outcomes. • Serve as a trusted security advisor to technology and business leadership. • Partner closely with DevOps, SRE, and Cloud teams to design and secure cloud infrastructure and services. • Provide hands-on guidance and implementation support for cloud security controls, identity and access management, and network security. • Work with engineering teams to embed secure design, threat modeling, and security best practices into application development. • Lead security monitoring, detection, and incident response activities. • Participate directly in security investigations, root cause analysis, and remediation efforts. • Ensure security tooling is effective, well-integrated, and operationally sustainable. • Communicate clearly with stakeholders on security posture, risks, and improvement initiatives.