• Responsible for developing, implementing, and managing the company’s IT security program • Takes ownership of security operations to protect systems, data, and networks from emerging threats while complying with all security and privacy requirements • Perform internal audits, conduct vulnerability and penetration testing, and ensure that security controls are fully implemented and continuously monitored • Lead the definition, implementation, and ongoing governance of security architecture for internal IT and designated projects, programs, and products • Leverage the Unified Architecture Framework (UAF) to embed security considerations across the enterprise by identifying security assets, evaluating risks, and applying appropriate security controls throughout system lifecycles • Assess the organization’s current security posture, design and refine architecture-level mitigations, and establish sustainable processes for monitoring, incident response, and audit readiness • Act as both a strategist and a hands-on technologist; manage security tools, conduct internal assessments, and collaborate with system and network teams to integrate security as a cross-cutting concern across all operational and technical domains • Provide the leadership, expertise, and accountability necessary to ensure resilient, compliant, and well-architected security across enterprise systems • Collaborate with the IT infrastructure and DevOps teams to maintain secure configurations and compliance with security and privacy requirements • Communicate clearly with leadership, report on risk and readiness, and develop practical security roadmaps that keep pace with evolving threats • Apply NIST 800-53, FedRAMP Moderate, and CMMC 2.0 control requirements to Cloud and on-premises environments through documented policies, procedures, and technical safeguards • Maintain HIPAA-compliant configurations for systems handling ePHI, including access controls, encryption, and audit logging within Microsoft 365 and other regulated platforms • Support security assessments, evidence collection, and control audits across multiple frameworks to contribute to compliance reporting, continuous monitoring, and certification-readiness efforts • Implement, configure, and maintain controls for intrusion detection and prevention within the Microsoft 365 security ecosystem, including Defender ATP, Sentinel, and integration with network IDS/IPS tools where applicable • Assess complex security challenges, evaluate alternatives, and develop effective, compliant solutions across diverse technical environments • Support zero-trust architecture initiatives through authentication hardening, network segmentation, and endpoint control • Collaborate with DevOps and application teams to integrate security automation and continuous monitoring into CI/CD pipelines • Conduct periodic reviews of encryption and key management practices to adhere to policy and evolving best practices

• Oversee the security operations and engineering function of Ensemble's IT Security Program. • Develop an effective security operations and engineering strategy to secure business operations and missions. • Monitor industry information technology and security trends to identify strategy-impacting effects to stakeholder operations. • Lead security operations resources monitoring events to detect cybersecurity threats. • Enhance incident response plans, playbooks, and preparedness activities. • Develop and track key performance indicators (KPIs) and metrics for operational success.

• Conduct comprehensive alert investigations by correlating data from multiple sources, including SIEM, EDR, firewalls, DNS, and identity logs. • Independently assess potential incidents applying advanced analytical judgement. • Implement containment measures through EDR and network controls, mitigate lateral movement risks, and provide comprehensive support across all phases of the NIST IR lifecycle with limited supervision. • Ensure comprehensive documentation, accurate timelines, and clear communication are delivered to leadership, Tier 3 personnel, and cross-functional stakeholders during incident management. • Utilize threat intelligence to enhance the context of investigations and increase the accuracy of detection. • Oversee CSOC escalations throughout the shift, mentor Tier 1 analysts, and facilitate effective handoffs during shift transitions.

• Act as a trusted partner to customers • Help clients optimize security programs • Collaborate with Analysts and Scan Operators • Review and generate high-quality deliverables • Provide expertise on industry attack trends • Guide clients through incident response activities • Support onboarding processes • Gather client feedback for service improvements