• Lead the design, implementation, and governance of cloud security solutions across our enterprise environments • Architect and implement secure cloud infrastructure across AWS and Azure platforms • Define and enforce cloud security policies, standards, and automation frameworks • Lead threat modeling, risk assessments, and incident response for cloud-native applications and services • Integrate security into CI/CD pipelines and DevOps workflows • Support cloud identity and access management (ICAM), encryption, and key management systems • Monitor cloud environments using SIEM, CSPM, CWPP, and other security tools • Collaborate with engineering, compliance, and operations teams to ensure secure cloud adoption • Stay ahead of emerging cloud threats and recommend proactive mitigation strategies • Support cross-functional coordination across engineering, cybersecurity, and program management teams • Promote continuous improvement through feedback loops and process refinement • Ensure alignment with USCG mission priorities and Leidos delivery standards

• Security Architecture & Design • Provide architectural guidance on cryptographic key management and secure API design. • Review, assess, and improve the security of systems related to identity and access control. • Model all secure end-points and re-engineer access to the end-points targeting security without operational disruption • Risk Management & Threat Modeling • Conduct threat modelling and risk assessments for distributed systems and critical business workflows. • Define and implement security controls for sensitive operations, including privileged access, internal tooling, and system integrations. • Proactively identify emerging risks and contribute to internal processes for risk tracking and mitigation. • Security Operations & Incident Response • Lead the response to security incidents, including investigation, containment, and remediation. • Improve detection, monitoring, and alerting across systems and infrastructure. • Develop and maintain incident response playbooks for handling security incidents, including abuse and hacking scenarios. • Governance, Compliance & Best Practices • Help define and maintain security standards and best practices for application development and infrastructure. • Ensure proper secrets management, access control, and system hardening. • Cross-Functional Collaboration • Work closely with engineering, product, and infrastructure teams to embed security throughout the development lifecycle. • Provide practical guidance on secure system design, especially for systems handling sensitive data or high-risk operations.

• Implement and maintain static application security testing (SAST) using Semgrep across our repositories • Configure and improve software composition analysis (SCA) tooling (Dependabot) to identify vulnerable dependencies • Manage secrets detection scanning (Trufflehog) and respond to findings • Integrate security scanning into CI/CD pipelines (GitHub Actions) to catch issues before code is merged • Triage and prioritize vulnerability findings, working with engineering teams to drive remediation • Support dynamic application security testing (DAST) efforts using tools like ZAP • Contribute to our Application Security Posture Management (ASPM) platform to centralize findings and track remediation • Set up and configure automation scripts to support our vulnerability management practices • Document secure coding guidelines and help educate developers on security best practices • Evaluate and recommend new security tools as the landscape evolves

• Build, tune, and maintain detection rules and alerts in Splunk to identify security threats, suspicious activity, and policy violations • Reduce alert fatigue by continuously improving detection logic to minimize false positives while maintaining coverage • Monitor and develop detections for cloud security events across AWS and GCP using our CSPM tooling (Prisma Cloud) • Collaborate with the Security team to develop detection strategies based on threat intelligence and the MITRE ATT&CK framework • Investigate alerts and escalate confirmed incidents according to our incident response procedures • Set up and configure automation scripts and tooling for alert triage, ticket creation, and incident workflows • Create dashboards and reports to provide visibility into security posture and detection effectiveness • Document detection logic, runbooks, and response procedures • Support EDR (CrowdStrike) monitoring and investigate endpoint-related alerts • Identify opportunities to use Splunk for operational and product monitoring beyond pure security use cases