• Own end-to-end information security strategy across cloud, application, infrastructure, and corporate environments. • Define a pragmatic security roadmap aligned to business risk, regulatory requirements, and engineering velocity. • Serve as the executive owner for security posture, risk management, and incident response. • Act as a trusted advisor to the CTO and executive team on security, risk, and operational tradeoffs. • Drive a DevSecOps-first operating model, embedding security into CI/CD pipelines, infrastructure as code, and developer workflows. • Partner deeply with engineering leadership to make security scalable, automated, and measurable. • Lead threat modeling, secure design reviews, and risk assessments for new platform initiatives. • Champion policy-as-code, guardrails, and automation over manual process. • Own security architecture and operations for a primarily AWS-based environment. • Lead application security programs, including secure SDLC, dependency scanning, SAST/DAST, penetration testing, and vulnerability management. • Build and run effective security operations, including monitoring, investigation, incident response, and post-incident learning. • Manage vendor relationships, including CrowdStrike, Flashpoint, RAD, and Okta. • Lead end-user computing, device management, endpoint security, identity lifecycle management, and access controls.

• Build detection systems at scale. • Engineer response automation. • Lead incident response. • Architect observability. • Hunt proactively. • Ship production code. • Mentor and elevate.

• Análisis de cumplimiento de ISO/SAE 21434 y UNECE R155 . • Colaborarás en el diseño de planes de implementación de medidas de ciberseguridad. • Participarás en el ciclo de vida de productos como ECUs, BMS, Power Electronics , aplicando principios de “cybersecure by design” . • Identificar y mitigar amenazas en buses de comunicación, gateways, actualizaciones OTA, etc.

• Multi-Cloud Governance (AWS & GCP): Deploy and manage Cloud Security Posture Management (CSPM) tools to automatically detect and remediate misconfigurations across both providers. • Container Security Lifecycle: Implement Cloud Native Application Protection Platform (CNAPP) strategies by shifting left and integrating container image scanning directly into Jenkins and GitLab pipelines. • Workload Protection: Deploy and tune Cloud Workload Protection Platform (CWPP) tools to monitor runtime behavior and detect anomalies in both VMs and Kubernetes pods. • Advanced Automation & SOAR: Build Automated Response Playbooks to automatically enrich alerts, isolate compromised resources, and dismiss low-fidelity noise without human intervention. • Infrastructure Review & Identity: Manage effective permissions across complex multi-cloud IAM structures and standardize secret management workflows. • Release Readiness & Customer Trust: Collaborate closely with Technical Program Managers (TPMs) during software releases to enforce compliance standards and oversee vulnerability scanning. Additionally, respond to customer inquiries regarding the impact of Common Vulnerabilities and Exposures (CVEs) on our product.