• Deliver cybersecurity risk management services, including technology risk, security, and privacy services. • Conduct IT assurance and compliance activities, including gap analysis, IT audits, and compliance engagements (COBIT, ISO27001, ITIL). • Assist clients in implementing necessary controls and procedures to meet compliance requirements. • Identify and mitigate vulnerabilities in systems, networks, software, and information systems. • Conduct research on cybersecurity standards, security systems, and validation procedures. • Support clients in developing and maintaining IT incident management processes. • Create cybersecurity scenarios and emergency response plans. • Perform vulnerability testing, threat analyses, and security checks. • Deliver and present technical reports, test results, and findings to client management teams. • Develop, implement, and maintain security policies to minimize vulnerabilities. • Provide guidance and supervision to in-house IT teams. • Consult on security considerations during software, hardware, or application acquisitions.

• Design, implement, and sustain cybersecurity protections across a complex defense enterprise environment • Secure SAP and mission systems through robust risk management, A&A activities, vulnerability mitigation, and continuous monitoring • Identify and resolve highly complex issues to prevent cyber-attacks on information systems • Design, install, and manage security mechanisms that protect networks and information systems against hackers, breaches, viruses, and spyware • Respond to incidents, investigate violations, and recommend enhancements to plug potential security gaps • Actively engage in risk management and mitigation, proactively identify risks, and develop plan of actions to address the risks • Responsible for typical sets of controls such as firewalls, security of business systems, data leakage protection systems, patching, encryption, vulnerability scanning, pen testing • Conduct risk analysis for Risk Acceptance Requests (RAR) and provide cybersecurity support for the program and customer meetings • Monitor all operations and infrastructure for potential cybersecurity vulnerabilities

• Conduct application security assessments (web, mobile, API, etc.) using off-the-shelf or internally developed exploitation tools to execute manual testing for advanced attacks • Conduct network penetration testing assessments (external pen test, internal pen test, etc.) • Produce and deliver vulnerability and exploit information to clients in the form of a professional security assessment report • Conduct client conference calls to include, but not limited to project kick-off calls, notification of high/critical findings during the testing process, and close out calls to review test findings, evidence, process steps to reproduce, and remediation recommendations • Perform proactive research to identify and understand new threats, vulnerabilities, and exploits • Conduct exploitation testing using off-the-shelf or self-developed exploitation tools and document findings for client remediation • Excel as both a self-directed individual contributor and as a member of a larger team • Perform other essential duties as assigned

• Help develop and lead a multi-year service, delivery to meet company objectives and reinforce our position as an industry leader in offensive security. • Manage and help leading a high performing team of technical consultants delivering offensive security engagements (penetration testing, application security testing, full scale Red Team, etc.) • Help to manage backlog, utilization, and scheduling of engagements and resources. • Partner with the sales organization and other business development leaders and be seen as a “go to” for complex adversarial testing needs. • Identify opportunities – people, process, and technology --to improve efficiencies within the team. • Help represent the Sophos Red Team services portfolio; identify and champion new services, capabilities, and offers; provide thought leadership; and develop an associated go-to-market strategy for the services in the portfolio. • Willingness to changes, to contribute ideas, listen to others, and learn from others. Challenge the status quo. • Help foster career development and champion career development opportunities for the team (conferences, training, certifications, mentoring, etc.) • Own NPS/customer satisfaction and ensure practice meets/exceeds expected targets. Maintain a culture of premium customer service.