• Manage, operate, and optimize edge security solutions (WAF, CDN, Anti-DDoS, Bot Management) on market-leading platforms. • Analyze network traffic and security logs to identify, classify, and respond to incidents such as denial-of-service (DDoS) attacks, exploitation attempts, and malicious bot activity. • Create, tune, and maintain WAF rules and security policies to protect web applications and APIs against known and emerging threats while minimizing false positives. • Manage the lifecycle of digital certificates (SSL/TLS) for edge applications and services, ensuring validity, security, and proper deployment. • Serve as the technical focal point in investigations of application-related security incidents, actively participating in incident response. • Collaborate with development teams to integrate security practices early in the software development lifecycle (DevSecOps), ensuring new applications and APIs are secure by design. • Work with infrastructure and network teams to ensure security architecture aligns with business needs and industry best practices. • Develop and maintain detailed technical documentation on configurations, policies, and security procedures. • Automate operational and security analysis tasks using scripting languages (e.g., Python, Shell). • Produce security reports and metrics for leadership that demonstrate control effectiveness and application risk posture.

• Work on identity and access management (IAM) processes, including creation, modification, revocation, and periodic review of access to systems and resources. • Administer the IAM solution and ensure RPE systems are properly integrated. • Automate manual tasks using available tools and scripts (shell scripting, Python, etc.). • Implement new security solutions and technologies related to access management. • Serve as an identity and access specialist supporting development and product projects as well as operational processes at RPE. • Prepare and maintain technical and procedural documentation (runbooks) for Access Management activities. • Foster collaboration with IT teams to ensure compliance and security across environments. • Support internal and external audits related to access management controls.

• Apoiar na administração e suporte da ferramenta **Delinea** • Controlar acessos de usuários a sistemas e ambientes críticos • Cadastrar, revisar e atualizar credenciais e permissões • Ajudar na criação de políticas de acesso e segurança • Monitorar acessos e apoiar na identificação de possíveis riscos • Trabalhar junto com times de TI e segurança no dia a dia

• Lead end-to-end RMF activities, including control implementation, artifact development, risk documentation, and POA&M management. • Guide ATO preparation, package development, and remediation planning efforts across project teams. • Evaluate authorization packages, identify compliance gaps, and drive resolution of risks and findings. • Ensure alignment with VA Handbook 6500, NIST SP 800-53, NIST SP 800-37, TIC 3.0, and federal cloud security standards. • Assess system security posture across networks, cloud environments, and applications to support secure solution design. • Perform vulnerability assessments using tools such as Nessus and Fortify, and track remediation and residual risk. • Develop RMF documentation including SSPs, Incident Response Plans, and Contingency Plans, and present findings to stakeholders. • Take on additional tasks and responsibilities as needed to support team objectives and ensure the success of the project.