• Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products. • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC). • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation. • Perform security code reviews • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts. • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early. • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases. • Help define and enforce security policies and provide security guidance to development teams. • Help shape Mozilla's security culture through collaboration, guidance, and education.

• Conduct analysis and testing of generative AI systems • Conduct sophisticated and comprehensive simulated attacks on generative AI models and their operating environments to uncover vulnerabilities. • Evaluate the security posture of AI models and infrastructure, identifying weaknesses and potential threats. • Perform thorough risk analysis to determine the impact of identified vulnerabilities and prioritize mitigation efforts. • Collaborate with development and security teams to develop effective strategies to mitigate identified risks and enhance model resilience. • Stay abreast of the latest trends and developments in AI security, ethical hacking, and cyber threats. • Maintain detailed documentation of all red team activities, findings, and recommendations. • Prepare and present reports to senior management and relevant stakeholders.

• Assist in designing and implementing security solutions for client IACS environments, following standards such as ISA/IEC 62443. • Support security maturity assessments and help develop prioritized mitigation plans. • Help identify and remediate vulnerabilities in OT components (PLCs, HMIs, SCADA systems). • Assist in maintaining compliance with regulations (e.g., NERC CIP) and security documentation. • Participate in OT security incident response efforts alongside client engineering, operations, and IT teams. • Contribute to evaluating OT/ICS security technologies (e.g., Claroty, Dragos, Nozomi Networks). • Support pre-sales activities for OT security initiatives. • Stay informed on evolving OT threat landscapes.

• Develop and enforce secure-by-design principles for cloud-native applications on AWS and GCP. • Embed security into DevSecOps pipelines, ensuring early detection of vulnerabilities (Shift Left). • Architect zero-trust security models for cloud services, APIs, and microservices. • Multi-Cloud Security Engineering & Automation • Lead the deployment of AWS and GCP security services, including GuardDuty, Security Hub, IAM, WAF, Shield, Macie (AWS) and Security Command Center, IAM, and others. • Implement automated security testing in CI/CD pipelines to ensure infrastructure-as-code (IaC) security compliance using Terraform, CloudFormation, and Kubernetes (EKS/GKE). • Drive container security best practices in Kubernetes (EKS/GKE) and serverless security for Lambda and Cloud Functions. • Architect API security frameworks for high-traffic sports betting and gaming applications. • Design and enforce strong authentication, tokenization, and API gateway security. • Deploy advanced AWS WAF, Google Cloud Armor, and API security solutions to detect and mitigate abuse, fraud, and bot traffic. • Enhance cloud-native detection and response capabilities for fraud, arbitrage betting, identity abuse, and payment security. • Implement behavioral analytics and ML-driven security detection to combat fraud, money laundering, and account takeovers. • Work closely with AWS and GCP security teams to enhance cloud-native incident response capabilities. • Ensure cloud security architecture aligns with PCI-DSS, ISO 27001, NIST, and gaming compliance regulations. • Partner with fraud, legal, and compliance teams to enforce AML (Anti-Money Laundering) and KYC (Know Your Customer) security measures. • Automate compliance monitoring across AWS and GCP environments.