- Conduct regular security assessments and penetration testing of software applications and products. - Identify and prioritize potential security vulnerabilities and develop plans for remediation. - Collaborate with development team to implement secure coding practices and ensure security best practices are followed. - Stay up to date with the latest security vulnerabilities, trends, and best practices. - Participate in security architecture design and application design reviews. - Provide training and mentorship to Developers on coding practices to remediate identified vulnerabilities. - Be an informed Security partner by presenting past experience working as a hands-on software developer. Ideally utilizing the Microsoft Development stack. - Actively participate in the deep review of pen test and vulnerability assessments both in person with clients and remotely. - As needed provide training on secured development principals in both remote and in person settings.

• Act as the primary advisor for securing AI/ML workflows, conducting threat modeling for AI product features, and defining guardrails for Large Language Model (LLM) usage • Advise and review on agentic AI usage across the R&D department • Perform security testing and source code review of application and underlying platform for both AI and non-AI systems • Help upskill the wider security and engineering teams on AI security fundamentals and common threats/vulnerabilities • Partner with compliance and legal teams on AI governance decisions and processes • Act as a security partner, building and maintaining relationships with product and engineering teams to integrate security into the development process • Embed security principles and controls to achieve a ‘secure by default’ posture • Secure modern technology stacks that include Kubernetes, Docker, AWS, and CI/CD tooling • Participate in the security engineering on-call rotation to triage and respond to urgent security alerts and incidents outside of standard business hours when necessary

• Lead by being a highly technical leader who delivers high business impact on projects of increasing dependencies and ambiguity. • Lead a team of individual contributors focused on protecting patients, employees, and Aledade as a whole. • Build a comprehensive program and processes to enable secure access to Aledade’s data, including PHI, PII etc. • Work with cross-functional stakeholders and teams to establish design and implementation guidance and standards and manage project completion for end to end data lifecycle protections.

• Create an environment that favors context, not control. • Empower product engineers and ensure they have the relevant information and tools to deliver secure products and services. • Design, implement, and operate security controls and services (e.g., identity and access management, secrets management, endpoint/agent hardening, network segmentation, detection, and response automation) that meet reliability, security, scalability, and observability standards. • Partner with product and platform teams to integrate security into architecture and developer workflows while articulating business impact and tradeoffs. • Perform security reviews, threat modeling, and risk assessments (code, design, 3rd-party apps). • Investigate and resolve urgent and/or complex security issues, triaging effectively and driving architectural changes that prevent recurrence. • Participate via RFCs, community of practices, and other internal knowledge sharing channels to share learnings, align on standards, and influence secure patterns across areas; model The Times' core values in cross-functional collaboration. • Support team growth through peer design/code review, pairing, and clear feedback.