• Act as the primary advisor for securing AI/ML workflows, conducting threat modeling for AI product features, and defining guardrails for Large Language Model (LLM) usage • Advise and review on agentic AI usage across the R&D department • Perform security testing and source code review of application and underlying platform for both AI and non-AI systems • Help upskill the wider security and engineering teams on AI security fundamentals and common threats/vulnerabilities • Partner with compliance and legal teams on AI governance decisions and processes • Act as a security partner, building and maintaining relationships with product and engineering teams to integrate security into the development process • Embed security principles and controls to achieve a ‘secure by default’ posture • Secure modern technology stacks that include Kubernetes, Docker, AWS, and CI/CD tooling • Participate in the security engineering on-call rotation to triage and respond to urgent security alerts and incidents outside of standard business hours when necessary

• Lead by being a highly technical leader who delivers high business impact on projects of increasing dependencies and ambiguity. • Lead a team of individual contributors focused on protecting patients, employees, and Aledade as a whole. • Build a comprehensive program and processes to enable secure access to Aledade’s data, including PHI, PII etc. • Work with cross-functional stakeholders and teams to establish design and implementation guidance and standards and manage project completion for end to end data lifecycle protections.

• Create an environment that favors context, not control. • Empower product engineers and ensure they have the relevant information and tools to deliver secure products and services. • Design, implement, and operate security controls and services (e.g., identity and access management, secrets management, endpoint/agent hardening, network segmentation, detection, and response automation) that meet reliability, security, scalability, and observability standards. • Partner with product and platform teams to integrate security into architecture and developer workflows while articulating business impact and tradeoffs. • Perform security reviews, threat modeling, and risk assessments (code, design, 3rd-party apps). • Investigate and resolve urgent and/or complex security issues, triaging effectively and driving architectural changes that prevent recurrence. • Participate via RFCs, community of practices, and other internal knowledge sharing channels to share learnings, align on standards, and influence secure patterns across areas; model The Times' core values in cross-functional collaboration. • Support team growth through peer design/code review, pairing, and clear feedback.

Role Description SysLogic, Inc. is looking for a talented and experienced Security Engineer (Software Focus) to join our team. As a Security Engineer (Software Focus) at SysLogic, you will be responsible for identifying and mitigating potential security vulnerabilities for our managed services clients. You will work closely with development teams to ensure that our applications are secure from external threats and meet industry security standards. - Conduct regular security assessments and penetration testing of software applications and products. - Identify and prioritize potential security vulnerabilities and develop plans for remediation. - Collaborate with development team to implement secure coding practices and ensure security best practices are followed. - Stay up to date with the latest security vulnerabilities, trends, and best practices. - Participate in security architecture design and application design reviews. - Provide training and mentorship to Developers on coding practices to remediate identified vulnerabilities. - Be an informed Security partner by presenting past experience working as a hands-on software developer, ideally utilizing the Microsoft Development stack. - Actively participate in the deep review of pen test and vulnerability assessments both in person with clients and remotely. - As needed, provide training on secured development principles in both remote and in-person settings. Qualifications - Bachelor's degree in computer science, related field or equivalent experience. - 5+ years of experience in application security or related role. - Strong knowledge of web application security vulnerabilities and best practices. - Direct knowledge of pen testing processes and tools, with responsibility for remediating vulnerabilities (such as Qualys, BurpSuite, Snyk, SCA). - Experience with security assessment tools and techniques. - A minimum of two years working as a Full Lifecycle Developer creating enterprise-based applications, preferably using the Microsoft Development stack (.NET, .NET Core, Azure). - Knowledge of secure coding practices and familiarity with common programming languages (e.g., C#, Java, C++, Python). - Familiarity with security frameworks and standards (e.g. OWASP, NIST). - Excellent problem-solving and analytical skills. - Strong oral and written communication and collaboration skills. - Experience working with embedded systems or device controls is a plus. - Certifications a plus, such as: Certified Ethical Hacker, Certified Information Security System Professional, Certified Cloud Security Professional. - Ability to travel 4-6 times per year with no more than 20 days away from home in a calendar year. Benefits - Health Care Plan (Medical, Dental & Vision) - Retirement Plan (401k) - Life Insurance (Basic, Voluntary & AD&D) - Paid Time Off (Vacation, Sick & Public Holidays) - Family Leave (Maternity, Paternity) - Long Term Disability - Training & Development - Work Life Balance - No company politics. - Strong employee focused culture.