• Implement and maintain cloud security frameworks, ensuring compliance with NIST 800-53 Rev. 5, FedRAMP, and DoD IL-4/IL-5 security mandates. • Configure and manage Identity and Access Management (IAM) solutions, role-based access controls (RBAC), and Zero Trust Architecture (ZTA) principles. • Conduct vulnerability assessments, security monitoring, and incident response within cloud environments. • Develop and maintain System Security Plans (SSP), Security Assessment Reports (SAR), and Plans of Action & Milestones (POA&M). • Provide the Cloud Security Compliance & Risk Report, ensuring all cloud-based operations remain in accordance with DoD security requirements.

• Collaborate closely with our DevOps, CI/CD engineers, and Architecture team • Implement and maintain security best practices across our infrastructure • Leverage your expertise in security architecture to help engineers build and securely operate products and services from the ground up • Assess, design, and implement security processes and controls to meet security, compliance, and audit requirements • Conduct proactive research to identify emerging threats and attack vectors • Collaborate within a highly agile product security team and across other cross-functional teams

• Collaborate closely with DevOps, CI/CD engineers, and Architecture team to implement and maintain security best practices across our infrastructure. • Leverage your expertise in security architecture to help engineers build and securely operate products and services from the ground up • Assess, design, and implement security processes and controls to meet security, compliance, and audit requirements • Conduct proactive research to identify emerging threats and attack vectors • Collaborate within a highly agile product security team and across other cross-functional teams

• Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), review their outputs, and assist the development team with remediation strategies. • Configure and manage security tools such as Checkmarx and leverage GitHub's native security features to scan vulnerabilities in the codebase and dependencies. • Ensure integration of security scans within our CI/CD pipelines to identify vulnerabilities early in the development process. • Implement and enforce security best practices for containerization within AWS ECS and ECR environments, focusing on secure configurations, image scanning, and robust access control measures. • Lead the coordination and management of vulnerability scanning and remediation efforts across the application stack, encompassing the codebase, containers, and AWS infrastructure. • Conduct thorough penetration testing on products and systems, including web applications and services, to identify and exploit security flaws. • Participate in triage calls with cross-functional teams and effectively communicate vulnerability details, risks, and potential impacts to stakeholders.