• Help develop and lead a multi-year service, delivery, as well as supporting with financial strategy, to meet company objectives and reinforce our position as an industry leader in offensive security. • Lead a high performing team of technical consultants delivering a variety of offensive security engagements (penetration testing, application security testing, full scale Red Team, etc.) • Help manage a P&L including forecasting, backlog management, utilization, and scheduling • Partner with the sales organization and other business development leaders and be seen as a “go to” for complex adversarial testing needs • Build and advance cross-functional relationships within Sophos that include the Incident Response Team, Counter Threat Unit, Marketing, Sales. • Identify opportunities – people, process, and technology -- to improve efficiencies within the team • Represent the Sophos Red Team services portfolio; identify and champion new services, capabilities, and offers; provide thought leadership; and develop an associated go-to-market strategy for the services in the portfolio • Drive teams to consensus on business priorities, delivery best practices, and implementation of new ideas. Willingness to changes, to contribute ideas, listen to others, and learn from others. Challenge the status quo. • Foster career development and champion career development opportunities for the team (conferences, training, certifications, mentoring, etc.) • Own NPS/customer satisfaction and ensure practice meets/exceeds expected targets. Maintain a culture of premium customer service

• Influence, consult with and build collaborative working relationships with senior business and IT leadership at the VP/Officer and C levels to help meet long term security objectives • Conduct risk assessments, evaluate alternative strategies, develop recommendations and ensure responsive communication with business representatives, security management, and third party vendors • Participate in the design review process and support the overall Security Architecture process • Influence and drive change to security architecture processes, strategies and standards, as needed in areas such as: Cloud infrastructure, A.I., information security, Data Loss Prevention, Intrusion Prevention, Threat and Vulnerability Management, and Identity and Access Management • Partner with management in defining and setting appropriate, implementable information security policy and ensuring alignment to standard operating procedures, instructions and standards • Develop, maintain and implement security policies, processes, tools and methodologies that support security architecture standards and ensure effective evolution of security architecture within the organization • Research, evaluate, recommend, plan implementation of, and test new or improved information security software or devices • Coordinate analysis of new or enhanced software application or tool implementations for impacts to existing security software and devices • Participate in and/or lead forensic investigations and eDiscovery of suspected information security issues or in compliance reviews as requested by auditors, HR, Ethics, or Legal • Utilize security expertise and knowledge of new and emerging cyber attacks threats to make recommendations to management regarding implementation of best practices and/or process improvements to proactively protect the company’s systems and networks • Provide informal work coordination and leadership/coaching to less experienced information security staff

• Implement and maintain security controls across multi-cloud environments and on-prem infrastructure • Own IAM strategy and implementation • Design and operate key management and custody security controls • Harden CI/CD pipelines and secure the software delivery process • Configure and operate corporate security tooling • Respond to security incidents • Conduct security assessments of infrastructure and applications • Automate security operations • Work with Infrastructure to embed security into cloud provisioning and system configuration

• Develop, deploy, and support self-service security tools and services that constitute the internal security platform. • Contribute knowledge and support for security projects, including support of tool integration and implementation of new security capabilities within the platform. • Support & improve security integrations into CI/CD pipelines (SAST, DAST, SCA, IAST, etc.) and developer workflows. • Maintain deployment of secure multi-cloud environments (AWS, Azure, GCP) using Infrastructure as Code (e.g., Terraform, Ansible). • Assist with security architecture reviews of new products and features, contribute to threat models, and support adoption of security-as-code best practices. • Work with the Site Reliability Engineering (SRE) team to maintain & respond to automated monitoring and security integrations for production systems. • Collaborate with internal security teams to support compliance, incident response, and operational security requirements. • Enable and support the adoption of security engineering best practices and standards across the organization. • Evangelize the use of security platform tooling and deliver high-impact DevSecOps training and outreach to internal development & engineering teams. • Participate members of the Security team and security advocates in advanced DevSecOps principles, platform engineering, and secure coding practices.