• Collaborate with clients to understand their security needs, translating requirements into actionable project plans focused on Microsoft Sentinel, Defender, and IoT security solutions. • Provide expert guidance and strategic advisory to support clients’ cybersecurity maturity, ensuring projects align with industry best practices and Microsoft standards. • Design, implement, and configure Microsoft Sentinel for centralized threat visibility, detection, and response. • Implement Microsoft Defender solutions to provide robust endpoint protection, threat detection, and risk management across customer environments. • Assist in Data Security deployments using Purview, applying best practices and understanding of internal client classification needs based on compliance standards and practices. • Specialize in one of the core Microsoft security solutions—Sentinel, Defender, or Purview—while maintaining a strong, working knowledge of the others. • Conduct regular reviews of client environments, delivering improvements, updates, and recommendations based on current cybersecurity trends and emerging threats. • Lead and deliver complex, large-scale security projects with a strong focus on client requirements, timelines, and quality standards. • Manage client expectations and communicate project progress effectively, maintaining a client-centric approach to project milestones and deliverables. • Create comprehensive technical documentation, project reports, and client handover materials to ensure smooth transitions and ongoing support. • Develop and present reports to stakeholders, providing actionable insights and summaries on threat analysis, risk assessments, and security incidents.

• Lead and grow a high-performing Engineering Product Security team focused on enabling secure development at scale • Champion a left-shifted security model that puts secure tooling and patterns directly in developers' hands • Partner deeply with our platform teams to embed security into CI/CD pipelines, architecture patterns, and developer workflows • Define the security standards and practices that will govern our extensible platform, internal services, external APIs, and partner integrations • Serve as a security advocate and trusted advisor across Product, Engineering, Cyber Security, and Field teams

• Design and develop secure, high-quality C# software for manufacturing tools and fixtures used in the production of our Cardiac monitoring devices. • Lead the design, implementation and documentation of secure software systems that support manufacturing and production processes for medical devices. • Define and enforce cybersecurity best practices throughout the manufacturing software development lifecycle (SDLC), including code reviews, and vulnerability assessments. • Familiarity with NIST SP 800-series security controls for software design, including the implementation of Multi-Factor Authentication (MFA), identity management, and cryptographic best practices. • Collaborate with manufacturing engineering, IT/OT teams, quality, and regulatory functions to ensure that production software systems meet both operational and security requirements. • Develop and maintain secure interfaces between manufacturing equipment and other enterprise systems. • Support compliance with medical device and cybersecurity standards, including FDA Premarket Cybersecurity Guidance, ISO/IEC 81001-5-1, IEC 62304, ISO 13485 and ISO /IEC 27001. • Guide and mentor development teams on secure coding principles, risk mitigation, and compliance with cybersecurity standards. • Support verification and validation activities, including documentation aligned with medical device regulatory frameworks. • Investigate and resolve complex security and performance issues across the manufacturing software stack. • Contribute to continuous improvement initiatives and champion a culture of “doing things right the first time” while maintaining delivery velocity.

• Develop and lead the company-wide information security strategy aligned to business goals. (Annual planning; ongoing oversight) • Establish and manage the risk management program, including regular reporting to executive leadership. (Quarterly reporting; ongoing monitoring) • Own SOC 2 Type 2, NIST 800-171, and other required audits end-to-end. (Annual; intensive during audit windows) • Serve as the primary point of contact for auditors and ensure continuous audit readiness. (Ongoing) • Maintain and evolve security policies, standards, and controls, including AI/LLM governance. (Quarterly review; updates as needed) • Lead incident response planning and periodic tabletop exercises. (Annual/Semi-Annual) • Partner with Engineering to ensure secure architecture, SDLC, and cloud security practices. (Ongoing) • Oversee vulnerability management, access controls, and vendor risk management. (Ongoing) • Lead customer security assurance efforts, including questionnaires and enterprise security discussions. (As needed)