• Lead security architecture and assessment reviews for cloud-native and hybrid solutions • Validate solution designs against industry frameworks such as National Institute of Standards and Technology (NIST CSF), Center for Internet Security (CIS Benchmarks), and Cloud Security Alliance (CSA CCM) • Conduct cloud penetration testing following CREST and CHECK methodologies • Validate Infrastructure as Code (IaC) security controls and CI/CD pipeline security • Lead compliance assessments including ISO 27017, ISO 27018, SOC 2, GDPR, NIS2, and DORA • Assess cloud governance frameworks and Cloud Security Posture Management (CSPM) implementations • Coordinate cloud security audits with internal and external stakeholders • Assess cloud IAM architectures and privileged access management controls • Validate encryption standards, key management processes, and data residency controls • Review SSO, MFA, and least-privilege implementations

• Define and enforce embedded security practices across SDLC and CI/CD pipelines, ensuring compliance with organisational security policies and standards. • Oversee the integration of advanced security tools (e.g., SAST, DAST, SCA, automated secret scanning) with development environments. • Provide technical guidance on security configuration management, deployment hardening, and secure integration of tooling across all phases of software delivery. • Conduct in-depth security risk assessments for high- and low-level technical designs, evaluating compliance against OWASP, CIS Benchmarks, and secure coding standards. • Perform comprehensive security testing across application environments, including API security, container scanning, and dynamic runtime assessments, while evaluating residual risk post-assessment. • Collaborate with stakeholders to assess the security maturity of existing practices and recommend improvements aligned with compliance requirements and delivery velocity. • Provide expert-level recommendations on the refinement of automation processes, risk mitigation strategies, and the deployment of compensating controls where necessary. • Evaluate emerging technologies and leverage AI-driven application security tools to optimise assurance activities. • Partner with development and DevSecOps teams to embed robust security measures within workflows, ensuring alignment with secure coding standards and organisational priorities. • Actively engage in the training of development teams, fostering a culture of security awareness and empowering stakeholders to implement best practices. • Lead cross-functional teams to complete security assurance initiatives effectively. • Generate actionable reports and presentations tailored to technical and non-technical audiences, highlighting findings, severity assessments, and remediation tracking. • Maintain clear, auditable documentation for compliance purposes and contribute strategic insights into executive-level reviews.

• побудова та впровадження практик Secure SDLC у процеси розробки; • інтеграція SAST/DAST/SCA та інших security-сканерів у CI/CD пайплайни; • виявлення, аналіз та супровід усунення вразливостей у застосунках і залежностях; • автоматизація базових механізмів фішинг-захисту та security-контролів; • консультація інженерних команд щодо безпечного коду та практик безпеки; • проведення security-навчання та підвищення awareness команд; • участь у моніторингу та реагуванні на security-інциденти; • допомога у впровадженні підходів asset та risk management.

• Own detection engineering: SIEM use-cases, data pipelines, parsers, enrichment, and tuning to reduce false positives • Lead threat hunting and purple-team exercises; drive control improvements based on TTPs (ATT&CK) • Architect endpoint and email security baselines; optimize EDR/XDR policies and response automation • Implement and optimize Data Loss Prevention (DLP) technical controls and integrations in alignment with enterprise data protection requirements • Guide vulnerability management strategy (risk-based prioritization, exploitability analysis, compensating controls) • Design partner in network security architectures (micro-segmentation, firewall policies, NDR) and secure remote access (SASE/ZTNA) • Provide key insights for cloud workload protection (CSPM/CWPP/CIEM) and secure identity governance integrations • Perform root-cause analysis and forensics coordination, document findings and corrective actions • Mentor engineers; set coding and automation standards for security tooling and integrations • Drive technology selection, POCs, and reference implementations; maintain technical roadmaps • Track and improve detection quality metrics (e.g., false positives, coverage, MTTR) • Represent security in architecture boards and major program decisions • Develop and maintain security automation and response playbooks in partnership with SOC/MDR providers to improve detection and response efficiency • Familiarity with OT/ICS security considerations in manufacturing environments • Partner with SOC/MDR provider to continuously improve detection coverage and tuning