• Provide technical expertise and real-life experience in creating innovative solutions within the cybersecurity space • Develop and implement automations in response to security incidents • Proactively collaborating, developing, and designing security orchestrations with SMEs/engineers, vendors, and project stakeholders • Ability to navigate and adapt to a fast-paced ever-changing environment with a team of like-minded, cross-functional individuals

• Develop, implement, and maintain a comprehensive application security strategy aligned with business objectives and industry best practices. • Lead and mentor the app security team, fostering a culture of security awareness and continuous improvement across the organization. • Report to leadership on the status of the application security program, including risk posture, incidents, and performance metrics. • Evaluate and recommend new application security technologies and tools to enhance the organization's security posture. • Oversee the day-to-day security operations, including monitoring, threat detection, incident response, and vulnerability management. • Design, implement, and manage security controls for our cloud-based SaaS platform (AWS), corporate network, and endpoints. • Conduct regular application security assessments, penetration tests, and vulnerability scans, and manage the remediation of identified issues. • Maintain an application security risk management framework, identifying, analyzing, and treating risks. • Ensure compliance with relevant regulatory requirements and industry standards (e.g., ISO 27001, NIST, PCI DSS, GDPR). • Maintain and enforce application security policies, standards, and procedures. • Liaise and coordinate internal and external security audits. • Lead the security incident response team, managing all phases of the incident lifecycle from detection and containment to eradication and recovery. • Conduct post-incident reviews to identify root causes and implement preventative measures. • Manage, mentor, and develop the application security team.

• Lead cross-functional, enterprise-wide projects and define the strategic direction for cutting-edge security development lifecycle (SDL) practices • Conduct security design reviews and sophisticated threat modeling for new and existing mission-critical services • Establish secure architecture standards, frameworks, and resilient security patterns • Evaluate, prototype, implement, operate, and provide governance over core security tools and services • Discover and analyze emerging security threats • Maintain a strong knowledge of current security threats • Drive security assessment, penetration testing, and bug bounty programs • Ensure all application security practices adhere to PCI DSS requirements • Participate in security incident response activities as a technical leader

• Define and drive the strategic roadmap for proactive security vulnerability analysis in web and mobile applications, setting the organizational standard for risk determination and leading complex, company-wide remediations. • Establish the technical vision and program for integrating robust security controls at every stage of the Software Development Life Cycle (SDLC), championing secure development practices and scalable agile delivery. • Architect, deploy, and manage defensive security tooling (e.g., SAST, DAST, SCA) and evaluate new industry-leading application security solutions to create a robust, automated security platform. • Lead the maturation of the Product and Application Security Program by developing and implementing security policies, standards, and metrics to continually raise the security bar and demonstrate compliance. • Lead collaborative and cross-functional threat modeling initiatives for core systems, new features, and evolving services, ensuring proactive risk identification and structural security improvement. • Engage with Cloud Security efforts by partnering with DevOps and Infrastructure teams to assess, improve, and monitor cloud architecture, security policies, and cloud-native controls to ensure secure deployment and operations.