• Design, build, and implement Just-in-Time (JIT) access controls and Privileged Access Management (PAM) workflows to eliminate standing privileged accounts in production. • Conduct platform permission reviews and implement a least-privilege access model for cloud and application roles. • Ensure 100% of production access requests and approvals are captured in audit logs. • Lead the implementation, tuning, and operation of security tools in the CI/CD pipeline, including SAST, DAST, SCA, and secrets scanning. • Develop custom SAST rules to detect specific, high-risk flaw patterns, such as authorization bypasses or insecure PII/PHI handling. • Partner with engineering to deploy IDE plugins and automated PR checks that block sensitive data exposure before deployment. • Conduct manual security code reviews for high-risk features and cryptographic implementations. • Design, build, and maintain automation for the end-to-end vulnerability management lifecycle. • Engineer automated workflows to triage, validate, and assign new vulnerabilities • Develop and maintain security automation scripts, tools, and services in Python or Go to streamline security operations and compliance checks. • Partner with SecOps to build high-fidelity SIEM correlation rules and automated response playbooks. • Design, implement, and maintain encryption strategies for data at rest and in transit, ensuring PHI is protected in compliance with HIPAA. • Manage the cryptographic key lifecycle and administer key management systems • Design and implement secure cloud network architectures (VPCs, subnets, security groups, NACLs) and network segmentation strategies. • Lead the remediation of cloud security findings • Implement and manage a centralized security control plane • Design and implement Data Loss Prevention (DLP) policies for endpoints and cloud services to protect against sensitive data exfiltration. • Design and enforce security configurations and hardening standards for diverse operating systems (macOS, Windows, Linux) via MDM/UEM platforms. • Manage and tune endpoint security solutions, including EDR/XDR (e.g., CrowdStrike). • Lead threat modeling sessions for new features and conduct secure design reviews of system architectures, applications, and APIs. • Act as an embedded security partner and subject matter expert for product and platform teams, providing technical guidance and mentorship. • Develop and manage security programs for emerging risks, including SaaS security and AI security.

• Guide and coach Olo’s Blue Team on Information Protection, Incident Detection and Response and Service Delivery. • You will provide strategic and technical oversight to the team and the program. • Technically lead a team of security engineers and analysts who hunt, detect, and respond to internal and external threats. • Collaborate with customers and partners to strengthen their security posture. • Drive ongoing optimizations by implementing new technologies, replacing technologies, addressing evolving threats, scaling practices and automating security activities. • Ultimately you will keep team member and customers data safe by identifying and mitigating vulnerabilities and risks by providing actionable guidance to product teams.

• Lead the execution of multiple functions: Taking ownership of and creating awareness around security-relevant key performance and key risk indicators • Develop automation for data gathering, analysis and presentation using Python and Go • Educate as well as inform audiences of a wide variety of security and risk expertise, including building libraries of material to support understanding of benefits and costs of security management. • Generating insights and supporting information for decisions to be made including wrangling data from complex data sets and data sources • Create dynamic dashboards and presentations • Articulate risk and risk management as realistic, measurable harm; Create dynamic dashboards and presentations • Support the Security Governance and executive workstreams, including analysis and presentations materials. • Coordinate, chair and present data to management, leadership and C-suite stakeholders in their languages.

• Define and lead the product security strategy for the medical device portfolio. • Ensure robust protection of patient data, device integrity, and regulatory compliance. • Partner with executive leadership, engineering, product management, regulatory, quality, and privacy teams. • Oversee end-to-end product security management including risk assessments and incident response. • Ensure compliance with FDA, HIPAA, GDPR, and international cybersecurity regulations and standards. • Drive alignment across engineering, regulatory, privacy, and quality teams. • Recruit, mentor, and develop a team of product security experts.