• Define and maintain secure application and infrastructure architecture frameworks, ensuring security is built-in from the outset • Partner with engineering, DevOps, and technology teams to integrate security into SDLC, CI/CD, and data pipelines • Own and oversee the vulnerability management program, ensuring risk-based remediation across all technology assets • Enhance and scale an existing security design review service, providing structured security assessments for new and evolving systems and data • Advocate for security as a service, building tools and processes that streamline secure development and system operations • Act as a security advisor to engineering and technology operations, ensuring security aligns with business goals • Collaborate with the Security Governance, Risk, and Compliance (GRC) team to align technical security requirements with regulatory and commercial requirements • Champion a security-first culture, ensuring technical execution teams understand security risks, standards, and best practices

• Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products. • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC). • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation. • Perform security code reviews • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts. • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early. • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases. • Help define and enforce security policies and provide security guidance to development teams. • Help shape Mozilla's security culture through collaboration, guidance, and education.

• Conduct analysis and testing of generative AI systems • Conduct sophisticated and comprehensive simulated attacks on generative AI models and their operating environments to uncover vulnerabilities. • Evaluate the security posture of AI models and infrastructure, identifying weaknesses and potential threats. • Perform thorough risk analysis to determine the impact of identified vulnerabilities and prioritize mitigation efforts. • Collaborate with development and security teams to develop effective strategies to mitigate identified risks and enhance model resilience. • Stay abreast of the latest trends and developments in AI security, ethical hacking, and cyber threats. • Maintain detailed documentation of all red team activities, findings, and recommendations. • Prepare and present reports to senior management and relevant stakeholders.

• Assist in designing and implementing security solutions for client IACS environments, following standards such as ISA/IEC 62443. • Support security maturity assessments and help develop prioritized mitigation plans. • Help identify and remediate vulnerabilities in OT components (PLCs, HMIs, SCADA systems). • Assist in maintaining compliance with regulations (e.g., NERC CIP) and security documentation. • Participate in OT security incident response efforts alongside client engineering, operations, and IT teams. • Contribute to evaluating OT/ICS security technologies (e.g., Claroty, Dragos, Nozomi Networks). • Support pre-sales activities for OT security initiatives. • Stay informed on evolving OT threat landscapes.