• Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products. • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC). • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation. • Perform security code reviews • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts. • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early. • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases. • Help define and enforce security policies and provide security guidance to development teams. • Help shape Mozilla's security culture through collaboration, guidance, and education.

• Secure client IT assets against cyber threats, including malware, ransomware, and unauthorized access attempts • Monitor and analyze security tools and logs to detect suspicious activity and potential incidents • Stay current on threat intelligence and emerging attack techniques • Investigate, triage, and respond to security incidents, including containment and remediation activities • Collaborate with client end users to assess security needs and recommend appropriate solutions • Configure, maintain, and support security technologies such as EDR, firewalls, IDS/IPS, DNS security, MFA, application security, and email security • Implement and maintain strong Microsoft 365 security practices, including conditional access, MFA, and business email compromise prevention and remediation • Participate in vulnerability management efforts using commercial vulnerability scanning tools • Assist with client, server, and laptop configurations, installations, and troubleshooting as needed • Engage in client discussions around security vulnerabilities, mitigation strategies, and best practices • Apply data encryption best practices to protect data at rest • Analyze security data and generate reports for internal and client stakeholders • Provide occasional after-hours and weekend support during active incident response efforts.

• Secure the design of AI and ML capabilities within FICO Platform, services and corporate tools. • Provide full-stack security architecture design from cloud infrastructure to application features for FICO and internal customers. • Oversee security aspects of Analytical Model Life Cycle, and influence stakeholders for adopting best security standards and implementations. • Define comprehensive data security strategy and guide implementation of enterprise-wide data protection programs including DLP, data classification, security logging, and data protection controls across products and enterprise systems. • Proof the security implementations within infrastructure & application deployment manifests and the MLSecOps pipeline. • Define required controls and capabilities for the protection of FICO AI and data services and environments and collaborate with architects, developers and product managers, to implement security controls at scale. • Design, Implement and manage scalable security controls and automation in a DevOps environment within public clouds (AWS, Azure, GCP, Oracle) across IaaS, PaaS, SaaS, and container platforms. • Integrate security in depth throughout FICO software delivery processes and pipelines.

• Design, build, and implement Just-in-Time (JIT) access controls and Privileged Access Management (PAM) workflows to eliminate standing privileged accounts in production. • Conduct platform permission reviews and implement a least-privilege access model for cloud and application roles. • Ensure 100% of production access requests and approvals are captured in audit logs. • Lead the implementation, tuning, and operation of security tools in the CI/CD pipeline, including SAST, DAST, SCA, and secrets scanning. • Develop custom SAST rules to detect specific, high-risk flaw patterns, such as authorization bypasses or insecure PII/PHI handling. • Partner with engineering to deploy IDE plugins and automated PR checks that block sensitive data exposure before deployment. • Conduct manual security code reviews for high-risk features and cryptographic implementations. • Design, build, and maintain automation for the end-to-end vulnerability management lifecycle. • Engineer automated workflows to triage, validate, and assign new vulnerabilities • Develop and maintain security automation scripts, tools, and services in Python or Go to streamline security operations and compliance checks. • Partner with SecOps to build high-fidelity SIEM correlation rules and automated response playbooks. • Design, implement, and maintain encryption strategies for data at rest and in transit, ensuring PHI is protected in compliance with HIPAA. • Manage the cryptographic key lifecycle and administer key management systems • Design and implement secure cloud network architectures (VPCs, subnets, security groups, NACLs) and network segmentation strategies. • Lead the remediation of cloud security findings • Implement and manage a centralized security control plane • Design and implement Data Loss Prevention (DLP) policies for endpoints and cloud services to protect against sensitive data exfiltration. • Design and enforce security configurations and hardening standards for diverse operating systems (macOS, Windows, Linux) via MDM/UEM platforms. • Manage and tune endpoint security solutions, including EDR/XDR (e.g., CrowdStrike). • Lead threat modeling sessions for new features and conduct secure design reviews of system architectures, applications, and APIs. • Act as an embedded security partner and subject matter expert for product and platform teams, providing technical guidance and mentorship. • Develop and manage security programs for emerging risks, including SaaS security and AI security.