• Implement, maintain, and lead cybersecurity efforts for CMMC compliance • Design, implement, and monitor security controls for CMMC requirements • Lead vulnerability assessments and continuous risk management • Support incident response and threat hunting • Collaborate with compliance managers and operations teams

• Design and deploy firewalls, intrusion detection/prevention systems (IDS/IPS), and encryption protocols across on-premises and cloud environments • Analyze network traffic and security alerts to identify breaches, respond to incidents, and mitigate risks • Conduct penetration testing and vulnerability scans to identify weaknesses, providing remediation strategies • Ensure adherence to regulations (e.g., HIPAA, GDPR) by reviewing security policies, supporting audits, and reporting compliance status • Work with IT, development, and product teams to integrate security into software development lifecycles (SDLC) and CI/CD pipelines • Develop security automation for cloud environments (e.g., AWS), CI/CD workflows, and DevSecOps practices

• Collaborate with cross-functional teams to design and architect secure cloud infrastructure solutions on AWS and Azure • Identify potential security vulnerabilities and gaps in existing infrastructure and propose remediation plans • Implement cloud-native security technologies and best practices to address identified gaps • Analyze security logs and metrics to proactively detect and respond to security incidents • Develop and deploy security controls, such as identity and access management (IAM), network security policies, and encryption mechanisms • Leverage software engineering skills to create security-specific features, particularly in the areas of authentication, authorization, and rate limiting • Create documentation and train and guide team members and other stakeholders on security best practices

• Lead program strategy and operations: asset coverage, scanning cadence, prioritization, and measurable risk reduction using Tenable (Nessus/SC/IO) and Snyk. • Integrate Tenable and Snyk findings into engineering backlogs with clear SLAs; partner with SRE, platform, and application teams to drive remediation. • Establish risk-based prioritization (CVSS, KEV, EPSS, exploitability, business criticality) and publish dashboards for transparency to leadership. • Mature patching and configuration baselines; build preventative controls and secure-by-default guardrails. • Coordinate vulnerability disclosure, pen test intake, and threat-driven campaigns for actively exploited CVEs. • Report program health, trends, and exceptions to security leadership and auditors. • Establish clear data ownership and stewardship across critical datasets; define roles, responsibilities, and decision rights. • Define and enforce data classification, access, and usage policies; drive best practices and guard rails for least privilege and segregation of duties. • Operationalize Sentra (DSPM) and Google DLP to monitor data exposure and access risks; drive timely remediation with accountable teams. • Build data lifecycle controls (creation, storage, use, sharing, archival, destruction) and technical guardrails embedded in platforms and workflows. • Ensure compliance with data protection regulations (e.g., PCI, SOX); partner on control design, testing, and evidence collection. • Collaborate with Security, Legal, Privacy, and Data teams to protect data across its lifecycle and enable safe analytics/product use cases. • Develop metrics (DLP incidents, misconfigurations, toxic combinations, stale sensitive datasets, policy violations) and report to leadership.