• Enable teams to move faster and more securely by acting as a trusted GRC partner, translating audit, risk, and compliance requirements into practical guidance. • Ensure audit readiness and successful outcomes by coordinating core assurance activities, including SOX IT and SOC 2, across engineering, IT, and business teams. • Protect customer and partner trust by managing security due diligence requests from prospective and existing business partners, delivering clear and timely responses. • Strengthen security governance by owning policy management, including drafting, maintaining, reviewing, and driving awareness of information security policies and standards. • Reduce third-party risk by supporting and executing the information security third-party risk management program, including vendor assessments, risk tracking, and remediation follow-up. • Improve the efficiency and consistency of GRC operations through process improvement and thoughtful use of automation and tooling.

• Manage, develop, and retain a team of up to 10 offensive security engineers — setting clear expectations, removing blockers, and building the culture that keeps top 1% talent engaged and growing. • Maintain a maniacal focus on client satisfaction throughout every engagement, ensuring technical precision and a consistently high standard of execution across red team, application security, and cloud security. • Run the team against clearly defined objectives and key results — owning utilization, gross margin, NPS, and career development outcomes quarter over quarter. • Partner with product and engineering leadership to systematically feed real-world offensive findings into the Guard platform, turning field expertise into platform capability. • Identify opportunities to improve engagement methodologies, standardize delivery, and scale throughput without sacrificing depth or quality of findings. • Actively identify and implement AI tools and automation within your team's workflows — reducing manual overhead and increasing delivery capacity without increasing headcount. • Assist sales in managing existing client relationships and winning new logos, showing up as a credible technical leader in front of CISOs and security leadership.

• Work with teams to discover and implement new detection capabilities and logging sources • Be a thought leader in building the security road-map • Be a security subject matter expert and respond to internal security engineering questions/requests • Operate external bug bounty programs to source vulnerability information • Architect, design and implement defensive systems that enhance security • Carefully balance security risk and product advancement • Respond to security and privacy incidents, write incident reports, and participate in post-postmortems • Perform penetration testing on internal and external applications • Integrate customer security requirements into product and system design

• Lead the implementation and optimization of cloud security solutions across complex client environments. • Serve as a technical mentor and escalation point for junior and mid-level engineers. • Collaborate with architects and stakeholders to design scalable, secure, and high-performance cloud architectures. • Design and implement security controls across Azure services including Azure Policy, Microsoft Defender for Cloud, Sentinel, Purview, and DLP/AIP. • Collaborate with infrastructure and application teams to ensure secure deployment of Azure Compute, Networking, and Storage resources. • Monitor and respond to security incidents using Log Analytics and SIEM tools. • Support identity and access management initiatives, including IAM, PIM, and Access Packages. • Develop and maintain security documentation, standards, and best practices. • Contribute to automation efforts using PowerShell, Python, or Bash to streamline security operations. • Participate in security assessments, audits, and compliance initiatives. • Provide guidance on secure architecture and design patterns in Azure. • Stay current with emerging threats, vulnerabilities, and regulatory requirements.