• Design and maintain comprehensive security strategies leveraging Microsoft Defender for Cloud Apps to protect organizational applications and monitor cloud-based activities. • Configure, optimize, and administer Microsoft Purview solutions to drive effective data discovery, classification, and governance across both cloud and on-premises environments. • Collaborate with cross-functional teams to assess security requirements and integrate solutions that align business objectives with regulatory obligations. • Oversee the implementation of identity and access management (IAM) policies, ensuring that only authorized personnel can access sensitive systems and information. • Regularly evaluate and refine security policies and procedures to address emerging threats and maintain compliance with prevailing industry norms. • Work in partnership with IT teams and business stakeholders to identify cloud risks, enforce security policies, and ensure regulatory adherence. • Implement advanced security measures, including threat protection, data loss prevention, Insider risk Management, Communication compliance, Information barrier and information protection through Microsoft Defender for Cloud Apps and Microsoft Purview. • Employ Data Security Posture Management to evaluate and enhance the protection of sensitive data across a range of environments. • Leverage Compliance Manager to ensure continuous adherence to regulatory requirements and to optimize the organization’s risk management processes. • Conduct regular security audits, generate comprehensive reports, and analyze findings to detect vulnerabilities and recommend strategic mitigations.

• Define and maintain a cybersecurity metrics framework (KPIs, KRIs, OKRs) that supports executive decision-making • Develop and maintain a data dictionary and standardized definitions for all key metrics • Design and maintain logical and physical data models for cybersecurity reporting • Leverage ServiceNow as a core source of truth for workflow and status metrics • Develop and standardize ServiceNow-based reports, dashboards, and potentially Performance Analytics indicators • Apply best practices in visualization and information design to keep dashboards clear, actionable, and aligned with stakeholder needs • Implement governance for dashboard lifecycle • Partner with the Senior Principal, Vulnerability Management to ensure Tenable- and VM-related metrics align with risk models and program goals • Support Security Leadership in using metrics for planning, prioritization, and communication

At Netflix, our mission is to entertain the world. Together, we are writing the next episode - pushing the boundaries of storytelling, global fandom and making the unimaginable a reality. We are a dream team obsessed with the uncomfortable excitement of discovering what happens when you merge creativity, intuition and cutting-edge technology. Come be a part of what’s next. The Team The Detection Engineering Team is responsible for analyzing high-risk attack paths that could have substantial impact on Netflix and creating focused detections to reduce risk to the business. This is facilitated by partnerships with stakeholder teams, stakeholder domain expertise, and individual contributor creativity. DetEng is part of a larger Detection and Response team which includes Attacker Emulation, Security Incident Response and Threat Intelligence. The Role We are looking for an experienced detection engineer to help mature and expand our detection frameworks, platforms, and portfolio. The focus of our team is to create and continually improve detections that run on our own platforms to minimize risk to Netflix by proactively surfacing malicious or anomalous behavior to identify attacker presence or activity. We are a tight-knit team that provides value by creating compensating detective controls in order to shorten the time to discovery. Using a risk-based prioritization mindset, we focus our efforts to generate the largest impact and benefits for Netflix. Desired background: - You are comfortable working across the information security domain, with familiarity in a combination of endpoint, email, network, identity management, cloud security, vulnerability management, incident response, and/or threat intelligence - You have hands-on experience analyzing and responding to security events, such as conducting log analysis, developing queries and analytics, troubleshooting security issues, and/or correlating complex data sets - You can identify trends, insights, and relationships between internal and external data and intelligence sources to provide recommended risk mitigation - You have experience implementing, using, and configuring some common security tools - You have experience writing detections at scale using a detection-as-code approach - You are able to script and develop automations, preferably using Python and SQL, in a cloud-based environment to contribute to our in-house platforms - You have excellent written and verbal communication skills, proactively inform stakeholders, and can operate with little oversight - You can effectively operate across teams and disciplines in highly ambiguous and rapidly changing environment - You work well with others, see the value of a team, and partner effectively with all stakeholders - You are comfortable working on ambitious projects with a very small, tight-knit team - Comfortable or experience applying GenAI technologies to automate security operations is a plus Generally, our compensation structure consists solely of an annual salary; we do not have bonuses. You choose each year how much of your compensation you want in salary versus stock options. To determine your personal top of market compensation, we rely on market indicators and consider your specific job family, background, skills, and experience to determine your compensation in the market range. The range for this role is $260,000.00 - $459,000.00. This compensation range will vary based on location. Netflix provides comprehensive benefits including Health Plans, Mental Health support, a 401(k) Retirement Plan with employer match, Stock Option Program, Disability Programs, Health Savings and Flexible Spending Accounts, Family-forming benefits, and Life and Serious Injury Benefits. We also offer paid leave of absence programs. Full-time hourly employees accrue 35 days annually for paid time off to be used for vacation, holidays, and sick paid time off. Full-time salaried employees are immediately entitled to flexible time off. See more details about our Benefits here. Netflix is a unique culture and environment. Learn more here. Inclusion is a Netflix value and we strive to host a meaningful interview experience for all candidates. If you want an accommodation/adjustment for a disability or any other reason during the hiring process, please send a request to your recruiting partner. We are an equal-opportunity employer and celebrate diversity, recognizing that diversity builds stronger teams. We approach diversity and inclusion seriously and thoughtfully. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service. Job is open for no less than 7 days and will be removed when the position is filled.

• Reporting to the Global CISO, the Head of Information Security (APAC) drives Alpaca's regional security, risk, and compliance, focusing on APAC regulations (APPI, FSA, MAS). • Collaborating with global teams (Security, Engineering, Legal, Compliance, Product) to align infrastructure, the trading platform, and internal systems with both global standards and local regulatory needs. • Merging security engineering, local compliance, risk management, and stakeholder engagement. Translating regional regulatory requirements into actionable security controls. • Serving as the main contact for regulators, auditors, and local stakeholders, enabling confident operations in highly regulated financial markets.