• Collaborate with IT, SRE and Software engineering teams to define and implement security best practices across Serve’s cloud infrastructure (AWS/GCP). • Develop and support internal security risk assessment processes as part of Serve’s software and system lifecycle and third party vendor acquisitions. • Develop, maintain, and improve automation tools for secure configuration management and continuous monitoring (e.g., runtime security, image scanning, IAM policy enforcement). • Design and deploy infrastructure and application security controls to protect critical information systems. • Design and deploy endpoint security measures to protect IT managed devices. • Design and implement IT infrastructure hardening requirements for on-premise network infrastructure: firewalls, switches, and on-premise storage etc. • Research and monitor threats and vulnerabilities, perform impact assessments and drive remediation actions partnering with engineering teams. • Participate in the triage, investigation, and resolution of security incidents. • Participate in the Security team on-call rotation.

• Reporting to the General Counsel this position provides strategic and operational legal support across legal issues in cybersecurity, data privacy, artificial intelligence, and data governance. • Develop, implement, and maintain the organization's comprehensive data governance and security, privacy and compliance frameworks and policies. • Serve as the Privacy Officer and primary legal and operational authority on HIPAA, including Privacy Rule and Security Rule requirements. • Ensure adherence to global, federal, state and emerging privacy laws (GDPR, CPRA, etc.), as applicable. • Advise executive leadership on cybersecurity risk, mitigation, data governance, and regulatory obligations. • Lead internal audits, risk assessments, and incident response planning. • Manage relationships with outside counsel, regulators, and third-party vendors on compliance matters. • Educate staff on data handling, privacy practices, and security threats. Organize and oversee employee training programs on data privacy, security protocols, and HIPAA obligations. • Monitor evolving federal and state data privacy legislation and assess organizational impact. • Draft and enforce internal data security policies, procedures, and Business Associate Agreements (BAAs). • Represent the organization in regulatory investigations or breach notification proceedings, remediation efforts, and regulatory notifications.

• Strategic development of the Hamburg, Ruhr area, Rhineland and Leipzig regions • Position pco as an MSP and MSSP • Identify target customers and manage the full sales cycle – from initial contact to closing • Develop solutions combining Modern Infrastructure, Cyber Security, Cloud Services and Managed Services in collaboration with Consulting and Presales • Continuously build and actively manage a robust pipeline • Increase pco's visibility through client meetings, relationship building and on-site presence • Actively contribute ideas to open up new customer segments

• Own threat modeling across our entire surface area: multi-tenant training infrastructure, sandboxed execution environments, API surfaces, and internal tooling • Design and implement zero-trust networking, identity, and access control across distributed GPU clusters and cloud infrastructure • Build secure-by-default patterns for our platform engineers — auth, secrets management, supply chain integrity, container hardening • Architect tenant isolation and data boundary enforcement for hosted RL training workloads (customers run arbitrary code in our environments) • Develop security frameworks specific to AI infrastructure: model weight protection, training data isolation, checkpoint integrity, gradient privacy • Secure the RL training loop end-to-end — from environment execution in sandboxes to reward signal verification and model artifact storage • Build detection and prevention for AI-specific attack vectors: prompt injection across agentic pipelines, model exfiltration, adversarial environment manipulation • Scope, manage, and run point on external penetration tests across our platform, hosted training infrastructure, and liquid compute layer • Build and maintain an internal red-teaming practice — automated and manual — targeting our most critical systems • Drive vulnerability management: triage, remediation SLAs, and root cause analysis • Build security monitoring and alerting across infrastructure (distributed clusters, Kubernetes, cloud) and application layers • Implement runtime security for containerized training workloads and sandboxed environments • Own incident response — build the playbooks, run the drills, lead the post-mortems • Design audit logging and forensic capability across all customer-facing systems • Drive SOC 2 Type II readiness and other compliance frameworks required by enterprise customers • Own the security narrative for customer-facing materials — questionnaires, architecture reviews, trust documentation • Partner with GTM to unblock enterprise deals that depend on security posture.