• Act as a senior security consultant for development, cloud and platform teams • Ensure security is embedded from the solution design phase (security by design) • Lead security architecture assessments for complex, distributed and cloud-native applications • Conduct secure design reviews, threat modeling and risk-based decision making • Lead and execute Application Readiness Reviews (ARR) for critical applications • Define and disseminate application security standards, best practices and frameworks • Guide teams on secure coding, vulnerability remediation and architectural decisions • Perform advanced vulnerability analyses (SAST, DAST, SCA, containers and cloud) • Collaborate with risk and security areas to define mitigation plans • Influence adoption of DevSecOps practices, security in CI/CD pipelines and automation • Support the evaluation and evolution of security tools and platforms • Serve as a technical mentor for less experienced professionals • Contribute to the evolution of the overall application security strategy

• Work in partnership with technology teams to ensure security is embedded from the solution design phase • Interact with development teams, advising on security best practices and compliance with Information Security policies • Promote the use of best practices and tools approved by NIS • Conduct security reviews within the Application Readiness Review (ARR) process • Serve as a consultant on various application security topics • Support risk mitigation efforts alongside risk managers and information security owners • Analyze application vulnerabilities and define mitigation strategies • Perform security reviews using vulnerability analysis tools, scanners, and code review • Assess risks, threats, and the effectiveness of mitigation plans • Support development teams to balance security and delivery speed (time-to-market) • Collaborate with multiple technical and business stakeholders • Align business requirements with security frameworks and architectures

• Perform vulnerability scanning, vulnerability management and CSSP tooling and coordination • Support the Cybersecurity team in complex to highly complex aspects of the Leidos Cybersecurity planning of the EHR system, and provide leadership to individual tasks as necessary • Support the Cybersecurity Lead in the development and management of project management plan(s), provide management summaries which identify potential risks, and recommend plans to mitigate those risks • Conduct ACAS scans in support of identifying new vulnerabilities/findings on DHMSM ATOs; Provide finding metrics, evidence of closures/burndown • Maintain ACAS and eMass asset inventories in support of ConMon process • Coordinate responses to IAVMs, CTOs and other taskers from the CSSP/CYOC • Coordinate deployment of CSSP tools to MHS Genesis ATO assets • As necessary, support the Cybersecurity Lead in meeting, presenting, and providing status to senior government personnel on the Program • Support ongoing upgrades, pitches and projects by providing cyber reviews and input to the TPM leading each project as backup to lead cyber architect • Assist the Cybersecurity Lead in ensuring the project meets identified milestones • Support the development of cyber strategy and associated documentation • Provide Subject Matter Expertise for customer inquiries • Support the establishment and maintenance of internal and external relationships for cyber related collaboration

• Play a pivotal role in developing and executing strategies to counter emerging threats to Amgen products throughout the regulated supply chain • Direct response and remediation activities related to global supply chain incidents, including diversion and theft • Collaborate across Amgen’s diverse internal network to ensure effectiveness and agility of the Product Security program • Provide strategic oversight and support to global supply chain product security initiatives in partnership with Supply Chain Security and Operations • Support a cross-functional steering committee, including representatives from Global Security, Operations, Supply Chain, Legal, and Corporate Audit • Define and operationalize strategies for threat monitoring, incident reporting and response, enforcement protocols, and other key security functions • Support the development of tools and systems used to monitor security threats impacting the supply chain • Leverage the Global Security Operations Center (GSOC) • Provide Amgen leadership with metrics, KPIs, and reports on emerging and ongoing threats to Amgen products • Create and execute strategies to promote education and awareness of Product Security issues affecting Amgen • Accountable to represent Amgen interests in industry and government working groups, task forces, and committees (e.g., PSI, HDA) • Facilitate security audits of vendors, suppliers, and business partners, both proactively and in response to specific concerns • Manage activities related to the supply chain security audit program, in collaboration with internal stakeholders • Assess site risks and vulnerabilities for product security and create response plans to maintain effective security procedures • Build and maintain relationships with law enforcement and emergency services agencies • Coordinate efforts with other directorates within Global Security • Select, train, and manage contract workers and consultants • Conduct and manage internal and external investigations as needed.