• Drive adherence to FIPS, STIG, CIS benchmarks, and Secure Development Lifecycle (SDL) practices • Manage encryption tools (e.g., OpenSSL and related libraries) and ensure cryptographic compliance • Implement and maintain segmentation, secrets management, certificate lifecycle processes, and least privilege access controls • Ensure audit readiness and compliance with industry standards • Oversee generation of OS images (.iso, qcow2, container images) and maintain secure OS installer workflows • Secure CI pipelines and entitlement backend systems, ensuring integrity and compliance throughout build and deployment processes • Monitor CVEs, manage vulnerability remediation, and coordinate timely patching and fixes • Implement and maintain secure boot processes • Develop and execute security testing strategies, including regression and final build validation • Ensure security and compliance across all sites (.org, .pro, .dev) and entitlement portals

• Lead, scope and conduct penetration testing engagements across various technologies • Develop and execute advanced red team exercises to assess real-world attack resilience • Report findings to technical and executive-level audiences • Validate threat models for developed systems • Conduct social engineering activities to assess security posture • Enhance enterprise security policies and documentation

• Actively test our SaaS product for security vulnerabilities across web apps, APIs, and cloud infrastructure. • Perform manual security testing and targeted penetration tests (beyond automated scanners). • Implement and help implement automated security test suites. • Identify abuse cases, business logic flaws, and real-world attack paths. • Work directly with engineers to reproduce issues and drive fixes. • Help introduce lightweight security practices into the development process (threat modeling, secure design reviews). • Validate fixes and ensure issues are fully resolved. • Stay current on new vulnerabilities, attack techniques, and SaaS-relevant threats.

• Leads cybersecurity and privacy principles to ensure the organization's applications and services are implemented according to internal security standards • Recognizes vulnerabilities in security systems • Oversees and performs threat modeling, security code reviews, security assessments • Engineers and develops cloud automation routines to streamline operations • Promotes understanding and adherence to the SSDLC Policy and Standards • Ensures the implementation and maintenance of application security standards • Executes architectural analysis of the current application security architecture • Leads the audit of application security and operational configurations • Remediates application security incoming alerts/vulnerabilities • Creates application security documents, design standard operating procedures • Automates routine operational tasks related to application security • Implements application security solutions such as authentication, authorization, encryption, logging, and application security testing throughout the secure software development life cycle (SSDLC) • Undertakes initiatives/policies to review and generate recommendations for the application security configuration