• Design and implement security solutions for Java-based applications • Secure applications, microservices, APIs, and databases against vulnerabilities • Perform static (SAST) and dynamic (DAST) security testing • Perform quarterly Vulnerability Scans and annual Penetration Test • Manage application dependencies and vulnerabilities within established SLAs • Implement and support authentication (OAuth, SAML), authorization (RBAC), and encryption • Integrate security into the CI/CD pipeline to automate security testing and compliance checks • Monitor, analyze, and respond to security incidents and security questionnaires • Manage Drata for security monitoring, compliance automation, and audit readiness • Ensure compliance with data protection regulations (GDPR, CCPA, HIPAA) and security frameworks (ISO 27001, NIST, SOC 2) • Collaborate with development teams to enforce secure coding best practices via code reviews • Work with Spring Security to enforce access controls and secure distributed applications • Maintain and publish TopQuadrant’s Authorized Software List • Stay updated on the latest security vulnerabilities affecting Java and Spring ecosystems

• Lead and execute cybersecurity control assessments against a defined subset of key controls aligned to established frameworks (NIST SP 800-53 Rev. 5). • Assess control implementation status using standardized criteria and validation methodologies. (NIST SP 800-53A Rev. 5). • Test information systems using documentation review, system walk-throughs, and stakeholder interviews to assess the design and operating effectiveness of NIST SP 800-53 Rev. 5 security controls. • Apply consistent judgment to determine evidence sufficiency and appropriateness. • Lead planning, kickoff, execution coordination, and closeout activities for assigned assessment engagements. • Coordinate assessment activities and task assignments across Control Assessors to meet delivery timelines. • Serve as the primary point of contact for client stakeholders during assessment engagements. • Review and approve assessment narratives, findings, and control determinations prior to quality assurance submission. • Ensure assessments are executed consistently across multiple clients to support trend analysis and benchmarking. • Enforce adherence to defined assessment methodologies, scope boundaries, and validation standards. • Support quality assurance reviews by addressing feedback and ensuring accuracy, clarity, and consistency of deliverables. • Lead and participate in client interviews, system walkthroughs, and working sessions in a professional, structured manner. • Clearly communicate assessment scope, expectations, and evidence requirements to stakeholders. • Present assessment results, key findings, and risk implications to executive leadership and board-level stakeholders in a clear, concise, and professional manner. • Mentor and guide Control Assessors on assessment techniques, documentation standards, and professional judgment. • Escalate risks, issues, or control interpretation questions to program leadership as appropriate.

• Manage certification frameworks, including CMMC, NIST, and SOC 2 • Assist the Company to successfully achieve compliance with applicable security certifications • Develop, track, and maintain security and compliance policy documents • Build and maintain controls documentation aligned with multiple compliance frameworks and standards • Ensure ongoing compliance with the Company’s information security policies and procedures and ensure controls are implemented • Develop IT security standards, best-practice implementations, and systems to ensure enterprise information system security • Identify acceptable levels of risk and establish roles and responsibilities for information classification and protection • Maintain security policies and procedures • Evaluate risk and develop security standards, procedures, and controls with a mindset of continuous process improvement • Analyze and review system configurations for security vulnerabilities • Monitor Company security vulnerabilities • Assist with remediation of escalated incident tickets and review completed tickets for accuracy and sufficiency • Conduct vendor security assessments and support the Company’s vendor management program • Coordinate security and compliance technology development requests • Coordinate with external IT service providers on security and compliance matters, including device configuration, application management, and security updates • Attend Security Committee meetings and draft meeting minutes • Coordinate Security Committee meetings and maintain records of activities • Communicate cybersecurity risks to senior management through reports, presentations, metrics, and documentation • Conduct security awareness training and assist with publishing security bulletins and advisories • Design and conduct testing of data security controls, including simulated events and phishing exercises • Provide security guidance and training to Company employees • Provide security guidance for IT projects, including evaluation and recommendation of technical controls

• Act as a security subject matter expert to support engineers through design reviews, threat modeling, code reviews, patch creation, and security testing. • Collaborate with product and engineering teams to architect resilient, security-first services. • Engineer and implement secure, scalable, and resilient systems. • Develop and customize high-signal security tooling through automation and plugins. • Manage day-to-day security tasks, including abuse remediation, threat research, and incident handling. • Participate in on-call rotations and incident response efforts to ensure platform and customer security.