• Fine-tuning Upwind’s detection and response mechanisms • Conduct in-depth security investigations • Translating security findings into actionable recommendations • Staying up to date with emerging threats and best practices in cloud security

• Assist the FSO & AFSO with day-to-day security operations through the following tasks: • Provide initial security indoctrination briefings, debriefings, and annual refresher briefings. • Assist with preparing/maintaining manuals, Standard Operating Procedures (SOPs), System Security Plans (SSPs), Insider Threat Program Manual, and other required documents as well as ensuring full compliance to National Industrial Security Program Operating Manual (NISPOM) and other government and company policies. • Ensure compliance with government regulations and company policies regarding security clearances and classified information handling. • Maintain employee security files. • Security Team Liaison to Board Managers • Conduct New Hire Orientation • Support and participate in annual security self-assessments as well as DCSA Security Reviews. • Assist the Information Security team with day-to-day security operations such as: • Evaluate and validate identified vulnerabilities, distinguishing true positives from false positives and assessing potential business impact. • Prioritize remediation efforts based on risk severity, exploitability, asset criticality, and threat intelligence. • Collaborate with system owners and IT teams to communicate findings, recommend remediation actions, and track progress through closure. • Monitor threat intelligence sources to stay informed about emerging vulnerabilities, zero‑day exploits, and industry security trends. • Maintain and enhance vulnerability management processes, including scanning schedules, reporting workflows, and remediation SLAs. • Develop and deliver clear reporting, dashboards, and metrics for leadership, compliance teams, and technical stakeholders. • Support compliance and audit activities, ensuring vulnerability management practices align with frameworks such as NIST, CIS, ISO 27001, or regulatory requirements. • Stay informed about changes in security regulations and industry best practices. • Other security-related duties as assigned.

• Conduct regular security assessments and audits of systems and networks to identify vulnerabilities and risks. • Monitor and analyze security threats and incidents and provide recommendations for remediation. • Assist with the implementation of internal controls to maintain compliance with regulatory and statutory security frameworks (e.g., NIST, SOC 2, HITRUST). • Collaborate with other IT teams to ensure security is integrated into all aspects of the company's technology infrastructure. • Develop and implement security policies and procedures. • Participate in incident response and disaster recovery planning. • Stay up to date with the latest security threats, trends, and technologies, and make recommendations to improve our security posture. • Research/evaluate emerging cyber security threats and ways to manage them. • Plan for disaster recovery and create contingency plans in the event of any security breaches. • Test and evaluate security products. • Design new security systems or upgrade existing ones. • Use advanced analytic tools to determine emerging threat patterns and vulnerabilities. • Engage in 'ethical hacking', for example, simulating security breaches. • Identify potential weaknesses and implement measures, such as firewalls and encryption. • Monitor identity and access management, including monitoring for abuse of permissions by authorized system users. • Consult with stakeholders in relation to cyber security issues and provide future recommendations. • Generate reports for both technical and non-technical staff and stakeholders. • Maintain an information security risk register and assist with internal and external audits relating to information security. • Assist with the creation, maintenance, and delivery of cyber security awareness training for colleagues. • Performs other related duties as assigned.

• Move beyond traditional CVSS-based patching to prioritize actionable resolutions • Serve as a detective for the attack surface, correlating data to identify critical assets • Perform rapid risk assessments of newly acquired infrastructure • Support the end-to-end remediation pipeline within ServiceNow SecOps • Proactively manage the team's RAID Log and escalate blockers • Act as a bridge between Security and IT Operations to prioritize security tasks • Monitor the efficacy of scanning agents to ensure visibility across environments