• Secure Architecture & Design Reviews: Provide security guidance for cloud architectures and changes (network segmentation, private connectivity, encryption patterns, key management), and review designs for risk and alignment to standards. • Identity & Access Management (IAM): Implement and maintain least-privilege access using AWS IAM/Organizations and Azure Entra ID/RBAC, including privileged access workflows, role design, service principals, and periodic access reviews. • Security Monitoring & Detection Engineering: Enable and tune cloud-native security signals (e.g., CloudTrail/Config/GuardDuty, Azure Activity Logs/Defender for Cloud/Sentinel) and ensure centralized logging, alerting, and actionable runbooks. • Vulnerability & Configuration Management: Drive patching and vulnerability remediation for cloud workloads and platform services; enforce secure configuration baselines and continuously assess drift using CSPM/configuration tools. • Security Automation & DevSecOps: Build guardrails and automate security controls with Infrastructure as Code (e.g., Terraform) and scripting (Python/Bash/PowerShell), including policy-as-code, CI/CD checks, and standardized hardened templates. • Compliance, Risk & Governance: Maintain cloud security standards, support audits (e.g., HITRUST), evidence collection, risk assessments, and exception management; translate control requirements into actionable technical controls. • Stakeholder Partnership: Collaborate with cloud/platform teams and application owners to prioritize security work, provide guidance, and deliver secure-by-default patterns without blocking delivery.

• Projetar, implementar e operar soluções de network security em ambientes cloud • Definir e direcionar padrões de arquitetura de rede (Hub & Spoke, segmentação, Zero Trust) • Garantir controle de tráfego (ingress/egress), inspeção e isolamento de ambientes • Atuar na governança e evolução do uso de serviços de rede e segurança em cloud • Projetar e sustentar estratégias de controle de egress e inspeção de tráfego • Definir e implementar arquitetura de DNS como componente de segurança • Atuar em troubleshooting avançado de rede e performance • Integrar soluções de rede com identidade e controles de acesso • Apoiar decisões técnicas relacionadas a conectividade híbrida e multi-região • Trabalhar com infraestrutura como código e automação de ambientes • Interagir com times de segurança, cloud e aplicações

• Act as the Subject Matter Expert (SME) for Endpoint Detection and Response (EDR) tools/process including optimizing configurations/policies, developing custom threat detection rules, and proactively improving Deel’s overall security posture for remote endpoints (Mac and Windows) and cloud assets (Eg, VMs). • Configure, manage, and tune the full suite of security policies within SWG, CASB and ZTNA. Assist our remote colleague with seamless experience through troubleshooting end user issues as needed. • Continuously improve SaaS security posture with SSPM tools and processes around it. Collaborate with diverse application owners, understand security control and resolve configuration drifts for our wide range of SaaS applications from baseline. • Develop a rigorous review, approval, policy enforcement and auditing for browser extensions, third party OAuth applications for SaaS applications such as Google Workspace, GitHub, Jira etc to meet security and privacy standards. • Design, implement, and audit security policies related to enterprise browsers (Eg, Island, Chrome Enterprise etc) including controlling access to sensitive web apps, and data loss prevention (DLP) configuration, ZTNA, secure web browsing experience but not limited to. • Manage DLP policies across Endpoint, Network, SaaS Applications and Cloud assets, directly supporting the "Crawl-Walk-Run" program phases. Ensure DLP policies meet diverse data sovereignty, privacy (GDPR, CCPA, etc.), and national regulatory requirements. • Run vulnerability management programs for endpoints and servers and ensure they are patched according to the policy in collaboration with stakeholders.

• Own and execute Slingshot’s cybersecurity strategy across enterprise, product, and operational environments. • Lead readiness and implementation for CMMC, NIST SP 800-171, DFARS, and related government cybersecurity requirements. • Establish and scale secure software development lifecycle (SDLC), application security, and DevSecOps practices. • Design and oversee cloud security architecture across AWS/Azure/GovCloud environments. • Drive audit readiness, including System Security Plans (SSPs), POA&Ms, and continuous monitoring programs. • Partner with Product and Engineering to embed security into development without slowing delivery velocity. Build and operate security monitoring, detection, vulnerability management, and incident response capabilities. • Lead executive-level incident response, including customer communication and regulatory reporting. • Develop and enforce identity, access management, data protection, and logging strategies across systems. • Oversee third-party/vendor risk management and supply chain security, including flowdown requirements. • Partner with the Facility Security Officer (FSO) on classified programs, insider threat initiatives, and industrial security requirements. • Ensure secure handling of CUI/FCI and readiness for customer audits and security questionnaires. • Define and communicate cyber risk to executive leadership, board members, and customers. • Support business development by enabling compliance required to win and execute government contracts. • Build and scale a lean, high-performing security team aligned to company growth.