• oversee and enhance the efficiency of our software development and deployment processes • ensuring seamless integration and continuous delivery • embed security into the SDLC, enabling secure-by-design applications, and scaling AppSec practices across engineering teams • collaborate closely with internal software developers, IT professionals, and other stakeholders to streamline workflows • automate processes, and implement best practices in configuration management, infrastructure as code, and monitoring • manage resources, setting strategic goals, and driving innovation to support scalable and secure software solutions • Design, develop, and maintain secure application components, frameworks, and tooling (SAST, DAST, custom scanners, CI/CD integrations) • Perform threat modeling, architecture reviews, and secure design guidance for web, API, cloud, and microservice-based systems • Identify, triage, and remediate vulnerabilities through code reviews, automated testing, and manual analysis • Partner with all development teams to embed security controls into CI/CD pipelines and development workflows • Establish and promote secure coding standards and best practices aligned with OWASP Top 10 and modern AppSec frameworks • Lead vulnerability remediation guidance and contribute directly to fixing security issues in core codebases • Support incident response activities, including application-level root cause analysis and corrective actions • Elevate developer security awareness through coaching, documentation, and internal security evangelism • Train and mentor application developers in security and design principles • Working closely with the Application Development Manager on project resourcing and utilization • Develop and maintain documentation and testing methodologies for secure coding standards • Manage and maintain the infrastructure required for development and production environments, ensuring scalability, reliability, and security • Collaborate with IT and other departments to align infrastructure needs with organizational goals • Serve as a liaison between development, operations, and other departments to ensure alignment and effective communication • Ensure that security best practices are integrated into the development and deployment processes • Stay updated with the latest trends and technologies in DevOps and software development • Drive continuous improvement initiatives to enhance the DevOps security culture and best practices within the organization • Participate in code reviews to represent reviewed work for adherence to standards and specifications • Other duties as assigned.

• Lead all phases of security-systems projects including design, bid management, installation oversight, and final testing and commissioning for new builds and MACs across the region. • Develop detailed project plans defining scope, schedule, deliverables, resources, budget, and risk management strategies. • Design and review security system layouts (CCTV, access control, intrusion, intercom, etc.) in accordance with company standards and project requirements. • Evaluate vendor bids, manage the selection process, and oversee contractors through installation to ensure quality, compliance, and documentation accuracy. • Coordinate and lead meetings with cross-functional stakeholders (Workplace, AV, Program Delivery, IT/Network, Security Operations, GC, and integrators) to align project scope, schedule, and execution. • Oversee system testing, commissioning, and handover activities to ensure full functionality, proper documentation, and client sign-off. • Track project performance, issues, and financials — including cost and schedule variances — and apply structured change-management processes as needed. • Maintain all project documentation and ensure client satisfaction, safety, and quality throughout the project lifecycle.

Execute FedRAMP Continuous Monitoring activities, maintain vulnerability tracking and remediation processes, and ensure audit-ready documentation while collaborating with cross-functional teams to enhance security posture and compliance readiness.

• Support cloud service providers in preparing for FedRAMP authorization through readiness assessments • Perform Gap Assessments & Control Analysis • Develop key deliverables such as System Security Plans (SSP), POA&Ms • Translate NIST SP 800-53 control requirements into practical implementations within cloud environments • Provide guidance on security architecture and control design • Lead technical discussions and workshops with client stakeholders • Contribute to RSI’s development of FedRAMP assessment methodologies