• Review and audit the work of new and existing DRG Reviewers to ensure accuracy, compliance, and alignment with established coding and clinical validation guidelines. • Provide constructive, detailed feedback to DRG Reviewers, highlighting areas for improvement and recognizing high-performance results • Collaborate with management to promote continuous improvement in audit accuracy, workflow efficiency, and reviewer performance • Assist the educator by conducting supplemental training sessions for new hires on DRG methodologies, clinical validation, and proprietary tools • Provide ongoing training to existing staff, focusing on policy updates, skill development, and performance enhancement • Maintain comprehensive documentation of audit findings, feedback sessions, and training activities • Generate reports on the quality assurance results and the effectiveness of training sessions for review by management • Work closely with team leaders and the educator to ensure the training and QA processes align with the company’s standards and objectives • Serve as an expert resource for DRG Reviewers and other staff members, answering questions and offering guidance on complex cases or procedures

• Desenvolver e executar planos de teste abrangentes, casos de teste e procedimentos de teste para garantir a qualidade da aplicação; • Colaborar com desenvolvedores, analistas de negócios e outros membros da equipe para entender os requisitos, funcionalidades e casos de uso esperados; • Identificar, registrar, documentar e acompanhar bugs e outras questões de qualidade; • Realizar testes funcionais, de regressão, de integração e de performance para validar a aplicação; • Participar de revisões de especificação de requisitos e sessões de planejamento de projeto; • Estabelecer e promover as melhores práticas de processo de QA; • Auxiliar na definição de métricas e KPIs de qualidade e garantir que as metas sejam atingidas.

• Plan and execute penetration tests against internal and external infrastructure, web applications, APIs, and cloud environments (primarily AWS) • Conduct red team engagements simulating advanced persistent threats (APTs) and real-world attack chains • Design, build, and maintain automated pentesting and security scanning pipelines integrated into CI/CD workflows • Leverage AI and machine-learning–based tools (e.g., LLM-assisted vulnerability discovery, automated exploit generation, AI-driven anomaly detection) to scale offensive security operations • Develop custom exploit code, scripts, and tooling tailored to the organisation's technology stack • Assess and harden Kubernetes and AWS environments (IAM, VPC, EKS, Lambda, S3, CloudTrail, GuardDuty, etc.) • Document findings in clear, actionable reports with risk ratings and remediation guidance • Collaborate with SOC, DevOps, and engineering teams to validate fixes and improve detection capabilities • Contribute to purple team exercises bridging offensive findings with defensive improvements • Stay current on emerging attack techniques, CVEs, threat intelligence, and offensive security research • Mentor junior security team members on offensive methodologies and tooling

• Build an automation framework from scratch, starting with API-level coverage of critical end-to-end happy path flows, the ones that must never break in a product shipping multiple times a day. • Mentor QA team members into more technical and structured testing practice. • Work with developers to build shared ownership of quality across engineering: encourage better unit testing, help them understand what good coverage looks like, and shift quality from a QA concern to a team habit. • Run exploratory testing to surface edge cases and failure modes that specs don't anticipate. • Own feature aftercare: monitor releases in production, track stability, and drive continuous improvement from what you find. • Identify gaps that developers and PMs miss and bring them to the table early, contributing to product decisions throughout the cycle, not just at the end. • Track QA metrics that matter, bug detection rate, release confidence, post-release defect counts, and own the narrative around what they mean for the product.