• Responsible for implementation and enhancement of Active Directory solutions • Gather and Document technical requirements and design • Act as subject matter expert for client discussions

• Support cybersecurity compliance and risk management efforts within the HACS program. • Help maintain system authorization. • Develop security documentation. • Ensure systems meet federal cybersecurity standards.

• Support the maturation and day‑to‑day operationalization of the ransomware recovery governance program through hands‑on process execution, documentation updates, and technical validation activities. • Apply and enforce ransomware recovery maintenance policies by performing configuration checks, control verification, and operational compliance reviews. • Coordinate and execute testing for protected applications, including technical recovery validation, dependency mapping, and test result analysis. • Design and implement the application review and onboarding workflow, including technical assessments, readiness evaluations, and control implementation support. • Develop and document the decision authority framework by gathering requirements, validating operational roles, and ensuring alignment with technical processes. • Partner with incident response teams to build and refine the ransomware incident response plan, leading technical exercises, simulations, and tabletop scenarios. • Contribute technical insights to future‑state technology assessments, tool evaluations, and ransomware resilience capability improvements. • Review and enhance existing: Security policies and standards; Backup and recovery strategies; Risk management processes

• Build, operationalize, and scale the security engineering practices that protect the benefits platform • Work across application security, cloud security, security architecture, supply chain security, detection engineering, and vulnerability management • Partner deeply with the teams building web and mobile applications, backend services, system integrations, card and banking workflows, infrastructure as code, and data platforms • Turn risk reduction into scalable guardrails, automated controls, and clear engineering guidance • Help define secure AI tooling usage, LLM and code-assistant governance, and data protection practices for AI-enabled development workflows • Balance ideal security outcomes with engineering velocity and business priorities