• Lead, coach, and grow the Security Engineering team, including both Cloud Security Engineers and Application Security Engineers • Set priorities and operating rhythms for the team, balancing strategic security investments, day-to-day engineering support, and incident response • Design and implement security controls across our Cloud environments, such as but not limited to: AWS, Azure, GCP, Digital Ocean, OCI, etc., including IAM, SCPs, VPC security, S3 bucket policies, security groups, key management, and logging • Continuously monitor and improve cloud posture by managing and tuning services such as GuardDuty, Security Hub, AWS WAF, CloudTrail, and Inspector • Partner with engineering teams to embed security into the SDLC, including secure design reviews, threat modeling, architecture review, and CI/CD security automation • Lead the application security program, including secure coding practices, vulnerability management, developer enablement, and product security reviews • Continuously monitor and improve application security tooling by managing and tuning services such as SonarQube, Dependency Track, ZAproxy, Trufflehog, Trivy • Build and maintain GitLab CI/CD pipelines and tooling for automated security testing and scanning of cloud resources and applications • Conduct threat modeling, architecture reviews, and risk assessments for cloud deployments, product features, and new systems • Implement security monitoring, secure systems hardening, and detective controls for malicious activity across AWS and application environments • Respond quickly to new and emerging threats and vulnerabilities; support investigations, post-mortem analysis, root cause identification, and preventive actions • Define and enforce identity and access management best practices, including least privilege, federated identity, role-based access control, and automated remediation • Develop and maintain security policies, standards, and procedures aligned to frameworks such as SOC 2, GDPR, ISO 27001, FedRAMP, NIST, CIS, and MITRE ATT&CK • Create metrics, reporting, and risk narratives that communicate security posture, trends, and priorities to business owners and leadership • Evaluate and recommend new tools, techniques, and controls to improve the security posture of our cloud and application environments

• Data Collection: Locate, target and recapture data from Phishing-as-a-Service (PhaaS) kits using a combination of human intelligence and platform sourcing. • Data Analysis: Apply data science techniques to understand the quality of sourced data, in order to refine and improve the PhaaS data sourcing pipeline. • Human Intelligence: Perform human intelligence techniques such as managing multiple alternate personas, actor engagements, and social engineering in support of data recapture efforts. • Security Analysis: Participate in the drafting of research blogs and analytical products to support customers and business objectives. • Security Research: Participate in security research including investigation of threat actors, PhaaS, and other critical research in support of SpyCloud’s priorities.

• Curriculum Development: The instructor is responsible for assisting our subject matter expert (Cyber Security Engineers) with technical review and providing suggestions on the Cyber Security teaching curriculum per the overall learning objective and industry requirements. • Instruction Delivery: Conduct lectures, workshops, and interactive sessions to teach Cyber Security Engineering principles, algorithms, and methodologies. Instructors may use various teaching methods, including lectures, demonstrations, hands-on exercises, and group discussions. • Industry Engagement: Staying current with the latest trends and advancements in Cyber Security and related fields, engaging with industry professionals, and collaborating on projects or internships to provide students with real-world experiences. • Research and Development: Conducting research in Cyber Security and contributing to developing new techniques, models, or applications. • Constantly improve the session flow and delivery by working with other instructors, subject matter experts, and the IK team. • Help the IK team in onboarding and training other instructors and coaches. • Have regular discussions with IK’s curriculum team in evolving the curriculum. • Should be willing to work on weekends/evenings and be available as per the Pacific time zone. • Streamlining curriculum to align with Cyber Security roles in tier-1 companies. • Developing interview-relevant content and case studies for the program.

• Design, review & verify robust security architecture in a heterogeneous environment • Conduct thorough security assessments and audits of existing architectures, recommending practical improvements • Stay updated with latest (blockchain) security trends, threats and mitigation techniques • Provide expertise to our blockchain teams, ensuring secure operational practices