• Own the end-to-end vulnerability management lifecycle across Azure and AWS environments, including triage, prioritisation, and tracking through to remediation. • Build and maintain Threat & Vulnerability Management (TVM) dashboards and Azure Data Explorer queries to surface real-time risk posture, remediation trends, and SLA adherence. • Produce and maintain Monthly Security KPI Dashboards covering Microsoft Secure Scores, tooling coverage metrics, and vulnerability remediation performance across all cloud environments. • Partner with Cloud Engineering and SRE teams to drive remediation of critical and high-severity findings within defined SLAs, escalating blockers and tracking progress to closure. • Manage and operationalise External Attack Surface Management (EASM) tooling (e.g. BlackKite) to continuously assess and monitor Intapp’s external threat exposure and digital footprint. • Translate external posture findings into prioritised remediation actions and track outcomes rigorously through to closure, reporting status to security leadership. • Monitor and report on third-party and supply chain risk signals surfaced through external posture tooling, contributing to broader vendor risk management processes. • Design, implement, and maintain policy-based security controls for Kubernetes workloads across Azure (AKS) and AWS (EKS) environments. • Collaborate with DevOps and SRE teams to embed Kubernetes security controls into deployment pipelines and operational runbooks. • Develop and maintain Microsoft Sentinel data connectors and platform integrations to ensure comprehensive security telemetry coverage across Azure and AWS.

• Define, govern, and evolve cybersecurity architecture models and standards, aligning global frameworks (NIST, ISO 27001, CIS, COBIT) with the specific needs of operations; • Lead security architecture projects and initiatives for multi-cloud, on-premises, network, application, industrial IoT/IIoT, data, and mobility environments; • Design solutions for threat prevention, detection, containment, and remediation, integrating SIEM, SOAR, EDR, IAM systems, and advanced encryption; • Contribute to defining identity and access policies and controls (IAM, SSO, MFA), network segmentation, endpoint protection, vulnerability management, and governance; • Promote integration between physical security, IT, OT (Operational Technology), and operations teams to create resilient, secure environments; • Develop and validate business continuity, cyber disaster recovery, and incident response strategies; • Evaluate and implement innovative security solutions (Zero Trust, Cloud Security Posture Management, Threat Intelligence, security automation and orchestration); • Ensure compliance with data protection laws and regulations in the countries where the company operates (LGPD, GDPR, PIPEDA); • Produce and maintain technical documentation, security plans, best-practice guides, and training for internal teams; • Participate in technical communities, forums, audits, and global compliance assessments; • Other routine duties of the area.

• Implement and maintain robust security controls to protect our cloud infrastructure and applications. • Discover, remediate, and validate security issues across cloud infrastructure. • Perform architectural/design reviews through a security lens and provide timely, actionable requirements and recommendations. • Collaborate with security leadership, compliance, and engineering teams to execute security strategies. • Build, deploy, and manage security tools such as WAF, IDS/IPS, workload protection, GCP Command Center, and Azure Security Center, etc. • Propose and contribute to security and compliance improvements for nesto CI/CD pipelines and deployment processes. • Automate infrastructure provisioning and deployment processes using Infrastructure as Code (IaC) tools like Terraform or Pulumi. • Design and operate scalable processes to provision cloud access and maintain least privilege. • Participate in and support the incident detection and response process by enhancing observability and alerting and assisting the incident response team. • Self-organize and prioritize activities independently. • Support audits and first-party security questionnaires. • Conduct and oversee security assessments and threat modeling exercises. • Implement security controls within Kubernetes. • Build DevSecOps tools/integrations.

• Implement and maintain robust security controls to protect our cloud infrastructure and applications. • Discover, remediate, and validate security issues across the cloud infrastructure. • Conduct security-focused architecture and design reviews and provide timely, actionable requirements and recommendations. • Collaborate with security leadership, compliance teams, and engineering teams to execute security strategies. • Build, deploy, and manage security tools such as WAF, IDS/IPS, workload protection, GCP Security Command Center, Azure Security Center, etc. • Propose and contribute to security and compliance improvements for nesto's CI/CD pipelines and deployment processes. • Automate infrastructure provisioning and deployment processes using Infrastructure as Code (IaC) tools such as Terraform or Pulumi. • Design and operate scalable processes to provision cloud access and maintain the principle of least privilege. • Participate in and support the detection and incident response process by improving observability and alerts, and assisting the incident response team. • Self-organize and prioritize activities autonomously. • Support first‑party security audits and security questionnaires. • Conduct and oversee security assessments and threat modeling exercises. • Implement security controls within Kubernetes. • Build DevSecOps tools and integrations.