• Secures AI/ML, Generative AI, and agentic systems across the enterprise • Designs, tests, and operates controls to protect systems at scale • Advises engineering and security leadership on emerging AI threats • Develops security controls for AI/ML, GenAI, and agentic systems • Engineers guardrails to mitigate data leakage and insecure workflows • Analyzes agent logic and identifies systemic security weaknesses • Builds monitoring, logging, and alerting for AI systems • Partners with AI platform and data engineering teams for security integration

• acts in a security assessor role to review acquisition environments of diverse scopes and complexity ranging from moderate to substantial against well-known cyber security frameworks. • help Humana assess and integrate acquired companies into the organization. • work with Humana's technology organization and various internal groups to review and contribute to integration initiatives with available technology including hardware, software, applications, and peripherals with the purpose of ensuring that security meets Humana's expectations. • review acquisition environments and assists the teams with creating, tracking, and implementing remediation plans to address identified security gaps. • Lead a risk assessment and/or audit of IT controls and systems. • conduct audit review procedures and evaluate the company's technological infrastructure against HITRUST, NIST, PCI and other internal security control frameworks. • communicate well verbally and in writing to various types of audiences. • understand when an identified risk is worthy of escalation to leadership and can manage discussions that support the escalation.

• Design and build scaffolds to automate attacker/threat modeling, attack discovery and exploitation techniques at scale • Identify promising attack surfaces and scenarios across Wealthsimple’s stack. • Architect and tune agents, prompts, and toolchains that implement real attacker TTPs. • Define success metrics and evaluation criteria for automations/ai so we can select and fine tune tooling and model use • Design and iterate on multi-step agent strategies that combine observation, planning, action, and self-learning • Improve effectiveness and automation coverage and reduce unproductive actions and loops • Propose and validate new tools or environment features that enable richer or more realistic attacks. • Research and design new AI-driven attack strategies and scenarios in anticipation of what adversaries might misuse LLMs to do in future, then help design detections and defensive measures • Analyze AI behavior and results to discover systemic weaknesses and strengths and improve platform design / outputs and compensate for weaknesses. • Compare different models, prompts, and tool sets on the same scenarios. • Measure meaningful outcomes (bugs found, depth of compromise, time-to-finding, false-positive behaviour). • Benchmark AI-driven testing against our other tooling and manual test results to understand return on investment and where to invest effort and expertise to best advantage • Translate agent outputs into high-quality findings and systemic improvements. • Identify high-confidence vulnerabilities and attack paths. • Analyze findings to uncover recurring vulnerability types and control gaps, then help us fix them • Understand how agents discovered issues and what that implies for our defences. • Share learnings and help build guardrails, detections, systemic framework fixes, libraries, or new agents/experiments

• Own enterprise deals end-to-end: Source, develop, and close ARR through new logo acquisition and strategic expansion • Navigate complex buying centers: Build and execute multi-stakeholder strategies across security, data platform, compliance, legal, and procurement organizations • Run disciplined proof of concept: Lead technical evaluations with clear success criteria, tight timelines, and executive alignment to accelerate deals • Master security reviews: Guide customers through vendor risk assessments, architecture reviews, penetration tests, and compliance validation (SOC2, ISO, PCI-DSS, HIPAA) • Build compelling business cases: Quantify value across risk reduction (PCI scope reduction, breach prevention) and enablement outcomes (faster analytics, safe AI access, compliant data sharing) • Negotiate complex contracts: Navigate DPAs, security exhibits, BAAs, indemnities, and enterprise licensing terms to mutually beneficial close • Drive expansion: Develop land-and-expand strategies that grow initial deployments across lines of business, environments, and use cases • Partner strategically: Leverage cloud ecosystem relationships (AWS, Snowflake, Databricks, etc.) and GSI partnerships to accelerate deals