• Lead deployment and optimisation of Microsoft Defender for Endpoint • Support security architecture across M365 E5 security stack • Align endpoint security strategy across laptops, servers, and VDI environments • Has in-depth knowledge/ skill of deploying designing M365 e5 security stack • Provide guidance on licensing utilisation and maximisation of E5 capabilities • Support integration across multiple security domains and tools • Work with engineering teams to implement and improve security controls

• Design, develop, and implement a comprehensive authorization framework for cloud resources, addressing user roles, resource-specific restrictions, task-based access, and granular engineering access • Lead the technical implementation of Just-In-Time (JIT) access control systems for production environments (systems, secrets, data) to minimize standing privileges for engineering and platform teams. • Collaborate with engineering to integrate data classification (e.g., safe-harbor annotations) with access control mechanisms, ensuring that data sensitivity directly informs access decisions. • Develop and maintain security automation scripts, tools, and services in Python or Go to streamline security operations, vulnerability management, compliance checks, and incident response. • Write clean, maintainable, and testable code (primarily Python and Go; familiarity with Ruby is a plus) for security automation, building custom security integrations, and developing security-focused tools. • Implement and champion Infrastructure as Code (IaC) principles, **specifically using Terraform,** for programmatic definition, enforcement, and auditing of security configurations. • Contribute to the design and implementation of centralized security controls, such as an engineering-owned Web Application Firewall (WAF), to manage rate limiting, IP blocking, input validation, and request filtering. • Partner with engineering teams to establish and implement secure practices for managing the development toolchain (code generation utilities, linters, browser extensions, CLI tools, IDE plugins) to mitigate supply chain risks. • Design and help implement a secure, "blessed" mechanism for webhook testing in local development environments, blocking unauthorized tunneling tools. • Define, implement, and enforce container security hardening standards (e.g., least privilege, no unnecessary utilities, limited internet access) in collaboration with engineering teams. • Drive the remediation of legacy cloud environments, particularly in GCP, by inventorying, assessing, and improving security controls. • Design and implement solutions for granular data access control in cloud environments, particularly addressing compliance requirements for handling sensitive data. • Collaborate closely with infrastructure software, engineering, DevOps, and product teams to co-design and integrate robust, automated security controls into systems, architectures, and CI/CD pipelines. • Act as a subject matter expert on cloud security (AWS, GCP), providing guidance, code reviews (Python, Go), and technical expertise on secure cloud adoption, secure software development, and access control best practices. • Support organizational change management efforts related to new security controls and practices by providing technical rationale and assisting in the development of new workflows. • Conduct security assessments, threat modeling, and contribute to incident response, developing automation for prevention and faster response. • Develop and maintain comprehensive documentation for security architectures, controls, automation scripts, and incident response playbooks.

• Design and implement cloud security controls across AWS and Google Cloud, including multi-account architecture, network segmentation, data protection, and secure-by-default infrastructure patterns. • Build reusable Terraform modules, reference architectures, policy-as-code guardrails, and self-service tooling that make secure implementation easier for engineering teams. • Operate and tune CSPM/CNAPP tooling to identify misconfigurations, exposures, toxic combinations, and coverage gaps across Fullscript’s cloud environments. • Drive remediation of cloud vulnerabilities and misconfigurations, balancing risk, engineering effort, customer impact, and business priorities. • Strengthen IAM, secrets management, key rotation, cloud credentials, machine identities, and just-in-time access patterns across cloud and SaaS environments. • Embed security into CI/CD pipelines through IaC scanning, container image scanning, SBOM generation, artifact protection, and software supply chain controls. • Partner with the SOC and engineering teams on cloud-native detections, logging, runbooks, incident response, post-incident learning, and secure AI/ML workload patterns.

• Lead the design and implementation of security solutions across Fullscript's applications, platforms, and AI-powered systems. • Partner with engineering teams to embed security throughout the software development lifecycle, including architecture reviews, threat modeling, secure coding practices, and design reviews. • Drive application security, product security, and vulnerability management initiatives from concept through implementation. • Own complex security challenges that span multiple teams, balancing technical requirements, business priorities, and engineering constraints to deliver scalable solutions. • Mentor engineers and security practitioners, raising the bar for secure software development and helping teams make sound security decisions. • Influence technical strategy and security standards through hands-on engineering, technical leadership, and cross-functional collaboration. • Stay ahead of emerging threats, security technologies, and AI-specific risks to help shape Fullscript's long-term security posture.