• Own the end-to-end vulnerability management program across our SaaS products, cloud infrastructure, containers, and endpoints including identification, triage, prioritization, remediation tracking, and reporting • Operate and tune SAST, SCA, and dependency-scanning tooling (e.g., Snyk, GitHub Advanced Security/Dependabot) and partner with engineering teams to drive timely remediation • Monitor runtime and infrastructure telemetry (e.g., Datadog) for security signals; investigate alerts and lead containment and follow-up actions • Track and report on vulnerability SLAs, mean-time-to-remediate, and other security KPIs to leadership • Enhance the security posture of our Microsoft Azure environment including identity, networking, data, and workloads through configuration hardening, policy enforcement, and continuous monitoring • Administer and improve Microsoft Intune for endpoint configuration, compliance, and mobile device management • Tune and maintain Microsoft Defender (Endpoint, Cloud, and related products) for threat detection, response, and reporting • Implement and operate Microsoft Purview controls for data classification, DLP, and information protection • Draft, update, and maintain corporate information security policies, standards, and procedures aligned to recognized frameworks (e.g., SOC 2, ISO 27001, NIST CSF) • Lead the response to customer and prospect security questionnaires, RFPs, and due-diligence requests, and maintain a reusable response library • Support vendor risk assessments and third-party security reviews • Assist with internal and external audits, evidence collection, and remediation of findings • Partner with Engineering on secure SDLC practices, threat modeling, and code review guidance • Contribute to security awareness training, phishing simulations, and a strong security culture across the company • Help mature incident response playbooks and participate in tabletop exercises and on-call rotations as needed

• Review and refine AI-generated outputs related to security architecture, cyber risk assessments, mitigation strategies, and practical aspects of security design • Evaluate AI responses for accuracy, practicality, and compliance with real-world security requirements • Draft realistic security architecture scenarios based on your direct professional experience • Create scenario variations from different perspectives (e.g. security architect, client, IT leader, or regulator) • Identify gaps, oversights, or weak reasoning in AI-generated security content

• Validate incoming security findings from the broader research community using code analysis tooling or other industry standard pentesting tooling e.g. burpsuite. • Work with engineering teams to remediate valid findings in our codebase (product). Respond to security researchers, help with public disclosure. • Build or improve upon new automated workflows and tooling, leveraging LLMs for vulnerability triage, validation, remediation in any of rust, golang, python, etc.

• Design and maintain secure network and infrastructure architecture; • Configure and manage firewalls, VPNs, access controls, and network segmentation; • Secure servers, cloud resources, containers, and virtual machines; • Secure employee workstations and enforce security baselines; • Monitor endpoints and infrastructure for suspicious activity; • Collect, analyze, and correlate security logs; • Detect, investigate, and respond to security incidents; • Perform vulnerability analysis, risk assessment, and remediation; • Conduct system and network hardening; • Develop and deliver internal security trainings and awareness sessions; • Manage and maintain security training platforms and learning content; • Organize phishing simulations and awareness campaigns; • Collaborate with IT, DevOps, Infrastructure, and HR teams; • Complete and review clients security questionnaires and security assessment forms to demonstrate the company’s security posture; • Participate in security and compliance calls with client information security specialists and stakeholders. **Monitoring & Incident Response:** - Set up and maintain security monitoring and alerting; - Investigate anomalies and security incidents; - Perform root-cause analysis and post-incident reviews; - Improve detection, response, and prevention processes. **Security Awareness & Training:** - Plan and deliver security awareness programs; - Manage training platforms and user enrollment; - Track training completion and effectiveness; - Continuously improve training materials based on incidents and risks.