• Validate incoming security findings from the broader research community using code analysis tooling or other industry standard pentesting tooling e.g. burpsuite. • Work with engineering teams to remediate valid findings in our codebase (product). Respond to security researchers, help with public disclosure. • Build or improve upon new automated workflows and tooling, leveraging LLMs for vulnerability triage, validation, remediation in any of rust, golang, python, etc.

• Design and maintain secure network and infrastructure architecture; • Configure and manage firewalls, VPNs, access controls, and network segmentation; • Secure servers, cloud resources, containers, and virtual machines; • Secure employee workstations and enforce security baselines; • Monitor endpoints and infrastructure for suspicious activity; • Collect, analyze, and correlate security logs; • Detect, investigate, and respond to security incidents; • Perform vulnerability analysis, risk assessment, and remediation; • Conduct system and network hardening; • Develop and deliver internal security trainings and awareness sessions; • Manage and maintain security training platforms and learning content; • Organize phishing simulations and awareness campaigns; • Collaborate with IT, DevOps, Infrastructure, and HR teams; • Complete and review clients security questionnaires and security assessment forms to demonstrate the company’s security posture; • Participate in security and compliance calls with client information security specialists and stakeholders. **Monitoring & Incident Response:** - Set up and maintain security monitoring and alerting; - Investigate anomalies and security incidents; - Perform root-cause analysis and post-incident reviews; - Improve detection, response, and prevention processes. **Security Awareness & Training:** - Plan and deliver security awareness programs; - Manage training platforms and user enrollment; - Track training completion and effectiveness; - Continuously improve training materials based on incidents and risks.

• Define, drive, and execute product strategy and roadmap for cybersecurity and control platforms • Translate enterprise risk priorities, threat scenarios, and regulatory requirements into product capabilities and control solutions • Ensure alignment between product outcomes, risk reduction, and business resilience objectives • Act as the voice of the customer, representing the needs of control owners, engineers, risk partners, and business stakeholders • Engage in continuous discovery, test-and-learn, and feedback loops to validate assumptions and refine product direction • Build strong partnerships across Product Security, Cyber Operations, Technology Risk, and engineering teams • Decompose complex problems into manageable work items and maintain a prioritized product backlog • Lead iterative, outcome-based delivery using agile and test-and-learn methodologies • Provide clear direction, timely feedback, and alignment across cross-functional teams • Ensure controls are designed with clear linkage to risk scenarios, exposure conditions, and business outcomes • Enable standardized control onboarding, lifecycle management, and adoption across domains • Define and manage KPIs to measure control effectiveness, risk reduction, and product adoption

• Design and maintain SAP authorization architecture • Design and maintain SAP Fiori security architecture • Ensure proper authorization design for SAP Fiori and related services • Establish security standards across SAP modules • Ensure SAP security architecture supports MP Materials’ SAP S/4HANA Private Cloud environment • Provide security guidance for SAP integrations, enhancements, and custom development • Define and maintain the long-term SAP security strategy and roadmap • Own and maintain the SAP Segregation of Duties (SoD) framework • Identify and remediate access risks and control gaps • Support internal and external audit activities • Administer and continuously improve SAP GRC Access Control • Establish scalable processes for access requests and approvals • Manage privileged access governance and SAP GRC Emergency Access Management processes • Improve automation and governance of SAP access lifecycle management processes • Partner with infrastructure and cybersecurity teams to ensure SAP security aligns with enterprise security standards • Serve as the SAP security subject matter expert within the SAP Center of Excellence.