• Identify and mitigate risks in AI models, applications and data pipelines • Design and implement security protocols for AI/ML systems and infrastructure, models and data pipelines • Review applications and services using AI against both generic and AI specific threats • Conduct threat modeling and risk assessments • Monitor systems for anomalous behaviors • Assess and secure endpoints and APIs for model access and inference • Collaborate with stakeholders, engineers, data scientists and IT to integrate security into systems and infrastructure • Deliver client reports on AI security protocols and policies, and document best practices • Develop and implement AI security training for internal and external stakeholders

• Plan and execute end-to-end hardware penetration tests on embedded and IoT devices, against a defined scope and rules of engagement • Identify, access, and exploit on-board debug interfaces: JTAG, SWD, UART, and similar, to gain code execution or memory access • Extract firmware via debug ports, in-circuit flash reads (SPI / I2C / NAND), or chip-off when required, and analyze it for vulnerabilities • Intercept and analyze data on common embedded buses (SPI, I2C, UART, CAN, USB) using logic analyzers and protocol decoders • Where in scope, perform side-channel analysis and fault injection (power analysis, voltage/clock glitching) to bypass secure boot, readout protection, or authentication • Reverse engineer firmware and embedded binaries (Ghidra, IDA, Binwalk, etc.) to find logic flaws, hardcoded secrets, and exploitable conditions • Assess physical attack surface, tamper resistance, and key/secret storage • Distinguish between theoretical and operationally relevant risk to keep findings actionable • Write high-quality technical reports and present findings to client stakeholders, both technical and non-technical • Advise on practical, prioritized remediation that clients can act on • Build client confidence through credibility, clear communication, and proven impact • Build and maintain lab tooling, test rigs, and internal methodology • Contribute to research, responsible disclosure, and internal knowledge-sharing • Stay current on hardware attack techniques, embedded architectures, and defensive controls

• Define and enforce a coherent cloud architecture strategy • Own cloud cost strategy in partnership with Finance • Own Albert’s security posture end-to-end • Implement and evolve a Zero Trust architecture • Lead compliance and audit readiness • Own Azure interoperability strategy • Manage the ML/AI infrastructure platform • Drive infrastructure modernization • Build and lead a global SRE organization • Define and own the SLO framework • Establish incident response and disaster recovery programs • Manage vendor relationships • Develop and deliver cybersecurity awareness programs

• Provide independent assessments of MARAD information systems in support of system authorization, reauthorization, and continuous monitoring activities. • Evaluate management, operational, and technical security controls in accordance with NIST Risk Management Framework (RMF) requirements. • Support Authority to Operate (ATO) decisions. • Develop assessment documentation and reports. • Collaborate with MARAD, DOT, and cybersecurity stakeholders to ensure compliance, risk visibility, and mission assurance. • Assess MARAD systems in one of three states: System Authorization: Initial Authorization, Reauthorization, or Continuous Monitoring Assessment (CMA). • Provide annual assessment support to the NSMV and MARAD CIO programs. • Conduct independent assessments of specified MARAD information systems following the System Authorization process. • Execute and conduct analysis of network and systems to validate appropriate security control implementation. • Develop security assessment plans and assessment reports compliant with latest revisions of NIST Special Publication 800-53A Recommended Security Controls. • Develop security assessment executive summary documents including summative presentation further providing an overview of activities, findings, risks and mitigation recommendations.