• Data Collection: Locate, target and recapture data from Phishing-as-a-Service (PhaaS) kits using a combination of human intelligence and platform sourcing. • Data Analysis: Apply data science techniques to understand the quality of sourced data, in order to refine and improve the PhaaS data sourcing pipeline. • Human Intelligence: Perform human intelligence techniques such as managing multiple alternate personas, actor engagements, and social engineering in support of data recapture efforts. • Security Analysis: Participate in the drafting of research blogs and analytical products to support customers and business objectives. • Security Research: Participate in security research including investigation of threat actors, PhaaS, and other critical research in support of SpyCloud’s priorities.

• Data Collection: Locate, target and recapture data from Phishing-as-a-Service (PhaaS) kits using a combination of human intelligence and platform sourcing. • Data Analysis: Apply data science techniques to understand the quality of sourced data, in order to refine and improve the PhaaS data sourcing pipeline. • Human Intelligence: Perform human intelligence techniques such as managing multiple alternate personas, actor engagements, and social engineering in support of data recapture efforts. • Security Analysis: Participate in the drafting of research blogs and analytical products to support customers and business objectives. • Security Research: Participate in security research including investigation of threat actors, PhaaS, and other critical research in support of SpyCloud’s priorities.

• Serve as principal advisor to the GSC on all matters related to the PA compliance and any other applicable matters. • Maintain and enforce all obligations under the approved PA and APO, including visit controls, the Electronic Communications Plan, and the Technology Control Plan. • Serve as the primary point of contact with DCSA for all matters related to facility clearances, annual compliance reporting, and all FOCI mitigation oversight. • Review and approve all affiliate contacts, visits and communications between CPS and the parent company in accordance with the approved visit controls procedures. • Develop and maintain a FOCI mitigation instrument (Security Control Agreement, Special Security Agreement, or equivalent) in coordination with outside counsel on FOCI mitigation matters and any open compliance questions. • Establish and maintain all required DSS/DCSA-mandated records, plans, and programs. • Administer personnel security clearance processing end-to-end via JPAS/DISS, including nominations, investigations, and visit certifications. • Advise employees and managers on clearance eligibility, adjudicative guidelines, and ongoing reporting obligations. • Maintain a current and accurate roster of cleared personnel and access authorizations. • Lead Collibra's Insider Threat Program, including a multi-disciplinary hub and reporting mechanisms. • Develop and deliver annual and ongoing security education and awareness training for cleared and uncleared personnel. • Conduct self-inspection programs and prepare for DCSA facility reviews and annual compliance audits. • Serve as a trusted advisor to the General Manager and the GSC senior leadership on all security and compliance matters related to the government business. • Partner with independent legal counsel on export control compliance, including ITAR/EAR obligations as they intersect with CPSs products and services. • Support contract compliance and bid activities requiring security documentation or clearance certifications. • Coordinate incident investigations involving potential unauthorized disclosure, fraud, or insider threat, and ensure prompt reporting to GSC and DCSA as required.

• Monitor project schedules and activities. • Support deployments of information security solutions. • Coordinate alignments with clients and technical teams. • Assist with project and procedure documentation. • Monitor deliverables and identify potential risks or blockers. • Participate in project follow-up meetings.