Role Description This is the first dedicated Application Security role at Lucidya, making it a high-impact and foundational position. You will play a critical role in shaping Lucidya’s application security strategy, working closely with engineering teams to identify risks, close security gaps, and ensure our applications are secure by design. You’ll operate at the intersection of security engineering, software development, and cloud infrastructure, thinking like an attacker while enabling developers to build secure, scalable systems. What You’ll Be Doing Core Responsibilities - Develop and implement automated security testing and vulnerability detection workflows integrated into the Software Development Lifecycle (SDLC). - Conduct security reviews of web applications, mobile applications, APIs, and cloud environments (public and private). - Perform penetration testing on web, mobile, API, and desktop applications, as well as supporting infrastructure. - Evaluate application defenses, identify architectural and design-level security gaps, and recommend mitigation strategies. - Think like an attacker to proactively identify vulnerabilities and complex security risks before they reach production. - Collaborate closely with engineering teams to support secure coding practices and security-aware development. - Conduct code reviews with a security focus, especially for critical services and deployments. - Research emerging threats and contribute to the development or adoption of new security tools and techniques. Day-to-Day Responsibilities - Review application code and architecture from a security perspective. - Support and guide teams on secure development lifecycle (SDLC) practices. - Work closely with developers during feature development and releases to ensure security controls are in place. - Participate in threat modeling, vulnerability triage, and remediation tracking. - Contribute to defining and evolving Lucidya’s application security strategy. Success Metrics - Measurable reduction in application vulnerabilities, including findings from external security assessments. - Clean and secure application releases with minimal critical or high-risk findings. - Successful integration of security practices across SDLC pipelines. - Improved security posture and readiness as validated by internal and external reviews. First 90 Days - Gain a deep understanding of Lucidya’s system architecture, codebase, and security landscape. - Identify key security gaps and prioritize remediation plans. - Begin embedding security workflows into CI/CD and development processes. - Establish trust and working relationships with engineering teams. Qualifications - 2-4 years of experience in application security, security engineering, or a related role. - Background as a software engineer transitioning into security is highly valued. - Hands-on experience securing applications built with Ruby on Rails and React. - Experience performing penetration testing on modern web applications and APIs. Requirements - Strong understanding of the Secure Development Life Cycle (SDLC). - Hands-on penetration testing experience (web, mobile, APIs). - Cloud security experience with AWS and/or GCP. - Ability to assess application architecture and identify design-level risks. Certifications (Preferred / Non-Negotiable) - CISM - OSCP - SANS GIAC Soft Skills - Strong communication skills and ability to work cross-functionally. - Comfortable engaging with developers, engineers, and stakeholders. - Proactive, ownership-driven mindset in a fast-growing environment. Nice-to-Have - Experience working in SaaS or AI-driven products. - Exposure to building security functions from scratch. - Prior experience with security tooling development or automation. Hiring Process - Screening Interview – Esraa Adel, Talent Acquisition Partner - First Technical Interview – Mostafa Asaad, Technology Manager - Technical Task - Second Interview

• Monitor security dashboards (SIEM, EDR), perform initial triage and investigation of security alerts, and assist with managing endpoint protection systems. • Assist in scheduling and executing internal vulnerability scans; track and report on remediation efforts for identified security gaps. • Support the collection of evidence for regulatory audits (e.g., system logs, access reports) and assist in drafting and updating IT security policies and procedures. • Help conduct user awareness training programs, including phishing simulations and security best practices education for the entire organization.

• Develop and implement a strategic sales plan to expand CloudSEK's customer base. • Identify and generate new business opportunities and build a pipeline through various channels. • Conduct extensive market research to identify potential clients and understand their needs. • Present our products and services to prospective clients through demos and presentations. • Negotiate and win new logo transactions, ensuring a high winning conversion rate. • Build and maintain strong, long-lasting customer relationships. • Collaborate with the marketing and product teams to align sales strategies with business goals. • Maintain detailed records of sales activities and client interactions in Salesforce. • Provide regular updates and reports to the management team. • Work and team with our channel partners in your territory • Presenting/demonstrating CloudSEK's solutions to CISOs, information security, and cybersecurity experts. • When required, attend marketing events and security conferences

• Partner with various NBCUniversal businesses, enterprise IT, and Cyber Security organization to ensure technology is designed and deployed securely • Function as a security subject matter expert with broad knowledge across various domains, embedded with engineering teams delivering solutions for NBCUniversal • Focus initially on security controls applicable to AI systems and other emerging technologies • Develop threat models and control strategies that are fully integrated into the design, development, and operation of new and evolving technology platforms • Collaborate across the Cyber organization and with business stakeholders, resulting in security guidance and/or mitigation requirements • Communicate the importance of key Cyber programs and services to obtain support, trust and buy-in from business and technology teams