• Lead incident response and internal investigations through their full lifecycle, acting as a central point of coordination • Coordinate Digital Forensics and Incident Response (DFIR) activities with security teams, leadership, and external authorities when required • Aggregate and analyze security logs from multiple sources, producing clear and actionable reports for stakeholders • Develop and evolve the team vision aligned with company strategy for incident detection and response • Manage team capacity and priorities to ensure effective use of resources and timely resolution of incidents • Represent the SOC and DFIR team with internal partners across Security Operations and Security Risk Management • Foster a culture of trust , open communication, and collaborative problem-solving • Support team growth by identifying skill gaps, anticipating future needs, and proposing relevant training

• Lead high-performing IT team through recruitment, training, mentoring, and leadership. • Develop and execute a comprehensive IT strategy aligned with business objectives. • Provide visionary leadership, fostering innovation and continuous improvement. • Support and manage vendors through security audits required for PCI, SOC2, and.or ISO27001, and SOX • Collaborate with cross-functional teams to identify business needs and opportunities. • Establish and enforce infosec policies, procedures, and best practices. • Assess, manage, and mitigate security risks; swiftly resolve incidents. • Conduct security audits to ensure compliance with regulations and standards. • Oversee IT infrastructure, ensuring scalability, availability, and performance. • Manage vendor relationships, negotiate tech contracts. • Support team growth and development; promote collaborative and inclusive culture.

• Serve as the Security Lead and Subject Matter Expert (SME) for all environments, including cloud infrastructure, and on-premises systems. • Continuously assess and evolve the organization’s security posture—driving program maturity through strategic assessments, road mapping, stakeholder alignment, and project execution. • Monitor the external threat landscape to identify emerging attack vectors, vulnerabilities, and adversary tactics—translating threat intelligence into actionable insights that inform security strategy, initiatives and controls. • Ensure security practices and controls align with regulatory requirements, including FDA and HIPAA, and fulfill the requirements and obligations of the HIPAA security officer. • Support commercial functions by responding to customer cybersecurity due diligence questionnaires and security assessments—articulating Outset’s security posture, controls, and compliance practices directly to Customers. • Lead the vendor security risk assessment process—evaluating third-party partners for compliance with Outset’s security standards, identifying potential risks, and ensuring appropriate controls are in place. • Conduct technical evaluations of system architecture with a focus on security design and compliance, leveraging frameworks such as NIST CSF and NIST SP 800-53. • Provide strategic leadership in identifying, assessing, and mitigating information security risks; ensure alignment with internal policies and external standards. • Monitor emerging threats and lead the organization’s response to security incidents, serving as the primary control point and convening the Incident Response Team to investigate, contain, and resolve events. • Develop, maintain, and enforce enterprise cybersecurity policies, standards, and procedures, ensuring alignment with regulatory requirements, industry frameworks, and organizational risk tolerance. • Influence technology and architecture decisions as a key member of the IT leadership team.

• Develop and execute a multi-year roadmap for offensive security, including red teaming, penetration testing, bug bounty, and vulnerability research. • Design and lead full-scope red team engagements that simulate Advanced Persistent Threats (APTs) to test detection and response capabilities. • Oversee the end-to-end lifecycle of offensive engagements, from initial scoping and Rules of Engagement (RoE) to final reporting. • Facilitate collaborative "Purple Team" exercises with Detection and Response (TDR) to improve detection logic and incident response playbooks. • Translate complex technical findings into actionable business risk assessments for C-suite executives and Board members. • Recruit, retain, and develop a high-performing team of offensive security engineers, providing technical guidance and career coaching. • Partner with vulnerability management, product, and engineering to ensure that findings from offensive tests are prioritized and remediated effectively. • Oversee the development of custom scripts, payloads, and C2 (Command and Control) frameworks to enhance the team’s stealth and efficiency. • Conduct specialized threat modeling for AI-native applications, focusing on the OWASP Top 10 for LLMs and MITRE ATLAS (Adversarial Threat Landscape for AI Systems). • Design and execute manual and automated Prompt Injection & Jailbreaking to bypass model guardrails, system prompts, and safety filters. • Ensure all offensive activities align with legal, ethical, and regulatory standards (e.g., GDPR, SOC2, PCI-DSS). • Incorporate current Cyber Threat Intelligence (CTI) into attack scenarios to ensure they reflect the latest real-world TTPs (Tactics, Techniques, and Procedures). • Manage relationships and quality control for external security consultancy firms performing third-party penetration tests. • Encourage and lead research into emerging technologies to identify future attack vectors. • Work closely with Product and Engineering teams to bake security into the Software Development Life Cycle (SDLC) through testing and assessments.