Responsibilities
- Develop secure software platforms to safeguard customer data, machine learning models, and services across multiple cloud environments using encryption, identity controls, secure APIs, and sandboxing techniques.
- Conduct security assessments of cloud-native systems such as Kubernetes, distributed data stores, and multi-cloud deployments, and implement continuous monitoring with automated detection and response.
- Integrate security into development pipelines using DevSecOps principles, enabling automated code scanning, policy checks, and secure default configurations.
- Prioritize building custom security tools in-house when they offer superior control, scalability, and integration compared to commercial alternatives.
- Lead a structured vulnerability management program, collaborating with teams to address risks in applications, containers, infrastructure, and third-party dependencies.
- Manage and enhance security operations, including detection rule development, alert analysis, incident response, and process improvements following incidents.
- Engage in red team and blue team activities, simulation exercises, and post-event reviews to improve organizational security readiness.
- Integrate compliance requirements into technical systems and product design, aligning with standards such as SOC 2, ISO 27001, ISO 42001, HIPAA, PCI-DSS, and GDPR.