• Enable and guide teams to adopt DevSecOps practices, ensuring security is built into CI/CD and infrastructure pipelines through shared standards, tooling, and best practices. • Work with IT Manager on company identity and access management: IdP configuration, user/group organization, and automation via cross-platform synchronization and SAML. • Administer and automate GitHub Enterprise and JFrog management (users, teams, org policies, and compliance) using IaC. • Operate and tune SIEM, DLP, and centralized logging systems; define and maintain detection and alerting rules. • Review audit logs and security telemetry across cloud, SaaS, and developer systems for anomalies and compliance issues. • Work with IT Manager to build automated onboarding/offboarding and access reviews aligned with least-privilege principles. • Collaborate with platform, product, and engineering teams to design secure-by-default workflows, infrastructure, and deployment practices, ensuring consistent security controls across products. • Conduct risk assessments, tabletop exercises, and threat simulations in concert with engineering and operations teams, ensuring security readiness is collaborative and integrated. • Lead and coordinate penetration testing efforts, including scoping, vendor engagement, and remediation tracking. • Support SOC 2 and related compliance efforts through control validation and evidence collection. • Help respond to and complete customer and vendor security questionnaires, collaborating with compliance and engineering teams to ensure accurate and timely answers