- Triage and coordinate remediation of vulnerabilities across SAST, SCA, DAST, CSPM, external reconnaissance, and security advisories.
- Tune security stack, reduce noise, and prioritize exploitable vulnerabilities based on real-world exposure.
- Integrate LLM-based code review into the CI/CD pipeline.
- Act as security point of contact for AI tools, agents, and custom AI/ML pipelines.
- Define and maintain guardrails for enterprise AI use and data classification.
- Manage vendor security reviews, including AI-specific assessments and vendor risk register.
- Run internal penetration testing, red team exercises, and threat hunting across AWS, Kubernetes, and Docker.
- Support incident response and deploy deception technologies like canary tokens.
- Maintain asset inventory and SBOMs.
- Report vulnerability posture metrics to the CISO.
AWSDockerKubernetes+1 more