• Design and maintain secure architectures across AWS, Azure, and GCP environments. • Implement guardrails and controls using services such as AWS Security Hub, GuardDuty, Config, and IAM. • Conduct regular vulnerability scans, configuration reviews, and remediation tracking for infrastructure and workloads. • Develop and enforce network segmentation, encryption, and key management policies. • Collaborate with DevOps and Engineering to integrate security into CI/CD pipelines (Snyk, StackHawk, etc.). • Perform threat modeling, code reviews, and secure design reviews for microservices and APIs. • Support penetration testing and application security validation efforts. • Manage and enhance EDR/XDR solutions (e.g., Cortex, Defender for Endpoint). • Implement and monitor identity security controls through Microsoft Entra ID (Azure AD), Conditional Access, and PIM. • Monitor alerts, investigate incidents, and coordinate responses with the SOC. • Support audits and evidence collection for HIPAA, HITRUST, SOC 2, and customer security assessments.