• Plan and execute internal red team engagements against the ZTE platform and corporate infrastructure • Conduct regular penetration testing of applications, APIs, cloud infrastructure (AWS GovCloud), and network segments • Develop and maintain adversary emulation capabilities aligned with MITRE ATT&CK for ICS • Document findings with actionable remediation guidance and track to resolution • Coordinate with external penetration testing firms for annual assessments • Lead threat modeling sessions for new features and architectural changes using STRIDE, PASTA, or attack trees • Review and approve security architecture for product changes before implementation • Participate in Change Control Board (CCB) reviews with security sign-off authority • Define security requirements and acceptance criteria for development teams • Maintain threat models for ZTE components including Moving Target Defense, access control, session recording, and password vaulting • Design and implement deception technologies and honeypots within the product and infrastructure • Collaborate with SOC to develop detection rules based on offensive findings • Create purple team exercises bridging red team operations with blue team response • Develop adversary playbooks that inform SOC runbooks • Implement and maintain security controls in CI/CD pipelines (SAST, DAST, SCA, secrets scanning, container scanning) • Define and enforce security gates for code promotion • Review infrastructure-as-code for security misconfigurations • Integrate security testing into GitHub workflows • Establish software supply chain security controls (SBOM generation, dependency verification) • Stand up and operationalize vulnerability management program in coordination with SOC • Define vulnerability severity thresholds, SLAs, and escalation procedures • Triage and prioritize vulnerabilities based on exploitability and business context • Track remediation progress and report metrics to leadership • Partner with SOC team on playbook development for incident response • Provide offensive perspective on detection gaps and coverage • Support SOC maturation through training, tabletop exercises, and purple team activities • Contribute to SIEM rule development and tuning (Google SecOps)