Flox

• Help evaluate whether to stand up an internal SIEM or work with an outsourced SOC provider—then implement whichever path makes sense for where we are as a company. • Build incident response runbooks and triage workflows—then actually test them (e.g. test backups in case needed for ransomware recovery) • Be the person who sees something and does something about it • Scan and harden our AWS posture hands-on: IAM policies, SCPs, security group hygiene, GuardDuty, Security Hub, and automated compliance guardrails need to be evaluated and maintained • Own Cloudflare configuration across WAF rules, DDoS protection, bot management, Zero Trust access, and DLP policies—keeping rules current and tuned as the product evolves • Implement IaC security scanning (Checkov, tfsec, or similar) directly into CI/CD pipelines • Deploy and manage endpoint protection across developer systems and production endpoints—covering EDR, device posture, behavior monitoring (including dynamic scans), DLP, and threat detection • Ensure developer machines (Mac-heavy environment typical of engineering teams) meet baseline security standards while minimizing friction that slows people down. • Define and enforce endpoint compliance policies, including disk encryption, patch posture, and application controls • Secure our build and release pipelines • Consider SLSA framework adoption and supply chain integrity attestations for our catalog and environments • Stand up dependency vulnerability scanning and own the remediation workflow end-to-end for third-party services, libraries, middleware, operating systems, and SaaS • Integrate SAST and SCA tooling (Semgrep, Snyk, GitHub Advanced Security) into developer workflows • Participate in security design reviews and threat modeling for new features • Work shoulder-to-shoulder with developers to find and fix vulnerabilities using a risk-based model instead of just vulnerability aging reports • Audit and rationalize IAM across AWS, Cloudflare, SaaS applications, and internal tooling; implement the fixes, not just the findings • Drive SSO consolidation, enforce MFA universally, and implement least-privilege access in practice, not just policy • Build a lightweight, repeatable access review process—something that actually runs on a cadence and produces real decisions • Own joiner/mover/leaver processes so that entitlements stay clean as the team grows • Evaluate and implement an appropriate identity governance solution for our stage—not an enterprise IGA platform, but something that gives us control and auditability

• Own the touchpoints for the end-to-end journey of engineers, operators, and platform teams using Flox. • Collaborate with Marketing and Sales to build integrations, demos, tutorials, and technical documentation that show Flox in production-like contexts and make adoption seamless. • Provide field-level technical support during pilots or early evaluations, helping prospective teams succeed quickly. • Build and sustain an inclusive, knowledgeable community across GitHub, Discord, LinkedIn, Reddit, BlueSky, X, and other professional spaces. • Host workshops, office hours, and community meetups that connect users directly with Flox engineers turning users into advocates. • Forge partnerships with leading developer tools and platforms to integrate Flox into the products engineers already use every day. • Represent Flox at conferences, panels, podcasts, and meetups by sharing stories and use cases that connect technology to human impact. • Publish content (tutorials, case studies, blog posts, livestreams) that educates and attracts new interest in Flox. • Build agents and automations that handle ongoing marketing work — monitoring competitor activity, tracking brand sentiment, generating targeted content, or repurposing long-form content into channel-native formats.

• Build and ship interactive proof-of-concepts, visual stories, and technical demos that prove our impact, make changes to the website, ship the plan. • Develop the technical battlecards, ROI frameworks, and enablement tools our AEs need to drive high-ACV enterprise conversations. • Partner with Product, Engineering, and DevRel to ensure our enterprise pitch perfectly aligns with the ground-truth developer experience. • Continuously track the market, trends, customer meetings to directly influence our strategy. • Natively use AI tools (Claude, Cursor) to automate research, prototype web experiences, and rapidly accelerate your GTM execution. • Create technical content ecosystems - from interactive tutorials to architectural deep-dives. • Develop frameworks, interactive dashboards, and tools that help our sales team tell compelling, data-driven stories tailored to enterprise buyers and engineering leaders. • Partner with product, engineering, and DevRel to translate our Flox-powered roadmap into narratives that excite the market about what's possible. • Own the core Flox story, define our enterprise wedge, and craft the messaging that compels engineers and CTOs to act with absolute urgency.