• Define the long-term vision and technical strategy for the secure development pipeline, ensuring alignment with the overall R&D and business objectives. • Oversee the unified strategy for our tooling ecosystem (GHAS, Wiz, Terra). You will ensure these tools act as automated checkpoints, providing fast, high-fidelity feedback loops for engineers. • Transform our vulnerability management from a "ticket queue" into a risk-based model. You will own the "Risk Acceptance" and "SLA Adherence" processes, ensuring timely focus on what matters. • Design the structure, incentives, and operational logistics for the Security Champions Program to democratize secure development across 80+ squads. • Move away from annual compliance videos to contextually relevant micro-trainings enabling our engineers to develop highly secure solutions. • Build and sustain deep, trust-based partnerships with Engineering leaders and individual contributors to embed security into the software development lifecycle. • Operationalize tools and ticketing pipelines to generate and maintain "Squad Health" scores. You will use data to drive accountability. • Define and track key performance indicators (SAST/SCA remediation rates, Cloud Security Posture scores, Time-to-Fix) to measure the effectiveness of the "Secure Paved Road" and report risk reduction to executive leadership. • Translate the Product Security vision into an actionable, multi-year strategy and operating plan. • Lead, mentor, and grow a team of high-performing Product Security Engineers, fostering a culture of ownership, accountability, and automation.

• Build into and improve the product by writing investigation flows, building integrations with security tools, and fixing bugs. • Evolve the investigation logic and pipelines to handle new classes of security alerts, balancing accuracy, performance, and maintainability • Contribute directly to our Python codebase while influencing architectural decisions and long-term product strategy • Review and analyze investigations performed by our AI to identify strengths, weaknesses, and opportunities for improvement, and then translate those insights into product enhancements. • Partner with GTM and customer success teams to influence technical direction, prioritize features, and ensure we’re solving the most impactful problems for defenders • Provide technical leadership and mentorship to other engineers • Periodically participate in a 24x7 on-call rotation

• You will partner with Product and Engineering at both the design and development stage to ensure that we implement new features securely, including (but not limited to): - Participating in the implementation efforts - Doing security reviews - Helping with product design decisions - Auditing and surfacing vulnerabilities in our current products - Conducting threat modeling and security assessments for new features and systems, identifying risks early and shaping secure architectural decisions. - Developing and improving our Automated Tooling: further enhancing our automated tooling to scale our product security capabilities and find potential code problems both before and after we deploy - Making the safe way, the easy way: work on defining and building application guardrails so that developers can build securely by default - Investigating and remediating security issues, including vulnerabilities and incidents, and drive long-term improvements to prevent recurrence - Embedding a culture of secure development across engineering, defining practices that influence how Turnkey builds, deploys, and maintains systems at scale.

• Build & Secure Corporate Infrastructure • Design, implement, and manage security for endpoints and distributed systems; deploy and operate our security stack (MDM, EDR/XDR, ZTNA, SSO); enforce zero-trust principles, least-privilege access, and hardening standards • Drive Security Initiatives & Risk Reduction • Lead initiatives around endpoint hardening, access controls, and vendor risk; conduct security design reviews, risk assessments, and vulnerability remediation; develop and enforce security policies and best practices. • Detection, Response & Automation • Respond to security incidents with urgency and technical depth; collaborate on detection rules, alerts, and monitoring; automate workflows and create runbooks and playbooks to scale security operations efficiently. • Foster Security Culture & Education • Evangelize security best practices, build awareness programs, and partner with teams to embed “secure by default” principles into workflows; serve as a trusted security advisor across the organization.