• Build into and improve the product by writing investigation flows, building integrations with security tools, and fixing bugs. • Evolve the investigation logic and pipelines to handle new classes of security alerts, balancing accuracy, performance, and maintainability • Contribute directly to our Python codebase while influencing architectural decisions and long-term product strategy • Review and analyze investigations performed by our AI to identify strengths, weaknesses, and opportunities for improvement, and then translate those insights into product enhancements. • Partner with GTM and customer success teams to influence technical direction, prioritize features, and ensure we’re solving the most impactful problems for defenders • Provide technical leadership and mentorship to other engineers • Periodically participate in a 24x7 on-call rotation

• You will partner with Product and Engineering at both the design and development stage to ensure that we implement new features securely, including (but not limited to): - Participating in the implementation efforts - Doing security reviews - Helping with product design decisions - Auditing and surfacing vulnerabilities in our current products - Conducting threat modeling and security assessments for new features and systems, identifying risks early and shaping secure architectural decisions. - Developing and improving our Automated Tooling: further enhancing our automated tooling to scale our product security capabilities and find potential code problems both before and after we deploy - Making the safe way, the easy way: work on defining and building application guardrails so that developers can build securely by default - Investigating and remediating security issues, including vulnerabilities and incidents, and drive long-term improvements to prevent recurrence - Embedding a culture of secure development across engineering, defining practices that influence how Turnkey builds, deploys, and maintains systems at scale.

• Build & Secure Corporate Infrastructure • Design, implement, and manage security for endpoints and distributed systems; deploy and operate our security stack (MDM, EDR/XDR, ZTNA, SSO); enforce zero-trust principles, least-privilege access, and hardening standards • Drive Security Initiatives & Risk Reduction • Lead initiatives around endpoint hardening, access controls, and vendor risk; conduct security design reviews, risk assessments, and vulnerability remediation; develop and enforce security policies and best practices. • Detection, Response & Automation • Respond to security incidents with urgency and technical depth; collaborate on detection rules, alerts, and monitoring; automate workflows and create runbooks and playbooks to scale security operations efficiently. • Foster Security Culture & Education • Evangelize security best practices, build awareness programs, and partner with teams to embed “secure by default” principles into workflows; serve as a trusted security advisor across the organization.

• Work with leadership to align security initiatives with business goals, ensuring that security is a core component of product and infrastructure • Take ownership and drive implementation for key programs such as vulnerability management, cloud governance, and product security • Serve as a security subject matter expert for software security and architecture • Partner with engineering to design and implement security architecture and controls across Docker products and platforms • Perform security design reviews and threat modeling of emerging AI products • Integrate security into SDLC through security requirements, design assessments, and automated security testing • Manage Docker’s Vulnerability Disclosure Program (VDP) by validating submissions, and working with engineering to resolve confirmed issues • Design and enforce security configurations in cloud environments (e.g. AWS, GCP, Azure) according to industry best practices • Establish automated monitoring and alerting to detect security anomalies across our environments • Serve on rotating on-call schedule to respond to security incidents, investigate threats, and coordinate remediation efforts • Educate and collaborate with cross-functional teams (e.g., engineering, product) to promote security practices