• Own the long-term technical direction for application security across Thumbtack • Lead large, cross-functional security initiatives from problem definition through delivery • Design secure architectures and implement shared security tooling • Partner with teams to prioritize security investments based on risk and impact • Mentor engineers and drive organization-wide improvements in application security

• Develop and maintain high-quality VOIP applications that meet customer needs, focusing on reliability, performance, and scalability. • Integrate VOIP solutions with third-party systems, ensuring seamless communication between internal and external platforms. • Provide support for complex VOIP issues, including system failures, call quality problems, and application errors. Work to quickly diagnose and resolve issues. • Work closely with cross-functional teams, including engineering, product management, and operations, to ensure seamless deployment and operation of VOIP applications. • Test new VOIP features, products, and services, ensuring they meet quality standards before deployment. • Create and maintain technical documentation for VOIP applications, including system architecture, troubleshooting guides, and integration processes. • Continuously monitor and optimize VOIP applications to improve performance, scalability, and user experience. • Ensure VOIP applications meet security standards and compliance requirements. • Assist internal and external teams with troubleshooting, providing solutions, and offering expert guidance on VOIP-related issues. • Stay current with emerging VOIP technologies and trends, contributing to the development of new features and improvements to existing applications.

• Develop and prepare technical solutions and quotation proposals for new equipment • Respond to customer inquiries for new equipment • Define the Elliott scope of supply • Complete requisition forms for major purchased auxiliaries • Review customer and industry standard specifications • Create proposals including data sheets, scope, performance curves, pricing, and delivery • Participate in bid clarification meetings with Sales/customer • Work with Sales/Management to adjust scope/delivery/price as needed • Transfer data to Project Engineering / Project Management after an order is received • Develop standards, repeatable procedures and calculations

• Support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite. • Design and implement enterprise-wide security controls to secure applications, systems, networks, or infrastructure services. • Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring, CWE, WASC, and SANS Top 25 vulnerabilities. • Integrate security practices into development workflows using IDEs such as Eclipse, JDeveloper (including pipeline development), or Visual Studio. • Perform application security testing and automation using tools such as OWASP ZAP, Burp Proxy, Selenium, and Interactive Application Security Testing (IAST) capabilities. • Write and maintain bash scripts to support security automation, testing, and troubleshooting tasks. • Participate in vulnerability discovery, triage, and remediation processes, including crowdsourced security programs via platforms like HackerOne. • Work in Linux or UNIX environments, including navigating file systems and troubleshooting basic website connectivity and security issues. • Ensure applications and security practices align with federal compliance standards, including NIST 800-53, FIPS, or FedRAMP.