• Plan and execute internal red team engagements against the ZTE platform and corporate infrastructure • Conduct regular penetration testing of applications, APIs, cloud infrastructure (AWS GovCloud), and network segments • Develop and maintain adversary emulation capabilities aligned with MITRE ATT&CK for ICS • Document findings with actionable remediation guidance and track to resolution • Coordinate with external penetration testing firms for annual assessments • Lead threat modeling sessions for new features and architectural changes using STRIDE, PASTA, or attack trees • Review and approve security architecture for product changes before implementation • Participate in Change Control Board (CCB) reviews with security sign-off authority • Define security requirements and acceptance criteria for development teams • Maintain threat models for ZTE components including Moving Target Defense, access control, session recording, and password vaulting • Design and implement deception technologies and honeypots within the product and infrastructure • Collaborate with SOC to develop detection rules based on offensive findings • Create purple team exercises bridging red team operations with blue team response • Develop adversary playbooks that inform SOC runbooks • Implement and maintain security controls in CI/CD pipelines (SAST, DAST, SCA, secrets scanning, container scanning) • Define and enforce security gates for code promotion • Review infrastructure-as-code for security misconfigurations • Integrate security testing into GitHub workflows • Establish software supply chain security controls (SBOM generation, dependency verification) • Stand up and operationalize vulnerability management program in coordination with SOC • Define vulnerability severity thresholds, SLAs, and escalation procedures • Triage and prioritize vulnerabilities based on exploitability and business context • Track remediation progress and report metrics to leadership • Partner with SOC team on playbook development for incident response • Provide offensive perspective on detection gaps and coverage • Support SOC maturation through training, tabletop exercises, and purple team activities • Contribute to SIEM rule development and tuning (Google SecOps)

• Engineer and deploy clever controls so security incidents stay rare and boring • Lead incident response efforts, security tool deployments including tabletop exercises • Apply digital forensics and incident response knowledge, skills, and experience toward in-depth security investigations on both hardware endpoint and multi-cloud environments • Engineer security best practices with product teams who appreciate memes as much as mitigations • Experience with Go, Python, or Shell, mostly so you can spend less time yelling at logs and more time celebrating wins • Embrace artificial intelligence and automation in order to protect the enterprise at machine speed • Stay one step ahead of emerging security threats by continuously consuming threat intelligence and related industry happenings • This position includes rotational on-call responsibilities; Not brutal- the workload is reasonable and shared across the team.

• A solution salesperson. You understand customer challenges, define requirements, and solve business challenges using our enterprise software solution to achieve positive business outcomes for our prospects. • Great at teaming and collaborating within all departments of a fast-moving startup environment. • Persuasive in your C-level communication. (CISO, Product Security, DevSecOps, VP App Sec leaders are primary targets.) • Persistent in your ability to find, navigate and close complex sales cycles. • Proficient with tools like ZoomInfo, LinkedIn Navigator, Salesforce, SalesLoft, Clari, etc.

• Collaborate with Account Executives to design and present tailored solutions, addressing each customer’s technical and business needs. • Deliver high-impact demos, workshops, and proofs-of-concept (POCs) that demonstrate how Legit integrates with customer environments (CI/CD, SCM, cloud, etc.). • Translate complex requirements into architectural blueprints, aligning Legit capabilities with customer workflows and security objectives. • Serve as the technical voice in sales cycles, building confidence across security, DevOps, Dev Orgs, and executive stakeholders. • Lead onboarding and technical enablement for new customers, ensuring rapid time to value. • Act as a trusted advisor and escalation point, guiding best practices in secure software supply chain management. • Partner with the customer to drive adoption, expansion, and retention, identifying opportunities for upsell and deeper integration. • Conduct Quarterly Business Reviews (QBRs) with technical and executive audiences, highlighting ROI, risk reduction, and next-phase initiatives. • Advocate for customer needs with Product and Engineering, shaping roadmap priorities based on real-world insights. • Contribute to solution playbooks, architecture diagrams, and best-practice guides used across the customer lifecycle.