• Act as the technical leader alongside the client’s business, development, and infrastructure teams. • Lead technical and design investigations with IT executives to help companies accelerate adoption of new technologies and practices. • Design and build highly scalable cloud-native applications on the AWS platform, using core developer-focused services such as API Gateway, Lambda, SQS, DynamoDB, and ECS. • Leverage emerging technology paradigms (e.g., serverless computing, containers, microservices). • Migrate monolithic applications to microservices architectures. • Advise on the implementation of AWS best practices. • Influence infrastructure architecture by sharing your application development expertise. • Represent the voice of developers and influence AWS Professional Services offerings and AWS product strategy for developers by working with platform engineering, business development, and other cross-functional AWS teams.

• Conduct research to identify potential weaknesses and security vulnerabilities in C / C++ and C# / .NET applications as well as others as the need arises. • Describe vulnerabilities and potential exploits, and produce proofs of concept and representative examples to aid engineering teams in building product capabilities • Engage in binary and source static analysis/reverse-engineering of applications • Conduct research to improve automation, accuracy, and efficiency of detection techniques and related systems, using both our own proprietary software as well as open-source tools. • Contribute expertise to Veracode’s customer- and public-facing documentation to ensure information is current, accurate, and actionable • Mentor and provide technical guidance to developers and researchers • Actively participate in the software security community by attending and presenting at industry conferences, conducting and publishing original research, contributing articles to the Veracode blog and/or trade blogs and magazines, etc.

• Develop, implement, and maintain a comprehensive, long-term, global information security strategy aligned with business objectives and risk tolerance. • Refine and enforce security policies, standards, and procedures across the organization. • Report on the organization's security posture and risk profile to the executive team and the Board of Directors. • Establish and lead the security operations center (SOC) and incident response teams. • Develop and execute an incident response plan to ensure swift detection, containment, and recovery from security breaches. • Oversee the management of security technologies. • Provide strategic direction for the design and implementation of secure enterprise and cloud infrastructure. • Stay current with emerging cybersecurity threats, technologies, and best practices. • Evaluate and recommend new security technologies and services to enhance the organization's defenses. • Lead the identification, assessment, and mitigation of security risks and vulnerabilities. • Ensure the organization's compliance with relevant industry standards and regulatory frameworks (e.g., GDPR, HIPAA, ISO 27001, SOX). • Manage and assess the security risks associated with third-party vendors and partners. • Continue hardening vendor risk management program to ensure supply chain security. • Mentor, and lead a high-performing information security team. • Continue fostering a culture of cybersecurity awareness across all departments through training and communication programs. • Maintain strong working relationships with cross-functional teams, including DevOps, IT, Legal, Privacy, Engineering, Data and integrate security into business processes.

• Collaborate with engineering and product on improving existing and building new product features with focus on threat modeling, assurance and secure implementation, some examples of recent work include implementation of secure key management, passwordless authentication, m2m authentication, sandboxing and compute/network/storage isolation • Identify security gaps and vulnerabilities in ClickHouse Cloud and OSS, triage a wide range of vulnerabilities reported via our bug bounty program, responsible disclosure, GitHub Issues covering web, API and server - client assets including low level memory issues like heap or buffer overflows • Improve and develop security assurance activities - pentests, vulnerability assessments, bug bounty programs, fuzzing • Drive implementation and usage of engineering security tools - static, dynamic code analysis, dependency checks, code licensing compliance (working knowledge of Snyk, Semgrep, GitHub CodeQL) • Nurture the engineering - security relationship, identify and implement process and technology improvements • Handle information security events and incidents across ClickHouse products and services • Develop processes, tooling and automation to scale security processes and mitigate risks to the business.