Role Description Arcarithm is seeking a highly technical and detail-oriented Cybersecurity & Secure Systems Engineer to lead our application security testing and maintain the integrity of our restricted computing environments. This role is responsible for the end-to-end management of vulnerability scanning (SAST/DAST), the automation of security gates within our CI/CD pipelines using SonarQube, and the physical and technical upkeep of closed-area systems. The ideal candidate thrives in a secure, project-driven environment and ensures our software development lifecycle meets rigorous federal and defense-grade compliance standards. Please note security clearance on resume. Key Responsibilities - Application Security & DevSecOps Duties - Perform regular SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) scans to identify, triaging, and remediating software vulnerabilities. - Lead the integration and configuration of SonarQube into existing CI/CD pipelines to automate code quality checks and security gating. - Collaborate directly with software engineering teams to interpret scan results, provide remediation guidance, and ensure secure coding practices. - Monitor and report on security metrics, trends, and the overall health of the software security posture. - Stay current on the latest exploits, security trends, and automated testing tools to continuously improve Arcarithm’s defensive capabilities. - Secure Facilities & Systems Duties - Maintain and manage closed area computer systems, ensuring hardware, software, and networking configurations remain compliant with restricted environment protocols. - Execute routine system maintenance, patching, and troubleshooting within air-gapped or classified workspaces. - Ensure all closed-area assets are properly documented, tracked, and ready for government or internal audits. - Coordinate with facility security officers (FSOs) to ensure technical controls align with physical security requirements for high-security areas. - Develop and maintain standard operating procedures (SOPs) for the use and maintenance of secure computing resources. Qualifications - 3+ years of hands-on experience in Cybersecurity, Application Security, or Systems Administration within a secure or defense-related environment. - Technical Proficiency: Proven experience running and managing SAST/DAST tools and integrating SonarQube into automated pipelines. - Secure Environments: Experience maintaining "Closed Area," SCIF, or air-gapped workstations and servers. - Clearance: Secret DOD Clearance- with ability to obtain Top Secret. - Education: Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent professional experience). - Attention to Detail: Exceptional organizational skills with the ability to manage complex security documentation and audit-ready records. Preferred Skills - Compliance Frameworks: Strong working knowledge of CMMC (Cybersecurity Maturity Model Certification) and CMMI (Capability Maturity Model Integration) processes. - Certifications: CompTIA Security+, CISSP, CEH, or similar industry-recognized credentials. - Government Contracting: Familiarity with NIST SP 800-171, FAR/DFARS, and DC. Benefits - Comprehensive health insurance options. - A generous 401K plan. - Competitive salaries. - Continuous career growth opportunities. - Flexible schedules including remote work. - Mentoring and performance incentives.

• Build and maintain strong relationships with AWS account teams, technical teams, and partner contacts to drive co-sell and joint GTM opportunities. • Enable AWS teams to prospect and sell with Upwind, representing our solutions effectively to their customers. • Train and support Upwind’s sales organization on working with AWS for co-sell, marketplace, and partner programs. • Track and report on co-sell activity, joint pipeline, and partner-influenced deals, providing actionable insights to leadership. • Collaborate with internal sales, marketing, and solutions engineering teams to execute joint campaigns, co-branded programs, and GTM initiatives. • Support AWS Marketplace activities, including private offers, deal registration, and partner funding programs. • Manage a large number of contacts and programs, ensuring organized and timely.

• Improve Socket's security posture across the board. Own application security, cloud infrastructure hardening, operational security, and IT security. Write code and build tooling that makes the secure path the default path for engineers. Roll out identity and access controls, close gaps across the stack, and continuously reduce risk. • Assess, prioritize, and drive the security roadmap. Figure out what matters most, balance quick wins with longer-term improvements, and execute across many fronts in parallel. You won't wait to be told what to work on. You'll develop a clear picture of where Socket's risks are and make steady progress against them. • Run incident response and external security operations. Build and run a 24/7 security incident response process. Own the security@ inbox, triage inbound vulnerability reports, manage pentests, and coordinate fixes. When you can fix something directly, you do. • Maintain compliance and drive new certifications. Maintain our existing SOC 2 compliance. Drive new certifications (ISO 27001, etc.) as needed for enterprise customers. • Raise security awareness and culture across the org. Train engineers to write more secure code. Run phishing simulations. Build trust with engineering teams so that security feels like an enabler, not a blocker. Make people want to do the right thing rather than resenting security as a tax.

About Us Socket helps devs and security teams ship faster by cutting out security busywork. Thousands of orgs use Socket to safely find, audit, and manage open source code. Our customers — from Anthropic to xAI, and Figma to Vercel — love Socket (just check out their tweets to see for yourself!) Founded by Feross Aboukhadijeh, a long-time open source maintainer with software downloaded over a billion times a month, Socket has raised $65M in funding from top angels, operators, and security leaders. About the Role We're hiring a Security Engineer to own security across the company. This is a senior IC role covering application security, cloud infrastructure, operational security, IT, compliance, and incident response. Socket is a security company, and our internal security posture matters both for protecting the company and for the credibility of what we sell. This role is a rare combination: full ownership of a critical function, a company with real traction, and a deeply relevant problem space. As Socket grows, so will the security function, and you'll shape what that looks like. What You'll Do - Improve Socket's security posture across the board. Own application security, cloud infrastructure hardening, operational security, and IT security. Write code and build tooling that makes the secure path the default path for engineers. Roll out identity and access controls, close gaps across the stack, and continuously reduce risk. - Assess, prioritize, and drive the security roadmap. Figure out what matters most, balance quick wins with longer-term improvements, and execute across many fronts in parallel. You won't wait to be told what to work on. You'll develop a clear picture of where Socket's risks are and make steady progress against them. - Run incident response and external security operations. Build and run a 24/7 security incident response process. Own the security@ inbox, triage inbound vulnerability reports, manage pentests, and coordinate fixes. When you can fix something directly, you do. - Maintain compliance and drive new certifications. Maintain our existing SOC 2 compliance. Drive new certifications (ISO 27001, etc.) as needed for enterprise customers. - Raise security awareness and culture across the org. Train engineers to write more secure code. Run phishing simulations. Build trust with engineering teams so that security feels like an enabler, not a blocker. Make people want to do the right thing rather than resenting security as a tax. What You'll Bring - You've owned security broadly at a growth-stage company, or you're a strong software engineer who's moved into security and is ready to own the function end-to-end. - You can ship production TypeScript. When the engineering org is heads-down on product work, you unblock yourself by writing code, standing up tooling, and modifying infrastructure rather than filing tickets and waiting. - You have breadth across security domains (AppSec, CloudSec, OpSec) and you're comfortable learning fast where gaps exist. - You're fluent in cloud infrastructure (we use GCP): VPCs, IAM, secret management, networking. - You're a self-directed operator who figures out what matters most and executes across many fronts without waiting to be told what to do. You move fast, find leverage, and get a lot done with a little. - You have the communication and teaching skills to make an entire engineering org care about security, not by blocking people, but by earning trust and making the secure path the easy path. We know how important clarity is when looking for a new role, so we've put together a read-me about the Interview Process at Socket. Benefits: Our benefits are crafted to support you and your family, so you can take care of what matters most and thrive in and outside of work. We offer: - Market competitive salary bands - Meaningful equity program - Comprehensive health benefits for you and your family - Flexible time-off, holidays, and winter shutdown to rest & recharge - Paid parental leave - Remote-first, with quarterly team off-sites At Socket, we - Pursue Excellence: We set ourselves apart by consistently delivering work of exceptional quality and distinction. - Move with urgency and focus: We prioritize swift, decisive action. - Think rigorously: We care about being right and it often takes reasoning from first principles to get there. We value alternative perspectives and have constructive discussions. - Trust and amplify: We overtrust, always assume good intent, and give specific feedback to help each other improve. - Feel a strong sense of ownership: We wear many hats and feel a strong sense of overall ownership of the company and we're non-territorial regarding our nominal domains. - Are customer obsessed: We relentlessly prioritize the needs of our customers, striving to exceed their expectations and delight them at every interaction.