• Establish and continuously improve the AppSec program’s strategy, processes, and tooling • Collaborate with engineers to integrate security best practices into design reviews, threat modeling, code reviews, and penetration testing • Participate in secure code review and penetration testing efforts • Contribute to deep-dive security reviews of our web, mobile, and API products • Mentor junior members of the AppSec team to support their professional growth

• Design and build scalable infrastructure to support rapid growth in data volume, service usage, and engineering velocity • Lead projects across our cloud infrastructure, including container orchestration (e.g., AWS Fargate, ECS), monitoring and alerting systems, networking, and database maintenance • Implement and maintain core security infrastructure and controls including, service-to-service authentication, secrets management, application security primitives (e.g., rate-limiting, encryption libraries, etc.), and infrastructure hardening • Identify and solve complex scalability and performance challenges, particularly related to service reliability and data throughput • Partner closely with Security Engineering to implement infrastructure that supports best-in-class security and compliance practices • Drive infrastructure design reviews and provide technical guidance on architectural decisions and trade-offs • Work with talented and kind engineers to make a significant impact on our customer base, enabling them to improve their security and prove it • Contribute to building Vanta’s engineering culture as we grow

• Lead the design and implementation of secure architectures for Built’s applications, services, and AI/ML initiatives. • Embed security throughout the development lifecycle by partnering with engineering teams on threat modeling, secure coding best practices, and design reviews. • Conduct technical security reviews—including code assessments, dependency analysis, and architectural risk evaluations—to proactively identify and remediate vulnerabilities. • Champion secure and responsible AI usage across Built’s product ecosystem. • Drive security controls that address AI-specific risks such as prompt injection, data poisoning, insecure model integrations, and model-exploitation paths. • Guide engineering and product teams on safe deployment patterns, monitoring, and ongoing validation of AI systems. • Perform internal penetration testing of applications, networks, and features to uncover weaknesses before attackers do. • Support planning and execution of external third-party penetration tests, ensuring findings are triaged and addressed effectively. • Participate in application-security–focused incident response activities, including investigation, containment, and root-cause analysis. • Conduct ongoing security research and maintain awareness of emerging threats, especially those relevant to cloud-native systems and AI/ML technologies. • Mentor engineers and security team members, driving adoption of security-first principles and scalable secure-by-default patterns. • Influence cross-functional teams through technical leadership, helping define security standards, guardrails, tooling, and long-term security strategy. • Promote a culture of high trust, continuous learning, and technical excellence.

• Develop and implement a strategic vision for information security aligned with business objectives and focused on continuous improvement of the area's processes and controls. • Lead the Information Security team to work in partnership with all other areas of the company. • Manage contracts, assets and services related to information security, ensuring optimal efficiency. • Monitor security trends and innovations, keeping the Information Security management system (ISMS) up to date. • Define information security standards and policies aimed at protecting information assets and ensuring business continuity. • Ensure regulatory compliance applicable to the company and adherence to industry best practices. • Collaborate with technology teams to define and implement effective strategies for integrating security across the development lifecycle, from design to operation. • Plan and implement processes and monitoring activities to mitigate risks and address potential threats. • Analyze and respond to information security incidents, map threats and vulnerabilities, and develop projects to prevent or remediate them. • Ensure the development and quality of security testing routines for the IT technologies adopted by the company. • Lead the training and awareness program to foster a strong security culture within the company. • Provide support for internal and external audits. • Evaluate and monitor security KPIs, keeping senior leadership informed about the maturity of the information security program. • Respond to requests and support the provision of the company's ISMS information to our clients and other stakeholders whenever necessary.