• Lead application security across all Linear and SaaS products, services, and APIs • Act as the security authority in design and architecture discussions • Define and enforce secure development standards across the SDLC • Ensure security controls are implemented consistently across all products and services • Lead the application pentesting across Operative’s products • Establish mandatory security review gates within the SDLC and participate in engineering sprints as security champion • Conduct security assessments for high-risk features, authentication flows, API’s, integrations, and architectural changes • Provide formal security approval (sign-off) prior to production release as required • Work collaboratively with DEV and QA team to provide solutions for security risk identified during SDLC lifecycle • Coordinate formal risk acceptance with Security leadership when necessary • Integrate security controls into CI/CD pipelines (SAST, DAST, SCA, secrets scanning, IaC scanning) • Define and maintain secure coding standards and engineering guardrails • Ensure security tooling produces actionable output and does not become noise • Continuously improve automation and coverage across code repositories and services • Lead application vulnerability management for all Linear and SaaS products • Open, track, and maintain remediation tickets with Engineering • Clearly document risk, severity, and remediation expectations • Enforce remediation timelines and escalate overdue critical issues • Validate remediation effectiveness before formal closure • Work closely with the AI department to securely introduce AI-powered features into products • Conduct security reviews of AI use cases, model integrations, and data flows • Ensure proper data classification, access controls, and data minimization when integrating AI capabilities • Assess risks related to prompt injection, data leakage, data poisoning, model abuse, excessive API exposure, and external AI integrations • Define guardrails for AI feature deployment, including logging, monitoring, and abuse detection • Require security validation before AI-driven features are released to production • Ensure proper authentication, authorization, and object-level access controls • Validate encryption, secrets management, and identity implementations • Partner with Cloud and Infrastructure teams to ensure secure deployment patterns • Provide monthly application security posture reports • Maintain centralized vulnerability dashboard (SAST, DAST, SCA, Container, IaC) • Create monthly reports on repos integration and CI/CD integration • Provide quarterly Secure SDLC maturity assessment • Conduct monthly AppSec review with product teams

• Work with the GTM Automation Systems team on evolving a Salesforce data model that is technically scalable, easily reportable, and functionally intuitive for end users. • Utilize SOQL API’s, Apex controllers, Apex Web Services, Apex callouts, and other development tools to build custom functionality that tailors our sales systems to our unique business and operating model. • Participate in technical analysis activities together and document requirements for application Integration and also involved in integration design activities working with architects and other stakeholders. • Review and assure quality in all code entering our codebase. • Continually evaluate and refactor our existing codebase for increased extensibility. • Ability to learn new technologies depending on project requirements.

• The Lead Application Development Engineer will play a pivotal role in the development and implementation of critical applications. • Foster collaboration among team members, stakeholders, and departments. • Define backend frameworks and engineering standards across applications. • Establish cloud infrastructure strategy (AWS preferred). • Architect for scalability, reliability, performance, and security. • Build systems designed for long-term scalability, not short-term patches. • Lead API architecture and integration design across platforms. • Design and implement a centralized data hub strategy to decouple applications from legacy systems. • Implement monitoring and observability standards (New Relic or similar).

Role Description As a Sr. Application Security Engineer at vCluster Labs, you are the architect of trust in our diverse ecosystem. In this role, you will be responsible for the end-to-end security of our product, ensuring that vCluster remains the de facto standard for secure Kubernetes multi-tenancy. You will define the security standards that allow our customers to run high-privileged workloads without fear, building in-depth strategies that span our entire codebase and infrastructure. - Core Product Security: - Perform deep-dive security reviews of our core Go-based applications and Kubernetes controllers, as well as the frontend user interface. - Focus on avoiding privilege escalation within our multi-tenant architecture. - Threat Modeling: - Lead the threat modeling process for new features. - Proactively identify risks associated with shared GPU resources and multi-cloud environments. - Automated Security: - Integrate security checks into our CI and developer workflows. - Optimize these checks for speed to ensure security never becomes a bottleneck for engineering velocity. - Manage automated and manual scanning of our entire product stack. - Vulnerability Management: - Own the lifecycle of security vulnerabilities from discovery to remediation. - Triage both external and internal reports. - Drive the resolution of critical issues across the engineering organization. - Communicate effectively across stakeholders. - Feature Development: - Contribute to both the ideas and development of new features, many of which are related to security topics such as container breakouts and isolation. - Developer Training: - Make complex topics easier to understand for all engineers, including new attack vectors and secure coding concepts. Qualifications - 5+ years in Application Security or Product Security, with a strong focus on containerized environments. - Deep understanding of Kubernetes architecture, RBAC, and container runtime security. - Comfortable reading and writing Go, the language of our core product. - Thrives in fast-paced cutting-edge environments. - Views feedback as a learning mechanism and understands the unique needs of customers. Requirements - Bonus points for certifications such as CKS (Certified Kubernetes Security Specialist) or OSCP. - Experience securing AI workloads or GPU cloud infrastructure. - Experience writing custom security tooling or automation scripts in Python or Go. - Willingness to contribute to public-facing security documentation and "Trust Center". Benefits - Competitive Salary: We offer a competitive compensation package, including equity. - Platinum-Level Insurance: Health, dental, vision, and life insurance, including plans for you and eligible dependents (benefits vary depending on country). - Flexible Working Schedule: Results matter more than clocking in and out at the same time every day. - Workplace Flexibility: We’re very flexible about where you work and happy to adjust the work environment for you.