• Own the product security research agenda for Chainguard scanning the broader ecosystem, identifying emerging attack patterns, and translating them into clear risks and opportunities for Chainguard and our customers. • Shape security direction across products and platforms, partnering closely with Product, Engineering, and Security leadership to embed your findings into roadmaps, architecture decisions, and long-term plans. • Operate as someone who sees the whole ecosystem, spots issues early, and helps others navigate with confidence (and just enough healthy paranoia). • Research emerging threats & trends in software supply chain and product security, and analyze their impact on Chainguard’s products and customers. • Design creative mitigations across people, process, and technology not just proof-of-concept demos, but pragmatic defenses that actually get adopted. • Lead large-scale, multi-quarter initiatives that materially reduce risk or improve our security maturity across multiple product lines and platforms. • Partner with executive and senior engineering leadership to drive org-level security strategy, influence key roadmap decisions, and secure buy-in for big, complex changes. • Identify systematic weaknesses (in systems, structures, and sometimes habits) and develop plans that fix root causes in ways that persist long after you’ve moved on to the next hard problem. • Mentor and uplevel others across Product Security and Engineering by helping teams think more strategically about threats, risk, and long-term security posture. • Represent Chainguard externally through talks, conferences, and thought leadership, sharing what we’re learning and helping move the industry forward.

• Prepare and configure laptops for new employees and keep devices up to date. • Perform onboarding and offboarding processes, ensuring the proper provisioning and deactivation of accesses and devices. • Manage the office infrastructure, including basic technical support and equipment maintenance. • Implement and monitor antivirus and MDM solutions, ensuring the security of company devices. • Create and implement automations to optimize manual and repetitive processes, contributing to the efficiency of IT and Information Security operations. • Participate in automation and continuous improvement projects, proposing solutions that bring agility to IT and Information Security routines.

• Manage and execute our industrial security program in support of classified federal contracts • Administer personnel security, maintaining compliance with federal regulations • Ensure the integrity of our cleared workforce (approximately 150–300 cleared personnel) • Oversee classified material control, storage, and destruction procedures • Conduct security briefings, debriefings, and annual refresher training • Prepare for and support Defense Counterintelligence and Security Agency (DCSA) security reviews and audits • Support proposal efforts with clearance verification and staffing feasibility

• Leads the planning, implementation, documentation, and testing of security systems • Develops security standards, policies, and procedures • Partners with business units to understand technology needs and to integrate security across various business use cases • Determines security requirements by evaluating business strategies and needs; researching information security standards; plan and collaborate with team members in conducting system security and vulnerability analyses and risk assessments • Prepares security reports by collecting, analyzing, and summarizing data and trends • Maintains relevant job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations • Enhances department and organization reputation by accepting ownership for accomplishing tasks; exploring opportunities to add value to job accomplishments • Assist with ad-hoc operational tasks as required