• Deliver on projects with multiple stakeholders and engineers to deliver significant impact to our business • Set direction for critical technical surface areas, enabling us to stay ahead of continued rapid growth • Design, develop, and own new product functionality and/or infrastructure leveraging modern frameworks and tooling (TypeScript, React, Node.js) • Work with talented and kind engineers to make a significant impact on our customer base, enabling them to improve their security and prove it • Contribute to building Vanta’s engineering culture as we grow

• Designing, implementing, and managing enterprise data protection solutions across our enterprise operating environment • Ensuring that sensitive and regulated information is discovered, classified, and protected throughout its lifecycle • Serving as the subject matter expert (SME) for data protection and Microsoft Purview Information Protection (MIP/DLP) • Leading policy configuration, tuning, and enforcement across the organization • Implementing and maintaining Microsoft Purview, DLP, Information Protection, and compliance policies, plans, and procedures • Developing and tuning DLP rules for endpoints to manage the flow of data between approved boundaries • Managing and optimizing sensitivity labels, mandatory encryption, and content marking across Microsoft 365 and supported third-party integrations • Collaborating with IT and department teams to align DLP policy coverage with regulatory and contractual data handling requirements • Investigating and responding to DLP incidents, working with Defender XDR and Sentinel to correlate events and generate actionable insights • Maintaining DLP dashboards and reporting to track violations, policy effectiveness, and user behavior trends • Serving as the technical liaison for enterprise data protection initiatives involving Purview, Zscaler, Qualys, and related security tools • Supporting periodic policy reviews, risk assessments, and audits, ensuring continuous compliance and alignment with security architecture standards • Documenting DLP processes, SOPs, and configuration baselines in accordance with company change management practices • Providing technical guidance and training to administrators and end-users on data handling best practices

• Continuously evolve Kentik’s secure SDLC strategy, defining security and privacy standards from design through deployment in partnership with key stakeholders. Design and implement automated security guardrails in CI/CD pipelines to detect vulnerabilities, dependency risks, and misconfigurations in real time, enabling teams to move fast without sacrificing security. • Lead the analysis and resolution of complex, high-risk, or systemic vulnerabilities, partnering with engineers to design durable fixes and reusable security patterns. This also includes tooling selection, prioritization frameworks, remediation workflows, and developer guidance. • Lead threat management automation capabilities by designing automated detections, response playbooks, and escalation paths. Be part of security operations by responding to security alerts/incidents and continuously improving response effectiveness through automation and post-incident learnings. Manage and evolve bug bounty and penetration testing programs in partnership with internal and external stakeholders. • Design, build, and maintain internal security tools, platforms, and frameworks used broadly across the engineering organization. Focus on scalability, reliability, and developer experience while delivering capabilities such as automated scanning, validation, and security reporting and dashboards. • Act as a trusted security advisor to engineering and product teams, providing practical guidance during design reviews, architectural discussions, and roadmap planning. Drive security adoption through collaboration rather than gatekeeping, helping teams make informed risk-based decisions. • Drive security and privacy awareness across the organization by delivering role-specific training, secure design guidance, and ongoing education. Help foster a culture where security is a shared responsibility embedded into everyday engineering practices.

• Detect and respond to security threats across network, systems, and cloud environments. • Troubleshoot and resolve complex technical issues, performing root cause analysis to prevent future incidents. • Act as an escalation point for unresolved alerts/issues. • Mentor SNOC Engineer I team members and assist with technical development. • Create and improve Standard Operating Procedures (SOPs) and knowledge base documentation. • Collaborate on projects to integrate new technologies and improve reliability. • Support compliance initiatives (CMMC, SOC 2, ISO 27001). • Investigates and responds to complex security alerts (lateral movement, privilege misuse). • Performs root cause analysis and recommends remediation actions. • Maintains and tunes SIEM and EDR detections to improve accuracy. • Supports proactive security initiatives (threat hunting, detection engineering). • Mentors Engineer I in effective triage and investigative techniques. • Collaborates with clients and internal teams on remediation plans.