• Own the end-to-end remediation process from validated finding through fix verification. Define and enforce SLAs by severity, track progress across engineering teams, escalate aging findings, and drive blockers to resolution. • Organize third-party penetration tests: scoping, scheduling, vendor coordination, finding intake, and tracking through remediation. Own the operational side of the bug bounty program, ensuring researcher submissions are acknowledged, triaged, validated, and resolved within committed timelines. • Build and maintain security kanban boards that give the entire organization visibility into vulnerability status: internal findings, pen test results, bug bounty submissions, and security exceptions. These boards are the single source of truth. Engineering knows what's on their plate, security leadership knows the posture, and Customer Trust has what they need for customer conversations. • Use Claude and LLM platforms to automate finding intake and routing, generate status reports, flag at-risk SLAs, draft stakeholder communications, and surface patterns that indicate systemic issues. Focus your time on judgment and coordination by letting AI handle the repetitive tracking. • Own the security exception process: intake, risk documentation, approval routing, time-bound tracking, and expiration enforcement. When an engineering team requests an exception, you ensure it's documented with clear risk context, reviewed by the right people, and actively tracked to expiration. • Own Product Security metrics: mean time to remediate, SLA compliance, finding aging, exception counts, recurrence rates, coverage by product. Build reporting that serves the VP (portfolio posture), engineering leaders (their team's queue), and Customer Trust (defensible data for customer security reviews). • Coordinate with Engineering and Product Management on remediation prioritization and release planning. Work with Customer Support and Customer Trust on vulnerability status for customer inquiries and security questionnaires. Partner with Cyber Defense on findings that cross product and infrastructure boundaries. Keep Security Architects and Product Security Engineers aligned on remediation status.

• Performing initial triage of disparate security signals and events to determine severity and drive response to potential business-impacting incidents. • Monitoring and analyzing vulnerability management tools and feeds; providing remediation guidance to downstream teams; and keeping technical risk under control. • Operating the security awareness program, including course design, phishing simulations, reporting, and support for business teams and users. • Supporting internal and external stakeholders as required to gather information and evidence for security governance activities and compliance audits. • Using AI and automation techniques to enhance compliance, facilitate business operations, and improve efficiency. • Undertaking small projects to mitigate risk, support the team, and support other company objectives.

• Lead threat modeling, attack surface analysis, and secure design reviews across products, platform services, endpoint agents, and cloud-native systems. • Use LLM platforms (Claude, OpenAI) as core tools to scale threat analysis, abuse-case generation, architecture review, and remediation guidance. • Work directly with engineering teams to embed secure-by-default patterns into product development. • Own and expand the Product Security handbook that inferences product context from multiple sources and leverage it for enforcing secure design standards. • Mentor Product Security Engineers and Security Champions on secure design, attack surface reduction, and AI-first security workflows. • Help evolve BeyondTrust's AI-first Product Security Architecture strategy by identifying where AI workflows can replace manual processes.

• Build and maintain the product security tooling pipeline integrated across the software development lifecycle. Implement and tune Claude Code Security, Codex Security, GitHub Advanced Security (code scanning, secret scanning, Dependabot), and Wiz CLI across repositories and CI/CD pipelines. Own the configuration, policy enforcement, and continuous improvement of these tools so engineering teams get accurate, actionable security feedback at the speed of development. • Design and operate automated product security review workflows with human-in-the-loop checkpoints. Use Claude and LLM platforms to automate initial review triage, risk classification, and recommendation generation, escalating to Security Architects or senior engineers for decisions that require judgment. The goal is every change gets appropriate security review coverage without manual review becoming the bottleneck. • Ensure security tooling integrates cleanly into engineering workflows: GitHub PRs, CI/CD pipelines, IDE plugins, and developer dashboards. Reduce false positives, tune rulesets to the product's actual risk profile, and build feedback loops so findings improve over time. You own the engineering experience of security tooling. When a developer interacts with a security gate, it should be clear, fast, and useful. • Leverage Claude Code Security, Codex Security, and LLM platforms to build automation that scales security engineering. This includes automated code review triage, vulnerability pattern detection, fix suggestion generation, policy-as-code enforcement, and security review summarization. Contribute reusable prompts, skills, and plugins back to the Product Security team's shared library. • Support product incident response alongside the Product Security team. Help investigate security incidents affecting products, scope impact, coordinate with engineering on emergency fixes, and contribute to root cause analysis and post-incident improvements. • Work closely with Security Testers to ensure scanning and automated tooling feed validated findings into their workflow. Partner with Architects on translating secure design standards into enforceable pipeline policies. Coordinate with the TPM on tracking and reporting for tooling-generated findings. Be the go-to person for engineering teams on security tooling questions, configuration, and troubleshooting.