• Deliver compelling technical presentations and live demonstrations of Tenable Enterprise products • Manage enterprise software trials and Proof of Concept evaluations, mapping unique business values with customer business objectives • Answer technical questions and provide consultative guidance on security best practices, compliance frameworks, and risk management • Apply advanced technical skills to demonstrate the value and impact of Tenable’s solutions in solving real-world customer challenges • Maintain and strengthen relationships with existing customers, while identifying and cultivating new strategic opportunities • Present thought leadership content and represent Tenable at industry events, executive briefings, and customer-facing sessions • Leverage strategic technical selling skills to engage key stakeholders, from engineers to CISOs, and influence decision-making • Travel as needed (typically around 25%) to support key customer engagements, critical sales opportunities, and high-impact cybersecurity events • Collaborate cross-functionally with product management and engineering to surface customer feedback and prioritize critical customer use cases • Help shape future innovations by identifying gaps and contributing ideas for new product features and capabilities • Deliver clear status reports for Proofs of Value (POVs) and active opportunities; this data is mission-critical for forecasting business health and ensuring alignment with territory and organizational growth goals • Meet with prospective clients to discover what their biggest security challenges and highest priority business drivers are

• Cloud Security Engineering • Serve as the primary security engineering resource on cloud-focused initiatives. • Design and implement secure architectures across public and hybrid cloud environments. • Partner with engineering teams to embed security throughout the software development lifecycle. • Evaluate and implement cloud security controls and best practices. • CSPM & Security Tooling • Support and enhance Cloud Security Posture Management (CSPM) capabilities. • Engineer, deploy, and maintain enterprise security tools and platforms. • Develop automation to improve cloud security monitoring, remediation, and compliance reporting. • Configure and optimize cloud security policies and controls. • DevSecOps & Automation • Integrate security controls into CI/CD pipelines and DevOps workflows. • Collaborate with development teams to implement Infrastructure as Code (IaC) security practices. • Leverage tools such as Jenkins, GitHub, Terraform, and cloud-native security services. • Promote secure development and deployment standards across engineering teams. • Security Consulting & Governance • Advise Product Owners, Principal Engineers, and technical leadership on security architecture and operational considerations. • Assist in the development and maintenance of security standards, procedures, and guidelines. • Participate in security reviews, threat assessments, and risk mitigation activities. • Support ongoing compliance and regulatory initiatives. • Operations & Incident Support • Participate in Information Security operational activities. • Support monitoring, maintenance, and optimization of security platforms. • Participate in on-call rotations supporting enterprise security operations. • Assist with security investigations and cloud security incident response activities.

• Leading offensive security projects from initial idea through to execution and reporting • Simulating real world attacks to uncover vulnerabilities across our systems, infrastructure, and products • Partnering with engineering and security teams to improve detection, response, and resilience • Bringing an attacker mindset into conversations - asking “what if?” and challenging assumptions • Producing proof-of-concept exploits to clearly demonstrate risk and drive meaningful fixes • Mentoring others in the team and acting as a highly independent technical lead on complex engagements

• Lead and mature Affirm's Security Third Party Program, including the design, implementation, and continuous improvement of processes, controls, and operational workflows • Build and maintain automation that replaces manual GRC tasks: intake, triage, evidence collection, control validation, tracking, escalations, and reporting, using either Python, low code platforms, and agentic coding tools (Cursor, Claude, etc.) • Design and operate workflow orchestration and integrations across systems like ticketing, GRC platforms, vendor management tools, identity providers, and cloud control planes • Partner closely with Procurement, Legal, Engineering, IT, Compliance, Privacy, and business stakeholders to assess and manage security risk across third party relationships • Translate ambiguous business and security requirements into practical, scalable program solutions and decision frameworks • Identify opportunities to automate manual processes across the program and prototype solutions yourself rather than waiting on an engineering backlog • Drive program operational excellence by establishing repeatable processes, service-level expectations, metrics, and reporting for third party security risk management • Evaluate third party security controls, cloud architectures (AWS/GCP), integration patterns, and risk posture, and provide clear recommendations to stakeholders and leadership • Conduct light threat models on high risk integrations and partner with Security SMEs for deeper diligence • Manage and prioritize a portfolio of complex security risk reviews and initiatives simultaneously, balancing business enablement with risk reduction • Partner with technical teams to implement or optimize systems and tools that support program automation and workflow orchestration • Develop dashboards, reporting mechanisms, and program insights (SQL, BI tools, or custom tooling) that improve visibility into risk trends, bottlenecks, and program performance • Act as a trusted advisor and SME on third party security risk management, helping stakeholders make informed, risk based decisions • Contribute to the broader Security Risk Management strategy by identifying opportunities to scale, simplify, and strengthen security governance processes through engineering