• Design, build, and maintain secure CI/CD pipelines with security gates that catch issues before they reach production. • Systematically, consistently and automatically capture the risk exposure of Chainguards products. • Implement and enforce software supply chain security controls: signed artifacts, SBOMs, provenance attestation (SLSA, Sigstore / Cosign). • Proactively identify emerging customer security needs, and build solutions to meet these. • Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS. • Harden container images, Kubernetes cluster configurations, and cloud IAM postures — minimise attack surface across our product stack. • Define and drive adoption of baseline security standards: pod security standards, network policies, workload identity, secrets management. • Evaluate and operationalise CNAPP / CSPM tooling to maintain continuous visibility into cloud-native risk.

• Support security design and installation projects throughout North America • Manage all aspects of the project from initial engagement through project completion, including multiple projects and scopes of work • Identify project schedule, scope parameters, and oversee security design and implementation per client design requirements and standards • Manage early project initiation activities and develop project security scope, schedule, critical deliverables, and requirements • Manage scheduling, status, and tracking of critical project tasks, issues, and deliverables • Prepare, issue, and manage Request for Proposal (RFP) documents for security systems installation scope • Evaluate RFP responses and prepare evaluation reports, to include evaluation criteria, scoring, and recommendation details • Perform security site evaluations of potential client properties and review proposed design concepts • Collaborate with client owner and user group stakeholders to define use cases and verify functional requirements, and produce a security functional specification for the project

• Conduct security control assessments for commercial and government customers to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within a system boundary. • Develop, document and review System Rules of Engagement (ROE), Security Assessment Plans (SAPs) and Security Assessment Reports (SARs). • Conduct kick-off meetings, develop associated schedules and resource plans to complete the assessments. • Responsible for quality control on the assessment and associated deliverables. • Develop practical and risk-based approaches for security control implementation and vulnerability remediation. • Review and provide feedback system boundaries, common controls, the security categorization of information systems, applicable security control baseline based on system categorization. • Review cyber/system/network security body of evidence and documentation for accuracy and completeness. • Lead Post Assessment Meetings with the customer. • Provide Plan of Action and Milestones (POA&M) support to ensure mitigations are completed or the teams are working to mitigate all vulnerabilities in a timely fashion and within customer policy timelines. • Perform continuous monitoring to ensure implemented security controls remain functional throughout the lifecycle of the information system. • Perform other duties as assigned.

• Lead and manage Security Analysts responsible for security operations center (SOC) activities and security administration • Oversee daily security monitoring, event triage, escalation handling, and incident response coordination • Establish team priorities, assign work, and ensure timely completion of operational security tasks and remediation activities • Develop and report on security operations metrics, trends, and performance indicators • Oversee administration of security tools, including monitoring platforms, endpoint protection, vulnerability management, and access controls • Manage user access administration, privileged access review support, and periodic access validation processes • Ensure security controls are functioning effectively and that issues are tracked, escalated, and remediated • Maintain team procedures, runbooks, and documentation for security operations and incident response • Support the implementation, tuning, and effectiveness of security tools and monitoring capabilities • Lead incident detection and response activities, including escalation to leadership when appropriate • Coordinate with IT and system owners on containment, remediation, recovery, and lessons learned • Monitor emerging threats and vulnerabilities and direct team focus accordingly • Support audit readiness, assessments, and operational response exercises • Manage, coach, and develop Security Analysts, including performance management and career development • Promote consistency in investigation, documentation, escalation, and communication practices • Partner with the CISO on staffing, workload planning, and operational maturity initiatives • Collaborate with Audit, Risk, Compliance, and IT teams on control validation and issue remediation • Support third-party reviews and audit follow-up activities • Escalate material risks, control gaps, and resource concerns to the CISO • Ensure alignment with organizational policies, standards, and regulatory requirements