• Keep our business and revenue safe by building security into the way we develop software • Design secure application architectures • Improve secure coding practices • Detect vulnerabilities early in the development lifecycle • Continuously improve application security as part of everyday engineering work • Build and maintain secure coding standards • Conduct threat modeling during architecture and design stages • Implement and improve application security testing, including: SAST, DAST, Dependency and secrets scanning, CI/CD security checks • Perform regular application security assessments and maturity evaluations (OWASP ASVS, OWASP SAMM) • Manage the full vulnerability lifecycle: triage, prioritization, remediation support, and validation • Support external penetration testing and Bug Bounty programs • Identify and mitigate security risks in cloud environments and CI/CD pipelines.

• Accelerate pipeline growth by cultivating high-trust relationships with architects, engineers, contractors, OEMs, dealers, and channel partners. • Surface and route qualified deals by recognizing early buying signals. • Shape specs and purchasing decisions by aligning solutions to project needs. • Be the go-to technical/business resource for Key Influencers. • Drive account strategy and execution by building Key Influencer account plans. • Expand market presence and credibility through segment and industry insight. • Inform strategic choices with market analysis and alternative technology assessments. • Uplift commercial capability by mentoring sales personnel and sharing best practices.

• Develop and implement automated security testing and vulnerability detection workflows integrated into the Software Development Lifecycle (SDLC). • Conduct security reviews of web applications, mobile applications, APIs, and cloud environments (public and private). • Perform penetration testing on web, mobile, API, and desktop applications, as well as supporting infrastructure. • Evaluate application defenses, identify architectural and design-level security gaps, and recommend mitigation strategies. • Think like an attacker to proactively identify vulnerabilities and complex security risks before they reach production. • Collaborate closely with engineering teams to support secure coding practices and security-aware development. • Conduct code reviews with a security focus, especially for critical services and deployments. • Research emerging threats and contribute to the development or adoption of new security tools and techniques. • Review application code and architecture from a security perspective. • Support and guide teams on secure development lifecycle (SDLC) practices. • Work closely with developers during feature development and releases to ensure security controls are in place. • Participate in threat modeling, vulnerability triage, and remediation tracking. • Contribute to defining and evolving Lucidya’s application security strategy. • Gain a deep understanding of Lucidya’s system architecture, codebase, and security landscape in the first 90 days.

• Develop and program DDC controllers, including logic, sequences, alarms, schedules, and trends. • Build and configure controller databases, graphics, navigation, and user interfaces. • Implement integration using BACnet, Modbus, and other open protocols. • Configure and test network settings, IP addressing, routing, and device bindings. • Create and update programming libraries, templates, and standards. • Support field technicians during startup, commissioning, point-to-point testing, and functional testing. • Troubleshoot communication issues, device failures, programming errors, and performance gaps. • Perform on-site adjustments to optimize HVAC and mechanical system performance. • Validate I/O lists, mechanical schedules, control drawings, and sequences of operation. • Maintain organized project files including backups, version control, release notes, and as-built documentation.