Responsibilities
- Own the security posture of our infrastructure, including Kubernetes clusters: admission control, network policy, runtime threat detection, and workload isolation
- Harden CI/CD pipelines against supply chain threats: SAST/DAST, SBOM generation, signed artifacts, and dependency scanning across a large-scale monorepo
- Design, implement, and maintain security infrastructure across cloud providers (Azure, AWS, GCP) using infrastructure-as-code (Pulumi, Terraform, Helm)
- Build and operate detection and response capabilities (SIEM, audit logging, alerting) and lead incident response end-to-end: from triage to forensics to postmortem
- Support compliance programs (SOC 2, HIPAA, ISO): evidence automation, control mapping, audit readiness, and customer security reviews
- Manage identity, secrets, and access controls across cloud, SaaS, and Kubernetes, enforcing least privilege and short-lived credentials by default
- Address AI-specific risks (model access, prompt injection, data exfiltration) as we expand our agent platform
- Evaluate and adopt new tooling to reduce manual toil and scale security coverage as the company grows