- Embed security into the SDLC by partnering with Engineering to implement secure design patterns, conduct threat modeling, and deliver developer-focused AppSec training
- Lead and perform application security assessments including SAST, DAST, SCA, and manual code review across web, mobile, and API surfaces
- Drive API security across internal and external services — including authentication, authorization, rate limiting, and abuse prevention controls
- Own and mature the vulnerability management program, including prioritization frameworks, SLA tracking, and cross-functional remediation coordination
- Champion software supply chain security initiatives, including SBOM generation, dependency risk analysis, and third-party component vetting
- Assist GRC with technical third-party risk reviews and vendor security assessments
- Respond to and lead security incidents in a measured, programmatic, and timely manner — from identification through post-incident review
- Implement and iterate on security automation and orchestration to improve detection, response, and coverage at scale
- Implement, monitor, and continuously improve security controls across cloud infrastructure, endpoints, and the product
- Assess and mitigate AI-specific security risks across Branch's use of LLMs and AI-powered features, including prompt injection, model abuse, and insecure output handling
PythonBashKubernetes