Partnering with security, platform, engineering, and product teams to design, implement, and embed secure development pathways (“paved roads”), guardrails, and SSDLC practices that integrate naturally into engineering workflows and CI/CD pipelines.
Configuring, integrating, and scaling modern AppSec tooling such as SAST, SCA, ASPM/ASM, and secret scanning, ensuring these capabilities are reliable, usable, and embedded into the software delivery lifecycle.
Leveraging GitHub Actions, CI/CD pipelines, policy-as-code, scripting, and orchestration to automate security checks, enforce controls, and streamline secure deployment processes without disrupting developer velocity.
Creating and maintaining templates, scripts, documentation, and self-service tooling that empower teams to adopt secure-by-default practices while reducing security friction, false positives, and manual overhead.
Defining metrics, gathering developer feedback, and analysing tooling outcomes to assess the effectiveness of AppSec initiatives, iterating on approaches to uplift both security maturity and developer experience.
Communicating with our Engineering cohort to share new tools, workflows, and secure engineering practices, while running enablement activities (docs, workshops, demonstrations) that drive secure adoption and ecosystem improvements.
Staying on top of emerging vulnerabilities, security trends, and engineering productivity advancements, and building strong cross-functional relationships to influence secure behaviours and balance risk with usability and delivery outcomes.
