Jarrod P.

Security at TwelveLabs

Greater Birmingham, Alabama Area

About

Accomplished information security engineer, architect, and team leader with a proven ability to build and scale security programs at rapid-growth tech and SaaS companies. Over 15 years of hands‑on experience across IT, network, software, and both offensive and defensive security engineering, spanning startups and enterprise environments. Passionate about automation‑driven security operations, cloud infrastructure security, and securing emerging technologies; especially AI systems and machine learning infrastructure. Holder of CISSP, CEH, and other industry-recognized certifications.

Experience

  • Lead Security Engineer at TwelveLabs
    Nov 2025 - Present · 9 mos

  • Staff Information Security & Risk Engineer at Lob
    May 2024 - Nov 2025 · 1 yr 7 mos

    Sole security engineer leading Lob’s security strategy, operations, and roadmap across products and AWS cloud infrastructure. Drove risk reduction and continuous compliance with SOC 2, HIPAA/HITECH, and SSPA. • Led all third-party audits, pen tests, and customer risk reviews • Deployed and operationalized Lob’s first SIEM (Sumo Logic) to centralize security log management and enhance security analytics and threat detection capabilities. • Developed and deployed automated security detection/response workflows via Okta Workflows and 3rd party SaaS APIs. • Hardened IAM and SSO (Okta) and automated quarterly access review tracking procedures. • Led deployment of Cloudflare WAF, improving perimeter and Web App/API security • Led deployment and ownership of Tenable CNAPP/CIEM across multi-account AWS (7+ accounts) • Collaborated with infrastructure team to implement security hardening and IAM improvements in Terraform-managed AWS environments. • Led Zero Trust Network Access (ZTNA) platform rollout, replacing legacy VPN * Launched CASB/DLP with IT to secure SaaS apps and endpoints * Launched Lob's first customer-facing Trust & Security center * Developed and streamlined third-party risk management policies and vendor security review procedures. • Developed and enforced information security policies, employee training/awareness programs, and continuous risk monitoring procedures.

  • Director of Information Security & IT at Tilled
    May 2021 - May 2024 · 3 yrs 1 mo

    Founding technology team member and hands-on technical security/IT lead at Tilled. Oversaw all aspects of information security, data privacy, PCI-DSS compliance, and internal IT infrastructure. * Led successful Level 1 PCI-DSS certification (service provider + merchant) within 6 months of hire; maintained compliance annually. * Architected and deployed PCI-compliant AWS infrastructure using secure multi-VPC, multi-AZ design - reducing PCI scope by 50%. * Owned end-to-end selection, deployment, and administration of core IT/security platforms: - SIEM: Sumo Logic - IAM/SSO: Okta - EDR: BitDefender GravityZone - VPN/ZTNA: Cloudflare ZeroTrust + Warp - MDM: Rippling - App/infra security: Cloudflare (WAF), Qualys(WAS, FIM, VMDR), BurpSuite - IDS/IR automation: AWS GuardDuty + Lambda * Built secure data transfer pipelines using SFTP, S3, Lambda, and multi-layer encryption for payment processor data exchange. * Defined secure baseline configuration standards for AWS compute, network, storage, and encryption service components. * Implemented HR-driven automation for secure employee onboarding/offboarding, software deployment, and role-based access provisioning via Rippling + Okta. * Authored and maintained security, IT, privacy, and compliance policies and procedures. * Established and maintained Tilled's security awareness training & compliance education program - including simulated phishing exercises. * Established Tilled’s bug bounty and responsible disclosure program via HackerOne. * Developed secure file request/upload portals using Box.com, Slack, Zendesk, and VirusTotal APIs. * Created custom incident response and EC2 host containment automation via Lambda and API Gateway. * Developed Tilled’s Third-Party Risk Management policy and vendor assessment processes.

  • Shipt (3 yrs 3 mos)
    • Director of Information Security
      Jul 2020 - May 2021 · 11 mos

      First security engineer hired at Shipt, Inc.; a wholly owned independent subsidiary of Target Stores, Inc. Built and developed Shipt's information security program and team. • Established and championed a risk-based approach to information security that empowered the company to maintain their existing trust-centric culture and continue moving at a ‘start-up pace’ post-acquisition during a time of incredible growth and a nation-wide expansion. • Served as functional CISO by leading and representing the technology organization on all matters concerning information security while also serving in a heavily technical role as lead engineer and architect. • Successfully led Shipt to level 1 PCI Compliance and unqualified (no material findings) SOC-2 Type-2 report within the first 2 years of the program’s inception and annually thereafter. • Developed, deployed, and/or managed the deployment of all technical security controls and operational tooling throughout Shipt’s office networks, end-user devices, application delivery pipelines, and enterprise-level cloud infrastructure. • Transformed Shipt’s manual access provisioning process into an automated, HR-driven, end-to-end user lifecycle management system; streamlining the enforcement of least-privilege principles and role-based access control based on user data in Shipt’s HR Management System. • Designed and developed a cross-functional third-party risk management program with Shipt’s legal team and architected the procedure for assessing third party vendor risk internally. • Overhauled Shipt’s existing bug bounty program (HackerOne) from a small private program to a mature and fully public program; increasing participation and valid security bug findings by over 200% while maintaining all report response SLAs. • Built Shipt’s dynamic perimeter enumeration and vulnerability scanning automation. • Partnered with back-end engineering to design and develop Shipt’s internal fraud automation service.

    • Lead Security Engineer
      Mar 2019 - Jul 2020 · 1 yr 5 mos

    • Sr. Security Engineer
      Mar 2018 - Mar 2019 · 1 yr 1 mo

  • Sr. Information Security Engineer - Team Lead: Vulnerability Management and Penetration Testing at Regions Bank
    Jul 2016 - Mar 2018 · 1 yr 9 mos

    Served as team-lead and sr. engineer on a team of 5 application security and vulnerability management engineers that provided proactive and reactive cyber threat intelligence services to protect Regions' public-facing and internal infrastructure, mobile and web applications, data, and brand reputation. Primary responsibilities include: • Conduct vulnerability assessments and penetration testing on internal and external facing networks, systems and applications using tools such as Rapid7 Nexpose, Tripwire, HP Fortify/Webinspect, Metasploit, Burp Suite Enterprise, NMAP, SQL Map, and other Kali Linux distro tools. • Provide threat identification and analysis by monitoring for relevant risks like malicious code, vulnerabilities or attacks and by reviewing potential and current threats in a large enterprise environment. • Create detailed risk assessment reports that explain identified security weaknesses, describe potential business risks, present prioritized recommendations, and estimate effort levels for remediation. • Provide technical proof of concepts (POCs) to demonstrate attack exploitability, complexity, and over-all risk of potential vulnerabilities in the context of Regions’ environment. • Assist in the evaluation, development, and implementation of emerging data access control technologies. • Contribute to the ongoing enhancement of the company’s vulnerability assessment capabilities through the architecture and development of improved methodology, processes, infrastructure, tools, and deliverables. • Present and clearly communicate findings and recommendations to senior management, business stakeholders, security team members, and IT resources. • Leverage Python, VB, and Ruby scripting to improve and automate vulnerability management and life-cycle tracking processes. • Implement and support key, high-profile cyber security related activities and projects including enterprise exercise, education and awareness programs.