💼SalesJobsBoard
Nick Palaszewski

Account Executive - Security Platform Sales

ArmorCode Inc.

Account ExecutiveBalancedEnterprise
Deal Size: $50K-200K ACV
Sales Cycle: 3-6 months
Posted by Nick Palaszewski•
View Original PostApply Now →Message Nick

Overview

You sell ArmorCode's unified security risk management platform to mid-market and enterprise companies. Your buyers are CISOs, VPs of Security, and AppSec Engineering leaders who are frustrated with managing findings from 10+ different security tools. You're selling consolidation and prioritization—helping them see which vulnerabilities actually matter instead of chasing 50,000 low-priority alerts.

Role Snapshot

AspectDetails
Role TypeFull-cycle Account Executive (likely self-sourcing or light SDR support)
Sales MotionBalanced—some inbound from web traffic/trials, significant outbound prospecting
Deal ComplexityEnterprise consultative—multiple stakeholders, security reviews, procurement
Sales Cycle3-6 months (security tools require POCs, security reviews, budget cycles)
Deal Size$50K-200K ACV (estimated for AppSec platforms at 206-employee vendor)
Quota (est.)$600K-$1M annually

Company Context

Stage: Likely Series B/C (206 employees suggests they've raised growth rounds, though exact data unavailable)

Size: 206 employees

Growth: Actively hiring sales roles per this post. Customer Success Leader posting suggests they're scaling GTM.

Market Position: Challenger in a crowded space—competing against established players and point solutions. Category is "unified security posture management" which is buzzy but still being defined.

GTM Reality

Pipeline Sources:

  • 30% Inbound - Website leads, content downloads, maybe limited free trial/demo requests. Quality varies—lots of tire-kickers and people just doing research.
  • 60% Outbound - You're prospecting into accounts that fit ICP (companies using AppSec tools like Snyk, Checkmarx, Veracode, etc.). Cold LinkedIn messages, emails, maybe some cold calling.
  • 10% Referrals/Existing Customer Expansion - They're 206 people, so customer base exists but isn't massive yet.

SDR/AE Structure: Likely light SDR support or self-sourcing hybrid. At this size, AEs do a lot of their own prospecting.

SE Support: Probably shared SE pool. Security demos are technical—you'll need an SE for most calls to show integrations, data normalization, and risk scoring.

Competitive Landscape

Main Competitors: Likely Nucleus Security, Brinqa, JupiterOne, plus larger players like ServiceNow's ASPM module and point solutions (Snyk, Checkmarx that have "platform" features)

How They Differentiate: Unified view across AppSec, InfraSec, and cloud security. AI-powered prioritization. Positioning as tool-agnostic—works with whatever security stack you already have.

Common Objections:

  • "We already have a ticketing system for this" (Jira integration)
  • "Our tools already prioritize vulnerabilities"
  • "Another vendor to manage?"
  • "Can't we just build this ourselves?"

Win Themes: When buyers are drowning in alert fatigue, have 8+ security tools, security/dev teams don't talk to each other, and leadership wants risk metrics they can actually understand.

What You'll Actually Do

Time Breakdown

Prospecting (30%) | Active Deals (40%) | Demos/POCs (20%) | Internal (10%)

Key Activities

  • Outbound Prospecting: You identify companies using multiple AppSec tools (Snyk, Veracode, etc.) via LinkedIn, tech stack databases, or job postings. You send 20-30 personalized messages per day and make some calls. Most don't respond.
  • Discovery Calls: You talk to AppSec leaders about their current tool sprawl. How many tools? How do they track remediation? Where do findings go? You're qualifying for pain (alert fatigue, lack of prioritization, compliance reporting headaches).
  • Demo Coordination: You schedule and run demos with an SE. The demo shows how ArmorCode ingests findings from their existing tools and creates a unified risk view. You're customizing the demo to their stack—if they use AWS Security Hub and Snyk, you show those integrations.
  • POC Management: For serious deals, they want a 2-4 week proof of concept. You're coordinating with their team to get API access to their security tools, working with your SE and sometimes customer success to configure the platform, and checking in constantly to make sure they're actually using it.
  • Stakeholder Wrangling: Security deals involve CISO, AppSec Engineering, sometimes DevOps, Compliance, and Procurement. You're scheduling calls with each, tailoring messaging (CISO wants risk reduction metrics, engineers want workflow efficiency, compliance wants audit reports).
  • Procurement Hell: After they say yes, you spend 4-6 weeks in procurement, legal review, security questionnaires (ironic), and vendor onboarding. Lots of deals slip quarters here.
  • Internal Syncs: Weekly forecast calls, deal reviews, Salesforce hygiene. You're explaining why deals moved right and what's at risk.

The Honest Reality

What's Hard

  • Long, Multi-Threaded Cycles: Even when someone loves the product, getting all stakeholders aligned takes months. Deals stall because one person goes on vacation or another project becomes the priority.
  • Category Confusion: You're explaining why they need a "unified security posture platform" when they already have tools that claim to do this. Lots of education required.
  • Security Reviews: You're selling security software, so expect intense scrutiny—architecture reviews, pen test reports, SOC 2 audits, data residency questions. Each takes weeks.
  • POC Dependency: Hard to close without a POC, but POCs require their team to do work (grant API access, configure integrations). Many POCs die because the prospect is too busy.
  • Champion Turnover: Security roles have high turnover. Your champion leaves mid-deal, you start over with their replacement.
  • Competitive Market: Buyers are evaluating 3-4 similar platforms. You're competing on integrations, UI/UX, and relationships since core functionality is similar.

What Success Looks Like

  • You close 6-10 deals per year at $50-150K ACV each
  • You maintain 10-15 active opportunities in various stages
  • You get good at identifying companies in pain (recent breaches, audit failures, compliance deadlines) and striking while the iron is hot
  • You build relationships with CISOs and AppSec leaders who trust you enough to take your calls when they move companies

Who You're Selling To

Primary Buyers:

  • CISO or VP of Security (economic buyer, final approver)
  • Director/VP of Application Security (champion, day-to-day user)
  • AppSec Engineers or Security Architects (technical evaluators)
  • Compliance/GRC teams (influencers for audit/reporting use cases)

What They Care About:

  • Reducing alert fatigue: They're getting 10K+ findings per month and can't action most of them
  • Prioritization accuracy: Which vulnerabilities actually pose business risk vs. theoretical issues
  • Developer adoption: Will dev teams actually use this or ignore it like they ignore other security tools
  • Integration coverage: Does it work with their specific stack (their SAST, DAST, SCA, cloud security tools)
  • Compliance reporting: Can they generate audit reports for SOC 2, PCI-DSS, ISO without manual work
  • Remediation tracking: Can they prove to the board that vulnerabilities are getting fixed

Requirements

  • 3-5 years selling B2B SaaS, ideally security/DevOps/infrastructure software
  • Experience with technical buyers (security engineers, architects) and economic buyers (CISOs)
  • Comfortable with consultative, multi-threaded enterprise sales—you need to manage 6+ stakeholders per deal
  • Understanding of AppSec/security concepts (vulnerability management, SAST/DAST, cloud security) or ability to learn quickly
  • Experience managing POCs and technical evaluations
  • Willingness to do significant outbound prospecting—this isn't 100% inbound
  • Located in major tech hub or comfortable working remotely (likely remote given company size)
← Back to all jobs