💼SalesJobsBoard
John Toca

Sales Executive - Midwest Territory

Obsidian Security

Account ExecutiveOutbound HeavyEnterpriseRemote📍 Michigan, Ohio, Missouri, or Indiana
Deal Size: $150K-500K ACV
Sales Cycle: 3-6 months
Posted by John Toca
View Original PostMessage John

Overview

You're selling Obsidian's SaaS security platform to enterprise security teams - primarily CISOs, security architects, and identity/access management leaders at Fortune 1000 and G2000 companies. You own the full sales cycle from initial outreach through contract signature, managing complex enterprise deals with 5-8 stakeholders per opportunity. The territory covers Michigan, Ohio, Missouri, and Indiana - you'll need to balance remote selling with occasional in-person meetings at major accounts.

Role Snapshot

AspectDetails
Role TypeFull-cycle AE
Sales MotionOutbound-heavy with some inbound
Deal ComplexityEnterprise / Strategic
Sales Cycle3-6 months
Deal Size$150K-500K ACV (estimated)
Quota (est.)$1-1.5M/year

Company Context

Stage: Growth stage (255 employees, established product)

Size: 255 employees

Growth: Actively hiring across sales and engineering. Post mentions "opening won't last long" suggesting momentum.

Market Position: Category specialist in SaaS Security Posture Management and Identity Threat Detection. They're competing in the crowded cybersecurity space but with a specific focus on SaaS app security vs broader security platforms.

GTM Reality

Pipeline Sources:

  • 20% Inbound - Some MQLs from security conferences, webinars, and content marketing to CISOs. Quality varies - many are tire-kickers researching the category.
  • 70% Outbound - You're expected to self-source most of your pipeline. Cold calling security leaders, targeting companies with large SaaS estates (200+ apps), LinkedIn outreach to recent CISO hires.
  • 10% Partners/Referrals - Some deals come through security consulting firms and MSSPs who identify gaps in client environments.

SDR/AE Structure: Likely minimal to no SDR support in this territory ("wear many hats" suggests self-sourcing). You're doing your own prospecting, qualification, and closing.

SE Support: Shared SE pool - you'll get technical support for demos and POCs but need to schedule them in advance. Expect to do initial discovery calls solo.

Competitive Landscape

Main Competitors: SSPM players (AppOmni, Adaptive Shield, Nudge Security), broader CASB vendors (Netskope, Zscaler), identity security platforms (CrowdStrike Falcon, Microsoft Defender)

How They Differentiate: Deep visibility into SaaS supply chain and AI agents specifically. Knowledge graph approach that connects SaaS apps, identities, and third-party integrations. They claim 85% attack surface reduction and 100% next-gen phishing prevention.

Common Objections: "We already have a CASB", "Our SIEM covers this", "Too expensive for a point solution", "Can't we just configure our SaaS apps better manually?"

Win Themes: Depth of SaaS-specific visibility, AI agent security (timely given AI adoption fears), ability to detect identity threats that other tools miss, reducing security team workload vs manual SaaS audits.

What You'll Actually Do

Time Breakdown

Prospecting (35%) | Active Deal Management (40%) | Internal/Admin (25%)

Key Activities

  • Cold outreach to security leaders: 30-40 calls/day to CISOs, VPs of Security, Identity teams at companies with 1,000+ employees. Most don't answer. You're trying to book 4-6 first calls per week. You're researching their SaaS stack on LinkedIn, job postings, and tech stack databases to personalize your pitch.
  • Running discovery and demo calls: Walking security teams through how Obsidian maps their SaaS environment, showing them blind spots in their current setup. You're asking about their SaaS governance challenges, recent security incidents, compliance requirements. Typical first call is 45 minutes with 2-3 people from their team.
  • Managing POCs: Coordinating 2-3 week proof of concepts where Obsidian scans their environment. You're project managing timelines, getting their IT team access sorted, scheduling the SE to present findings. Many POCs get delayed because customer IT is overwhelmed or security freezes happen.
  • Multi-threading stakeholders: Deals involve CISO (economic buyer), security architect (technical buyer), IT operations (implementation), legal (contract review), procurement (budgets). You're booking separate calls with each, sending follow-up materials, chasing people for next steps. Lots of internal selling on their side.
  • Navigating budget cycles and procurement: Many deals slip quarters because budget isn't secured, legal redlines terms, or they're waiting for their next fiscal year. You're pushing to get into current year budget but often deals push to Q1.
  • Internal forecast calls and pipeline reviews: Weekly forecast meetings with your manager dissecting each deal stage, probability, close date. You're defending why deals will close and explaining why others slipped. CRM hygiene matters - you're updating Salesforce constantly.

The Honest Reality

What's Hard

  • CISOs are incredibly hard to reach: You'll burn through 50+ dials to get one conversation. They're bombarded by security vendors. Your success depends on finding a relevant hook (recent breach news at similar company, new compliance requirement, AI security concerns).
  • Long, unpredictable sales cycles: Even when there's interest, deals take 4-7 months. Security isn't urgent until there's an incident. Deals stall waiting for budget approval, security roadmap prioritization, or just general enterprise slowness. Your pipeline needs to be 4-5x quota because half will slip.
  • You're the entire sales team in your territory: No SDR booking meetings for you, no local sales engineer down the street. You're prospecting, demoing, closing, and handling initial customer success questions. "Wear many hats" means you're doing everything.
  • Competitive displacement is tough: Many prospects already have some SaaS security tooling (even if inadequate). You're not selling into greenfield - you're convincing them to rip out or add to existing stack. That requires proving 10x better value.
  • Technical depth required: Security buyers ask hard questions about detection logic, API integrations, data handling, compliance certifications. You need to learn the technical details or lean heavily on your SE - but if SE is booked, you're fumbling.

What Success Looks Like

  • Closing 8-12 deals per year at $150-300K ACV each
  • Maintaining 3-4x pipeline coverage (if quota is $1.2M, you need $4-5M in pipeline)
  • Consistently booking 4-6 first calls per week through outbound
  • Converting 20-25% of POCs to closed deals
  • Building relationships with 2-3 MSSPs or consulting partners who refer deals

Who You're Selling To

Primary Buyers:

  • CISO or VP of Security (economic buyer, final decision maker)
  • Security Architects or Security Operations leads (technical evaluators)
  • Identity and Access Management teams (users of the platform)
  • Sometimes IT Operations or Cloud Security teams

What They Care About:

  • Visibility into SaaS sprawl: Most enterprises have 200-800 SaaS apps and don't know what data is in each or who has access. They need to inventory and secure this mess.
  • Identity-based threats: Stolen credentials, OAuth token abuse, over-privileged accounts, third-party app risks. Traditional security tools miss SaaS-specific identity attacks.
  • Compliance and audit: SOC 2, ISO 27001, GDPR, industry-specific regulations. They need to prove they're securing SaaS data and access. Obsidian helps automate evidence collection.
  • Reducing manual work: Security teams are burned out manually auditing SaaS configs. They want automation that flags risks and guides remediation.
  • AI agent security: New concern - as companies deploy AI agents with access to SaaS data, they need to monitor what those agents are doing and what data they touch.

Requirements

  • 3-5 years selling enterprise security software (preferably SaaS, cloud, or identity security)
  • Track record of quota attainment in complex, technical sales
  • Experience managing full sales cycle with minimal support - you've prospected, demoed, and closed deals independently
  • Comfortable with outbound prospecting (cold calling, email sequences, LinkedIn outreach)
  • Ability to learn technical concepts quickly - you'll need to speak intelligently about API security, OAuth, SAML, identity threats, compliance frameworks
  • Located in Michigan, Ohio, Missouri, or Indiana (territory requirement)
  • Willingness to travel 20-30% for in-person meetings at major accounts, conferences, company events
  • Self-starter mentality - "wear many hats" means you're figuring things out without a playbook or heavy management
← Back to all jobs