💼SalesJobsBoard
Mike Borton

Sales Engineer

Security Journey

Sales EngineerBalancedConsultative
Deal Size: $50K-$250K ACV
Sales Cycle: 3-6 months
Posted by Mike Borton
View Original PostMessage Mike

Overview

You're the technical expert on Security Journey's AppSec Education Platform, running demos and POCs for enterprise prospects. You work alongside AEs to show CISOs, AppSec managers, and engineering VPs how the platform fits their tech stack and training needs. Most of your time is spent building custom demo environments, answering technical questions, and proving out integrations with their SSO/LMS/dev tools.

Role Snapshot

AspectDetails
Role TypePre-sales Solutions Engineer
Sales MotionConsultative enterprise deals
Deal ComplexityConsultative to Enterprise
Sales Cycle3-6 months typical
Deal Size$50K-$250K+ ACV (estimated based on enterprise AppSec training)
Quota (est.)No direct quota - measured on deal support, demo-to-close ratio, and POC success rate

Company Context

Stage: Private, likely Series A/B stage (55 employees, established product, enterprise customers)

Size: 55 employees

Growth: Small but hiring sales roles, suggesting growth mode or expansion push

Market Position: Challenger in crowded AppSec training space (competing with platforms like Secure Code Warrior, Kontra, Checkmarx Codebashing)

GTM Reality

Pipeline Sources:

  • Likely 40% inbound - companies searching for developer security training, compliance-driven buyers
  • 60% outbound - AEs prospecting into enterprise security and engineering orgs

SDR/AE Structure: Unknown, but at 55 people likely small sales team with AEs self-sourcing some pipeline

SE Support: You're probably one of 1-2 SEs supporting the entire sales org

Competitive Landscape

Main Competitors: Secure Code Warrior, Kontra, Checkmarx (Codebashing), Veracode Security Labs, SANS Secure Coding

How They Differentiate: Developer-first approach, hands-on labs vs just video training, Aspen AI for personalized learning, role-based learning paths

Common Objections: "We already have generic security awareness training," "Developers won't actually use it," "How do you measure behavior change vs just completion rates?"

Win Themes: Developer engagement/adoption rates, hands-on practice vs passive learning, customizable content for their tech stack

What You'll Actually Do

Time Breakdown

Demos (30%) | POC Support (25%) | Technical Discovery (20%) | Internal (15%) | Content/Enablement (10%)

Key Activities

  • Discovery Calls: Join AE calls to understand their tech stack (languages, frameworks, CI/CD tools), current training approach, and integration requirements. You're mapping out what a POC would need to prove.
  • Custom Demos: Build tailored demo environments showing their specific use case - e.g., Python/Django learning paths for their backend team, or integration with their Okta SSO and Workday LMS. Demos are 45-60 minutes with AppSec managers and engineering leads.
  • POC Management: Set up 30-60 day pilots with a subset of their devs. This means provisioning accounts, configuring integrations, training their champions, and then collecting usage data and feedback to prove ROI.
  • Competitive Differentiation: Create side-by-side demos showing Security Journey vs competitors. You'll need to know how Secure Code Warrior's platform works, what Kontra's pricing looks like, where Checkmarx falls short on developer experience.
  • Integration Questions: Field technical questions on API capabilities, SAML/SSO setup, SCORM compliance for their LMS, reporting/analytics exports, and how the platform fits their existing dev tools (GitHub, GitLab, Jira).
  • Internal Enablement: Train AEs on new features, create demo scripts, document common technical questions, and help product/engineering understand field feedback.

The Honest Reality

What's Hard

  • Repetitive Demos: You'll do similar discovery and demo motions 3-5 times per week. The questions are often the same ("How does this integrate with our LMS?" "Can we customize content?" "What's the reporting look like?").
  • POC Admin Work: Setting up POCs involves a lot of account provisioning, email chasing to get their SSO configured, and following up with their IT team to whitelist domains. Most of your POC participants won't actually complete the training.
  • Long Deal Cycles: You'll build a great POC, get enthusiastic feedback from the dev team, then wait 6-8 weeks while procurement reviews the contract and they debate budget allocation. Deals slip quarters regularly.
  • Thin Technical Depth: The product is a learning platform, not deeply technical infrastructure. You're not architecting solutions - you're showing content libraries and integration capabilities. Some SEs find this less intellectually challenging than selling DevOps or security tooling.
  • Limited SE Resources: At 55 people, you're probably supporting 3-5 AEs solo. When deals heat up simultaneously, you'll be juggling multiple POCs and demos in the same week.

What Success Looks Like

  • 80%+ demo-to-POC conversion: Prospects who see your demo should want to pilot it
  • 60%+ POC-to-close rate: Well-run POCs with the right stakeholders should close
  • Champion Development: You turn their AppSec manager or L&D lead into an internal advocate who sells it for you
  • Fast POC Turnaround: You can spin up a custom environment in 1-2 days, not weeks

Who You're Selling To

Primary Buyers:

  • CISO or VP of Security (budget owner, cares about risk reduction)
  • AppSec Manager / Secure Development Lead (day-to-day user, cares about developer adoption)
  • VP Engineering or Director of Engineering (cares about dev productivity, not wanting security to slow teams down)
  • L&D / Training Manager (cares about LMS integration, completion tracking, compliance reporting)

What They Care About:

  • Developer Adoption: Will devs actually use this or ignore it like the last security training mandate?
  • Behavior Change Metrics: How do you prove developers are writing more secure code, not just watching videos?
  • Integration Effort: How hard is it to plug into our existing tech stack (SSO, LMS, Slack, dev tools)?
  • Content Relevance: Can we tailor training to our specific languages, frameworks, and vulnerabilities we actually see?
  • ROI / Risk Reduction: Can you tie this to fewer security bugs in production or faster vulnerability remediation?

Requirements

  • 2-4 years in a solutions engineering, sales engineering, or technical account management role (preferably in security, DevOps, or developer tools)
  • Familiarity with secure coding concepts and common vulnerabilities (OWASP Top 10, SQL injection, XSS, authentication flaws)
  • Experience with enterprise software integrations (SSO/SAML, SCORM/LMS, APIs, webhooks)
  • Ability to speak credibly to both security practitioners (AppSec managers) and engineering leaders
  • Comfortable doing live demos and handling technical objections on the fly
  • Some understanding of developer workflows, CI/CD pipelines, and how training fits into SDLC
  • Willingness to do repetitive POC admin work (account setup, configuration, user management) - this isn't all high-level architecture discussions
← Back to all jobs