Partner with Product and Engineering teams to integrate security into application design and development, leading threat modeling and secure code reviews.
Develop and implement automated security guardrails across the SDLC, investigate and prioritize application security findings.
Promote secure coding practices through training and coaching, and create security standards and procedures that scale across teams.
Own and improve the secure software development lifecycle, perform application security reviews, threat modeling, and deep code-level analysis for high-impact product, platform, and AI features.
Drive vulnerability management across internal reviews, bug bounty, pentests, and other research signals, ensuring findings are validated, prioritized, and tracked through remediation.
Configure and improve AppSec tooling and integrations, and use AI to automate and scale security processes while validating outputs with strong engineering judgment.
Apollo.io is the leading go-to-market solution for revenue teams, trusted by over 500,000 companies and millions of users globally. Founded in 2015, the company is one of the fastest growing companies in SaaS, raising approximately $250 million to date and valued at $1.6 billion.
Play a key role in protecting and strengthening large-scale cloud-native applications that power next-generation AI infrastructure.
Work at the intersection of software engineering and cybersecurity, ensuring security is embedded throughout the software development lifecycle.
Collaborate cross-functionally to identify and remediate vulnerabilities in complex distributed systems.
Our partner is a company building large-scale cloud-native applications that power next-generation AI infrastructure. They have a high-impact security engineering environment with a collaborative and innovative culture focused on trust, learning, and impact.
Work closely with development teams, product managers, and third-party groups to ensure AutoFi’s products, services, cloud environments, internal systems, and vendor ecosystem are secure.
Contribute to secure design reviews, application security standards, vulnerability management, security monitoring, incident response, threat hunting, and third-party security assessments.
Define, implement, and maintain security practices, standards, and controls across AutoFi’s products, services, cloud environments, and internal systems.
AutoFi is the leading provider of digital commerce technology that powers the sales and finance experiences for the most innovative brands and dealers in automotive. Their dynamic selling platform empowers dealers to sell vehicles more efficiently and profitably, both online and in the showroom. They are funded for years of future growth and backed by investors.
Lead security architecture reviews for new and existing applications.
Develop, enforce, and continuously refine secure coding standards across engineering teams.
Continuously improve threat modeling frameworks across application components.
Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. They empower credit unions and banks by creating cutting-edge digital experiences. At Lumin, their culture is built on trust in expertise and decisions, respect for diverse perspectives and talents, and boldness in pursuing new ideas.
Conduct threat modelling reviews of Technical Design Documents (TDDs) and provide actionable security recommendations early in the design process.
Perform application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept development.
Investigate, triage, and respond to Bug Bounty program submissions, validating findings and driving timely remediation with engineering teams.
MoonPay is a unified payments platform for digital currency. Trusted by over 30 million customers and over 500 ecosystem partners, the company is committed to building a fairer, more open financial system with a culture of accountability and inclusivity.
Lead AppSec program assessments to evaluate current state and help clients prioritize remediation efforts based on risk, resources, and organizational readiness.
Design pragmatic security workflows, processes, and tooling integrations that engineering teams will actually adopt.
Deliver polished client work including clear assessments, actionable roadmaps, and executive communications that drive decision-making.
GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. The company has grown to over 1,200 employees and serves as a trusted advisor to more than 6,200 customers.
Enable software engineering teams to continuously improve the security posture of products and SaaS environments through AppSec and DevSecOps expertise.
Serve as the go-to AppSec expert, mentoring engineers on secure design patterns and coding practices while collaborating on threat models and design reviews.
Lead automation of vulnerability management tooling across CI/CD pipelines, perform security code reviews, and contribute to compliance strategies.
Hypori is a high-growth cybersecurity SaaS company transforming how organizations think about secure mobility. Backed by $55M in funding from investors including UBS and AE Industrial Partners, the company is expanding into new commercial and regulated markets.
Champion and implement security best practices and automated tooling across Spotify's infrastructure and platforms.
Partner closely with teams to integrate security throughout the software development lifecycle from design to deployment.
Conduct threat modeling, security reviews, and risk assessments for both AI and non-AI systems.
Spotify is the world's most popular audio streaming subscription service, unlocking the potential of human creativity by giving artists the opportunity to live off their art. With over 700 million users, the company values curiosity, collaboration, and a willingness to both teach and learn from others.
Smartsheet helps people and teams achieve their goals with seamless work management and scalable solutions. They empower teams to automate tasks, uncover insights, and scale smarter, fostering a culture of innovation and impact with a focus on challenge and purpose.
Own and manage bug bounty intake processes, including triaging reports, validating vulnerabilities, and reproducing proof of concepts.
Collaborate with developers and product teams to design and implement effective remediation strategies for identified security issues.
Contribute directly to codebases by reviewing and submitting pull requests to fix security vulnerabilities.
Jobgether is a company using AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. They have a collaborative, feedback-driven culture that encourages innovation and ownership.
Perform penetration testing and design reviews to identify vulnerabilities and insecure designs.
Maintain and build internal tools to automate security efforts, including SAST and DAST testing.
Identify vulnerabilities, demonstrate business impact, and articulate risk to drive prioritization.
Brex is the intelligent finance platform that enables companies to spend smarter and move faster in over 200 markets. With tens of thousands of customers including DoorDash, Coinbase, and Zoom, Brex fosters a diverse and inclusive team culture where collaboration with some of the brightest minds in the industry is key.
Build, operationalize, and scale the security engineering practices that protect our benefits platform.
Partner with teams building web and mobile applications, backend services, system integrations and data platforms.
Set direction and mature security capabilities; introduce strong standards and ship incremental improvements.
Benepass is making benefits easy by tailoring them to the unique needs of the workforce with an easy-to-use and highly customizable fintech platform. They are backed by leading investors and have raised approximately $75 million in equity capital, fostering an inclusive environment for its employees.
Lead and mentor a high-performing team of security engineers, setting technical direction and standards for excellence.
Define and execute the security roadmap for infrastructure, remote access, endpoints, and M&A.
Design and implement security controls across cloud, production, and corporate environments.
Anduril Industries is a defense technology company transforming U.S. and allied military capabilities with advanced technology, powered by Lattice OS. They bring the expertise and business model of innovative companies to the defense industry, focusing on autonomy, AI, and networking.
Design, implement, and manage the security posture for all AI and Machine Learning initiatives.
Collaborate with IT & Development teams to integrate advanced AI security tooling.
Develop and maintain a curated portfolio of approved AI tools and services.
EnableComp provides Specialty Revenue Cycle Management solutions for healthcare organizations. They leverage over 24 years of industry-leading expertise and its unified E360 RCM intelligent automation platform. They are a multi-year recipient the Top Workplaces award.
Lead, coach, and grow the Security Engineering team.
Design and implement security controls across Cloud environments.
Partner with engineering teams to embed security into the SDLC.
Horizon3.ai is a cybersecurity company dedicated to enabling organizations to proactively find, fix, and verify exploitable attack vectors. They are a fast-growing company with a culture of respect, collaboration, ownership, and results.
Partner with engineering teams to design, build, and operate secure-by-default cloud infrastructure across AWS and Google Cloud.
Build reusable Terraform modules and policy-as-code guardrails to make secure implementation easier for engineering teams.
Operate CSPM/CNAPP tooling and drive remediation of cloud vulnerabilities and misconfigurations.
Fullscript is a health technology company that provides a platform for practitioners to access clinical insights, lab interpretations, and high-quality supplements, serving over 125,000 practitioners and 10 million patients. The company has a remote-first culture, emphasizes work-life balance, and values inclusivity and continuous learning.
Embed security into CI/CD pipelines and product development as a technical leader.
Drive cross-team influence and own hard security challenges in a cloud-native environment.
Work in a remote-first culture focused on customer obsession and intentional action.
Chainguard provides hardened, secure, and production-ready builds of open source software to help organizations build faster and stay compliant. Backed by leading investors including Sequoia Capital and Kleiner Perkins, Chainguard serves Fortune 500 enterprises and global industry leaders.
Design and operationalize AI security architecture, guardrails, and secure-by-design patterns across the enterprise.
Engineer security controls for AI-enabled applications, internal AI agents, model hosting, RAG architectures, and training pipelines.
Implement data security controls with Microsoft Purview, focusing on AI-driven data access, classification, and protection.
J.S. Held is a global consulting firm that combines technical, scientific, financial, and strategic expertise to advise clients on value realization and risk mitigation. The firm provides a comprehensive suite of services and has a high-energy, collaborative environment that rewards hard work.
Lead integration of security across the SDLC, embedding automated testing into CI/CD pipelines.
Secure cloud-native AWS architectures and enforce least privilege access and runtime protections.
Perform threat modeling, automate compliance, and innovate with AI security standards.
TrueML is a mission-driven financial software company that uses machine learning to improve customer experiences for distressed borrowers. The team includes data scientists, financial services experts, and customer experience fanatics building inclusive financial technology.