Source Job

• Own application, cloud, infrastructure, and data security across Cherry
• Be hands-on: design systems, review code and architecture, and contribute directly where needed
• Lead incident response, threat modeling, and security reviews

Cherry is a profitable, high-growth fintech ($500M+ revenue, ~3x YoY) building the financial infrastructure for healthcare providers. Security is core to our product, not a support function. They are looking for strong leaders that will help them scale Cherry to be the go-to financial partner for every doctor in the country.

• Leading incident response initiatives and conduct thorough cybersecurity investigations.
• Enhancing security program by refining processes and optimizing tooling.
• Designing and implementing advanced threat detection and mitigation strategies.

Docplanner empowers patients by giving them access to leave and read reviews about their visits and provides doctors with technology to manage bookings easily and save time. They employ over 2,500 people globally and have a startup-mindset.

• Design and implement cloud security guardrails across AWS and GCP
• Embed policy enforcement and compliance checks directly into Terraform modules
• Conduct architecture reviews and continuously harden multi-cloud environments

Beast Industries is a multifaceted media and entertainment company founded by Jimmy Donaldson, popularly known as MrBeast. We are known for revolutionizing digital content creation, encompassing ventures that extend far beyond YouTube.

• Perform infrastructure security reviews across cloud services, network design, IAM, and platform components.
• Design and build internal security services, APIs, and tools that automate infrastructure vulnerability detection, triage, reporting, and remediation.
• Develop security automation that integrates with CI/CD, cloud control planes, and developer workflows to shift detection and remediation earlier in the lifecycle.

Webflow is building the world’s leading AI-native Digital Experience Platform as a remote-first company. They empower teams to design, launch, and optimize for the web without barriers, from entrepreneurs to global enterprises, and believe the future of the web, and work, is more open, more creative, and more equitable.

• Actively partner on the Cloud Security strategy and implementation.
• Evolve and expand our current Cloud Security posture across multiple platforms.
• Recommend and validate Security controls and improvements across our infrastructure stack

Circle is a global financial technology firm building the foundation for a more open financial system through digital assets, payment applications, and blockchain infrastructure. They value their employees and foster a culture of collaboration and excellence, with a flexible work enviornment.

• Build proactive security automation aimed at decreasing manual remediation work.
• Research new and novel ways to accomplish security work and publish your findings on our blog.
• Participate in a monthly security on-call rotation for critical escalations.

Automox is a cloud-native IT operations platform that helps modern organizations keep every endpoint automatically configured, patched, and secured – anywhere in the world. They are trusted by more than 2,500 leading companies and MSPs worldwide and value a ‘one team’ mentality where everyone’s unique skills contribute to an environment that encourages collaboration and ownership.

• Help scale NerdWallet’s application security program through automation, tooling, and developer enablement.
• Partner with engineering and product teams to identify and remediate security gaps across multiple systems while balancing business priorities.
• Build tools, processes, and automation that improve security posture visibility for engineers and leadership.

NerdWallet aims to bring clarity to life's financial decisions with a team of exceptional Nerds. They foster an inclusive, flexible, and candid culture where employees are empowered to grow and take risks, supporting well-being and development whether working remotely or in-office.

• Serve as trusted advisor to team’s leadership and partner teams by clearly articulating business risks associated with security issues
• Lead security operation functions – including vulnerability management, SAST, DAST, detection engineering, and incident response – in CI/CD and cloud-native production environments
• Integrate security into our applications throughout the software development lifecycle

They are scaling intelligence to serve humanity by training and deploying frontier models for developers and enterprises, building AI systems to power magical experiences. Cohere is composed of researchers, engineers, and designers who are passionate about their craft, and believes that a diverse range of perspectives is a requirement for building great products.

• Lead Application Security testing projects and drive remediation of identified vulnerabilities.
• Design and run adversarial testing campaigns across the full Buildkite environment.
• Build automation for both AppSec and adversarial testing workflows.

Buildkite's mission is to unblock every developer on the planet with their CI/CD platform. They are a remote-first company since 2013 with a small team, high standards, and real ownership distributed across 60+ cities, built around async communication and genuine autonomy.

• Define the security operations roadmap by designing and implementing long term strategies.
• Improve and maintain processes, tooling, documentation, and training to mature and enhance cybersecurity incident response.
• Design, implement, and maintain security events monitoring systems.

Docplanner Tech is a diverse group of over 400 people working in Engineering, Data, and Product teams, responsible for building the product for all locations. They are leaders in 13 countries, with over 2,500 employees globally, and are backed by leading venture capital funds such as Point Nine Capital and Goldman Sachs Asset Management.

• Lead security architecture and design reviews across applications, infrastructure, and integrations.
• Conduct and coordinate penetration testing, threat modeling, and security reviews.
• Design and implement security automation within CI/CD pipelines.

Assured modernizes insurance by providing software solutions to large insurers that help them win in a technology-driven world. Their products include self-service claim-filing software to backend fraud detection and are dynamic, collaborative, and rewarding.

• Own the strategy and execution for the Cloudflare ecosystem to secure the network edge.
• Lead the design of security controls within Google Cloud Platform, specifically for Vertex AI, BigQuery, VPC Service Controls, IAM, and Security Command Center.
• Embed security into CI/CD pipelines (Cloud Build, GitHub Actions) using Infrastructure as Code (Terraform).

Kareo and PatientPop joined forces to become Tebra, the digital backbone for practice well-being, helping independent practices bring modernized care to patients everywhere. Well over 100,000 providers trust them to elevate their patient experience and grow their practice.

• Manage and optimize security tools such as email security, DLP, SIEM, IDS/IPS, EDR, threat intelligence platforms, and other tooling
• Design and implement AI-enabled workflows to scale enterprise security and threat operations
• Monitor and manage security alerts and incidents, analyze data, and respond to security events

Valon is building the AI-native operating system for regulated finance, starting with mortgage servicing. They are a Series C company backed by a16z, transforming industries that others have written off as too complex to innovate.

• Implementing and maintaining Application Security Testing (AST) tools to identify code and dependency vulnerabilities during the software development lifecycle.
• Implementing and maintaining Application Security Posture Management (ASPM) tools to centralize findings from multiple solutions and integrate into software development processes.
• Acting as the first line of support for users by helping resolve false positives, providing guidance on finding remediation, and evaluating security exception requests.

AbbVie discovers and delivers innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. They strive to have a remarkable impact on people's lives across several key therapeutic areas and products and services in their Allergan Aesthetics portfolio.

• Own the technical design and review process for security-critical systems.
• Maintain mastery of technical security domains to solve complex business challenges.
• Create and implement advanced tools and automation to increase security monitoring.

Garner Health aims to transform the healthcare economy, delivering high-quality and affordable care for all. They partner with employers to redesign healthcare benefits using clear incentives and data-driven insights. Garner Health is one of the fastest-growing healthcare technology companies.

• Champion the teams to become best-in-class in cloud-based software development while promoting approaches that greatly improve customer experience.
• Leverage an obsession for the customer to lead and maintain a world-class SaaS, PaaS, IaaS, Cloud Infrastructure.
• Own the build & deploy lifecycle; drastically reduce build, deploy & rollback times while simultaneously reducing risk and exposure.

CentralReach is a leading provider of autism and IDD care software for Applied Behavior Analysis (ABA), multidisciplinary therapy, and special education. Recognized as one of the best places to work over 10 times, CentralReach's culture is centered around impact, inclusion, and flexibility.

• Assist in designing and maintaining secure infrastructure on EKS in our multi-cloud environment (AWS) using Infrastructure as Code (Terraform).
• Write code (Python, Go, or Bash) to automate manual tasks, threat detection, and vulnerability management processes.
• Integrate security tools (SAST, DAST, SCA) into our CI/CD pipelines, ensuring developers receive fast, actionable feedback on their code.

Smartsheet helps people and teams achieve anything with seamless work management and scalable solutions. They empower teams to automate the manual, uncover insights, and scale smarter, creating space for impactful work. The company values diverse perspectives and supports employee growth.

• Own enterprise security, cloud, and application security, and corporate IT.
• Lead security engineering, security operations, and corporate IT.
• Partner closely with Engineering, Platform, and Operations to embed security and reliability into how Redox builds and runs software.

Redox aims to accelerate healthcare’s transformation with useful data. Redox Engine connects and powers real-time healthcare data exchange across a network of 12,000+ systems and organizations.

• Conduct regular vulnerability assessments, threat modeling, and security architecture and design reviews.
• Partner with engineering teams to identify, prioritize, and mitigate identified risks
• Design and implement proactive security solutions to systematically eliminate vulnerability classes rather than endlessly chase individual vulnerabilities

Oura's mission is to empower every person to own their inner potential. Its award-winning products help its global community gain a deeper knowledge of their readiness, activity, and sleep quality by using their Oura Ring and its connected app. The company is quickly growing and focused on helping people live healthier and happier lives, and ensures that its team members have what they need to do their best work — both in and out of the office.

• Own detection, response, and cloud security at PostHog.
• Take the reins of our security operations, build out our detection pipelines, and ensure that when something goes bump in the night, we have the observability to know exactly what happened.
• Shape the security team, culture and tooling for a high-growth, open-source company.

PostHog is shipping every product that companies need to run their business from their first day, to the day they IPO, and beyond. They are the operating system for folks who build software. They've raised more than $100m from some of the world's top investors and are set up for a long, ambitious journey.