Partner with engineering teams throughout the SDLC to embed security by design in our products.
Lead and evolve our AppSec tooling and workflows by implementing, tuning, and integrating SAST, DAST, SCA, and container/image scanning into CI/CD pipelines.
Drive vulnerability management for our applications and supply chain, including triaging and prioritizing issues, coordinating with teams on fix/mitigate/accept decisions.
Camunda is the leader in enterprise agentic automation, orchestrating complex business processes across agents, people, and systems. They were named a Visionary in the inaugural 2025 Gartner Magic Quadrant for Business Orchestration and Automation Technologies (BOAT).
Define, implement, and document new security features
Analyze, fix, and test vulnerabilities in open source software
Audit and analyze source code for vulnerabilities
Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, they are changing the world on a daily basis and have 1200+ colleagues in 75+ countries.
Drive adoption of a Secure Software Development Lifecycle (SSDLC) across engineering teams.
Implement and integrate application security tooling into CI/CD pipelines, improving vulnerability detection and remediation.
Establish consistent threat modelling and secure design practices across new features and products.
Neko Health's mission is to deliver proactive healthcare for all, empowering members to take control of their health via technology and compassionate care. They have nearly 100 full-time engineers working across Berlin, Chamonix, Hamburg, Lisbon, Marseille, Vilnius, and Stockholm and they support a flexible workplace that prioritizes work-life balance.
Conduct security assessments, code reviews, and penetration testing to identify vulnerabilities.
Plan and execute security testing for LLM-enabled applications, including prompt injection testing.
Design, develop, and implement security tools and automation to prevent and detect vulnerabilities.
Granicus provides technology that transforms the Govtech industry by connecting governments and constituents. They are a remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand.
Analyze security vulnerabilities and drive remediations.
Integrate security at every stage of the SDLC.
Deploy and manage security tooling.
Modern Health is a mental health benefits platform for employers, offering access to various resources for emotional, professional, social, financial, and physical well-being. They are the fastest entirely female-founded company in the U.S. to reach Unicorn status, with a unique culture centered around high empathy and accountability.
Develop and maintain automated security tools and processes to identify vulnerabilities and conduct security testing.
Design and implement secure cloud infrastructure, network architecture, and deployment processes.
Implement security monitoring tools and processes to proactively identify and respond to security events and anomalies.
Deel is an all-in-one payroll and HR platform for global teams, aiming to unlock global opportunity for every person, team, and business. They are among the largest globally distributed companies with a team of 7,000 spanning more than 100 countries, fostering a connected and dynamic culture.
Lead application security reviews and threat modeling.
Develop automated testing and mature our Secure SDLC.
Own and perform application security vulnerability management.
TRM Labs provides blockchain analytics and AI solutions to help law enforcement, national security agencies, financial institutions, and cryptocurrency businesses detect and disrupt crypto-related fraud and financial crime. They are a Series C company with $220M in funding and operate as a distributed-first company.
Run client SAST/DAST/SCA tools, review outputs and provide recommendations
Work with development teams to identify and remediate security vulnerabilities
Provide security guidance during the software development lifecycle (SDLC)
GuidePoint Security provides cybersecurity expertise and solutions to help organizations make better decisions and minimize risk. Since 2011, they've grown to over 1,200 employees and serve as a trusted advisor to more than 6,200 customers, fostering a collaborative and enjoyable workplace.
Define and evangelize requirements and guidance for secure by design principles.
Implement automation to prevent and detect security flaws during development.
Conduct design reviews and manual security assessments.
Yubico is the creator of the most secure passkeys and leading provider of hardware authentication security keys with a mission to make secure login easy and available for everyone. They are a global company with a strong company culture and employees located in over 14 countries; Yubico’s headquarters are based in Stockholm, Sweden and Santa Clara, CA.
Own end-to-end application security for all Self products
Partner closely with engineering and product teams to remediate critical security findings
Support SOC 2 and PCI compliance efforts, including audit preparation and evidence collection
Self Financial is a venture-backed, high-growth FinTech company with a mission to increase economic inclusion and financial resilience by empowering people to build credit and build savings. They are passionate about challenging the status quo of the credit industry by providing people accessible tools to take control of their credit.
Improve the security properties of Tailscale by identifying opportunities for security and privacy features, bug fixes, and defense-in-depth.
Audit Tailscale features for technical security weaknesses, identifying mitigations or solutions, and driving them towards resolution.
Support engineering decisions with threat modeling and security analysis and expertise.
Tailscale is building software that makes it easy to securely interconnect people and their devices, no matter where they are. Founded in 2019 and fully distributed, they are backed by Accel, CRV, Insight, Heavybit, and Uncork Capital.
Drive and enable proactive identification, analysis, and remediation of security vulnerabilities.
Respond to manage pen testing and bug bounty programs.
Work in partnership with Software Architecture, Risk/Compliance, the SRE team, and other partners, to integrate security capabilities into the SDLC.
Subsplash builds The Ultimate Engagement Platform™ for churches, Christian ministries, non-profits, and businesses around the world. They are a family-owned and operated company of 290+ mission-driven people.
Serve as trusted advisor to team’s leadership and partner teams by clearly articulating business risks associated with security issues
Lead security operation functions – including vulnerability management, SAST, DAST, detection engineering, and incident response – in CI/CD and cloud-native production environments
Integrate security into our applications throughout the software development lifecycle
They are scaling intelligence to serve humanity by training and deploying frontier models for developers and enterprises, building AI systems to power magical experiences. Cohere is composed of researchers, engineers, and designers who are passionate about their craft, and believes that a diverse range of perspectives is a requirement for building great products.
Create, manage, and maintain the application security strategy and roadmap.
Develop, execute, and track the performance of security measures to protect Alma’s data, applications, and systems.
Build and provide high-quality application security documentation and training to engineers.
Alma simplifies access to high-quality, affordable mental health care by making it easy and financially rewarding for therapists to accept insurance. Alma has over 20,000 therapists in their growing network and was named one of Inc’s Best Workplaces in 2022 and 2023.
Be the primary DevOps engineer for the Vulnerability Management Development team.
Work to make sure our infrastructure is responsive and resilient.
Ensure our systems are secure by following relevant standards and performing patching and upgrades.
itD is a global technology consulting company that is woman- and minority-owned. They blend diversity, innovation, and integrity with real business results and reject any strong hierarchy, empowering them to deliver excellent results.
Lead secure design reviews, threat modeling, and security-focused code reviews across the product and platform.
Build and run Fieldguide’s vulnerability management program: scanning, triage, SLA-driven remediation tracking, and engineering coordination.
Partner with Compliance to ensure technical controls satisfy framework requirements (SOC 2, ISO 27001, ISO 42001, FedRAMP).
Fieldguide is establishing a new state of trust for global commerce and capital markets through automating and streamlining the work of assurance and audit practitioners. They are based in San Francisco, CA, and built as a remote-first company that enables you to do your best work from anywhere.
Serve as our Clients’ primary technical point of contact throughout the sales cycle
Experience designing, implementing, and operationalizing security controls across a wide range of IT and enterprise business systems
Understand and articulate complex technical information to both technical and non-technical audiences
GuidePoint Security provides trusted cybersecurity expertise, solutions, and services to help organizations make better decisions and minimize risk. They have over 1000 employees and have established strategic partnerships with leading security vendors, serving as a trusted advisor to more than 4,200 customers.