Lead original research into vulnerability classes affecting 1Password’s products and the broader identity security ecosystem.
Design and develop sophisticated threat models, attack chains, and proof-of-concept exploits.
Lead research into the security implications of AI in identity systems.
1Password is building the foundation for a safe, productive digital future. They are the leader in enterprise password management and pioneered Extended Access Management, a new cybersecurity category. The company has over 180,000 businesses, from Fortune 100 leaders to the world’s most innovative AI companies.
Conduct original research into vulnerabilities in 1Password’s products and the broader identity security landscape; discover and document novel vulnerability classes.
Develop proof-of-concept exploits that validate research findings and support engineering teams in understanding and prioritizing remediation efforts.
Investigate security risks at the intersection of AI and identity, including prompt injection and data poisoning; address emerging challenges of agentic security.
1Password is building the foundation for a safe, productive digital future. As one of the most loved brands in cybersecurity, they take a human-centric approach in everything from product strategy to user experience. They have over 180,000 businesses, and they are known for their commitment to collaboration, transparent communication, and a culture that values honesty and puts people first.
Define, implement, and document new security features
Analyze, fix, and test vulnerabilities in open source software
Audit and analyze source code for vulnerabilities
Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, they are changing the world on a daily basis and have 1200+ colleagues in 75+ countries.
Conduct security assessments, code reviews, and penetration testing to identify vulnerabilities.
Plan and execute security testing for LLM-enabled applications, including prompt injection testing.
Design, develop, and implement security tools and automation to prevent and detect vulnerabilities.
Granicus provides technology that transforms the Govtech industry by connecting governments and constituents. They are a remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand.
Ownership and execution of XBOW across public bug bounty programs.
Assess targets, coordinate attack capabilities, and manage testing activity.
Review vulnerabilities, prepare disclosure reports, and maintain relationships.
XBOW is building the future of offensive security with AI. Founded by Oege de Moor, creator of GitHub Copilot, and backed by Sequoia, Altimeter, and other leading investors, our team of builders, hackers, and researchers are solving impossible problems.
Develop network threat detectors by leveraging rule-based and ML-based detection strategies.
Reproduce attacks in a lab environment using live tools and recorded PCAP traffic, and perform threat hunts on aggregated log data, in order to identify malicious behaviors and develop techniques to detect them.
Collaborate with Threat Research and Data Science teams to gain insight on attacker techniques and take advantage of the latest machine learning models to detect attacker behavior.
ExtraHop reinvents Network Detection and Response (NDR) to help enterprises and organizations stay ahead of emerging threats with unmatched network visibility, context, and control. They are recognized for innovation and a commitment to building a world-class team.
Lead Precision Defense engineering teams, turning NodeZero’s offensive insights into autonomous defenses.
Build and evolve deception capabilities like honeypots and honeytokens for high-fidelity defense.
Codify emerging threats into tests and alerts, guiding fast mitigation for customers.
Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. They are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners.
Investigate activity and disrupt abusive operations in partnership with our policy, legal, integrity, global affairs and security teams, including by conducting cross-internet and open source research
Develop abuse signals and tracking strategies to help proactively detect harmful activity on our platform
Communicate investigation findings from your work with stakeholders internally and, at times, externally
OpenAI's mission is to ensure that general-purpose artificial intelligence benefits all of humanity. They are an AI research and deployment company that pushes the boundaries of AI systems and seeks to safely deploy them to the world through their products.
Harden login and registration flows using risk-based controls.
Partner closely with Security and Engineering teams to identify and remediate abuse.
Develop internal Trust & Safety tooling that centralizes risk signals.
Webflow is building the world’s leading AI-native Digital Experience Platform as a remote-first company. They empower teams to design, launch, and optimize for the web without barriers, believing the future of the web, and work, is more open, more creative, and more equitable.
Architect Windows kernel telemetry pipelines: design and validate new instrumentation points.
Dissect adversary tradecraft: reverse-engineer attacker techniques through malware analysis, threat intelligence, and real-world incident investigation.
Conduct attack scenario analysis: explore theoretical and practical attack vectors against AI agents, enterprise software, and Windows systems.
Origin is building the next generation of endpoint security for the Semantic Era. Their platform monitors and protects some of the most important organizations in the world and they are backed by Sequoia Capital, Brightmind Ventures, IA Ventures and other top firms.
Partner directly with customers to understand their unique environments, operational constraints, and capability gaps
Design and implement custom telemetry integrations; extend Origin's platform to ingest customer-specific data sources, proprietary log formats, and external threat intelligence
Build bespoke detection and analytics capabilities; develop custom correlation logic, confidence scoring models, and automation workflows tailored to customer needs
Origin is building the next generation of endpoint security for the Semantic Era. They are backed by Sequoia Capital, Brightmind Ventures, IA Ventures and other top firms. The company is a fully remote team across the US & Canada, built on trust, autonomy, and excellence.
Partner with engineering teams throughout the SDLC to embed security by design in our products.
Lead and evolve our AppSec tooling and workflows by implementing, tuning, and integrating SAST, DAST, SCA, and container/image scanning into CI/CD pipelines.
Drive vulnerability management for our applications and supply chain, including triaging and prioritizing issues, coordinating with teams on fix/mitigate/accept decisions.
Camunda is the leader in enterprise agentic automation, orchestrating complex business processes across agents, people, and systems. They were named a Visionary in the inaugural 2025 Gartner Magic Quadrant for Business Orchestration and Automation Technologies (BOAT).
Partner with engineering teams to conduct threat modeling.
Build and maintain automated scanning, penetration testing frameworks, and monitoring tools within our AWS CI/CD pipelines.
Champion a "security-first" mindset and host workshops that empower developers to write secure code.
Panopto is a customer-centric learning technology company and the leader in visual and audio-based learning. They empower organizations to share knowledge effortlessly. Panopto has been adopted by more than 1,600 companies and universities worldwide with over 11 million end users.
Helping design, develop, and deliver security features, with safety and security in mind
Working with other engineering teams to ensure that they make safe and compliant architectural and implementation choices
Leading by example in code review, decision-making, and team culture — fostering transparency, empathy, and collaboration
The Wikimedia Foundation operates Wikipedia and other Wikimedia free knowledge projects with the vision of a world in which every single human can freely share in the sum of all knowledge. They are a charitable, not-for-profit organization that relies on donations with offices in San Francisco, California, USA. They value having a diverse workforce and continuously strives to maintain an inclusive and equitable workplace.
Lead Application Security testing projects and drive remediation of identified vulnerabilities.
Design and run adversarial testing campaigns across the full Buildkite environment.
Build automation for both AppSec and adversarial testing workflows.
Buildkite's mission is to unblock every developer on the planet with their CI/CD platform. They are a remote-first company since 2013 with a small team, high standards, and real ownership distributed across 60+ cities, built around async communication and genuine autonomy.
Analyze security vulnerabilities and drive remediations.
Integrate security at every stage of the SDLC.
Deploy and manage security tooling.
Modern Health is a mental health benefits platform for employers, offering access to various resources for emotional, professional, social, financial, and physical well-being. They are the fastest entirely female-founded company in the U.S. to reach Unicorn status, with a unique culture centered around high empathy and accountability.
Design and build full-stack applications combining modern frontend technologies with Python-based backend services
Develop intuitive user interfaces and high-quality user experiences using React, JavaScript, and HTML
Prototype and deliver AI-powered applications leveraging large language models
Smart Working connects skilled professionals with global teams and products for full-time, long-term roles. They aim to match people in roles where they truly belong and value growth and well-being, empowering them to grow both personally and professionally.
Develop and maintain automated security tools and processes to identify vulnerabilities and conduct security testing.
Design and implement secure cloud infrastructure, network architecture, and deployment processes.
Implement security monitoring tools and processes to proactively identify and respond to security events and anomalies.
Deel is an all-in-one payroll and HR platform for global teams, aiming to unlock global opportunity for every person, team, and business. They are among the largest globally distributed companies with a team of 7,000 spanning more than 100 countries, fostering a connected and dynamic culture.
Play a pivotal role in shaping the architecture, strategic direction and maturity of Canva’s Detection and Response capabilities.
Deliver innovative and scalable security solutions yourself as an individual, and also as a mentor of other security builders.
Evangelise and lead the adoption and integration of GenAI Workflows to raise the efficiency and scalability of the Detection and Response team’s operations.
Canva is a design platform redefining how the world experiences design. They have campuses in Sydney and Melbourne, and co-working spaces in Brisbane, Perth and Adelaide, with a flexible and fun culture that incorporates empathy, humility, and generosity.
Work within a small team of developers to implement new security features.
Assist in security design efforts or scoping initiatives for new features.
Demonstrate leadership in security development and act as a trusted point of contact.
1Password is building the foundation for a safe, productive digital future. As one of the most loved brands in cybersecurity, we take a human-centric approach in everything from product strategy to user experience.