Implementing and maintaining Application Security Testing (AST) tools to identify code and dependency vulnerabilities during the software development lifecycle.
Implementing and maintaining Application Security Posture Management (ASPM) tools to centralize findings from multiple solutions and integrate into software development processes.
Acting as the first line of support for users by helping resolve false positives, providing guidance on finding remediation, and evaluating security exception requests.
Design, implement, and manage application and cloud security tooling across AWS.
Lead the deployment and configuration of Wiz CSPM, collaborating with infrastructure and DevOps teams.
Manage secure code scanning processes, integrating SAST and DAST to identify and remediate vulnerabilities early in the SDLC.
Twin Health aims to empower people to improve and prevent chronic metabolic diseases with AI Digital Twin technology. It is recognized for innovation and culture, with recent funding to scale rapidly across the U.S. and globally.
Partner with engineering teams throughout the SDLC to embed security by design in our products.
Lead and evolve our AppSec tooling and workflows by implementing, tuning, and integrating SAST, DAST, SCA, and container/image scanning into CI/CD pipelines.
Drive vulnerability management for our applications and supply chain, including triaging and prioritizing issues, coordinating with teams on fix/mitigate/accept decisions.
Camunda is the leader in enterprise agentic automation, orchestrating complex business processes across agents, people, and systems. They were named a Visionary in the inaugural 2025 Gartner Magic Quadrant for Business Orchestration and Automation Technologies (BOAT).
Analyze security vulnerabilities and drive remediations.
Integrate security at every stage of the SDLC.
Deploy and manage security tooling.
Modern Health is a mental health benefits platform for employers, offering access to various resources for emotional, professional, social, financial, and physical well-being. They are the fastest entirely female-founded company in the U.S. to reach Unicorn status, with a unique culture centered around high empathy and accountability.
Lead Application Security testing projects and drive remediation of identified vulnerabilities.
Design and run adversarial testing campaigns across the full Buildkite environment.
Build automation for both AppSec and adversarial testing workflows.
Buildkite's mission is to unblock every developer on the planet with their CI/CD platform. They are a remote-first company since 2013 with a small team, high standards, and real ownership distributed across 60+ cities, built around async communication and genuine autonomy.
Run client SAST/DAST/SCA tools, review outputs and provide recommendations
Work with development teams to identify and remediate security vulnerabilities
Provide security guidance during the software development lifecycle (SDLC)
GuidePoint Security provides cybersecurity expertise and solutions to help organizations make better decisions and minimize risk. Since 2011, they've grown to over 1,200 employees and serve as a trusted advisor to more than 6,200 customers, fostering a collaborative and enjoyable workplace.
Develop and maintain automated security tools and processes to identify vulnerabilities and conduct security testing.
Design and implement secure cloud infrastructure, network architecture, and deployment processes.
Implement security monitoring tools and processes to proactively identify and respond to security events and anomalies.
Deel is an all-in-one payroll and HR platform for global teams, aiming to unlock global opportunity for every person, team, and business. They are among the largest globally distributed companies with a team of 7,000 spanning more than 100 countries, fostering a connected and dynamic culture.
Lead application security reviews and threat modeling.
Develop automated testing and mature our Secure SDLC.
Own and perform application security vulnerability management.
TRM Labs provides blockchain analytics and AI solutions to help law enforcement, national security agencies, financial institutions, and cryptocurrency businesses detect and disrupt crypto-related fraud and financial crime. They are a Series C company with $220M in funding and operate as a distributed-first company.
Drive adoption of a Secure Software Development Lifecycle (SSDLC) across engineering teams.
Implement and integrate application security tooling into CI/CD pipelines, improving vulnerability detection and remediation.
Establish consistent threat modelling and secure design practices across new features and products.
Neko Health's mission is to deliver proactive healthcare for all, empowering members to take control of their health via technology and compassionate care. They have nearly 100 full-time engineers working across Berlin, Chamonix, Hamburg, Lisbon, Marseille, Vilnius, and Stockholm and they support a flexible workplace that prioritizes work-life balance.
Serve as trusted advisor to team’s leadership and partner teams by clearly articulating business risks associated with security issues
Lead security operation functions – including vulnerability management, SAST, DAST, detection engineering, and incident response – in CI/CD and cloud-native production environments
Integrate security into our applications throughout the software development lifecycle
They are scaling intelligence to serve humanity by training and deploying frontier models for developers and enterprises, building AI systems to power magical experiences. Cohere is composed of researchers, engineers, and designers who are passionate about their craft, and believes that a diverse range of perspectives is a requirement for building great products.
Build proactive security automation aimed at decreasing manual remediation work.
Research new and novel ways to accomplish security work and publish your findings on our blog.
Participate in a monthly security on-call rotation for critical escalations.
Automox is a cloud-native IT operations platform that helps modern organizations keep every endpoint automatically configured, patched, and secured – anywhere in the world. They are trusted by more than 2,500 leading companies and MSPs worldwide and value a ‘one team’ mentality where everyone’s unique skills contribute to an environment that encourages collaboration and ownership.
Design and implement security controls across cloud infrastructure, applications, and data systems.
Identify, assess, and mitigate security risks through threat modeling, reviews, and testing.
Build and maintain monitoring, alerting, and incident response capabilities.
BlockchainUnmasked aims to streamline cryptocurrency forensic investigations through advanced automation combined with cutting-edge solutions. They work with investigative partners to dramatically accelerate investigation times and boost success rates in interdiction, recovery, and deterrence.
Perform infrastructure security reviews across cloud services, network design, IAM, and platform components.
Design and build internal security services, APIs, and tools that automate infrastructure vulnerability detection, triage, reporting, and remediation.
Develop security automation that integrates with CI/CD, cloud control planes, and developer workflows to shift detection and remediation earlier in the lifecycle.
Webflow is building the world’s leading AI-native Digital Experience Platform as a remote-first company. They empower teams to design, launch, and optimize for the web without barriers, from entrepreneurs to global enterprises, and believe the future of the web, and work, is more open, more creative, and more equitable.
Conducting a comprehensive threat model of our application and infrastructure layers.
Hardening our AWS infrastructure while keeping developer workflows frictionless.
Integrating security tooling into our CI/CD pipeline.
Loancrate simplifies home-buying for lenders and borrowers by building AI-native tooling to automate mortgage workflows. Since 2020, their remote team has enabled customers to power >$85 billion in new home loans and they value collaboration and open communication.
Conduct security assessments, code reviews, and penetration testing to identify vulnerabilities.
Plan and execute security testing for LLM-enabled applications, including prompt injection testing.
Design, develop, and implement security tools and automation to prevent and detect vulnerabilities.
Granicus provides technology that transforms the Govtech industry by connecting governments and constituents. They are a remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand.
Designing and developing technical integrations that connect Chainguard products to partner platforms.
Building and maintaining our security advisory system, including schemas, APIs, and data feeds.
Owning integrations with major cloud platforms, including GCP, AWS, and Azure.
Chainguard is the secure foundation for software development and deployment. They help organizations eliminate threats in their software supply chains by providing guarded open source software. Chainguard is founded by industry's leading experts on open source software, security and cloud native development and they built the largest library of open source software that is secure by default.
Design, implement, and maintain systems that secure Yelp’s AWS and Google Cloud Platform environments.
Develop and enforce data security controls to support privacy initiatives.
Manage system-level access controls and tiered access for internal digital assets.
Yelp's engineering culture values individual authenticity and encourages creative solutions. They focus on helping users, growing as engineers, and having fun in a collaborative environment.
Actively partner on the Cloud Security strategy and implementation.
Evolve and expand our current Cloud Security posture across multiple platforms.
Recommend and validate Security controls and improvements across our infrastructure stack
Circle is a global financial technology firm building the foundation for a more open financial system through digital assets, payment applications, and blockchain infrastructure. They value their employees and foster a culture of collaboration and excellence, with a flexible work enviornment.
Learn about our users, systems, and security posture, and how security enables our product and business goals.
Support security assessments of code and infrastructure changes with guidance from Security Engineers, helping ensure alignment with SOC 2, PCI-DSS, and internal policies.
Assist with automating recurring security and compliance activities such as vulnerability scanning, risk assessments, third-party risk reviews, and control validation.
ezCater is the leading food for work technology company in the US, connecting anyone who needs food for their workplace to over 100,000 restaurants nationwide. They provide flexible and scalable solutions and are backed by top investors.
Take ownership of securing high-availability, low-latency systems.
Implement and automate security controls across cloud and on-prem infrastructure.
Enhance resilience, reduce risk, and enable business operations to run safely and efficiently.
Jobgether is a platform that helps candidates find jobs and companies find candidates. They use AI-powered matching to connect talent with opportunities, ensuring a quick, objective, and fair review process.
Design and implement cloud security guardrails across AWS and GCP
Embed policy enforcement and compliance checks directly into Terraform modules
Conduct architecture reviews and continuously harden multi-cloud environments
Beast Industries is a multifaceted media and entertainment company founded by Jimmy Donaldson, popularly known as MrBeast. We are known for revolutionizing digital content creation, encompassing ventures that extend far beyond YouTube.