Source Job

Europe

  • Lead the security research function by defining methodologies and best practices for identifying cloud and application security threats.
  • Conduct advanced vulnerability research and collaborate with engineering teams to translate findings into product features.
  • Publish high-quality technical content and establish thought leadership in the cybersecurity community.

Cloud Security AWS Python Go

20 jobs similar to Security Research Lead

Jobs ranked by similarity.

Europe US Unlimited PTO

  • Triage, validate, and remediate security vulnerabilities across products, infrastructure, and internal systems.
  • Develop, maintain, and contribute to internal and open-source security tooling, writing production-grade code.
  • Improve secure development practices through code reviews, threat modeling, and security design reviews.

Tiger Data provides the fastest PostgreSQL platform for transactional, analytical, and agentic workloads. With over 2,000 customers and 3 million active databases, it is a remote-first team backed by $180 million in funding.

US

  • Develop and implement a multi-tenant Cloud strategy for Managed Services offering.
  • Design cloud reference architectures and document standardized infrastructure patterns and best practices.
  • Collaborate with Security and Operations teams to define security best practices and automate compliance.

Smile Digital Health provides a FHIR-based data liberation platform that makes it easy for healthcare stakeholders to collect and exchange data. They were ranked #19 on Deloitte's Technology Fast 50 for 2024 and foster a culture of respect, inclusion, and diversity.

Canada Unlimited PTO

  • Partner with engineering teams to design, build, and operate secure-by-default cloud infrastructure across AWS and Google Cloud.
  • Build reusable Terraform modules and policy-as-code guardrails to make secure implementation easier for engineering teams.
  • Operate CSPM/CNAPP tooling and drive remediation of cloud vulnerabilities and misconfigurations.

Fullscript is a health technology company that provides a platform for practitioners to access clinical insights, lab interpretations, and high-quality supplements, serving over 125,000 practitioners and 10 million patients. The company has a remote-first culture, emphasizes work-life balance, and values inclusivity and continuous learning.

US

  • Enable software engineering teams to continuously improve the security posture of products and SaaS environments through AppSec and DevSecOps expertise.
  • Serve as the go-to AppSec expert, mentoring engineers on secure design patterns and coding practices while collaborating on threat models and design reviews.
  • Lead automation of vulnerability management tooling across CI/CD pipelines, perform security code reviews, and contribute to compliance strategies.

Hypori is a high-growth cybersecurity SaaS company transforming how organizations think about secure mobility. Backed by $55M in funding from investors including UBS and AE Industrial Partners, the company is expanding into new commercial and regulated markets.

Spain

  • Play a key role in protecting and strengthening large-scale cloud-native applications that power next-generation AI infrastructure.
  • Work at the intersection of software engineering and cybersecurity, ensuring security is embedded throughout the software development lifecycle.
  • Collaborate cross-functionally to identify and remediate vulnerabilities in complex distributed systems.

Our partner is a company building large-scale cloud-native applications that power next-generation AI infrastructure. They have a high-impact security engineering environment with a collaborative and innovative culture focused on trust, learning, and impact.

Canada

  • Design and ship scalable security solutions to bridge the gap between security and engineering teams.
  • Build cooperative partnerships with product and engineering teams to integrate robust security capabilities at scale.
  • Drive security risk reduction through technical leadership, security reviews, and mentorship across engineering teams.

Twilio is a communications platform that delivers innovative solutions to hundreds of thousands of businesses and empowers millions of developers worldwide to craft personalized customer experiences. The company has a remote-first work culture with a strong focus on connection, global inclusion, and diverse experiences, making a global impact each day.

US

  • Lead integration of security across the SDLC, embedding automated testing into CI/CD pipelines.
  • Secure cloud-native AWS architectures and enforce least privilege access and runtime protections.
  • Perform threat modeling, automate compliance, and innovate with AI security standards.

TrueML is a mission-driven financial software company that uses machine learning to improve customer experiences for distressed borrowers. The team includes data scientists, financial services experts, and customer experience fanatics building inclusive financial technology.

Global

  • Build and optimize secure, scalable AWS infrastructure to support production applications
  • Implement Infrastructure as Code using Terraform, Ansible, and automation tools
  • Develop and maintain CI/CD pipelines for reliable software delivery

This leading software engineering consultancy helps global organizations design, build, and scale modern digital products using cloud-native engineering and distributed systems. It fosters a remote-first, engineering-driven culture that values autonomy, technical excellence, and knowledge sharing.

US

  • Serve as the technical expert for Zero Trust Architecture in cloud environments (AWS, Azure, GCP).
  • Collaborate with sales and engineering teams to influence the product roadmap and customer strategies.
  • Drive customer Proof-of-Value engagements, demonstrating Zscaler's unique value proposition.

Zscaler accelerates digital transformation by securing users, devices, and applications through its cloud-native Zero Trust Exchange platform. As an AI-forward enterprise leveraging the world's largest security data lake, Zscaler fosters a culture of execution, transparency, and high-impact collaboration.

  • Owns product, cloud, engineering, vendor, AI-tooling, and compliance security functions.
  • Builds practical guardrails for AI tools, agents, MCPs, data leakage, and automation.
  • Understands OWASP, IAM, secrets, cloud security, vulnerability management, CI/CD, incident response, and frameworks like SOC 2, ISO 27001, GDPR, or HIPAA.

PlayPower Labs is a company focused on building practical security functions without slowing down teams. The organization values security sharpness, usefulness, and a product-minded approach, with a culture that balances protection and agility.

Europe

  • Champion and implement security best practices and automated tooling across Spotify's infrastructure and platforms.
  • Partner closely with teams to integrate security throughout the software development lifecycle from design to deployment.
  • Conduct threat modeling, security reviews, and risk assessments for both AI and non-AI systems.

Spotify is the world's most popular audio streaming subscription service, unlocking the potential of human creativity by giving artists the opportunity to live off their art. With over 700 million users, the company values curiosity, collaboration, and a willingness to both teach and learn from others.

UK Global

  • Lead and own the ongoing operation and maintenance of Samsara’s vulnerability management program.
  • Collaborate with engineering teams to track and support the remediation of identified vulnerabilities.
  • Champion Samsara’s cultural principles in daily work.

Samsara is the pioneer of the Connected Operations Cloud, enabling organizations to harness IoT data for actionable insights. As a recently public company with a global team, they foster a culture of rapid career development and encourage employees to architect their own careers.

United States

  • Design and implement authorization frameworks and just-in-time access controls for cloud resources.
  • Develop security automation scripts and tools in Python and Go to streamline operations and incident response.
  • Collaborate with engineering teams to integrate security controls into CI/CD pipelines and infrastructure.

Included Health is a healthcare company delivering integrated virtual care and navigation. It has a remote-first culture and offers comprehensive benefits.

Brazil

  • Design and lead cloud-native architecture for AWS environments.
  • Collaborate with engineering teams to translate client requirements into technical solutions.
  • Mentor engineers and ensure best practices in DevOps, security, and cloud operations.

The partner company delivers scalable cloud-native solutions for enterprise customers, focusing on AWS-based systems. It is a remote-first organization with a strong engineering culture emphasizing mentorship and continuous learning.

United States

  • Perform penetration testing and design reviews to identify vulnerabilities and insecure designs.
  • Maintain and build internal tools to automate security efforts, including SAST and DAST testing.
  • Identify vulnerabilities, demonstrate business impact, and articulate risk to drive prioritization.

Brex is the intelligent finance platform that enables companies to spend smarter and move faster in over 200 markets. With tens of thousands of customers including DoorDash, Coinbase, and Zoom, Brex fosters a diverse and inclusive team culture where collaboration with some of the brightest minds in the industry is key.

US Canada Unlimited PTO

  • Own and improve the secure software development lifecycle, perform application security reviews, threat modeling, and deep code-level analysis for high-impact product, platform, and AI features.
  • Drive vulnerability management across internal reviews, bug bounty, pentests, and other research signals, ensuring findings are validated, prioritized, and tracked through remediation.
  • Configure and improve AppSec tooling and integrations, and use AI to automate and scale security processes while validating outputs with strong engineering judgment.

Apollo.io is the leading go-to-market solution for revenue teams, trusted by over 500,000 companies and millions of users globally. Founded in 2015, the company is one of the fastest growing companies in SaaS, raising approximately $250 million to date and valued at $1.6 billion.

Canada United States

  • Partner with engineering teams to review cloud and compute architecture design changes.
  • Develop or adopt open-source tools to monitor and harden cloud infrastructure and detect intrusions.
  • Drive the definition and implementation of security policies and monitor conformance.

Quora operates a global knowledge sharing platform with over 300M monthly unique visitors and Poe, a platform for AI language model interaction. It is a privately held, remote-first company with a culture rooted in transparency, idea-sharing, and experimentation.

US

  • Lead secure Google Cloud architecture design and reviews across IAM, networking, workload protection, and compliance.
  • Advise enterprise customers on GCP security strategy aligned to business risk and regulatory requirements.
  • Develop executive-ready findings, prioritized remediation roadmaps, and maturity-based security improvement plans.

Coalfire helps clients solve cybersecurity challenges through advisory, assessment, automation, and cloud security services. With offices across the US and UK, the company employs a team of thought leaders and consultants who are passionate problem-solvers.

US

  • Support the day-to-day security posture of systems across cloud and on-prem environments, including vulnerability management and remediation tracking.
  • Partner with infrastructure, platform, and engineering teams on secure configuration, access control, logging, and incident readiness.
  • Support compliance activities related to GovRAMP, FedRAMP, PCI DSS, and internal reviews using AWS security tooling.

Grant Street Group is a growing company that provides SaaS products for electronic payments, auctions, and tax collection. The company fosters a culture of teamwork, professional excellence, and individual responsibility in a technology-rich remote environment.

UK

  • Design and deliver secure, scalable software solutions using Go within a cloud-native architecture.
  • Build platform capabilities for API security, cryptographic controls, AI governance, and supply chain security.
  • Collaborate with engineering, platform, and security teams to enhance production system security and resilience.

Jobgether is a platform that uses AI-powered matching to connect candidates with roles. They partner with companies to manage applications and next steps, fostering an inclusive and diverse working environment.