Source Job

• Perform infrastructure security reviews across cloud services, network design, IAM, and platform components.
• Design and build internal security services, APIs, and tools that automate infrastructure vulnerability detection, triage, reporting, and remediation.
• Develop security automation that integrates with CI/CD, cloud control planes, and developer workflows to shift detection and remediation earlier in the lifecycle.

Webflow is building the world’s leading AI-native Digital Experience Platform as a remote-first company. They empower teams to design, launch, and optimize for the web without barriers, from entrepreneurs to global enterprises, and believe the future of the web, and work, is more open, more creative, and more equitable.

• Lead security architecture and design reviews across applications, infrastructure, and integrations.
• Conduct and coordinate penetration testing, threat modeling, and security reviews.
• Design and implement security automation within CI/CD pipelines.

Assured modernizes insurance by providing software solutions to large insurers that help them win in a technology-driven world. Their products include self-service claim-filing software to backend fraud detection and are dynamic, collaborative, and rewarding.

• Own and evolve vulnerability management end-to-end.
• Embed secure design principles across mobile applications, APIs, and microservices.
• Partner closely with engineering teams to remediate security issues.

Smart Working connects skilled professionals with global teams for full-time, long-term roles. They help you discover meaningful work with teams that invest in your success, where you’re empowered to grow personally and professionally.

• Lead the deployment and optimization of cloud security tools.
• Design and implement reusable, secure-by-default cloud patterns.
• Build and run the cloud vulnerability management program.

WorkWave provides best-in-class solutions that directly contribute to the success of its customers. They foster a casual, collaborative, and innovative environment.

• Help scale NerdWallet’s application security program through automation, tooling, and developer enablement.
• Partner with engineering and product teams to identify and remediate security gaps across multiple systems while balancing business priorities.
• Build tools, processes, and automation that improve security posture visibility for engineers and leadership.

NerdWallet aims to bring clarity to life's financial decisions with a team of exceptional Nerds. They foster an inclusive, flexible, and candid culture where employees are empowered to grow and take risks, supporting well-being and development whether working remotely or in-office.

• Conduct regular vulnerability assessments, threat modeling, and security architecture and design reviews.
• Partner with engineering teams to identify, prioritize, and mitigate identified risks
• Design and implement proactive security solutions to systematically eliminate vulnerability classes rather than endlessly chase individual vulnerabilities

Oura's mission is to empower every person to own their inner potential. Its award-winning products help its global community gain a deeper knowledge of their readiness, activity, and sleep quality by using their Oura Ring and its connected app. The company is quickly growing and focused on helping people live healthier and happier lives, and ensures that its team members have what they need to do their best work — both in and out of the office.

• Reduce operational toil by experimenting with AI and automation in security workflows, building simple tools that make your team's work easier, and sharing what you learn.
• Build trust across engineering and cloud teams by responding to security requests with genuine care, clear communication, and reliable follow-through.
• Own alert triage and incident response with thoroughness and accuracy, ensuring security findings are investigated quickly, escalated at the right time to the right people, and documented clearly for the whole team to learn from.

Jane is a founder-led, high-growth SaaS company that builds products and tools that thousands of clinics rely on every day to run their businesses, care for their patients, and grow their communities. They are a team of more than 700 people working remotely across Canada, the US, and the UK.

• Lead threat modeling and security architecture reviews for distributed, event-driven systems.
• Integrate security code reviews, SAST/DAST, Software Composition Analysis (SCA), and container scanning into CI/CD and AI/ML pipelines.
• Evangelize secure coding and AI security through training, brown bag sessions, and workshops.

Zeta Global is an AI-Powered Marketing Cloud that helps marketers acquire, grow, and retain customers more efficiently. They unify identity, intelligence, and omnichannel activation into a single platform. Zeta Global is headquartered in New York City with offices around the world.

• Perform Threat Modelling of architectural infrastructure changes and new cloud infrastructure and Kubernetes deployments in GCP and AWS.
• Design, implement, and manage robust security controls and configurations for our GCP and AWS environments.
• Develop and maintain secure Infrastructure as Code (IaC) using Terraform and tools.

MoonPay is a unified payments platform for digital currency, making it easy for anyone to buy, sell, swap and pay in digital currencies. They are trusted by over 30 million customers and over 500 ecosystem partners, driving mainstream crypto adoption worldwide.

• Focus on automation, integrating security within the CI/CD pipeline, and DevOps toolchain.
• Strong working knowledge of security fundamentals including OWASP Top10.
• Experience with public cloud infrastructure (AWS or Azure) and cloud security fundamentals.

GuidePoint Security provides cybersecurity expertise, solutions, and services to help organizations make better decisions and minimize risk. They have grown to over 1,200 employees, established strategic partnerships with leading security vendors, and serve as a trusted advisor to more than 6,200 customers.

• Design, develop, and implement cloud security architecture solutions in Microsoft Azure.
• Build and maintain security automation using Infrastructure as Code (IaC) tools.
• Collaborate with development and platform engineering teams to embed security into CI/CD pipelines.

Hanger, Inc. is the world's premier provider of orthotic and prosthetic (O&P) services and products, offering the most advanced O&P solutions, clinically differentiated programs and unsurpassed customer service. With 160 years of clinical excellence and innovation, Hanger's vision is to lead the orthotic and prosthetic markets by providing superior patient care, outcomes, services and value.

• Design, implement, and manage application and cloud security tooling across AWS.
• Lead the deployment and configuration of Wiz CSPM, collaborating with infrastructure and DevOps teams.
• Manage secure code scanning processes, integrating SAST and DAST to identify and remediate vulnerabilities early in the SDLC.

Twin Health aims to empower people to improve and prevent chronic metabolic diseases with AI Digital Twin technology. It is recognized for innovation and culture, with recent funding to scale rapidly across the U.S. and globally.

• Assist in designing and maintaining secure infrastructure on EKS in our multi-cloud environment (AWS) using Infrastructure as Code (Terraform).
• Write code (Python, Go, or Bash) to automate manual tasks, threat detection, and vulnerability management processes.
• Integrate security tools (SAST, DAST, SCA) into our CI/CD pipelines, ensuring developers receive fast, actionable feedback on their code.

Smartsheet helps people and teams achieve anything with seamless work management and scalable solutions. They empower teams to automate the manual, uncover insights, and scale smarter, creating space for impactful work. The company values diverse perspectives and supports employee growth.

• Embed security into CI/CD pipelines and own secure controls.
• Lead the process of vulnerability and patch management, automating discovery.
• Strengthen cloud and Kubernetes environments through secure configurations.

Alpaca is a US-headquartered self-clearing broker-dealer and brokerage infrastructure provider for stocks, ETFs, options, crypto, fixed income, and more. They are a dynamic team of 230+ globally distributed members committed to opening financial services to everyone.

• Participate in threat modeling exercises with engineering team members
• Triage SCA/SAST/DAST/CSPM findings by eliminating false positives and providing well-vetted vulnerabilities to engineering teams
• Support vulnerability management efforts for networks and infrastructure

They offer a SaaS-based Global Employment Platform that enables clients to expand into over 180 countries. Their diverse, remote-first teams are essential to their success, fostering innovation and valuing every contribution.

• Improve AWS security configurations.
• Manage and maintain security tools.
• Perform vulnerability management and coordinate patching.

Swapcard is the leading AI-powered event platform designed to drive revenue growth and foster meaningful connections at in-person and hybrid events. With 42 nationalities represented among their 180+ team members, they champion diversity as a catalyst for creativity, collaboration, and unparalleled innovation.

• Own and lead Limble’s application security program, partnering with the Head of Information Security and key stakeholders to define strategy and roadmap.
• Perform hands-on security work including threat modeling and secure design reviews, using engagements as opportunities to educate and influence engineering decisions.
• Partner with engineering teams to triage, prioritize, and remediate vulnerabilities across the platform.

Limble empowers the unsung heroes who support the world by revolutionizing how businesses manage their maintenance operations. They provide a comprehensive suite of software solutions to optimize asset performance and drive operational excellence; their CMMS platform features streamline operations and enhance productivity.

• Working cross functionally to design, build, and operate solutions that continuously improve and automate our security capabilities
• Leveraging data to understand trends, metrics, and opportunities to improve our security posture and then helping execute on those opportunities with stakeholders
• Leading and enhancing incident / issues response efforts, spearheading analysis, containment, and mitigation strategies in a cross-functional environment to ensure effective resolution and remediation of security incidents / issues

Aledade, a public benefit corporation, empowers independent primary care practices. Founded in 2014, they've become the largest network of independent primary care in the country with a collaborative, inclusive and remote-first culture.

• Partner with engineering teams to conduct threat modeling.
• Build and maintain automated scanning, penetration testing frameworks, and monitoring tools within our AWS CI/CD pipelines.
• Champion a "security-first" mindset and host workshops that empower developers to write secure code.

Panopto is a customer-centric learning technology company and the leader in visual and audio-based learning. They empower organizations to share knowledge effortlessly. Panopto has been adopted by more than 1,600 companies and universities worldwide with over 11 million end users.

• Own the strategy and execution for the Cloudflare ecosystem to secure the network edge.
• Lead the design of security controls within Google Cloud Platform, specifically for Vertex AI, BigQuery, VPC Service Controls, IAM, and Security Command Center.
• Embed security into CI/CD pipelines (Cloud Build, GitHub Actions) using Infrastructure as Code (Terraform).

Kareo and PatientPop joined forces to become Tebra, the digital backbone for practice well-being, helping independent practices bring modernized care to patients everywhere. Well over 100,000 providers trust them to elevate their patient experience and grow their practice.