Reproduce, assess, and document vulnerabilities, perform variant hunting, and contribute to exploitability research on security issues reported in GitLab’s products and services.
Support and consult with product and development teams on effective vulnerability remediation and mitigation. Independently validate vulnerability fixes prior to release.
Contribute to clear and actionable documentation that explains vulnerability impact, risk, and remediation guidance for technical and non-technical audiences, helping to scale PSIRT knowledge and practices across GitLab.
GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Their high-performance culture is driven by their values and continuous knowledge exchange, enabling their team members to reach their full potential while collaborating with industry leaders to solve complex problems.
Own the configuration, tuning, and management of our SIEM solution.
Perform architecture reviews, code reviews, and infrastructure configuration reviews.
Maintain and optimize a vulnerability management CI/CD pipeline within our container/application delivery infrastructure.
Engine is transforming business travel into something personalized, rewarding, and simple. More than 20,000 companies already rely on Engine to support over 1 million travelers and billions in annual bookings each year.
Engineer and deploy clever controls so security incidents stay rare.
Lead incident response efforts and security tool deployments.
Embrace AI and automation to protect the enterprise at machine speed.
Chainguard provides a secure foundation for software development and deployment. By providing guarded open source software, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains. They value customer obsession, prioritize intentional action, and trust each other.
Define and drive the strategic roadmap for proactive security vulnerability analysis.
Establish the technical vision and program for integrating robust security controls at every stage of the SDLC.
Lead collaborative and cross-functional threat modeling initiatives for core systems, new features, and evolving services.
Modern Health is a mental health benefits platform for employers, offering access to resources for emotional, professional, social, financial, and physical well-being. They are a fully remote workforce known for their culture centered around empathy and accountability, with a drive to win.
Responsible for designing and implementing security best practices at each stage of the system development lifecycle.
Works in partnership with cross-functional teams to act as a security subject matter expert, while supporting and advancing the security of ConnectWise applications.
Conducts security assessments, threat modeling, and vulnerability reporting and develops security architecture patterns for implementing new solutions and products.
ConnectWise is a community-driven software company dedicated to the success of technology solution providers, with a suite that helps over 45,000 of their partners manage their businesses better. The company has over 3,000 colleagues in North America, EMEA and APAC and has an inclusive and positive culture.
Design and drive a security research program focused on identifying emerging threats and innovative defensive techniques.
Drive original research into product, application, and ecosystem-level vulnerabilities, publishing findings responsibly.
Partner with Product, Marketing, Engineering, and other teams by providing technical insights and evidence-based recommendations.
1Password is a cybersecurity company building the foundation for a safe, productive digital future. They have over 180,000 businesses trusting their products and boast a culture that prioritizes collaboration, transparent communication, and receptiveness to feedback.
Perform end-to-end security services, including consulting, reviewing, auditing, verifying, testing, and delivering detailed security assessments for blockchain systems.
Conduct comprehensive manual code reviews to identify vulnerabilities, logical flaws, economic attacks, and non-obvious edge cases across Solidity, Golang, Rust or other blockchain languages.
Develop and refine threat models and attack surfaces, covering economic, technical, operational, and trust-assumption risks for blockchain protocols.
CertiK leads blockchain security by securing smart contracts and blockchains with cutting-edge Formal Verification technology. Founded by Computer Science professors of Yale University and Columbia University, CertiK has audited and secured over $500B in assets, including many of the world’s top blockchain projects.
Integrate security activities across all SDLC phases: requirements, design, implementation, testing, deployment, and maintenance.
Run threat modeling sessions (e.g. STRIDE) for new and existing systems; identify threats, attack paths, misconfigurations, and insecure design patterns.
Perform security-focused code reviews to identify vulnerabilities and risky implementations; provide clear, actionable guidance on secure coding patterns and best practices.
Infiterra's B2B SaaS platform helps IT Distributors and Managed Service Providers (MSPs) automate and grow their subscription business. With 100+ customers in 75 countries, they're recognized for innovation and global impact. Infiterra fosters a collaborative and growth-oriented culture, allowing you to be part of a dynamic, forward-thinking team.
Design and implement security solutions across enterprise platforms and cloud environments.
Perform threat modeling and security risk assessments for new features and platforms.
Partner with product teams to embed security requirements early in the SDLC.
Experian is a global data and technology company, powering opportunities for people and businesses around the world. As a FTSE 100 Index company listed on the London Stock Exchange, they have a team of 22,500 people across 32 countries and are committed to investing in their people.
Partner with Product teams to ensure that products are designed, built, and operated securely.
Conduct threat modeling activities with Product teams to ensure product threats are understood, documented, and mitigated.
Review and analyze product source code to identify security vulnerabilities and providing recommendations for secure implementation.
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm is a remote-first company and offers competitive benefits anchored to their core value of people come first.
Embed security into Firefox, Mozilla VPN, and other mission-critical products.
Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation.
Partner with engineers to integrate security throughout the software development lifecycle as a core design principle.
Mozilla Corporation shapes the internet for the better and makes privacy-minded brands like Firefox. They have over 225 million people around the world using their products each month and are focused on making the internet better for people.
Review DeFi strategies, protocol designs, and smart contracts for security risks and failure modes.
Provide secure design input for new features and applications.
Partner with the security team to advance application security initiatives.
FalconX is revolutionizing institutional access to the crypto markets by operating at the intersection of traditional finance and cutting-edge technology. They address the industry's foremost challenges, empowering clients with seamless navigation through the ever-evolving cryptocurrency landscape.
Design and implement resiliency across our cloud platform and CI/CD pipelines.
Embed “security as code” and help lead incident response for high-severity outages.
Partner with engineering teams to enable safe, fast delivery at scale.
Alpaca is a US-headquartered self-clearing broker-dealer and brokerage infrastructure for stocks, ETFs, options, crypto, fixed income, 24/5 trading, and more. Our global team of 230+ members spans the USA, Canada, Japan, and beyond, fostering a vibrant community.
Define Canonical's security risk management standards and playbooks
Analyse and improve Canonical's security risk practices
Evaluate, select and implement new security requirements, tools and practices
Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects, they recruit on a global basis and set a very high standard for people joining the company.