Source Job

• Own detection, response, and cloud security at PostHog.
• Take the reins of our security operations, build out our detection pipelines, and ensure that when something goes bump in the night, we have the observability to know exactly what happened.
• Shape the security team, culture and tooling for a high-growth, open-source company.

PostHog is shipping every product that companies need to run their business from their first day, to the day they IPO, and beyond. They are the operating system for folks who build software. They've raised more than $100m from some of the world's top investors and are set up for a long, ambitious journey.

• Support the OLX Security Operations Center (SOC) by assisting with the incident response and its lifecycle.
• Contribute to incident response training for the organization.
• Participate in improving our threat intelligence system.

OLX builds marketplace sustainable ecosystems that millions of people depend on every month to buy and sell cars, find homes, land jobs, and trade secondhand goods. They foster a culture that's ambitious, fast-moving, and built on trust, with over 50 nationalities and 8+ markets.

• Manage and optimize security tools such as email security, DLP, SIEM, IDS/IPS, EDR, threat intelligence platforms, and other tooling
• Design and implement AI-enabled workflows to scale enterprise security and threat operations
• Monitor and manage security alerts and incidents, analyze data, and respond to security events

Valon is building the AI-native operating system for regulated finance, starting with mortgage servicing. They are a Series C company backed by a16z, transforming industries that others have written off as too complex to innovate.

• Perform infrastructure security reviews across cloud services, network design, IAM, and platform components.
• Design and build internal security services, APIs, and tools that automate infrastructure vulnerability detection, triage, reporting, and remediation.
• Develop security automation that integrates with CI/CD, cloud control planes, and developer workflows to shift detection and remediation earlier in the lifecycle.

Webflow is building the world’s leading AI-native Digital Experience Platform as a remote-first company. They empower teams to design, launch, and optimize for the web without barriers, from entrepreneurs to global enterprises, and believe the future of the web, and work, is more open, more creative, and more equitable.

• Build and operationalize a fintech-grade SOC function
• Own incident response end-to-end
• Build and scale the SecOps team

OpenFX processes billions of dollars in transaction volume every month across global corridors. Their backend systems power pricing, routing, settlement, reconciliation, compliance, and risk.

• Leading incident response initiatives and conduct thorough cybersecurity investigations.
• Enhancing security program by refining processes and optimizing tooling.
• Designing and implementing advanced threat detection and mitigation strategies.

Docplanner empowers patients by giving them access to leave and read reviews about their visits and provides doctors with technology to manage bookings easily and save time. They employ over 2,500 people globally and have a startup-mindset.

• Play a pivotal role in shaping the architecture, strategic direction and maturity of Canva’s Detection and Response capabilities.
• Deliver innovative and scalable security solutions yourself as an individual, and also as a mentor of other security builders.
• Evangelise and lead the adoption and integration of GenAI Workflows to raise the efficiency and scalability of the Detection and Response team’s operations.

Canva is a design platform redefining how the world experiences design. They have campuses in Sydney and Melbourne, and co-working spaces in Brisbane, Perth and Adelaide, with a flexible and fun culture that incorporates empathy, humility, and generosity.

• Actively partner on the Cloud Security strategy and implementation.
• Evolve and expand our current Cloud Security posture across multiple platforms.
• Recommend and validate Security controls and improvements across our infrastructure stack

Circle is a global financial technology firm building the foundation for a more open financial system through digital assets, payment applications, and blockchain infrastructure. They value their employees and foster a culture of collaboration and excellence, with a flexible work enviornment.

• Lead security architecture and design reviews across applications, infrastructure, and integrations.
• Conduct and coordinate penetration testing, threat modeling, and security reviews.
• Design and implement security automation within CI/CD pipelines.

Assured modernizes insurance by providing software solutions to large insurers that help them win in a technology-driven world. Their products include self-service claim-filing software to backend fraud detection and are dynamic, collaborative, and rewarding.

• Lead Application Security testing projects and drive remediation of identified vulnerabilities.
• Design and run adversarial testing campaigns across the full Buildkite environment.
• Build automation for both AppSec and adversarial testing workflows.

Buildkite's mission is to unblock every developer on the planet with their CI/CD platform. They are a remote-first company since 2013 with a small team, high standards, and real ownership distributed across 60+ cities, built around async communication and genuine autonomy.

• Partner with engineering to drive technical implementation of controls throughout the product and infrastructure
• Design, implement, and continuously improve security controls across AWS infrastructure and application architecture
• Enhance and tune monitoring and detection capabilities in support of customer security and incident response capabilities

AlertMedia helps organizations protect their people and businesses through all phases of an emergency. Their award-winning threat intelligence, emergency communication, and travel risk management solutions help companies of all sizes identify, respond to, and recover from critical events faster and more confidently. They support essential communication for thousands of leading businesses in more than 150 countries.

• Perform systems administration and maintenance including patching, vulnerability scanning and remediation for cloud workloads.
• Support multi‑cloud environments (AWS, Azure, GCP), including Windows and Linux EC2 instances and container workloads.
• Configure, update, and maintain security tools for endpoint protection, log collection, vulnerability scanning, and compliance monitoring.

Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation. With over 50 years of experience, they foster a collaborative, innovative, and mission-driven environment.

• Help scale NerdWallet’s application security program through automation, tooling, and developer enablement.
• Partner with engineering and product teams to identify and remediate security gaps across multiple systems while balancing business priorities.
• Build tools, processes, and automation that improve security posture visibility for engineers and leadership.

NerdWallet aims to bring clarity to life's financial decisions with a team of exceptional Nerds. They foster an inclusive, flexible, and candid culture where employees are empowered to grow and take risks, supporting well-being and development whether working remotely or in-office.

• Build proactive security automation aimed at decreasing manual remediation work.
• Research new and novel ways to accomplish security work and publish your findings on our blog.
• Participate in a monthly security on-call rotation for critical escalations.

Automox is a cloud-native IT operations platform that helps modern organizations keep every endpoint automatically configured, patched, and secured – anywhere in the world. They are trusted by more than 2,500 leading companies and MSPs worldwide and value a ‘one team’ mentality where everyone’s unique skills contribute to an environment that encourages collaboration and ownership.

• Identify and respond to security incidents on a global scale.
• Act as an incident commander to drive incidents through the entire response lifecycle.
• Conduct threat hunting activities, anticipate future threats, and maintain forward-thinking strategies for tools/technology/processes that combat sophisticated threat actors.

Mozilla Corporation is a non-profit-backed technology company that has shaped the internet for the better over the last 25 years. With more than 225 million people around the world using their products each month, they’re shaping the next 25 years of technology and helping to reclaim an internet built for people, not companies.

• Define the security operations roadmap by designing and implementing long term strategies.
• Improve and maintain processes, tooling, documentation, and training to mature and enhance cybersecurity incident response.
• Design, implement, and maintain security events monitoring systems.

Docplanner Tech is a diverse group of over 400 people working in Engineering, Data, and Product teams, responsible for building the product for all locations. They are leaders in 13 countries, with over 2,500 employees globally, and are backed by leading venture capital funds such as Point Nine Capital and Goldman Sachs Asset Management.

• Working cross functionally to design, build, and operate solutions that continuously improve and automate our security capabilities
• Leveraging data to understand trends, metrics, and opportunities to improve our security posture and then helping execute on those opportunities with stakeholders
• Leading and enhancing incident / issues response efforts, spearheading analysis, containment, and mitigation strategies in a cross-functional environment to ensure effective resolution and remediation of security incidents / issues

Aledade, a public benefit corporation, empowers independent primary care practices. Founded in 2014, they've become the largest network of independent primary care in the country with a collaborative, inclusive and remote-first culture.

• Serve as trusted advisor as part of the security division’s leadership team, actively shaping the program direction.
• Build and mature incident response runbooks, procedures, and capabilities.
• Foster a defense first mindset through actionable incident retrospective mitigations to close defense gaps, making GitLab a hard target for attackers.

GitLab is the intelligent orchestration platform for DevSecOps. They enable organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. GitLab values a high-performance culture driven by values and continuous knowledge exchange.

• Assist in designing and maintaining secure infrastructure on EKS in our multi-cloud environment (AWS) using Infrastructure as Code (Terraform).
• Write code (Python, Go, or Bash) to automate manual tasks, threat detection, and vulnerability management processes.
• Integrate security tools (SAST, DAST, SCA) into our CI/CD pipelines, ensuring developers receive fast, actionable feedback on their code.

Smartsheet helps people and teams achieve anything with seamless work management and scalable solutions. They empower teams to automate the manual, uncover insights, and scale smarter, creating space for impactful work. The company values diverse perspectives and supports employee growth.

• Refine the cloud environment, pruning back the excess to curate a purpose-led, repeatable, and reliable security space.
• Translate security intent into a smooth operational reality, ensuring controls work beautifully at scale with clarity and predictability.
• Design and shape the team's operations for years to come, leaving a lasting legacy.

Who Gives A Crap is a leading eco-friendly household essentials business that donates 50% of its profits to help everyone gain access to clean water and a toilet. With 250+ people across Australia, the UK, the Philippines, China, and the US, they aim to make the biggest possible impact for people and the planet.