Define and drive the strategic roadmap for proactive security vulnerability analysis.
Establish the technical vision and program for integrating robust security controls at every stage of the SDLC.
Lead collaborative and cross-functional threat modeling initiatives for core systems, new features, and evolving services.
Modern Health is a mental health benefits platform for employers, offering access to resources for emotional, professional, social, financial, and physical well-being. They are a fully remote workforce known for their culture centered around empathy and accountability, with a drive to win.
Integrate security activities across all SDLC phases: requirements, design, implementation, testing, deployment, and maintenance.
Run threat modeling sessions (e.g. STRIDE) for new and existing systems; identify threats, attack paths, misconfigurations, and insecure design patterns.
Perform security-focused code reviews to identify vulnerabilities and risky implementations; provide clear, actionable guidance on secure coding patterns and best practices.
Infiterra's B2B SaaS platform helps IT Distributors and Managed Service Providers (MSPs) automate and grow their subscription business. With 100+ customers in 75 countries, they're recognized for innovation and global impact. Infiterra fosters a collaborative and growth-oriented culture, allowing you to be part of a dynamic, forward-thinking team.
Analyze and assess security issues via design reviews, code audits, and penetration tests.
Design and build security tools, and develop mitigations and hardening strategies.
Review and develop secure operational practices, and provide security guidance for engineers.
Aptos Labs is building a people-first blockchain that aims to provide universal and fair access to decentralized assets in a safe and scalable way. Founded by original creators/maintainers of the Diem blockchain, they value diversity and are an Equal Opportunity Employer.
Embed security into Firefox, Mozilla VPN, and other mission-critical products.
Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation.
Partner with engineers to integrate security throughout the software development lifecycle as a core design principle.
Mozilla Corporation shapes the internet for the better and makes privacy-minded brands like Firefox. They have over 225 million people around the world using their products each month and are focused on making the internet better for people.
Responsible for designing and implementing security best practices at each stage of the system development lifecycle.
Works in partnership with cross-functional teams to act as a security subject matter expert, while supporting and advancing the security of ConnectWise applications.
Conducts security assessments, threat modeling, and vulnerability reporting and develops security architecture patterns for implementing new solutions and products.
ConnectWise is a community-driven software company dedicated to the success of technology solution providers, with a suite that helps over 45,000 of their partners manage their businesses better. The company has over 3,000 colleagues in North America, EMEA and APAC and has an inclusive and positive culture.
Reproduce, assess, and document vulnerabilities, perform variant hunting, and contribute to exploitability research on security issues reported in GitLab’s products and services.
Support and consult with product and development teams on effective vulnerability remediation and mitigation. Independently validate vulnerability fixes prior to release.
Contribute to clear and actionable documentation that explains vulnerability impact, risk, and remediation guidance for technical and non-technical audiences, helping to scale PSIRT knowledge and practices across GitLab.
GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Their high-performance culture is driven by their values and continuous knowledge exchange, enabling their team members to reach their full potential while collaborating with industry leaders to solve complex problems.
Partner with Product teams to ensure that products are designed, built, and operated securely.
Conduct threat modeling activities with Product teams to ensure product threats are understood, documented, and mitigated.
Review and analyze product source code to identify security vulnerabilities and providing recommendations for secure implementation.
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm is a remote-first company and offers competitive benefits anchored to their core value of people come first.
Lead the design and implementation of secure architectures for Built’s applications, services, and AI/ML initiatives.
Embed security throughout the development lifecycle by partnering with engineering teams on threat modeling, secure coding best practices, and design reviews.
Perform internal penetration testing of applications, networks, and features to uncover weaknesses before attackers do.
Built is an AI-powered platform transforming how real estate is financed, developed, and managed. They started by fixing construction draw management for lenders and have grown into a comprehensive operating system. Built brings together passionate people who are driven in a variety of disciplines, each bringing their unique perspective to everything they do.
Design and implement resiliency across our cloud platform and CI/CD pipelines.
Embed “security as code” and help lead incident response for high-severity outages.
Partner with engineering teams to enable safe, fast delivery at scale.
Alpaca is a US-headquartered self-clearing broker-dealer and brokerage infrastructure for stocks, ETFs, options, crypto, fixed income, 24/5 trading, and more. Our global team of 230+ members spans the USA, Canada, Japan, and beyond, fostering a vibrant community.
Lead secure design reviews and threat modeling for AI-driven products.
Build and maintain security automation and governance frameworks.
Drive software supply chain security and vulnerability reduction.
AlphaSense empowers companies to make smarter decisions by providing market intelligence and search functionality driven by AI. With over 2,000 employees globally and offices in multiple countries, they foster a collaborative and innovative environment.
Conduct regular security assessments, vulnerability scanning, and penetration testing of Veeam products and services
Work with development teams to integrate secure development practices into the software development lifecycle
Collaborate on the design and implementation of security within public cloud environments
Veeam is the #1 global market leader in data resilience, believing businesses should control all their data whenever and wherever they need it. Based in Seattle, Veeam protects over 550,000 customers worldwide who trust Veeam to keep their businesses running.
Lead the end-to-end software supply chain security architecture for GitLab’s CI/CD platform.
Drive cross-team technical strategy and decisions across our Software Supply Chain Security (SSCS) stage teams.
Teach, mentor, and coach Staff Engineers and individual contributors.
GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world.
Design and implement security solutions across enterprise platforms and cloud environments.
Perform threat modeling and security risk assessments for new features and platforms.
Partner with product teams to embed security requirements early in the SDLC.
Experian is a global data and technology company, powering opportunities for people and businesses around the world. As a FTSE 100 Index company listed on the London Stock Exchange, they have a team of 22,500 people across 32 countries and are committed to investing in their people.
Work on integrating the XBOW product with customer environments
Lead self-hosted product deployments, support and upgrades
XBOW is redefining the future of cybersecurity by building the world's first autonomous pentester, powered by AI. Backed by Sequoia Capital and Altimeter, and a team that includes the creators of GitHub Copilot and GitHub Advanced Security, XBOW is shaping the future of cybersecurity.
Serve as the system Security Manager / ISSO for My HealtheVet and act as the primary security point of contact for internal leadership and VA stakeholders.
Drive a risk-based security approach appropriate for a FISMA High / HVA system.
Coordinate incident response activities, including investigation support, escalation, documentation, and communication with VA security operations and CISO teams.
Oddball believes that the best products are built when companies understand and value the things they are working on. They value learning and growth and the ability to make a big impact at a small company.
Architect and implement secure AWS configurations.
Embed security into CI/CD pipelines and repos using policy-as-code tools.
Conduct threat modeling sessions and risk‑driven design reviews early in development.
OnePay is an all-in-one financial platform driven by a simple mission: better money makes life better. They are backed by Walmart and Ribbit Capital, and deeply embedded with the distribution of the world’s largest omnichannel retailer.
Own the configuration, tuning, and management of our SIEM solution.
Perform architecture reviews, code reviews, and infrastructure configuration reviews.
Maintain and optimize a vulnerability management CI/CD pipeline within our container/application delivery infrastructure.
Engine is transforming business travel into something personalized, rewarding, and simple. More than 20,000 companies already rely on Engine to support over 1 million travelers and billions in annual bookings each year.
Monitor alerts and notifications from cloud services, security tools, and our SOC/MSSP partners.
Triage and analyze potential security incidents, determine severity and scope, and coordinate response and remediation.
Establish and enforce security standards, guidelines, and best practices across product, engineering, and IT.
Meshy is a leading 3D generative AI company on a mission to Unleash 3D Creativity by transforming the content creation pipeline, making it effortless for both professional artists and hobbyists to create unique 3D assets. Meshy's talent spans the globe and they are trusted by top developers.
Participate in offensive security engagements including external adversarial emulation.
Perform security audits to discover, communicate, and recommend remediation activities for vulnerabilities
ServiceNow is a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work.
Engineer and deploy clever controls so security incidents stay rare.
Lead incident response efforts and security tool deployments.
Embrace AI and automation to protect the enterprise at machine speed.
Chainguard provides a secure foundation for software development and deployment. By providing guarded open source software, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains. They value customer obsession, prioritize intentional action, and trust each other.