Lead the security research function by defining methodologies and best practices for identifying cloud and application security threats.
Conduct advanced vulnerability research and collaborate with engineering teams to translate findings into product features.
Publish high-quality technical content and establish thought leadership in the cybersecurity community.
The company is a cybersecurity vendor that develops AI-powered security solutions. It is a fast-growing, remote-first organization with a collaborative culture emphasizing technical excellence and continuous learning.
Partner with engineering, product, and DevOps teams to integrate security practices throughout the SDLC, focusing on cloud-native environments and automated pipelines.
Design, implement, and maintain security tooling and gates within CI/CD pipelines covering SAST, DAST, SCA, secrets detection, and container scanning.
Lead threat modeling, conduct application security assessments including code review and manual penetration testing, and triage bug bounty reports.
Hyland is the pioneer of the Content Innovation Cloud, delivering ubiquitous enterprise intelligence to organizations. With a team of nearly 4,000 employees, the company fosters an employee-centric culture focused on community impact and innovation.
Design and ship scalable security solutions to bridge the gap between security and engineering teams.
Build cooperative partnerships with product and engineering teams to integrate robust security capabilities at scale.
Drive security risk reduction through technical leadership, security reviews, and mentorship across engineering teams.
Twilio is a communications platform that delivers innovative solutions to hundreds of thousands of businesses and empowers millions of developers worldwide to craft personalized customer experiences. The company has a remote-first work culture with a strong focus on connection, global inclusion, and diverse experiences, making a global impact each day.
Triage, validate, and remediate security vulnerabilities across products, infrastructure, and internal systems.
Develop, maintain, and contribute to internal and open-source security tooling, writing production-grade code.
Improve secure development practices through code reviews, threat modeling, and security design reviews.
Tiger Data provides the fastest PostgreSQL platform for transactional, analytical, and agentic workloads. With over 2,000 customers and 3 million active databases, it is a remote-first team backed by $180 million in funding.
Lead security strategy and develop scalable practices to protect systems, products, and customers.
Partner with engineering teams to improve resilience, reduce risk, and embed security into development.
Manage security incidents, evaluate emerging technologies, and build a high-performing security team.
The company is a fast-growing technology firm focused on innovation and engineering excellence. It operates with a distributed international team and emphasizes trust, autonomy, and ownership.
Lead a specialized team of security engineers focused on application, cloud, and AI system security.
Champion shift-left security practices including threat modeling, secure code review, and developer training.
Define cloud security standards and enforce security for AI systems including LLM-based agents.
Acquia empowers ambitious brands to create digital customer experiences using open source Drupal. Headquartered in Boston, MA, it is a Great Place to Work-Certified company and among the world's top software companies.
Lead implementation and maintenance of enterprise cybersecurity programs across cloud and corporate environments.
Manage compliance initiatives aligned with frameworks such as NYDFS Cybersecurity Regulation 500 and ISO 27001.
Conduct vulnerability assessments, coordinate penetration testing, and drive timely remediation of identified risks.
Jobgether is an AI-powered job matching platform that connects candidates with hiring companies. They operate with a remote team and use technology to streamline the application process.
Secure AI systems and use AI to scale security, conducting security reviews and threat modeling of AI-integrated product features.
Deliver end-to-end application security reviews for high-risk features, working directly with engineering teams to surface and close risk.
Advance CI/CD pipeline security by operating and evolving security scanning controls in GitLab pipelines.
Smartsheet empowers teams to manage work and scale solutions by uniting human teams with AI agents. They are a large company with over 20 years of experience, fostering a culture where ideas are heard and contributions have real impact.
Design and implement security solutions across AWS, Azure, Google Cloud Platform, and Oracle Cloud Infrastructure.
Manage cloud security automation, IAM, compliance frameworks, and vulnerability remediation.
Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines.
This partner company manages applications and next steps for hiring clients. It is a mission-driven technology organization offering collaborative opportunities with AI-powered learning tools and internal development resources.
United StatesCanadaDominican Republic
Unlimited PTO
Lead application and product security across Forward-built, third-party, and AI-built software.
Evolve the pentest program and proactively build AI solutions within the appsec function.
Own remediation workflows and partner with teams to build controls for external exposure.
Forward Financing is a financial technology company that unlocks capital for small businesses across America. They are a recognized Best Place to Work with a remote-first culture and team members across the US, Canada, and Dominican Republic.
Jobgether uses an AI-powered matching process to connect candidates with hiring companies quickly and objectively. They are a remote-first, globally distributed company with an inclusive engineering culture.
Architect, design, and implement end-to-end security solutions including firewalls, intrusion detection, and cloud security controls.
Collaborate with DevOps to integrate security into CI/CD pipelines and automate secure deployments.
Conduct regular security assessments, threat modeling, and architecture reviews to identify risks and design mitigations.
Figure is transforming capital markets through blockchain, powering real products used by hundreds of thousands of consumers and institutions. With over 170 partners and $22 billion in home equity loans originated, Figure is the largest non-bank provider of home equity financing in the U.S., recognized as one of Forbes' Most Innovative Fintech Startups in 2025.
Owns product, cloud, engineering, vendor, AI-tooling, and compliance security functions.
Builds practical guardrails for AI tools, agents, MCPs, data leakage, and automation.
Understands OWASP, IAM, secrets, cloud security, vulnerability management, CI/CD, incident response, and frameworks like SOC 2, ISO 27001, GDPR, or HIPAA.
PlayPower Labs is a company focused on building practical security functions without slowing down teams. The organization values security sharpness, usefulness, and a product-minded approach, with a culture that balances protection and agility.
Partner with Product and Engineering teams to integrate security into application design and development, leading threat modeling and secure code reviews.
Develop and implement automated security guardrails across the SDLC, investigate and prioritize application security findings.
Promote secure coding practices through training and coaching, and create security standards and procedures that scale across teams.
Quanata is an insurance technology innovation company that engineers advanced risk prediction and prevention solutions and builds a full-stack, flexible, digital & increasingly AI-native insurance platform. We are a remote-first company wholly owned and funded by State Farm, with a culture that prioritizes inclusivity and positive collaboration.
Strengthen company-wide security posture through hands-on engineering, collaboration, and pragmatic standards, focusing on application security, cloud and infrastructure security, and secure development practices.
Define and implement scalable security standards supporting SOC 2 readiness through practical, automated, and auditable solutions, partnering with Engineering, Infrastructure, IT, Product, Legal, and other teams.
Build and maintain internal security tools, automation, and services that support secure development, compliance workflows, vulnerability management, and operational visibility.
Later is the world’s most intelligent influencer marketing company, built to give brands the confidence to create unforgettable campaigns by combining real creator relationships, trusted intelligence, and expert guidance. Trusted by leading enterprise brands including Nike, Wayfair, Unilever, and Southwest Airlines, Later bridges creativity and performance so campaigns deliver results.
Support the day-to-day security posture of systems across cloud and on-prem environments, including vulnerability management and remediation tracking.
Partner with infrastructure, platform, and engineering teams on secure configuration, access control, logging, and incident readiness.
Support compliance activities related to GovRAMP, FedRAMP, PCI DSS, and internal reviews using AWS security tooling.
Grant Street Group is a growing company that provides SaaS products for electronic payments, auctions, and tax collection. The company fosters a culture of teamwork, professional excellence, and individual responsibility in a technology-rich remote environment.
Conduct threat modelling reviews of Technical Design Documents (TDDs) and provide actionable security recommendations early in the design process.
Perform application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept development.
Investigate, triage, and respond to Bug Bounty program submissions, validating findings and driving timely remediation with engineering teams.
MoonPay is a unified payments platform for digital currency. Trusted by over 30 million customers and over 500 ecosystem partners, the company is committed to building a fairer, more open financial system with a culture of accountability and inclusivity.
Lead the direction for detecting and responding to AI threats using creative solutions.
Collaborate cross-functionally with engineering, IT, legal, and product teams.
Manage globally distributed security teams with a focus on data and execution.
Gainsight is the AI-powered retention engine behind the world's most customer-centric companies. With over 2,000 customers and a culture focused on collaboration and human-first values, we offer stability and support for our team.
Conduct security reviews and penetration tests across Brave products including the browser and search engine.
Triaging and fixing security reports, and designing secure code in C++ and other languages.
Work asynchronously with a geographically-distributed team to secure AWS infrastructure and web security models.
Brave builds a privacy-focused web browser that blocks trackers and ads, a private search engine, a crypto wallet, and an opt-in private ad network. With over 110 million monthly active users and a small, distributed team, Brave is dedicated to protecting user privacy and challenging Big Tech.
Conduct application security reviews including threat modeling, code review, and risk assessment for new features.
Perform and improve SAST/DAST operations, triage, validation, and remediation tracking in CI/CD pipelines.
Apply and improve AI security review processes for LLM-integrated features and agentic attack surfaces.
Monarch is a powerful, all-in-one personal finance platform designed to simplify money management. They are a fully remote team of do-ers led by experienced entrepreneurs, passionate about building a product people love.