Source Job

• Partner with engineering and product teams to design and build secure systems.
• Lead threat modeling, code reviews, and vulnerability assessments to identify and mitigate risks.
• Define and evolve secure development practices, including tooling, automation, and developer education.

Uniswap Labs is committed to diversity in our workforce and is proud to be an Equal Opportunity Employer (EEO).

• Implement and maintain security measures to protect the organization's information assets and infrastructure.
• Support product and development teams on application security challenges, including threat modeling and architecture reviews.
• Support security incident response, perform root cause analysis, and drive remediation strategies.

insightsoftware is a global provider of comprehensive solutions for the Office of the CFO, transforming how teams operate and empowering leaders.

• Provide security guidance on all new and existing products.
• Perform regular product security assessments.
• Triage and escalate security issues.

WorkOS is a developer platform that helps make apps enterprise-ready, building tools and services for developers.

• Implement secure software development practices and champion them across the entire development lifecycle.
• Collaborate with cross-functional teams to define software requirements, system architecture, and hardware/software integration.
• Conduct vulnerability analyses, security code reviews, and risk assessments to identify and mitigate potential security issues.

This position is posted by Jobgether on behalf of a partner company; they use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly.

• Partner with Product teams to ensure that products are designed, built, and operated securely.
• Conduct threat modeling activities with Product teams to ensure product threats are understood, documented, and mitigated.
• Review and analyze product source code to identify security vulnerabilities and providing recommendations for secure implementation.

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm is a remote-first company and offers competitive benefits anchored to their core value of people come first.

• Design and implement scalable infrastructure supporting HIPAA, SOC 2, and ISO 27001 compliance.
• Create self-service security tools integrating with developer workflows (GitLab CI/CD, Terraform).
• Lead threat modeling and security architecture reviews for new products and services.

Maven is the world's largest virtual clinic for women and families on a mission to make healthcare work for all of us.

• Protecting data, products, and infrastructure against security threats.
• Meeting security and compliance services such as vulnerability management, security updates and upgrades, and intrusion response.
• Staying current with the latest Information Security trends and news.

Bounteous is a premier end-to-end digital transformation consultancy dedicated to partnering with ambitious brands to create digital solutions.

• Design and implement security solutions across enterprise platforms and cloud environments.
• Perform threat modeling and security risk assessments for new features and platforms.
• Partner with product teams to embed security requirements early in the SDLC.

Experian is a global data and technology company, powering opportunities for people and businesses around the world. As a FTSE 100 Index company listed on the London Stock Exchange, they have a team of 22,500 people across 32 countries and are committed to investing in their people.

• Establish and execute a vision and strategy for Product Security, AppSec, and Privacy Engineering across all product lines.
• Define and enforce Security and Privacy standards and policies within the Software Development Lifecycle (SDLC) and CI/CD pipelines.
• Drive incident response and vulnerability management processes for all product-related issues.

Flock Safety is the leading safety technology platform, helping communities thrive by taking a proactive approach to crime prevention and security.

This role is pivotal in securing desktop and mobile applications across complex environments, implementing best-in-class security practices and ensuring resilience against emerging threats. Involves hands-on work with secure coding, cryptography, authentication protocols, and OS-level hardening techniques while contributing to vulnerability remediation, incident response, and embedding security into the software development lifecycle. Shape the security posture of high-impact applications by guiding cross-functional teams on secure development standards.

Jobgether is a Talent Matching Platform that partners with companies worldwide to efficiently connect top talent with the right opportunities through AI-driven job matching.

• Hardening of cloud based infrastructure.
• Creating/maintaining Vulnerability Management program.
• Implementation of security controls.

TrueAccord, a wholly owned subsidiary of TrueML, is a category-defining company combining machine learning with a human-based approach to transform debt resolution.

Embed security practices across the SDLC, working with engineering teams. Contribute to the automation and continuous improvement of our SaaS Application Security program. Review architectures, designs, and code to identify risks and recommend secure patterns.

Veeam provides data resilience through data backup, data recovery, data portability, data security, and data intelligence, protecting over 550,000 customers worldwide.

• Reproduce, assess, and document vulnerabilities, perform variant hunting, and contribute to exploitability research on security issues reported in GitLab’s products and services.
• Support and consult with product and development teams on effective vulnerability remediation and mitigation. Independently validate vulnerability fixes prior to release.
• Contribute to clear and actionable documentation that explains vulnerability impact, risk, and remediation guidance for technical and non-technical audiences, helping to scale PSIRT knowledge and practices across GitLab.

GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Their high-performance culture is driven by their values and continuous knowledge exchange, enabling their team members to reach their full potential while collaborating with industry leaders to solve complex problems.

• Mentor product engineering teams, providing them with security knowledge, support, and guidance.
• Perform security reviews and assessments, ensuring products and features are secure by default.
• Lead security projects from inception through to completion, advocating for security best practices.

WorkOS builds tools and services for developers to help them implement authentication, identity, authorization, and overall enterprise readiness.

• Lead go-to-market strategy for advanced application security solutions.
• Shape messaging, positioning, and enablement for enterprise customers.
• Translate complex security capabilities into compelling value propositions, influencing revenue growth and customer adoption.

This position is posted by Jobgether on behalf of a partner company.

• Lead secure design reviews and threat modeling for AI-driven products.
• Build and maintain security automation and governance frameworks.
• Drive software supply chain security and vulnerability reduction.

AlphaSense empowers companies to make smarter decisions by providing market intelligence and search functionality driven by AI. With over 2,000 employees globally and offices in multiple countries, they foster a collaborative and innovative environment.

• Define, implement, and document new security features.
• Analyze, fix, and test vulnerabilities in open source software.
• Audit and analyze source code for vulnerabilities.

Canonical is a pioneering tech firm at the forefront of the global move to open source and publishes Ubuntu.

• Lead and mentor the app security team, fostering a culture of security awareness and continuous improvement across the organization.
• Oversee the day-to-day security operations, including monitoring, threat detection, incident response, and vulnerability management.
• Maintain an application security risk management framework, identifying, analyzing, and treating risks.

TrueML is a mission-driven financial software company that aims to create better customer experiences for distressed borrowers. The TrueML team includes inspired data scientists, financial services industry experts, and customer experience fanatics who are building technology to serve people in a way that recognizes their unique needs and preferences as human beings and endeavors to ensure nobody gets locked out of the financial system.

• Lead the design and implementation of secure architectures for Built’s applications, services, and AI/ML initiatives.
• Embed security throughout the development lifecycle by partnering with engineering teams on threat modeling, secure coding best practices, and design reviews.
• Perform internal penetration testing of applications, networks, and features to uncover weaknesses before attackers do.

Built is an AI-powered platform transforming how real estate is financed, developed, and managed. They started by fixing construction draw management for lenders and have grown into a comprehensive operating system. Built brings together passionate people who are driven in a variety of disciplines, each bringing their unique perspective to everything they do.

As an Application Security Engineer (ASE) you will curate and manage the incoming security vulnerability submissions to some of the world’s biggest companies’ bug bounty programs.You will be exposed to the Internet’s best security researchers and their cutting-edge security testing methodologies. ASEs need to have strong knowledge of OWASP Top Ten type vulnerabilities.

Bugcrowd empowers organizations to take back control and stay ahead of threat actors with their Security Knowledge Platform™.