Help scale NerdWallet’s application security program through automation, tooling, and developer enablement.
Partner with engineering and product teams to identify and remediate security gaps across multiple systems while balancing business priorities.
Build tools, processes, and automation that improve security posture visibility for engineers and leadership.
NerdWallet aims to bring clarity to life's financial decisions with a team of exceptional Nerds. They foster an inclusive, flexible, and candid culture where employees are empowered to grow and take risks, supporting well-being and development whether working remotely or in-office.
Implementing and maintaining Application Security Testing (AST) tools to identify code and dependency vulnerabilities during the software development lifecycle.
Implementing and maintaining Application Security Posture Management (ASPM) tools to centralize findings from multiple solutions and integrate into software development processes.
Acting as the first line of support for users by helping resolve false positives, providing guidance on finding remediation, and evaluating security exception requests.
AbbVie discovers and delivers innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. They strive to have a remarkable impact on people's lives across several key therapeutic areas and products and services in their Allergan Aesthetics portfolio.
Lead Application Security testing projects and drive remediation of identified vulnerabilities.
Design and run adversarial testing campaigns across the full Buildkite environment.
Build automation for both AppSec and adversarial testing workflows.
Buildkite's mission is to unblock every developer on the planet with their CI/CD platform. They are a remote-first company since 2013 with a small team, high standards, and real ownership distributed across 60+ cities, built around async communication and genuine autonomy.
Perform infrastructure security reviews across cloud services, network design, IAM, and platform components.
Design and build internal security services, APIs, and tools that automate infrastructure vulnerability detection, triage, reporting, and remediation.
Develop security automation that integrates with CI/CD, cloud control planes, and developer workflows to shift detection and remediation earlier in the lifecycle.
Webflow is building the world’s leading AI-native Digital Experience Platform as a remote-first company. They empower teams to design, launch, and optimize for the web without barriers, from entrepreneurs to global enterprises, and believe the future of the web, and work, is more open, more creative, and more equitable.
Conducting a comprehensive threat model of our application and infrastructure layers.
Hardening our AWS infrastructure while keeping developer workflows frictionless.
Integrating security tooling into our CI/CD pipeline.
Loancrate simplifies home-buying for lenders and borrowers by building AI-native tooling to automate mortgage workflows. Since 2020, their remote team has enabled customers to power >$85 billion in new home loans and they value collaboration and open communication.
Design, implement, and manage application and cloud security tooling across AWS.
Lead the deployment and configuration of Wiz CSPM, collaborating with infrastructure and DevOps teams.
Manage secure code scanning processes, integrating SAST and DAST to identify and remediate vulnerabilities early in the SDLC.
Twin Health aims to empower people to improve and prevent chronic metabolic diseases with AI Digital Twin technology. It is recognized for innovation and culture, with recent funding to scale rapidly across the U.S. and globally.
Helping design, develop, and deliver security features, with safety and security in mind
Working with other engineering teams to ensure that they make safe and compliant architectural and implementation choices
Leading by example in code review, decision-making, and team culture — fostering transparency, empathy, and collaboration
The Wikimedia Foundation operates Wikipedia and other Wikimedia free knowledge projects with the vision of a world in which every single human can freely share in the sum of all knowledge. They are a charitable, not-for-profit organization that relies on donations with offices in San Francisco, California, USA. They value having a diverse workforce and continuously strives to maintain an inclusive and equitable workplace.
Design and implement security controls across cloud infrastructure, applications, and data systems.
Identify, assess, and mitigate security risks through threat modeling, reviews, and testing.
Build and maintain monitoring, alerting, and incident response capabilities.
BlockchainUnmasked aims to streamline cryptocurrency forensic investigations through advanced automation combined with cutting-edge solutions. They work with investigative partners to dramatically accelerate investigation times and boost success rates in interdiction, recovery, and deterrence.
Focus on automation, integrating security within the CI/CD pipeline, and DevOps toolchain.
Strong working knowledge of security fundamentals including OWASP Top10.
Experience with public cloud infrastructure (AWS or Azure) and cloud security fundamentals.
GuidePoint Security provides cybersecurity expertise, solutions, and services to help organizations make better decisions and minimize risk. They have grown to over 1,200 employees, established strategic partnerships with leading security vendors, and serve as a trusted advisor to more than 6,200 customers.
Actively partner on the Cloud Security strategy and implementation.
Evolve and expand our current Cloud Security posture across multiple platforms.
Recommend and validate Security controls and improvements across our infrastructure stack
Circle is a global financial technology firm building the foundation for a more open financial system through digital assets, payment applications, and blockchain infrastructure. They value their employees and foster a culture of collaboration and excellence, with a flexible work enviornment.
Maintain close partnerships with Engineering and Product teams.
Rula is dedicated to treating the whole person, not just the symptoms, to make mental healthcare work for everyone. They aim to create a world where mental health is no longer stigmatized, and their culture supports employees in feeling safe, seen, heard, and valued.
Design and implement security controls across cloud, infrastructure, and internal platforms
Partner with engineering to harden cloud architecture, IAM, and infrastructure
Own product security reviews for new features, services, and major architecture changes
XBOW is redefining the future of cybersecurity by building the world's first autonomous pentester, powered by AI. They are backed by Sequoia Capital and Altimeter, and a team that includes the creators of GitHub Copilot and GitHub Advanced Security.
Partner with engineering teams throughout the SDLC to embed security by design in our products.
Lead and evolve our AppSec tooling and workflows by implementing, tuning, and integrating SAST, DAST, SCA, and container/image scanning into CI/CD pipelines.
Drive vulnerability management for our applications and supply chain, including triaging and prioritizing issues, coordinating with teams on fix/mitigate/accept decisions.
Camunda is the leader in enterprise agentic automation, orchestrating complex business processes across agents, people, and systems. They were named a Visionary in the inaugural 2025 Gartner Magic Quadrant for Business Orchestration and Automation Technologies (BOAT).
Lead application security reviews and threat modeling.
Develop automated testing and mature our Secure SDLC.
Own and perform application security vulnerability management.
TRM Labs provides blockchain analytics and AI solutions to help law enforcement, national security agencies, financial institutions, and cryptocurrency businesses detect and disrupt crypto-related fraud and financial crime. They are a Series C company with $220M in funding and operate as a distributed-first company.
Secure AI-specific attack surfaces: prompt injection defenses, PII handling in LLM pipelines, model interaction data leakage
Kiefer Tech leverages over 20 years of engineering heritage from the Green Energy sector to deliver cutting-edge AI, robotics, and enterprise solutions across Greece and the EU. They build sovereign AI infrastructure that keeps data within EU borders, respect privacy, and delivers tangible business impact.
Analyze security vulnerabilities and drive remediations.
Integrate security at every stage of the SDLC.
Deploy and manage security tooling.
Modern Health is a mental health benefits platform for employers, offering access to various resources for emotional, professional, social, financial, and physical well-being. They are the fastest entirely female-founded company in the U.S. to reach Unicorn status, with a unique culture centered around high empathy and accountability.
Collaborate closely with DevOps, CI/CD engineers, and Architecture team to implement and maintain security best practices across our infrastructure.
Leverage your expertise in security architecture to help engineers build and securely operate products and services from the ground up.
Assess, design, and implement security processes and controls to meet security, compliance, and audit requirements
LastPass is a leader in password and identity management, making it easier to log into life and work. Trusted by 100,000 businesses and millions of users, LastPass combines advanced security with effortless access for individuals, families, small business owners, and enterprise professionals.
Working cross functionally to design, build, and operate solutions that continuously improve and automate our security capabilities
Leveraging data to understand trends, metrics, and opportunities to improve our security posture and then helping execute on those opportunities with stakeholders
Leading and enhancing incident / issues response efforts, spearheading analysis, containment, and mitigation strategies in a cross-functional environment to ensure effective resolution and remediation of security incidents / issues
Aledade, a public benefit corporation, empowers independent primary care practices. Founded in 2014, they've become the largest network of independent primary care in the country with a collaborative, inclusive and remote-first culture.
Design, implement, and maintain systems that secure Yelp’s AWS and Google Cloud Platform environments.
Develop and enforce data security controls to support privacy initiatives.
Manage system-level access controls and tiered access for internal digital assets.
Yelp's engineering culture values individual authenticity and encourages creative solutions. They focus on helping users, growing as engineers, and having fun in a collaborative environment.
Own the technical design and review process for security-critical systems.
Maintain mastery of technical security domains to solve complex business challenges.
Create and implement advanced tools and automation to increase security monitoring.
Garner Health aims to transform the healthcare economy, delivering high-quality and affordable care for all. They partner with employers to redesign healthcare benefits using clear incentives and data-driven insights. Garner Health is one of the fastest-growing healthcare technology companies.