Source Job

• Reproduce, assess, and document vulnerabilities, perform variant hunting, and contribute to exploitability research on security issues reported in GitLab’s products and services.
• Support and consult with product and development teams on effective vulnerability remediation and mitigation. Independently validate vulnerability fixes prior to release.
• Contribute to clear and actionable documentation that explains vulnerability impact, risk, and remediation guidance for technical and non-technical audiences, helping to scale PSIRT knowledge and practices across GitLab.

GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Their high-performance culture is driven by their values and continuous knowledge exchange, enabling their team members to reach their full potential while collaborating with industry leaders to solve complex problems.

• Implement secure software development practices and champion them across the entire development lifecycle.
• Collaborate with cross-functional teams to define software requirements, system architecture, and hardware/software integration.
• Conduct vulnerability analyses, security code reviews, and risk assessments to identify and mitigate potential security issues.

This position is posted by Jobgether on behalf of a partner company; they use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly.

Seeking an experienced software engineer with a strong background in low-level drive the integration of chassis hardware and software to deliver reliable, secure embedded solutions. Develop and maintain software framework for repeatedly configuring and deploying linux operating systems for enterprise systems. Create systems ensuring reliable and secure field updates for all software components.

At Two Six Technologies, we build, deploy, and implement innovative products that solve the world’s most complex challenges today.

• Design and drive security solutions across product and internal applications
• Conduct threat modeling for existing systems and new product initiatives
• Partner with engineering teams to embed security into development and delivery workflows

Shakepay is reimagining financial services to give every Canadian their fair shake by making buying and earning bitcoin fast, easy, and secure. Since 2015, more than one million Canadians use Shakepay to grow their bitcoin savings; they are regulated across all Canadian provinces and territories, and backed by renowned venture capitalists with a funding of $44M.

• Partner with engineering and product teams to design and build secure systems.
• Lead threat modeling, code reviews, and vulnerability assessments to identify and mitigate risks.
• Define and evolve secure development practices, including tooling, automation, and developer education.

Uniswap Labs is committed to diversity in our workforce and is proud to be an Equal Opportunity Employer (EEO).

• Implement and maintain security measures to protect the organization's information assets and infrastructure.
• Support product and development teams on application security challenges, including threat modeling and architecture reviews.
• Support security incident response, perform root cause analysis, and drive remediation strategies.

insightsoftware is a global provider of comprehensive solutions for the Office of the CFO, transforming how teams operate and empowering leaders.

• Optimize Ubuntu for new silicon technologies, such as hardware accelerators and AI stacks.
• Debug issues on open source code and assist customers in integrating their apps and SDKs.
• Maintain Ubuntu, silicon features, and silicon-optimized packages across various platforms and technologies.

Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets.

• Responsible for designing and implementing security best practices at each stage of the system development lifecycle.
• Works in partnership with cross-functional teams to act as a security subject matter expert, while supporting and advancing the security of ConnectWise applications.
• Conducts security assessments, threat modeling, and vulnerability reporting and develops security architecture patterns for implementing new solutions and products.

ConnectWise is a community-driven software company dedicated to the success of technology solution providers, with a suite that helps over 45,000 of their partners manage their businesses better. The company has over 3,000 colleagues in North America, EMEA and APAC and has an inclusive and positive culture.

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices

Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects, they recruit on a global basis and set a very high standard for people joining the company.

• Engineer layered security solutions across complex systems.
• Protect digital assets and develop security tools.
• Mitigate security risks and safeguard infrastructure.

Asymmetric Research is a boutique security venture focused on deep partnerships with L1/L2 blockchains and DeFi protocols in an effort to keep them safe.

Design and build security controls across the stack. Drive deployment of security enhancements and policy changes across multi-region infrastructure. Automate detection, prevention, and response with guardrails and paved paths.

1mind is a platform that deploys multimodal Superhumans for revenue teams, combining a face, a voice, and a GTM brain equipped with deep knowledge.

Lead a team of engineers building Software Supply Chain Security features with a focus on CI job artifact security. Guide the design and implementation of SLSA (Supply-chain Levels for Software Artifacts) compliance within GitLab CI/CD pipelines. Collaborate with Product Managers to define, prioritize, and deliver the roadmap for supply chain security capabilities.

GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations.

• Design and implement scalable infrastructure supporting HIPAA, SOC 2, and ISO 27001 compliance.
• Create self-service security tools integrating with developer workflows (GitLab CI/CD, Terraform).
• Lead threat modeling and security architecture reviews for new products and services.

Maven is the world's largest virtual clinic for women and families on a mission to make healthcare work for all of us.

In this role, you’ll be at the intersection of security, automation, and distributed systems. You’ll take ownership of hardening complex hybrid environments from bare-metal validators to multi-cloud clusters ensuring our systems are both fast and fortress-strong. You’ll join a distributed, high-performing Blockchain DevOps team that values ownership, transparency, and innovation.

Figment powers the future of Web3 through industry-leading blockchain infrastructure as the leading provider of staking solutions.

This role is pivotal in securing desktop and mobile applications across complex environments, implementing best-in-class security practices and ensuring resilience against emerging threats. Involves hands-on work with secure coding, cryptography, authentication protocols, and OS-level hardening techniques while contributing to vulnerability remediation, incident response, and embedding security into the software development lifecycle. Shape the security posture of high-impact applications by guiding cross-functional teams on secure development standards.

Jobgether is a Talent Matching Platform that partners with companies worldwide to efficiently connect top talent with the right opportunities through AI-driven job matching.

• Partner with Product teams to ensure that products are designed, built, and operated securely.
• Conduct threat modeling activities with Product teams to ensure product threats are understood, documented, and mitigated.
• Review and analyze product source code to identify security vulnerabilities and providing recommendations for secure implementation.

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm is a remote-first company and offers competitive benefits anchored to their core value of people come first.

• Protecting data, products, and infrastructure against security threats.
• Meeting security and compliance services such as vulnerability management, security updates and upgrades, and intrusion response.
• Staying current with the latest Information Security trends and news.

Bounteous is a premier end-to-end digital transformation consultancy dedicated to partnering with ambitious brands to create digital solutions.

• Establish and execute a vision and strategy for Product Security, AppSec, and Privacy Engineering across all product lines.
• Define and enforce Security and Privacy standards and policies within the Software Development Lifecycle (SDLC) and CI/CD pipelines.
• Drive incident response and vulnerability management processes for all product-related issues.

Flock Safety is the leading safety technology platform, helping communities thrive by taking a proactive approach to crime prevention and security.

• Mentor product engineering teams, providing them with security knowledge, support, and guidance.
• Perform security reviews and assessments, ensuring products and features are secure by default.
• Lead security projects from inception through to completion, advocating for security best practices.

WorkOS builds tools and services for developers to help them implement authentication, identity, authorization, and overall enterprise readiness.

• Design and drive a security research program focused on identifying emerging threats and innovative defensive techniques.
• Drive original research into product, application, and ecosystem-level vulnerabilities, publishing findings responsibly.
• Partner with Product, Marketing, Engineering, and other teams by providing technical insights and evidence-based recommendations.

1Password is a cybersecurity company building the foundation for a safe, productive digital future. They have over 180,000 businesses trusting their products and boast a culture that prioritizes collaboration, transparent communication, and receptiveness to feedback.