Guide the design and implementation of backend features for GitLab Secret Detection in Ruby on Rails, GraphQL, and Go.
Build clean, well-tested, maintainable code that meets GitLab standards for reliability and performance.
Partner with product management and engineering peers to deliver backend capabilities that improve detection, validation, remediation, and audit trail coverage.
GitLab is the intelligent orchestration platform for DevSecOps. They enable organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. They have more than 50 million registered users and are a high-performance culture driven by their values and continuous knowledge exchange.
Design and deploy the anti-abuse controls for features.
Research, plan, and build anti-abuse architectures for products and features
Redapt Inc. is a pioneering world-class data center infrastructure integrator, technology engineering firm, and cloud services provider. They focus on delivering innovative solutions and services that power their customers' most demanding applications and enable them to extract powerful insights from data that drive true business value.
Define and drive the technical architecture for the SSCS Add-On, including backend systems for package policy enforcement, provenance generation, artifact signing, and malicious package detection.
Lead design and implementation work for Supply-chain Levels for Software Artifacts (SLSA) Level 2 and Level 3 capabilities within GitLab CI/CD.
Architect integrations with Sigstore services such as Cosign, Fulcio, and Rekor, including approaches for signing workflows, verification, and trust boundaries.
GitLab is the intelligent orchestration platform for DevSecOps. More than 50 million registered users and more than 50% of the Fortune 100 trust GitLab to ship better, more secure software faster.
Implement backend features across the Add-On's supply chain security product, including package policy integrations, ingestion pipeline improvements and delivering maintainable code.
Build and maintain integrations between Add-On functionality and GitLab's existing software composition analysis scanning infrastructure to improve a reliable user experience.
Write and maintain comprehensive automated test coverage, including RSpec and integration tests, to improve test reliability and support safe releases as the codebase grows.
GitLab is the intelligent orchestration platform for DevSecOps. More than 50 million registered users trust GitLab to ship better, more secure software faster. Their high-performance culture is driven by their values and continuous knowledge exchange, enabling their team members to reach their full potential while collaborating with industry leaders to solve complex problems.
Build AI agents that handle vulnerability triage, automated security reviews of PRs, and initial incident forensics at scale.
Build systems that automatically detect and remediate security gaps across AWS, GCP, and Azure -- configuration drift, IAM misconfigurations, vulnerable dependencies, exposed secrets.
Lead threat modeling, security reviews, and risk assessments across web applications, APIs, and services.
Atlan is building the missing context layer for data and AI, helping enterprises close the AI value chasm. They connect to every part of the modern data and AI stack to unify this context into a single, shared layer that both humans and AI agents can rely on.
Participate in threat modeling exercises with engineering team members
Triage SCA/SAST/DAST/CSPM findings by eliminating false positives and providing well-vetted vulnerabilities to engineering teams
Support vulnerability management efforts for networks and infrastructure
They offer a SaaS-based Global Employment Platform that enables clients to expand into over 180 countries. Their diverse, remote-first teams are essential to their success, fostering innovation and valuing every contribution.
Identity and access management - provisioning, lifecycle operations, and monitoring for critical changes
Security reviews across our product portfolio - threat modeling, code review, fuzzing, and functional testing
Day-to-day bug bounty operations - triage, remediation tracking, and escalation of high-severity findings
Jito builds the Market Layer of Solana, including execution systems, capital markets, and incentive mechanisms. They are a company of around 25 people with product-market fit across multiple product lines and years of runway, taking hard problems seriously and moving fast.
Implementing and maintaining Application Security Testing tools to identify code and dependency vulnerabilities during the software development lifecycle.
Implementing and maintaining Application Security Posture Management tools to centralize findings from multiple solutions and integrate into software development processes.
Acting as the first line of support for users helping resolve false positives, providing guidance on finding remediation, and evaluating security exception requests.
AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. They strive to have a remarkable impact on people's lives across several key therapeutic areas including immunology, oncology and neuroscience.
Identifying opportunities to eliminate manual security workflows and replace them with scalable, automated solutions
Building internal tools and integrations that automate processes such as vulnerability triage and prioritization, alert enrichment and routing, and GRC evidence collection
Partnering with security and engineering stakeholders to understand pain points and translate them into practical technical solutions
Calendly's products are currently relied upon by millions. They are in the midst of exciting product growth, making joining at this time a fantastic opportunity. They hope Calendly can be part of your professional journey, allowing you to learn, grow, and do your best work alongside the best people.
Implement complex features in dependency scanning and container scanning, shipping improvements that increase scan coverage, improve accuracy, and drive adoption of GitLab's SCA capabilities
Solve novel technical problems in SCA, establishing reusable patterns that reduce delivery time and improve engineering effectiveness across the team
Guide architectural and implementation decisions in collaboration with engineering managers, product managers, and peer staff engineers to improve scalability, reliability, and delivery outcomes across the team's SCA architecture
GitLab is the intelligent orchestration platform for DevSecOps. They enable organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. GitLab has more than 50 million registered users.
Design and implement backend features across the Add-On's software supply chain security surface.
Build and improve the package policy evaluation engine, including rule compilation, request matching, enforcement decisions, and performance-sensitive execution paths tied to GitLab's Dependency Firewall infrastructure.
Develop artifact signing and verification workflows, including Sigstore and Cosign integrations, signing key lifecycle management, keyless signing with OpenID Connect (OIDC), and policy-based promotion gates, enabling trusted and auditable software delivery.
GitLab is the intelligent orchestration platform for DevSecOps. More than 50 million registered users and more than 50% of the Fortune 100 trust GitLab to ship better, more secure software faster. The same principles built into our products are reflected in how our team works; they embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact.
Help to discover and triage vulnerabilities from various sources.
Design, configure, deploy, and maintain secure configurations across JUMO’s cloud and endpoint estate.
Work with engineering teams to complete threat modeling exercises.
JUMO is dedicated to financial inclusion and operates with a remote-first approach. They foster innovation and enable collaboration, valuing online facetime for collaboration at JUMO.
Act as the Subject Matter Expert (SME) for Endpoint Detection and Response (EDR) tools/process including optimizing configurations/policies, developing custom threat detection rules, and proactively improving Deel’s overall security posture for remote endpoints.
Configure, manage, and tune the full suite of security policies within SWG, CASB and ZTNA. Assist our remote colleague with seamless experience through troubleshooting end user issues as needed.
Continuously improve SaaS security posture with SSPM tools and processes around it. Collaborate with diverse application owners, understand security control and resolve configuration drifts for our wide range of SaaS applications from baseline.
Deel is an all-in-one payroll and HR platform for global teams. As one of the largest globally distributed companies, its team of 7,000 spans more than 100 countries with a connected and dynamic culture that drives continuous learning and innovation.
Work cross-functionally with the InfoSec, SRE, and Engineering teams.
Check code and repositories for insecure coding practices and work with Engineering teams to remediate.
Implement security checks and practices within CI/CD pipelines to ensure secure code deployment and infrastructure.
Roadie, a UPS Company, is a logistics management and crowdsourced delivery platform. Founded in 2014, Roadie offers businesses fast, flexible and asset-light logistics solutions for last-mile delivery.
Build the Git/GitHub backbone for our controls, assets, and risk scenarios.
Stand up a trust data lake (likely in Google BigQuery) and the pipelines that feed it.
Automate control evidence collection and other “governance as code” workflows.
Chainguard is the trusted source for open source, delivering hardened, secure, and production-ready builds of all the open source software engineers and AI agents rely on. Our customers include Fortune 500 enterprises and global industry leaders, and they are venture-backed by leading investors.
Own and drive the company’s security strategy, roadmap, and overall posture
Lead threat modeling, secure code reviews, and architecture reviews
Build and maintain security tooling, automation, and infrastructure as code
Seesaw's mission is to provide every elementary student with joyful and connected learning experiences that lay the foundation for success in life. Trusted and loved by 25 million educators, students, and families worldwide, Seesaw is the only elementary learning experience platform.
Implement well-scoped backend features across the AI Governance product area.
Build and maintain automated test coverage for your work using RSpec or equivalent tools.
Work closely with senior and staff engineers to deliver solutions that are reliable and maintainable.
GitLab is the intelligent orchestration platform for DevSecOps, enabling organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. The company has more than 50 million registered users and its culture embraces AI, valuing innovation and collaboration.
Managing two small teams of software engineers who design and implement software to reduce risk.
Owning the strategy and roadmap for both teams, balancing security and developer experience.
Coach and develop engineers by providing regular, practical feedback to help them reach their personal growth goals
Canva is a design platform redefining how the world experiences design. The company has campuses in Sydney and Melbourne, and co-working spaces in other Australian cities; they trust their employees to choose a work arrangement that empowers them.
Own the architecture, implementation, and continuous improvement of Ro’s SSPM and DLP platforms.
Define and evolve SaaS security standards, access models, and configuration baselines.
Engineer the SaaS lifecycle: Build scalable SaaS lifecycle automations.
Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest, most effective care possible. Ro is the only company to offer nationwide telehealth, labs, and pharmacy services and is consistently recognized as a top workplace.