Embed security into the SDLC by partnering with Engineering to implement secure design patterns, conduct threat modeling, and deliver developer-focused AppSec training.
Lead and perform application security assessments including SAST, DAST, SCA, and manual code review across web, mobile, and API surfaces.
Own and mature the vulnerability management program, including prioritization frameworks, SLA tracking, and cross-functional remediation coordination.
Integrate security activities across all SDLC phases.
Partner closely with engineering teams to ensure secure development practices.
Review security controls for new features, services, and architectural changes.
Infiterra simplifies subscription service delivery, enabling IT distributors, Managed Service Providers (MSPs), and telcos to succeed in the subscription economy. They are recognized as a global leader in subscription commerce, combining innovation, performance excellence, and trusted expertise to help partners transform and grow.
Own and lead Limble’s application security program, partnering with the Head of Information Security and key stakeholders to define strategy and roadmap.
Perform hands-on security work including threat modeling and secure design reviews, using engagements as opportunities to educate and influence engineering decisions.
Partner with engineering teams to triage, prioritize, and remediate vulnerabilities across the platform.
Limble empowers the unsung heroes who support the world by revolutionizing how businesses manage their maintenance operations. They provide a comprehensive suite of software solutions to optimize asset performance and drive operational excellence; their CMMS platform features streamline operations and enhance productivity.
Own and evolve vulnerability management end-to-end.
Embed secure design principles across mobile applications, APIs, and microservices.
Partner closely with engineering teams to remediate security issues.
Smart Working connects skilled professionals with global teams for full-time, long-term roles. They help you discover meaningful work with teams that invest in your success, where you’re empowered to grow personally and professionally.
Design and implement security controls for mobile applications, backend services, and web platforms.
Conduct threat modelling and risk assessments for new and existing systems.
Embed secure coding practices across engineering teams, aligned with OWASP standards.
Smart Working connects skilled professionals with outstanding global teams and products for full-time, long-term roles, breaking down geographic barriers. It is a highly-rated workplace on Glassdoor, focused on community, growth, and well-being in a remote-first environment.
Own and enforce DevSecOps practices across CI/CD pipelines.
Drive vulnerability identification, triage, and remediation across infrastructure and applications.
Act as the primary security SME for the engineering organization.
Teramind is pioneering a predictive, AI-driven approach to safeguarding organizations' people, data, and operations. As a global leader in user behavior analytics, insider risk management, and workforce intelligence, we empower businesses to transform data into a strategic asset.
Expand the application security landscape at Coupa
Lead and execute Security Architecture Reviews, Threat Modeling, and Design Reviews
Be a champion of Coupa’s Secure Software Development Lifecycle ( SSDLC ) methodologies
Coupa empowers businesses with a community-generated AI and spend management platform. They have a global network of 10M+ buyers and suppliers and value collaboration, teamwork, transparency, openness, and a shared commitment to excellence.
Lead threat modeling and security architecture reviews for distributed, event-driven systems.
Integrate security code reviews, SAST/DAST, Software Composition Analysis (SCA), and container scanning into CI/CD and AI/ML pipelines.
Evangelize secure coding and AI security through training, brown bag sessions, and workshops.
Zeta Global is an AI-Powered Marketing Cloud that helps marketers acquire, grow, and retain customers more efficiently. They unify identity, intelligence, and omnichannel activation into a single platform. Zeta Global is headquartered in New York City with offices around the world.
Participate in threat modeling exercises with engineering team members
Triage SCA/SAST/DAST/CSPM findings by eliminating false positives and providing well-vetted vulnerabilities to engineering teams
Support vulnerability management efforts for networks and infrastructure
They offer a SaaS-based Global Employment Platform that enables clients to expand into over 180 countries. Their diverse, remote-first teams are essential to their success, fostering innovation and valuing every contribution.
Focus on automation, integrating security within the CI/CD pipeline, and DevOps toolchain.
Strong working knowledge of security fundamentals including OWASP Top10.
Experience with public cloud infrastructure (AWS or Azure) and cloud security fundamentals.
GuidePoint Security provides cybersecurity expertise, solutions, and services to help organizations make better decisions and minimize risk. They have grown to over 1,200 employees, established strategic partnerships with leading security vendors, and serve as a trusted advisor to more than 6,200 customers.
Own and drive the company’s security strategy, roadmap, and overall posture
Lead threat modeling, secure code reviews, and architecture reviews
Build and maintain security tooling, automation, and infrastructure as code
Seesaw's mission is to provide every elementary student with joyful and connected learning experiences that lay the foundation for success in life. Trusted and loved by 25 million educators, students, and families worldwide, Seesaw is the only elementary learning experience platform.
Design, implement, and manage the integration of security tooling into CI/CD pipelines.
Develop and maintain automation scripts to streamline security processes and workflows.
Own the vulnerability management lifecycle: identification, triage, prioritization, and reporting.
MoonPay is a unified payments platform for digital currency, making it easy for anyone to buy, sell, swap, and pay in digital currencies. Trusted by over 30 million customers and over 500 ecosystem partners, MoonPay's secure, enterprise-grade platform is driving mainstream crypto adoption worldwide.
Build AI agents that handle vulnerability triage, automated security reviews of PRs, and initial incident forensics at scale.
Build systems that automatically detect and remediate security gaps across AWS, GCP, and Azure -- configuration drift, IAM misconfigurations, vulnerable dependencies, exposed secrets.
Lead threat modeling, security reviews, and risk assessments across web applications, APIs, and services.
Atlan is building the missing context layer for data and AI, helping enterprises close the AI value chasm. They connect to every part of the modern data and AI stack to unify this context into a single, shared layer that both humans and AI agents can rely on.
Lead security architecture and design reviews across applications, infrastructure, and integrations.
Conduct and coordinate penetration testing, threat modeling, and security reviews.
Design and implement security automation within CI/CD pipelines.
Assured modernizes insurance by providing software solutions to large insurers that help them win in a technology-driven world. Their products include self-service claim-filing software to backend fraud detection and are dynamic, collaborative, and rewarding.
Help scale NerdWallet’s application security program through automation, tooling, and developer enablement.
Partner with engineering and product teams to identify and remediate security gaps across multiple systems while balancing business priorities.
Build tools, processes, and automation that improve security posture visibility for engineers and leadership.
NerdWallet aims to bring clarity to life's financial decisions with a team of exceptional Nerds. They foster an inclusive, flexible, and candid culture where employees are empowered to grow and take risks, supporting well-being and development whether working remotely or in-office.
Work closely with engineering teams, PMs and external parties to ensure product security.
Support the Bug Bounty program, triaging, prioritizing and fixing issues.
Collaborate with infra security to level up our security posture.
RevenueCat helps developers build and scale in-app subscriptions by providing a monetization platform for mobile. They are a remote-first company of 120+ employees across 25 countries, and they value customer obsession and balance.
Support the ISSM in managing security requirements and documentation throughout the SDLC.
Review Merge/Pull Requests for security implications and adherence to secure coding standards.
Analyze CI/CD pipeline security outputs, including SAST, DAST, SBOM findings, and CVSS scoring.
CommIT Enterprises, Inc. is a Certified Veteran-Owned Small Business (CVOSB) providing innovative technical engineering and data science services. Established in 2001, our enterprise systems support includes the Department of Defense’s (DoD) GCSS-MC, CAC2S, TBMCS-MC, and the Department of Veteran’s Affairs’ (VA) telehealth communications.
Lead and grow a team of the best security engineers.
Define the strategy for Vanta’s application security program.
Work with Engineering and Product Development to assess and mitigate risk.
Vanta helps businesses earn and prove trust by providing continuous security monitoring and verification. They aim to empower companies to practice better security with their automation and orchestration tools. Vanta has a kind and talented team, embracing individuals with and without prior security experience.
Perform security reviews of our current and future product and service portfolio.
Be the security subject matter expert for product architects and engineers for threat modeling.
Find new and novel ways to identify and resolve security vulnerabilities in our products.
Palantir builds software for data-driven decisions and operations, empowering partners to develop lifesaving drugs, forecast supply chain disruptions, and locate missing children. They value excellence and encourage employees to work from their offices to foster connectivity and innovation.
Own the architecture, implementation, and continuous improvement of Ro’s SSPM and DLP platforms.
Define and evolve SaaS security standards, access models, and configuration baselines.
Engineer the SaaS lifecycle: Build scalable SaaS lifecycle automations.
Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest, most effective care possible. Ro is the only company to offer nationwide telehealth, labs, and pharmacy services and is consistently recognized as a top workplace.
Design and build scalable platform services, web and mobile applications, and AI-powered workflows.
Leverage AI-accelerated developer tooling to improve delivery speed and code quality.
Participate in greenfield architectural decisions, including technology selection, service design, and infrastructure strategy.
Zócalo Health is a tech-enabled, community-oriented primary care organization serving people who have historically been underserved by healthcare. Founded in 2021, Zócalo Health is backed by leading healthcare investors and is scaling rapidly across states and populations.