Conduct threat modelling reviews of Technical Design Documents (TDDs) and provide actionable security recommendations early in the design process.
Perform application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept development.
Investigate, triage, and respond to Bug Bounty program submissions, validating findings and driving timely remediation with engineering teams.
MoonPay is a unified payments platform for digital currency. Trusted by over 30 million customers and over 500 ecosystem partners, the company is committed to building a fairer, more open financial system with a culture of accountability and inclusivity.
Perform penetration testing and design reviews to identify vulnerabilities and insecure designs.
Maintain and build internal tools to automate security efforts, including SAST and DAST testing.
Identify vulnerabilities, demonstrate business impact, and articulate risk to drive prioritization.
Brex is the intelligent finance platform that enables companies to spend smarter and move faster in over 200 markets. With tens of thousands of customers including DoorDash, Coinbase, and Zoom, Brex fosters a diverse and inclusive team culture where collaboration with some of the brightest minds in the industry is key.
Lead and own the ongoing operation and maintenance of Samsara’s vulnerability management program.
Collaborate with engineering teams to track and support the remediation of identified vulnerabilities.
Champion Samsara’s cultural principles in daily work.
Samsara is the pioneer of the Connected Operations Cloud, enabling organizations to harness IoT data for actionable insights. As a recently public company with a global team, they foster a culture of rapid career development and encourage employees to architect their own careers.
Perform scoped and open-ended assessments on internal and external facing systems.
Perform threat and vulnerability research to identify new ways of achieving the program’s mission.
Work with the customer Blue Team to identify gaps, address findings, and improve breach response.
Cyber Advisors is a rapidly growing Cybersecurity Consulting firm that simulates real-world attacks to uncover vulnerabilities. They believe in inclusion, employee development, and have a caring, happy culture where people feel valued.
Own and improve the secure software development lifecycle, perform application security reviews, threat modeling, and deep code-level analysis for high-impact product, platform, and AI features.
Drive vulnerability management across internal reviews, bug bounty, pentests, and other research signals, ensuring findings are validated, prioritized, and tracked through remediation.
Configure and improve AppSec tooling and integrations, and use AI to automate and scale security processes while validating outputs with strong engineering judgment.
Apollo.io is the leading go-to-market solution for revenue teams, trusted by over 500,000 companies and millions of users globally. Founded in 2015, the company is one of the fastest growing companies in SaaS, raising approximately $250 million to date and valued at $1.6 billion.
Lead penetration testing engagements on applications with complex technology stacks, working independently and collaboratively.
Contextualize vulnerabilities and assess realistic impact to clients, ensuring quality reports and services are delivered efficiently.
Maintain strong depth of knowledge in application security and mentor teammates while collaborating with project managers and delivery teams.
Coalfire is a cybersecurity firm that helps clients navigate complex security challenges through advisory, assessment, and automation services. The company is headquartered in Chicago with offices across the U.S. and U.K., and supports clients worldwide with a team of passionate cybersecurity experts.
Deliver Application Security services including threat modeling, architecture reviews, and program assessments.
Author comprehensive reports tailored to technical and managerial audiences with remediation strategies.
Contribute to practice development and mentor team members while embracing emerging technologies.
GuidePoint Security provides trusted cybersecurity expertise, solutions, and services to help organizations minimize risk. With over 1,200 employees, the company fosters a collaborative culture focused on mentorship and knowledge sharing.
Partner with Product and Engineering teams to integrate security into application design and development, leading threat modeling and secure code reviews.
Develop and implement automated security guardrails across the SDLC, investigate and prioritize application security findings.
Promote secure coding practices through training and coaching, and create security standards and procedures that scale across teams.
Quanata is an insurance technology innovation company that engineers advanced risk prediction and prevention solutions and builds a full-stack, flexible, digital & increasingly AI-native insurance platform. We are a remote-first company wholly owned and funded by State Farm, with a culture that prioritizes inclusivity and positive collaboration.
Lead Flock's Security Incident Response Team (PSIRT) as the single point of accountability for all externally-reported and internally-discovered vulnerabilities.
Own the CNA, CVD program, and drive fixes across Hardware, Firmware, SRE, Mobile, ML, Legal, and more.
Set SLAs, metrics, playbooks, and public security advisories, reducing risk for devices and customers.
Flock builds technology that reduces crime and protects privacy, partnering with cities, businesses, schools, and neighborhoods. With over $1B in funding and an $8.3B valuation, they are a high-performance team united by urgency, ownership, and a shared commitment to meaningful impact.
Contribute to the mission of helping businesses earn and prove trust through continuous security monitoring.
Use AI to amplify skills and strengthen work, demonstrating curiosity and sound judgment.
Collaborate with a diverse team in an inclusive work environment.
Vanta helps businesses earn and prove trust by automating security monitoring for compliance standards like SOC 2, HIPAA, and ISO 27001. The company has a kind and talented team, with offices in SF, NYC, London, Dublin, Tel Aviv, and Sydney.
Design and implement comprehensive security architectures for network, application, data protection, and identity management.
Identify and assess security risks, developing mitigation strategies to reduce organizational risk.
Leverage automation across the technology stack to ensure best practices in Identity and Access Management.
HealthEdge provides software solutions for the healthcare industry. The company fosters a positive, fun, and collaborative work environment with an emphasis on mentoring and building influence.
Plan and execute penetration tests across applications, networks, and cloud infrastructure, producing detailed reports for technical and executive audiences.
Own remediation follow-through by translating findings into security engineering work items, and design controls across Azure, Okta, and other platforms.
Support ISC2's ISO/IEC 27001 ISMS program and continuously improve detection and hardening through automation and threat intelligence.
ISC2 is a nonprofit member organization for cybersecurity professionals, dedicated to a safe and secure cyber world. With a globally recognized portfolio of certifications and a charitable arm, they advocate for inclusion and excellence, supported by a large, global workforce.
Lead AppSec program assessments to evaluate current state and help clients prioritize remediation efforts based on risk, resources, and organizational readiness.
Design pragmatic security workflows, processes, and tooling integrations that engineering teams will actually adopt.
Deliver polished client work including clear assessments, actionable roadmaps, and executive communications that drive decision-making.
GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. The company has grown to over 1,200 employees and serves as a trusted advisor to more than 6,200 customers.
Define and drive Morpho's security strategy across corporate, IT, cloud, application, supply chain, identity, incident response, threat intelligence, and counterparty security.
Build and lead the security function by hiring and developing a team while staying hands-on with threat modeling, architecture review, and incident response.
Represent Morpho's security posture externally to partners and institutions, and internally to leadership, partnering with engineering and integration teams.
Morpho is a leading Decentralized Finance (DeFi) lending protocol that raised funding from major investors to build an open credit network for borrowing and lending on-chain. With over $10 billion in deposits, Morpho is scaling its team to become the global open credit network, emphasizing a high-support, low-ego culture that navigates uncertainty in a nascent market.
Design, implement, and enforce information security posture and policies as a senior architect.
Provide security consulting to IT projects and lead incident response and threat analysis.
Conduct research on emerging threats, best practices, and technologies to enhance security.
Mercury Insurance helps people reduce risk and overcome unexpected events, serving customers for over 60 years. They are a midsize employer with a focus on inclusion, growth, and team collaboration.
Enable software engineering teams to continuously improve the security posture of products and SaaS environments through AppSec and DevSecOps expertise.
Serve as the go-to AppSec expert, mentoring engineers on secure design patterns and coding practices while collaborating on threat models and design reviews.
Lead automation of vulnerability management tooling across CI/CD pipelines, perform security code reviews, and contribute to compliance strategies.
Hypori is a high-growth cybersecurity SaaS company transforming how organizations think about secure mobility. Backed by $55M in funding from investors including UBS and AE Industrial Partners, the company is expanding into new commercial and regulated markets.
Validate incoming security findings from the research community using code analysis and pentesting tools.
Collaborate with engineering teams to remediate valid vulnerabilities in the codebase.
Build or improve automated workflows and tooling using languages like Rust, Go, or Python.
1Password builds a human-centric cybersecurity platform, including enterprise password management and Unified Access Management. With over $400M in ARR and 180,000 business customers, the company has a remote-first culture focused on curiosity, teamwork, and continuous improvement.
Lead security operations including vulnerability management, incident response, and SIEM platform maturity.
Administer Microsoft security tools (Defender, Purview, Entra) and support compliance frameworks like SOC 2 and HITRUST.
Drive risk reduction through security awareness, risky user remediation, and cross-functional collaboration.
Sequel develops next-generation drug-delivery advancements, starting with the twiist Automated Insulin Delivery System for diabetes management. It is headquartered in New Hampshire and fosters a culture of hard work, fun, and support.
Champion and implement security best practices and automated tooling across Spotify's infrastructure and platforms.
Partner closely with teams to integrate security throughout the software development lifecycle from design to deployment.
Conduct threat modeling, security reviews, and risk assessments for both AI and non-AI systems.
Spotify is the world's most popular audio streaming subscription service, unlocking the potential of human creativity by giving artists the opportunity to live off their art. With over 700 million users, the company values curiosity, collaboration, and a willingness to both teach and learn from others.
Review and threat model AI-powered product features, LLM integrations, and agentic workflows before launch.
Build reusable AI security primitives like guardrails, scanners, and policy checks to secure AI development.
Design security tooling to detect and prevent prompt injection, jailbreaks, and data leakage in AI systems.
Reddit is a community of communities built on shared interests, passion, and trust, hosting open conversations. With over 100,000 active communities and 126 million daily active users, it is one of the largest sources of information online.