Lead current ISO 27001, SOC 2, and PCI compliance initiatives.
Spearhead initiatives to identify and improve security risks.
Conduct Risk Assessments within customer systems.
Canadian Bank Note Company (CBN) is a leader and trusted provider of secure document and adjacent enterprise-level system solutions across various domains. They seek long-term relationships with their employees and offer a competitive compensation package, including health, medical, life insurance benefits, and a defined contribution pension plan with company matching.
Serve as trusted advisor to team’s leadership and partner teams by clearly articulating business risks associated with security issues
Lead security operation functions – including vulnerability management, SAST, DAST, detection engineering, and incident response – in CI/CD and cloud-native production environments
Integrate security into our applications throughout the software development lifecycle
They are scaling intelligence to serve humanity by training and deploying frontier models for developers and enterprises, building AI systems to power magical experiences. Cohere is composed of researchers, engineers, and designers who are passionate about their craft, and believes that a diverse range of perspectives is a requirement for building great products.
Drive adoption of a Secure Software Development Lifecycle (SSDLC) across engineering teams.
Implement and integrate application security tooling into CI/CD pipelines, improving vulnerability detection and remediation.
Establish consistent threat modelling and secure design practices across new features and products.
Neko Health's mission is to deliver proactive healthcare for all, empowering members to take control of their health via technology and compassionate care. They have nearly 100 full-time engineers working across Berlin, Chamonix, Hamburg, Lisbon, Marseille, Vilnius, and Stockholm and they support a flexible workplace that prioritizes work-life balance.
Create, manage, and maintain the application security strategy and roadmap.
Develop, execute, and track the performance of security measures to protect Alma’s data, applications, and systems.
Build and provide high-quality application security documentation and training to engineers.
Alma simplifies access to high-quality, affordable mental health care by making it easy and financially rewarding for therapists to accept insurance. Alma has over 20,000 therapists in their growing network and was named one of Inc’s Best Workplaces in 2022 and 2023.
Drive and enable proactive identification, analysis, and remediation of security vulnerabilities.
Respond to manage pen testing and bug bounty programs.
Work in partnership with Software Architecture, Risk/Compliance, the SRE team, and other partners, to integrate security capabilities into the SDLC.
Subsplash builds The Ultimate Engagement Platform™ for churches, Christian ministries, non-profits, and businesses around the world. They are a family-owned and operated company of 290+ mission-driven people.
Own and drive remediation of security vulnerability tickets across environments
Analyze vulnerability trends to identify process gaps and recommend improvements
Track remediation progress and provide weekly status updates to management
ItD is a consulting and software development company blending diversity, innovation, and integrity with real business results. They are a woman- and minority-led firm that rejects strong hierarchies, empowering them to deliver great results with Fortune 500 companies and high-performance teams.
Conducting a comprehensive threat model of our application and infrastructure layers.
Hardening our AWS infrastructure while keeping developer workflows frictionless.
Integrating security tooling into our CI/CD pipeline.
Loancrate simplifies home-buying for lenders and borrowers by building AI-native tooling to automate mortgage workflows. Since 2020, their remote team has enabled customers to power >$85 billion in new home loans and they value collaboration and open communication.
Partner with engineering teams throughout the SDLC to embed security by design in our products.
Lead and evolve our AppSec tooling and workflows by implementing, tuning, and integrating SAST, DAST, SCA, and container/image scanning into CI/CD pipelines.
Drive vulnerability management for our applications and supply chain, including triaging and prioritizing issues, coordinating with teams on fix/mitigate/accept decisions.
Camunda is the leader in enterprise agentic automation, orchestrating complex business processes across agents, people, and systems. They were named a Visionary in the inaugural 2025 Gartner Magic Quadrant for Business Orchestration and Automation Technologies (BOAT).
You will review, challenge, and strengthen our systems, act as the security authority within engineering, define guardrails, and drive remediation when risks arise.
Operating independently, you’ll build the structure and standards needed as we scale.
Your mission is to own the company wide security strategy and architecture, ensure CIRO and SOC 2 alignment, and embed strong security practices across infrastructure, applications, and internal systems, while enabling engineering velocity.
Newton is changing how Canadians trade crypto, with the goal to make financial freedom something everyone can achieve by giving customers the tools and knowledge they need to navigate the crypto world. At Newton, you'll work with a remote team spread across Canada.
Design and implement security controls across cloud infrastructure, applications, and data systems.
Identify, assess, and mitigate security risks through threat modeling, reviews, and testing.
Build and maintain monitoring, alerting, and incident response capabilities.
BlockchainUnmasked aims to streamline cryptocurrency forensic investigations through advanced automation combined with cutting-edge solutions. They work with investigative partners to dramatically accelerate investigation times and boost success rates in interdiction, recovery, and deterrence.
Assist in the preparation and execution of third-party audits and assessments.
Support the development and maintenance of Eltropy’s GRC program.
Conduct and manage vendor security assessments, maintain risk tracking, and ensure third-party compliance.
Eltropy is a FinTech company aiming to transform financial service access. They provide an AI-enabled digital conversations platform for community financial institutions to enhance operations, engagement, and productivity.
Manage and develop staff members under Product Compliance.
Oversee and contribute to the vulnerability management lifecycle.
Assess and serve as a subject matter expert for regulatory and compliance requirements.
ExtraHop is a company that focuses on network detection and response (NDR) to help organizations stay ahead of emerging threats. They integrate network threat detection, network performance management, intrusion detection, and packet forensics into a single console.
Support and execute security incident response activities.
Operate and improve enterprise security controls and tooling.
Coordinate security investigations with DevOps, IT, and Engineering teams.
Keeper Security transforms cybersecurity for organizations around the world with next-generation privileged access management. Keeper’s zero-trust and zero-knowledge cybersecurity solutions are FedRAMP and GovRAMP Authorized, FIPS 140-2 validated, as well as SOC 2 and ISO 27001 certified.
Conduct regular security assessments, vulnerability scanning, and penetration testing of Veeam products and services
Work with development teams to integrate secure development practices into the software development lifecycle
Collaborate on the design and implementation of security within Veeam products
Veeam specializes in helping organizations ensure their data and AI are fully understood, secured, and resilient to enable the acceleration of safe AI at scale. They are headquartered in Seattle with offices in more than 30 countries, protecting over 550,000 customers worldwide.
Lead secure design reviews, threat modeling, and security-focused code reviews across the product and platform.
Build and run Fieldguide’s vulnerability management program: scanning, triage, SLA-driven remediation tracking, and engineering coordination.
Partner with Compliance to ensure technical controls satisfy framework requirements (SOC 2, ISO 27001, ISO 42001, FedRAMP).
Fieldguide is establishing a new state of trust for global commerce and capital markets through automating and streamlining the work of assurance and audit practitioners. They are based in San Francisco, CA, and built as a remote-first company that enables you to do your best work from anywhere.
Manage and influence both physical and cyber security risk.
Support the development and execution of the information security strategy.
Oversee day-to-day security operations including monitoring and incident response.
Jobgether uses an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Their system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company.
Run client SAST/DAST/SCA tools, review outputs and provide recommendations
Work with development teams to identify and remediate security vulnerabilities
Provide security guidance during the software development lifecycle (SDLC)
GuidePoint Security provides cybersecurity expertise and solutions to help organizations make better decisions and minimize risk. Since 2011, they've grown to over 1,200 employees and serve as a trusted advisor to more than 6,200 customers, fostering a collaborative and enjoyable workplace.
Conduct security assessments, code reviews, and penetration testing to identify vulnerabilities.
Plan and execute security testing for LLM-enabled applications, including prompt injection testing.
Design, develop, and implement security tools and automation to prevent and detect vulnerabilities.
Granicus provides technology that transforms the Govtech industry by connecting governments and constituents. They are a remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand.
Embed privacy-by-design principles into Docker products, services, and internal platforms.
Partner closely with Docker engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines.
Design, develop, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness.
Docker makes app development easier so developers can focus on what matters. Their remote-first team spans the globe and they are passionate about innovation and great developer experiences. With over 20 million monthly users and 20 billion image pulls, Docker is a trusted tool for building, sharing, and running apps.
Drive vulnerability management activities with cross-functional teams.
Execute application security testing and lead cyber risk management efforts.
Oversee remediation of findings from security assessments and testing.
The American Institutes for Research (AIR) is a nonpartisan, not-for-profit organization. They conduct behavioral and social science research and deliver technical assistance to address pressing challenges. They employ data-driven solutions, expanding opportunities and improving lives.