Own and improve the secure software development lifecycle, perform application security reviews, threat modeling, and deep code-level analysis for high-impact product, platform, and AI features.
Drive vulnerability management across internal reviews, bug bounty, pentests, and other research signals, ensuring findings are validated, prioritized, and tracked through remediation.
Configure and improve AppSec tooling and integrations, and use AI to automate and scale security processes while validating outputs with strong engineering judgment.
Apollo.io is the leading go-to-market solution for revenue teams, trusted by over 500,000 companies and millions of users globally. Founded in 2015, the company is one of the fastest growing companies in SaaS, raising approximately $250 million to date and valued at $1.6 billion.
Lead security architecture reviews for new and existing applications.
Develop, enforce, and continuously refine secure coding standards across engineering teams.
Continuously improve threat modeling frameworks across application components.
Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. They empower credit unions and banks by creating cutting-edge digital experiences. At Lumin, their culture is built on trust in expertise and decisions, respect for diverse perspectives and talents, and boldness in pursuing new ideas.
Enable software engineering teams to continuously improve the security posture of products and SaaS environments through AppSec and DevSecOps expertise.
Serve as the go-to AppSec expert, mentoring engineers on secure design patterns and coding practices while collaborating on threat models and design reviews.
Lead automation of vulnerability management tooling across CI/CD pipelines, perform security code reviews, and contribute to compliance strategies.
Hypori is a high-growth cybersecurity SaaS company transforming how organizations think about secure mobility. Backed by $55M in funding from investors including UBS and AE Industrial Partners, the company is expanding into new commercial and regulated markets.
Champion and implement security best practices and automated tooling across Spotify's infrastructure and platforms.
Partner closely with teams to integrate security throughout the software development lifecycle from design to deployment.
Conduct threat modeling, security reviews, and risk assessments for both AI and non-AI systems.
Spotify is the world's most popular audio streaming subscription service, unlocking the potential of human creativity by giving artists the opportunity to live off their art. With over 700 million users, the company values curiosity, collaboration, and a willingness to both teach and learn from others.
Smartsheet helps people and teams achieve their goals with seamless work management and scalable solutions. They empower teams to automate tasks, uncover insights, and scale smarter, fostering a culture of innovation and impact with a focus on challenge and purpose.
Own and manage bug bounty intake processes, including triaging reports, validating vulnerabilities, and reproducing proof of concepts.
Collaborate with developers and product teams to design and implement effective remediation strategies for identified security issues.
Contribute directly to codebases by reviewing and submitting pull requests to fix security vulnerabilities.
Jobgether is a company using AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. They have a collaborative, feedback-driven culture that encourages innovation and ownership.
Partner with Product and Engineering teams to integrate security into application design and development, leading threat modeling and secure code reviews.
Develop and implement automated security guardrails across the SDLC, investigate and prioritize application security findings.
Promote secure coding practices through training and coaching, and create security standards and procedures that scale across teams.
Quanata is an insurance technology innovation company that engineers advanced risk prediction and prevention solutions and builds a full-stack, flexible, digital & increasingly AI-native insurance platform. We are a remote-first company wholly owned and funded by State Farm, with a culture that prioritizes inclusivity and positive collaboration.
Perform penetration testing and design reviews to identify vulnerabilities and insecure designs.
Maintain and build internal tools to automate security efforts, including SAST and DAST testing.
Identify vulnerabilities, demonstrate business impact, and articulate risk to drive prioritization.
Brex is the intelligent finance platform that enables companies to spend smarter and move faster in over 200 markets. With tens of thousands of customers including DoorDash, Coinbase, and Zoom, Brex fosters a diverse and inclusive team culture where collaboration with some of the brightest minds in the industry is key.
Provide security automation and application development expertise.
Assist in detection and alerting through various security tools.
Evaluate new technologies and processes that enhance security capabilities.
Ivanti manages, automates, and protects data and technology to empower continuous innovation. Their AI-powered platform brings IT and Security teams together around a single, trusted system of record enabling smarter decisions. They serve 34,000 customers across 149 countries.
Lead and own the ongoing operation and maintenance of Samsara’s vulnerability management program.
Collaborate with engineering teams to track and support the remediation of identified vulnerabilities.
Champion Samsara’s cultural principles in daily work.
Samsara is the pioneer of the Connected Operations Cloud, enabling organizations to harness IoT data for actionable insights. As a recently public company with a global team, they foster a culture of rapid career development and encourage employees to architect their own careers.
Work closely with development teams, product managers, and third-party groups to ensure AutoFi’s products, services, cloud environments, internal systems, and vendor ecosystem are secure.
Contribute to secure design reviews, application security standards, vulnerability management, security monitoring, incident response, threat hunting, and third-party security assessments.
Define, implement, and maintain security practices, standards, and controls across AutoFi’s products, services, cloud environments, and internal systems.
AutoFi is the leading provider of digital commerce technology that powers the sales and finance experiences for the most innovative brands and dealers in automotive. Their dynamic selling platform empowers dealers to sell vehicles more efficiently and profitably, both online and in the showroom. They are funded for years of future growth and backed by investors.
Lead AppSec program assessments to evaluate current state and help clients prioritize remediation efforts based on risk, resources, and organizational readiness.
Design pragmatic security workflows, processes, and tooling integrations that engineering teams will actually adopt.
Deliver polished client work including clear assessments, actionable roadmaps, and executive communications that drive decision-making.
GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. The company has grown to over 1,200 employees and serves as a trusted advisor to more than 6,200 customers.
Design, develop, and implement cloud security architecture solutions in Microsoft Azure.
Build and maintain security automation using Infrastructure as Code (IaC) tools.
Collaborate with development teams to embed security into CI/CD pipelines.
Hanger, Inc. is the world's premier provider of orthotic and prosthetic (O&P) services and products, offering advanced O&P solutions. With 160 years of excellence, Hanger employs many to help people achieve new levels of mobility and freedom.
Embed security into CI/CD pipelines and product development as a technical leader.
Drive cross-team influence and own hard security challenges in a cloud-native environment.
Work in a remote-first culture focused on customer obsession and intentional action.
Chainguard provides hardened, secure, and production-ready builds of open source software to help organizations build faster and stay compliant. Backed by leading investors including Sequoia Capital and Kleiner Perkins, Chainguard serves Fortune 500 enterprises and global industry leaders.
Design and implement security controls across CI/CD pipelines, cloud infrastructure, and software development workflows.
Integrate security testing tools including SAST, DAST, dependency scanning, and vulnerability management.
Partner with Engineering, Infrastructure, and Security teams to implement secure development practices.
Kaseya is the leading provider of AI-powered IT management and cybersecurity software, serving Managed Service Providers (MSPs) and internal IT organizations worldwide. Backed by Insight Partners, the company supports customers in more than 20 countries, manages over 15 million endpoints, and fosters a culture of innovation, accountability, and results.
Design and implement authorization frameworks and just-in-time access controls for cloud resources.
Develop security automation scripts and tools in Python and Go to streamline operations and incident response.
Collaborate with engineering teams to integrate security controls into CI/CD pipelines and infrastructure.
Included Health is a healthcare company delivering integrated virtual care and navigation. It has a remote-first culture and offers comprehensive benefits.
Own end-to-end security reviews across smart contracts, backend services, and frontend surfaces.
Build and ship an agentic security CI/CD pipeline that runs autonomously against every PR and release candidate.
Triage and manage the bug bounty program, reproduce findings, and route confirmed issues to engineering with context.
Polygon Labs is a global blockchain payments company building infrastructure to move money instantly and reliably. It has facilitated trillions in onchain value transfer and supports millions of daily transactions for banks, fintechs, and enterprises.
Join the security team to build world-class security into products, focusing on operations, monitoring, and incident response.
Proactively improve security across codebase, product, cloud, and customer deployments.
Work as a generalist covering all facets of security, from application testing to threat modeling.
Sourcegraph builds the world's most powerful code intelligence platform, helping developers and agents navigate complex codebases. They are a globally distributed team backed by a16z, Sequoia, and Redpoint, with a culture of high agency and direct communication.
Performs web, mobile application, and internal penetration tests.
Researches new attack vectors and stays current with cybersecurity news and trends.
Creates detailed reports that clearly communicate vulnerabilities and mitigation.
Insider One provides a platform that unifies marketing and customer engagement teams. With over 1,500 team members across 30+ offices, they focus on AI-driven solutions and customer data integration across various channels.
Monitor security findings and support remediation workflows.
Develop scripts and automation to improve security workflows.
GuidePoint Security provides trusted cybersecurity expertise, solutions, and services. They help organizations make better decisions and minimize risk with a three-tiered, holistic approach to security. GuidePoint has over 1,200 employees and serves more than 6,200 customers.