Triage, validate, and remediate security vulnerabilities across products, infrastructure, and internal systems.
Develop, maintain, and contribute to internal and open-source security tooling, writing production-grade code.
Improve secure development practices through code reviews, threat modeling, and security design reviews.
Tiger Data provides the fastest PostgreSQL platform for transactional, analytical, and agentic workloads. With over 2,000 customers and 3 million active databases, it is a remote-first team backed by $180 million in funding.
Challenge bot detection mechanisms as an internal red team, creating tools to automate the process.
Improve client-side bot detection by adding new signals and implementing obfuscation techniques.
Collaborate with mobile and threat research teams to implement new approaches to bot detection.
DataDome stops cyberfraud and bots in real time using a multi-layered AI engine that focuses on intent. Named a Leader in the Forrester Wave for Bot Management, the company stops over 350 billion attacks annually and has a tech team spread across Europe and the US.
Perform penetration testing and design reviews to identify vulnerabilities and insecure designs.
Maintain and build internal tools to automate security efforts, including SAST and DAST testing.
Identify vulnerabilities, demonstrate business impact, and articulate risk to drive prioritization.
Brex is the intelligent finance platform that enables companies to spend smarter and move faster in over 200 markets. With tens of thousands of customers including DoorDash, Coinbase, and Zoom, Brex fosters a diverse and inclusive team culture where collaboration with some of the brightest minds in the industry is key.
Monitor and test Sporty's entire external attack surface across domains, subdomains, and public IP addresses.
Conduct adversary emulation exercises against endpoints to validate EDR/XDR and SOC defenses.
Translate offensive findings into actionable defensive improvements and remediation blueprints.
Sporty Group is a remote-first company operating in the sports and gaming industry. It focuses on sustainability and offers a competitive salary with quarterly bonuses and annual retreats.
Provide tier 2 and 3 support to customers and collaborate with the threat research team to challenge the detection engine.
Analyze huge web traffic data sets (over 100 billion documents) to identify and block malicious traffic.
Create automations/scripts to detect outliers in global traffic and add new alerts to the detection platform.
DataDome delivers real-time bot and agent trust management, giving businesses complete visibility and control over all traffic. Backed by a 24/7 SOC and expert threat researchers, DataDome stops 20k+ attacks every second and is a recognized Leader on G2.
Research and create defensive security labs and crisis simulation content for the platform.
Work with the Product team on innovations and deploy new features.
Compile technical research into clear content for both technical and non-technical audiences.
Immersive Labs provides a cyber resilience platform that simulates real-world threats to test skills and measure performance. Founded in 2017, the company has grown to over 300 employees globally, secured over £150 million in funding, and been voted a best place to work.
Conduct threat modelling reviews of Technical Design Documents (TDDs) and provide actionable security recommendations early in the design process.
Perform application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept development.
Investigate, triage, and respond to Bug Bounty program submissions, validating findings and driving timely remediation with engineering teams.
MoonPay is a unified payments platform for digital currency. Trusted by over 30 million customers and over 500 ecosystem partners, the company is committed to building a fairer, more open financial system with a culture of accountability and inclusivity.
Conduct application security reviews including threat modeling, code review, and risk assessment for new features.
Perform and improve SAST/DAST operations, triage, validation, and remediation tracking in CI/CD pipelines.
Apply and improve AI security review processes for LLM-integrated features and agentic attack surfaces.
Monarch is a powerful, all-in-one personal finance platform designed to simplify money management. They are a fully remote team of do-ers led by experienced entrepreneurs, passionate about building a product people love.
Conduct security and privacy reviews of Brave browser and Brave Search.
Triages and fixes security reports, collaborating on privacy-preserving protocols.
Designs and implements new security and privacy features with a small, elite team.
Brave is on a mission to protect the human right to privacy online, offering a free browser that blocks creepy ads and trackers, a private search engine, and a crypto wallet. Already 110+ million people use Brave, with millions more switching monthly, in a hyper-growth company with a flat org structure and ridiculously smart teammates.
Play a key role in protecting and strengthening large-scale cloud-native applications that power next-generation AI infrastructure.
Work at the intersection of software engineering and cybersecurity, ensuring security is embedded throughout the software development lifecycle.
Collaborate cross-functionally to identify and remediate vulnerabilities in complex distributed systems.
Our partner is a company building large-scale cloud-native applications that power next-generation AI infrastructure. They have a high-impact security engineering environment with a collaborative and innovative culture focused on trust, learning, and impact.
Engineer security infrastructure across AWS and Kubernetes including telemetry pipelines, cryptographic lifecycle, and compliance automation.
Build and maintain agentic AI workflows using tools like Claude Code and MCP integrations to automate security engineering tasks.
Embed security controls into deployment pipelines and develop threat models that inform architecture decisions.
Lumin Digital creates cutting-edge digital banking solutions for credit unions and banks as a 100% cloud-native company. Their culture is built on trust, respect, and boldness in a fully remote environment.
Validate incoming security findings from the research community using code analysis and pentesting tools.
Collaborate with engineering teams to remediate valid vulnerabilities in the codebase.
Build or improve automated workflows and tooling using languages like Rust, Go, or Python.
1Password builds a human-centric cybersecurity platform, including enterprise password management and Unified Access Management. With over $400M in ARR and 180,000 business customers, the company has a remote-first culture focused on curiosity, teamwork, and continuous improvement.
Perform scoped and open-ended assessments on internal and external facing systems.
Perform threat and vulnerability research to identify new ways of achieving the program’s mission.
Work with the customer Blue Team to identify gaps, address findings, and improve breach response.
Cyber Advisors is a rapidly growing Cybersecurity Consulting firm that simulates real-world attacks to uncover vulnerabilities. They believe in inclusion, employee development, and have a caring, happy culture where people feel valued.
Own and improve the secure software development lifecycle, perform application security reviews, threat modeling, and deep code-level analysis for high-impact product, platform, and AI features.
Drive vulnerability management across internal reviews, bug bounty, pentests, and other research signals, ensuring findings are validated, prioritized, and tracked through remediation.
Configure and improve AppSec tooling and integrations, and use AI to automate and scale security processes while validating outputs with strong engineering judgment.
Apollo.io is the leading go-to-market solution for revenue teams, trusted by over 500,000 companies and millions of users globally. Founded in 2015, the company is one of the fastest growing companies in SaaS, raising approximately $250 million to date and valued at $1.6 billion.
Perform hands-on web application penetration tests on real customer applications to find vulnerabilities.
Identify coverage gaps in autonomous testing and manually reproduce edge cases for product improvement.
Partner with engineers to translate findings into product coverage and build regression test cases.
Horizon3.ai is a cybersecurity company that provides the NodeZero platform for autonomous penetration testing. They are a fast-growing, remote team of former U.S. Special Operations cyber operators, startup engineers, and cybersecurity practitioners committed to a culture of respect, collaboration, ownership, and results.
Design and operate firewall, segmentation, and zero-trust controls across data center, corporate, and cloud (AWS) networks.
Build and maintain network security infrastructure as code, including firewall rules, policy automation, and CI/CD-driven deployment.
Lead network lifecycle management with design review, configuration baselines, change automation, and ongoing rule hygiene.
Cerebras Systems builds the world's largest AI chip, 56 times larger than GPUs, using a novel wafer-scale architecture. The company serves top model labs, global enterprises, and AI-native startups, with a non-corporate culture that respects individual beliefs and fosters continuous learning.
Build and evolve the agent harness and orchestration that turns an LLM into a reliable autonomous pentester.
Design tools and validation layers to keep the agent reliable, with structured outputs and production-safety.
Own and grow evaluation infrastructure to measure and drive agent improvements.
Horizon3.ai is a fast-growing remote cybersecurity company that provides autonomous penetration testing through its NodeZero platform. The company fosters a culture of respect, collaboration, and ownership, with a team of former cyber operators and engineers.
Design and ship scalable security solutions to bridge the gap between security and engineering teams.
Build cooperative partnerships with product and engineering teams to integrate robust security capabilities at scale.
Drive security risk reduction through technical leadership, security reviews, and mentorship across engineering teams.
Twilio is a communications platform that delivers innovative solutions to hundreds of thousands of businesses and empowers millions of developers worldwide to craft personalized customer experiences. The company has a remote-first work culture with a strong focus on connection, global inclusion, and diverse experiences, making a global impact each day.
Design, implement, and maintain secure network architectures, systems, and infrastructure to mitigate cyber security risks.
Evaluate, deploy, and configure security technologies including IDS/IPS, SIEM, IAM, and endpoint protection solutions.
Provide expert-level support for incident response and conduct forensic analysis to determine root cause and impact of security breaches.
Hyland is the pioneer of the Content Innovation Cloud, delivering enterprise intelligence to organizations worldwide. With nearly 4,000 employees, Hyland fosters an employee-centric culture focused on career development, wellbeing, and community impact.
Plan and execute penetration tests across applications, networks, and cloud infrastructure, producing detailed reports for technical and executive audiences.
Own remediation follow-through by translating findings into security engineering work items, and design controls across Azure, Okta, and other platforms.
Support ISC2's ISO/IEC 27001 ISMS program and continuously improve detection and hardening through automation and threat intelligence.
ISC2 is a nonprofit member organization for cybersecurity professionals, dedicated to a safe and secure cyber world. With a globally recognized portfolio of certifications and a charitable arm, they advocate for inclusion and excellence, supported by a large, global workforce.