Source Job

• Own and evolve vulnerability management end-to-end.
• Embed secure design principles across mobile applications, APIs, and microservices.
• Partner closely with engineering teams to remediate security issues.

Smart Working connects skilled professionals with global teams for full-time, long-term roles. They help you discover meaningful work with teams that invest in your success, where you’re empowered to grow personally and professionally.

• Participate in threat modeling exercises with engineering team members
• Triage SCA/SAST/DAST/CSPM findings by eliminating false positives and providing well-vetted vulnerabilities to engineering teams
• Support vulnerability management efforts for networks and infrastructure

They offer a SaaS-based Global Employment Platform that enables clients to expand into over 180 countries. Their diverse, remote-first teams are essential to their success, fostering innovation and valuing every contribution.

• Build AI agents that handle vulnerability triage, automated security reviews of PRs, and initial incident forensics at scale.
• Build systems that automatically detect and remediate security gaps across AWS, GCP, and Azure -- configuration drift, IAM misconfigurations, vulnerable dependencies, exposed secrets.
• Lead threat modeling, security reviews, and risk assessments across web applications, APIs, and services.

Atlan is building the missing context layer for data and AI, helping enterprises close the AI value chasm. They connect to every part of the modern data and AI stack to unify this context into a single, shared layer that both humans and AI agents can rely on.

• Lead the ongoing maintenance and operation of secure cloud infrastructures, focusing on AWS and cloud-native technologies.
• Secure applications built for cloud environments by automating security assessments, monitoring runtime environments, and integrating security practices into the development lifecycle.
• Implement robust security controls for cloud workloads and data, including containers, virtual machines, and serverless architectures.

Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest, most effective care possible. Ro is the only company to offer nationwide telehealth, labs, and pharmacy services and is recognized as a top workplace, earning more than 20 honors since 2021.

• Design, implement, and maintain secure cloud-native infrastructure on Google Cloud Platform (GCP) and Kubernetes (GKE).
• Configure and manage network and edge security using Cloudflare, including WAF, DDoS protection, and Zero Trust policies.
• Implement security monitoring, detection, and incident response procedures using SIEM tools and ensure compliance with standards like ISO 27001 and SOC2.

HighLevel is an AI-powered business operating system providing agencies, entrepreneurs, and SMBs with the infrastructure to build, automate, and scale their businesses. It operates as a global, remote-first organization with over 2,000 team members across 10+ countries, emphasizing initiative, clarity, and execution within a culture where ideas are celebrated and innovation thrives.

• Lead application security reviews, threat modeling, and secure code review.
• Develop automated testing and mature the Secure SDLC while owning vulnerability management.
• Inspire a security culture by educating engineers and coordinating secure code training.

TRM Labs provides blockchain analytics and AI solutions to help law enforcement, financial institutions, and crypto businesses detect and investigate crypto-related fraud and financial crime. It is a Series C company with $220M in funding, operating as a distributed-first team with hubs globally, fostering a high-velocity, high-ownership culture.

• Design and maintain secure architectures across AWS, Azure, and GCP environments.
• Collaborate with DevOps and Engineering to integrate security into CI/CD pipelines.
• Monitor alerts, investigate incidents, and coordinate responses with the SOC.

Reveleer provides a cloud-based healthcare SaaS platform. They are an equal opportunity employer that values diversity and does not discriminate based on race, religion, or other protected characteristics.

• Help to discover and triage vulnerabilities from various sources.
• Design, configure, deploy, and maintain secure configurations across JUMO’s cloud and endpoint estate.
• Work with engineering teams to complete threat modeling exercises.

JUMO is dedicated to financial inclusion and operates with a remote-first approach. They foster innovation and enable collaboration, valuing online facetime for collaboration at JUMO.

• Own and drive the company’s security strategy, roadmap, and overall posture
• Lead threat modeling, secure code reviews, and architecture reviews
• Build and maintain security tooling, automation, and infrastructure as code

Seesaw's mission is to provide every elementary student with joyful and connected learning experiences that lay the foundation for success in life. Trusted and loved by 25 million educators, students, and families worldwide, Seesaw is the only elementary learning experience platform.

• Embed security into the SDLC by partnering with Engineering to implement secure design patterns, conduct threat modeling, and deliver developer-focused AppSec training.
• Lead and perform application security assessments including SAST, DAST, SCA, and manual code review across web, mobile, and API surfaces.
• Own and mature the vulnerability management program, including prioritization frameworks, SLA tracking, and cross-functional remediation coordination.

Branch is on a mission to empower workers with financial freedom by helping companies accelerate payments and providing working Americans with accessible, free financial services. They are committed to building inclusive and transparent financial products while valuing diversity of opinions and working styles, fostering innovation, and promoting teamwork.

• Assess information security processes and design more efficient methods using available tools including generative AI
• Oversee the Implementation and management of Infosec applications, services and tools such as Endpoint Detection and Response (EDR)
• Conduct security, vulnerability, and risk assessments across services, cloud and applications, using both automated tools, manual testing procedures, and generative AI

KnowBe4 is the global leader in Human Risk Management, trusted by over 70,000 organizations worldwide to secure their employees and AI agents for over 15 years. Their HRM+ combines continuous risk intelligence, advanced technical defenses, and personalized training to help organizations build strong security cultures.

• Collaborates with the CSO Team to support the development, maintenance, and implementation of security standards.
• Partner with IT to support the secure implementation of access controls and identity management
• Participate in and contribute to initiatives for operating system, Docker images, Kubernetes/GKE and configuration hardening in the public cloud

Bestow is a leading vertical technology platform serving some of the largest and most innovative life insurers. They unify the fragmented, legacy value chain, enabling carriers to launch products in weeks instead of years. Bestow is backed by leading investors and trusted by major carriers.

• Lead the Application Security and Vulnerability Management & Automation teams.
• Define the roadmap for product security, focusing on scalable automation and proactive defense mechanisms.
• Drive the end-to-end lifecycle of vulnerability discovery, triaging, and remediation across our entire ecosystem.

MoonPay is a unified payments platform for digital currency, making it easy for anyone to buy, sell, swap, and pay in digital currencies. Trusted by over 30 million customers and over 500 ecosystem partners, their secure, enterprise-grade platform drives mainstream crypto adoption worldwide.

• Conduct threat models and train engineers on threat modeling techniques to identify and prioritize risks of potential vulnerabilities and define possible mitigations.
• Develop, document and maintain the security standards and design patterns used by engineers to deliver consistent, secure code and features.
• Research the threat landscape, regulatory considerations, and customer requirements relevant to Outreach’s business, and recommend solutions to address known and potential threats by defining and applying appropriate security requirements.

Outreach, founded in 2014, is the only complete agentic AI platform for revenue teams that infuses agentic AI, conversation intelligence, and assistive AI to power hundreds of use cases across revenue motions. World leading enterprise organizations use Outreach to power their revenue teams.

• Implementing and maintaining Application Security Testing tools to identify code and dependency vulnerabilities during the software development lifecycle.
• Implementing and maintaining Application Security Posture Management tools to centralize findings from multiple solutions and integrate into software development processes.
• Acting as the first line of support for users helping resolve false positives, providing guidance on finding remediation, and evaluating security exception requests.

AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. They strive to have a remarkable impact on people's lives across several key therapeutic areas including immunology, oncology and neuroscience.

• Improve AWS security configurations.
• Manage and maintain security tools.
• Perform vulnerability management and coordinate patching.

Swapcard is the leading AI-powered event platform designed to drive revenue growth and foster meaningful connections at in-person and hybrid events. With 42 nationalities represented among their 180+ team members, they champion diversity as a catalyst for creativity, collaboration, and unparalleled innovation.

• Assist with vulnerability management activities, including reviewing scan results and helping validate findings
• Support triage of security findings from internal tools and external sources
• Help analyze logs and alerts from SIEM systems to identify potential security issues

Sezzle is revolutionizing the shopping experience beyond payments, blending cutting-edge tech with seamless, interest-free installment plans. They're an innovative, dynamic team passionate about creating more than just a transaction but a truly unique shopping journey.

• Own and enforce DevSecOps practices across CI/CD pipelines.
• Drive vulnerability identification, triage, and remediation across infrastructure and applications.
• Act as the primary security SME for the engineering organization.

Teramind is pioneering a predictive, AI-driven approach to safeguarding organizations' people, data, and operations. As a global leader in user behavior analytics, insider risk management, and workforce intelligence, we empower businesses to transform data into a strategic asset.

• Bridge Security and Development, empowering engineering teams to deliver secure code.
• Integrate security into the Software Development Life Cycle (SDLC) for AI-driven applications.
• Conduct penetration tests and monitor application resilience.

EcoVadis is the leading provider of business sustainability ratings. Their solutions are backed by an international team of experts and powerful technology that analyzes data and builds sustainability scorecards, giving companies actionable insights into their environmental, social, and ethical risks.

• Perform threat modeling, security architecture review, and design analysis for web applications and APIs.
• Conduct manual and automated security testing during development and pre-release stages.
• Implement and manage SBOM generation and consumption processes across the SDLC.

Constructor's mission is to enable all educational organizations to provide high-quality digital education. With expertise in machine intelligence and data science, they offer an all-in-one platform for education and research, addressing educational challenges.