Source Job

• Define and drive the strategic roadmap for proactive security vulnerability analysis.
• Establish the technical vision and program for integrating robust security controls at every stage of the SDLC.
• Lead collaborative and cross-functional threat modeling initiatives for core systems, new features, and evolving services.

Modern Health is a mental health benefits platform for employers, offering access to resources for emotional, professional, social, financial, and physical well-being. They are a fully remote workforce known for their culture centered around empathy and accountability, with a drive to win.

• Architect and implement secure AWS configurations.
• Embed security into CI/CD pipelines and repos using policy-as-code tools.
• Conduct threat modeling sessions and risk‑driven design reviews early in development.

OnePay is an all-in-one financial platform driven by a simple mission: better money makes life better. They are backed by Walmart and Ribbit Capital, and deeply embedded with the distribution of the world’s largest omnichannel retailer.

• Partner with Product teams to ensure that products are designed, built, and operated securely.
• Conduct threat modeling activities with Product teams to ensure product threats are understood, documented, and mitigated.
• Review and analyze product source code to identify security vulnerabilities and providing recommendations for secure implementation.

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm is a remote-first company and offers competitive benefits anchored to their core value of people come first.

• Develop automated security testing for centralized security libraries which scale directly with developer needs and enable them to write secure code more easily.
• Participate in the review and improvement of secure software development lifecycle (SDLC) processes.
• Have significant ownership in and evangelize security training with development teams.

ATPCO is the world's primary source for air fare content, holding over 200 million fares across 160 countries. Every day, the travel industry relies on ATPCO's technology and data solutions to help millions of travelers reach their destinations efficiently. They have a remote-first culture rooted in trust, transparency, and belonging where your wellbeing comes first.

• Responsible for designing and implementing security best practices at each stage of the system development lifecycle.
• Works in partnership with cross-functional teams to act as a security subject matter expert, while supporting and advancing the security of ConnectWise applications.
• Conducts security assessments, threat modeling, and vulnerability reporting and develops security architecture patterns for implementing new solutions and products.

ConnectWise is a community-driven software company dedicated to the success of technology solution providers, with a suite that helps over 45,000 of their partners manage their businesses better. The company has over 3,000 colleagues in North America, EMEA and APAC and has an inclusive and positive culture.

Leverage expertise in application security and security engineering. Implement and administer application security tooling. Integrate security tooling with CI/CD pipelines.

AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow.

• Lead the design and implementation of secure architectures for Built’s applications, services, and AI/ML initiatives.
• Embed security throughout the development lifecycle by partnering with engineering teams on threat modeling, secure coding best practices, and design reviews.
• Perform internal penetration testing of applications, networks, and features to uncover weaknesses before attackers do.

Built is an AI-powered platform transforming how real estate is financed, developed, and managed. They started by fixing construction draw management for lenders and have grown into a comprehensive operating system. Built brings together passionate people who are driven in a variety of disciplines, each bringing their unique perspective to everything they do.

• Design and implement security solutions across enterprise platforms and cloud environments.
• Perform threat modeling and security risk assessments for new features and platforms.
• Partner with product teams to embed security requirements early in the SDLC.

Experian is a global data and technology company, powering opportunities for people and businesses around the world. As a FTSE 100 Index company listed on the London Stock Exchange, they have a team of 22,500 people across 32 countries and are committed to investing in their people.

• Design and implement resiliency across our cloud platform and CI/CD pipelines.
• Embed “security as code” and help lead incident response for high-severity outages.
• Partner with engineering teams to enable safe, fast delivery at scale.

Alpaca is a US-headquartered self-clearing broker-dealer and brokerage infrastructure for stocks, ETFs, options, crypto, fixed income, 24/5 trading, and more. Our global team of 230+ members spans the USA, Canada, Japan, and beyond, fostering a vibrant community.

• Lead secure design reviews and threat modeling for AI-driven products.
• Build and maintain security automation and governance frameworks.
• Drive software supply chain security and vulnerability reduction.

AlphaSense empowers companies to make smarter decisions by providing market intelligence and search functionality driven by AI. With over 2,000 employees globally and offices in multiple countries, they foster a collaborative and innovative environment.

• Conduct regular security assessments, vulnerability scanning, and penetration testing of Veeam products and services
• Work with development teams to integrate secure development practices into the software development lifecycle
• Collaborate on the design and implementation of security within public cloud environments

Veeam is the #1 global market leader in data resilience, believing businesses should control all their data whenever and wherever they need it. Based in Seattle, Veeam protects over 550,000 customers worldwide who trust Veeam to keep their businesses running.

• Lead and mentor the app security team, fostering a culture of security awareness and continuous improvement across the organization.
• Oversee the day-to-day security operations, including monitoring, threat detection, incident response, and vulnerability management.
• Maintain an application security risk management framework, identifying, analyzing, and treating risks.

TrueML is a mission-driven financial software company that aims to create better customer experiences for distressed borrowers. The TrueML team includes inspired data scientists, financial services industry experts, and customer experience fanatics who are building technology to serve people in a way that recognizes their unique needs and preferences as human beings and endeavors to ensure nobody gets locked out of the financial system.

• Design and drive security solutions across product and internal applications
• Conduct threat modeling for existing systems and new product initiatives
• Partner with engineering teams to embed security into development and delivery workflows

Shakepay is reimagining financial services to give every Canadian their fair shake by making buying and earning bitcoin fast, easy, and secure. Since 2015, more than one million Canadians use Shakepay to grow their bitcoin savings; they are regulated across all Canadian provinces and territories, and backed by renowned venture capitalists with a funding of $44M.