You will review, challenge, and strengthen our systems, act as the security authority within engineering, define guardrails, and drive remediation when risks arise.
Operating independently, you’ll build the structure and standards needed as we scale.
Your mission is to own the company wide security strategy and architecture, ensure CIRO and SOC 2 alignment, and embed strong security practices across infrastructure, applications, and internal systems, while enabling engineering velocity.
Own and lead the delivery of large, multi-quarter Application Security and Engineering initiatives.
Improve existing complex application security architectures and provide guidance for securing AI-based workflows.
Proactively identify emerging industry threats and act as Incident Commander for large-scale security incidents.
Wrapbook provides a unified payroll platform that seamlessly connects your entire team in one place. It empowers production teams to manage projects, pay cast and crew, track expenses, and generate data-driven insights. With a growing team of 250+ people across the USA and Canada, Wrapbook is backed by top-tier investors and has raised $130M.
Lead and mature Material Bank’s enterprise information security program.
Own the security risk management framework, including risk identification, scoring, tracking, and executive reporting.
Own detection, incident response, and resilience strategy.
Material Bank operates the world’s largest material marketplace for the architecture and design industry, connecting designers with materials from leading brands. They operate in 37 countries and their platform is the standard for design professionals around the globe.
Lead current ISO 27001, SOC 2, and PCI compliance initiatives.
Spearhead initiatives to identify and improve security risks.
Conduct Risk Assessments within customer systems.
Canadian Bank Note Company (CBN) is a leader and trusted provider of secure document and adjacent enterprise-level system solutions across various domains. They seek long-term relationships with their employees and offer a competitive compensation package, including health, medical, life insurance benefits, and a defined contribution pension plan with company matching.
Own and lead Impiricus’s security architecture across AWS.
Design and implement application and infrastructure security controls across the SDLC.
Build and operate detection and response capabilities, including logging, monitoring, and alerting.
Impiricus is an AI-powered HCP Engagement Engine transforming how life sciences companies support physicians. They ethically connect HCPs to pharma resources and are known for their unique access to a large network of HCP advisors.
Drive security of systems at scale and influence security strategy.
Integrate security into our SDLC with a shift-left approach.
Build a culture where security empowers developers through best practices.
Boulevard provides a client experience platform for appointment-based, self-care businesses, empowering customers to enhance client experiences. They are a team that values diverse backgrounds and believes in equal opportunity, fostering an inclusive culture where employees can excel.
Serve as the dedicated security architect and strategic partner for Core DevOps functional leadership.
Lead security architecture and design work for strategic Core DevOps initiatives.
Identify, assess, and drive reduction of systemic security risks in the Product Security Risk Register.
GitLab is an open-core software company developing an AI-powered DevSecOps platform used by over 100,000 organizations. Their mission is to enable everyone to contribute to and co-create the software that powers our world, valuing every voice in their high-performance culture.
Conduct day-to-day risk ticket analysis and lead in-depth assessments of product launches and infrastructure changes.
Further operationalize and mature the One Twilio Risk Management framework leveraging risk management frameworks.
Build and optimize automated workflows that bridge the gap between compliance requirements and engineering productivity.
Twilio is shaping the future of communications, delivering innovative solutions to hundreds of thousands of businesses and empowering millions of developers worldwide. They have a strong culture of connection and global inclusion and are dedicated to remote-first work.
Lead execution of the enterprise information security program.
Oversee threat detection/response, vulnerability management, and incident response processes.
Partner with Engineering and Infrastructure teams to secure cloud environments and CI/CD pipelines.
bswift transforms benefits administration, making it simpler and smarter. They serve thousands of companies and millions of people nationwide, reducing administrative burdens and freeing HR teams to focus on creating thriving, people-first workplaces.
Drive and enable proactive identification, analysis, and remediation of security vulnerabilities.
Respond to manage pen testing and bug bounty programs.
Work in partnership with Software Architecture, Risk/Compliance, the SRE team, and other partners, to integrate security capabilities into the SDLC.
Subsplash builds The Ultimate Engagement Platform™ for churches, Christian ministries, non-profits, and businesses around the world. They are a family-owned and operated company of 290+ mission-driven people.
Mentor and develop security engineers and analysts.
Define and own the security strategy and roadmap.
Lead and scale the security function across vulnerability management.
Attentive is the AI marketing platform for 1:1 personalization redefining the way brands and people connect. They combine technology with human expertise to build authentic customer relationships, partnering with more than 8,000 customers across 70+ industries.
Perform reviews and approvals for security-related tasks.
Attend Architecture Committee and AI Committee meetings.
Maintain and update existing security reference architectures.
Veeam is the #1 global market leader in data resilience, believing businesses should control all their data whenever and wherever they need it. Based in Seattle, Veeam protects over 550,000 customers worldwide who trust Veeam to keep their businesses running.
Partner with Enterprise AEs and AMs to secure the technical win on Vanta’s most complex, strategic deals.
Own and execute the Solution Validation (Managed Pilot) process to prove technical feasibility and eliminate risk.
Act as the ‘Voice of the CISO’ by consolidating strategic product gaps and collaborating with Product and Engineering teams to influence product enhancements.
Vanta helps businesses earn and prove trust by enabling companies to practice better security and prove it with ease. They have a kind and talented team, and while some have prior security experience, many have been successful without it.
Lead security governance, risk management, and compliance efforts.
Oversee security operations and incident response.
Partner with IT, Clinical Operations, Privacy, and Compliance to ensure regulatory requirements and industry frameworks.
Tuesday Health is a value-based palliative care provider group dedicated to transforming serious illness and end-of-life care. Through their leading-edge care model, Tuesday Health is shaping the future of community-based palliative care nationwide.
Lead secure design reviews, threat modeling, and security-focused code reviews across the product and platform.
Build and run Fieldguide’s vulnerability management program: scanning, triage, SLA-driven remediation tracking, and engineering coordination.
Partner with Compliance to ensure technical controls satisfy framework requirements (SOC 2, ISO 27001, ISO 42001, FedRAMP).
Fieldguide is establishing a new state of trust for global commerce and capital markets through automating and streamlining the work of assurance and audit practitioners. They are based in San Francisco, CA, and built as a remote-first company that enables you to do your best work from anywhere.
Manage inbound security questionnaires from partner physician practices.
Lead security evaluations for Aledade’s vendors and analyze SOC2 reports.
Maintain and optimize our security response repository and identify bottlenecks.
Aledade empowers independent primary care, becoming the largest network of its kind in the US. The company fosters a collaborative, inclusive, and remote-first culture, aiming to improve healthcare for patients, practices, and society.
Own a portfolio of security programs (planning, resourcing, milestones, dependencies, risk/issue management, and outcomes).
Create and maintain multi-quarter roadmaps aligned to Keyrock’s business and operating model across venues and services (CEX/DEX and liquidity services).
Establish governance and operating cadence: steering meetings, status reporting, program reviews, and executive updates.
Keyrock is a leading change-maker in the digital asset space, renowned for its partnerships and innovation. They have over 200 team members around the world with a diverse team hailing from 42 nationalities, with backgrounds ranging from DeFi natives to PhDs.
Create, manage, and maintain the application security strategy and roadmap.
Develop, execute, and track the performance of security measures to protect Alma’s data, applications, and systems.
Build and provide high-quality application security documentation and training to engineers.
Alma simplifies access to high-quality, affordable mental health care by making it easy and financially rewarding for therapists to accept insurance. Alma has over 20,000 therapists in their growing network and was named one of Inc’s Best Workplaces in 2022 and 2023.
Lead, mentor, and grow a team of international and domestic risk analysts.
Conduct and oversee complex risk assessments across cloud environments and on-premise telecommunications systems.
Develop and deliver high-impact, executive-level risk reporting.
At Twilio, they're shaping the future of communications. They deliver innovative solutions to hundreds of thousands of businesses and empower millions of developers worldwide to craft personalized customer experiences, with a strong culture of connection and global inclusion.
Perform internal audits and vulnerability testing, ensuring security controls are monitored.
Lead security architecture governance for internal IT and projects, using Unified Architecture Framework.
Maintain compliance with security requirements and develop roadmaps to address evolving threats.
Jobgether is a platform connecting job seekers with companies. It uses AI-powered matching to ensure applications are reviewed quickly and fairly, identifying top candidates for employers.
Embed privacy-by-design principles into Docker products, services, and internal platforms.
Partner closely with Docker engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines.
Design, develop, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness.
Docker makes app development easier so developers can focus on what matters. Their remote-first team spans the globe and they are passionate about innovation and great developer experiences. With over 20 million monthly users and 20 billion image pulls, Docker is a trusted tool for building, sharing, and running apps.