Source Job

• Expand the application security landscape at Coupa
• Lead and execute Security Architecture Reviews, Threat Modeling, and Design Reviews
• Be a champion of Coupa’s Secure Software Development Lifecycle ( SSDLC ) methodologies

Coupa empowers businesses with a community-generated AI and spend management platform. They have a global network of 10M+ buyers and suppliers and value collaboration, teamwork, transparency, openness, and a shared commitment to excellence.

• Conduct regular security assessments, vulnerability scanning, and penetration testing of Veeam products and services
• Work with development teams to integrate secure development practices into the software development lifecycle
• Collaborate on the design and implementation of security within Veeam products

Veeam specializes in helping organizations ensure their data and AI are fully understood, secured, and resilient to enable the acceleration of safe AI at scale. They are headquartered in Seattle with offices in more than 30 countries, protecting over 550,000 customers worldwide.

• Define, implement, and document new security features
• Analyze, fix, and test vulnerabilities in open source software
• Audit and analyze source code for vulnerabilities

Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, they are changing the world on a daily basis and have 1200+ colleagues in 75+ countries.

• Work closely with engineering teams, PMs and external parties to ensure product security.
• Support the Bug Bounty program, triaging, prioritizing and fixing issues.
• Collaborate with infra security to level up our security posture.

RevenueCat helps developers build and scale in-app subscriptions by providing a monetization platform for mobile. They are a remote-first company of 120+ employees across 25 countries, and they value customer obsession and balance.

• Implementing and maintaining Application Security Testing (AST) tools to identify code and dependency vulnerabilities during the software development lifecycle.
• Implementing and maintaining Application Security Posture Management (ASPM) tools to centralize findings from multiple solutions and integrate into software development processes.
• Acting as the first line of support for users by helping resolve false positives, providing guidance on finding remediation, and evaluating security exception requests.

AbbVie discovers and delivers innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. They strive to have a remarkable impact on people's lives across several key therapeutic areas and products and services in their Allergan Aesthetics portfolio.

• Analyze security vulnerabilities and drive remediations.
• Integrate security at every stage of the SDLC.
• Deploy and manage security tooling.

Modern Health is a mental health benefits platform for employers, offering access to various resources for emotional, professional, social, financial, and physical well-being. They are the fastest entirely female-founded company in the U.S. to reach Unicorn status, with a unique culture centered around high empathy and accountability.

• Help scale NerdWallet’s application security program through automation, tooling, and developer enablement.
• Partner with engineering and product teams to identify and remediate security gaps across multiple systems while balancing business priorities.
• Build tools, processes, and automation that improve security posture visibility for engineers and leadership.

NerdWallet aims to bring clarity to life's financial decisions with a team of exceptional Nerds. They foster an inclusive, flexible, and candid culture where employees are empowered to grow and take risks, supporting well-being and development whether working remotely or in-office.

• Assist with the delivery of Application Security services.
• Contribute to Application Security research projects.
• Maintain a  strong desire to learn, adapt, and improve along with a rapidly-growing company

GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions and minimize risk. Since its inception in 2011, GuidePoint has grown to over 1,200 employees and established strategic partnerships with leading security vendors.

• Lead security architecture/design review and threat modeling sessions with product and engineering teams.
• Conduct hands-on penetration testing and security assessments across our full product stack.
• Drive PSIRT Operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity.

Greenlight is a family fintech company with a mission to help parents raise financially smart kids through their award-winning banking app. They serve over 6 million parents and kids, offering tools to automate allowance, manage chores, set spend controls, and invest.

• Integrate security activities across all SDLC phases.
• Partner closely with engineering teams to ensure secure development practices.
• Review security controls for new features, services, and architectural changes.

Infiterra simplifies subscription service delivery, enabling IT distributors, Managed Service Providers (MSPs), and telcos to succeed in the subscription economy. They are recognized as a global leader in subscription commerce, combining innovation, performance excellence, and trusted expertise to help partners transform and grow.

• Design, implement, and manage the integration of security tooling into CI/CD pipelines.
• Develop and maintain automation scripts to streamline security processes and workflows.
• Own the vulnerability management lifecycle: identification, triage, prioritization, and reporting.

MoonPay is a unified payments platform for digital currency, making it easy for anyone to buy, sell, swap, and pay in digital currencies. Trusted by over 30 million customers and over 500 ecosystem partners, MoonPay's secure, enterprise-grade platform is driving mainstream crypto adoption worldwide.

• Improve the security properties of Tailscale by identifying opportunities for security and privacy features, bug fixes, and defense-in-depth.
• Audit Tailscale features for technical security weaknesses, identifying mitigations or solutions, and driving them towards resolution.
• Support engineering decisions with threat modeling and security analysis and expertise.

Tailscale is building software that makes it easy to securely interconnect people and their devices, no matter where they are. Founded in 2019 and fully distributed, they are backed by Accel, CRV, Insight, Heavybit, and Uncork Capital.

• Lead application security reviews and threat modeling.
• Develop automated testing and mature our Secure SDLC.
• Own and perform application security vulnerability management.

TRM Labs provides blockchain analytics and AI solutions to help law enforcement, national security agencies, financial institutions, and cryptocurrency businesses detect and disrupt crypto-related fraud and financial crime. They are a Series C company with $220M in funding and operate as a distributed-first company.

• Build proactive security automation aimed at decreasing manual remediation work.
• Research new and novel ways to accomplish security work and publish your findings on our blog.
• Participate in a monthly security on-call rotation for critical escalations.

Automox is a cloud-native IT operations platform that helps modern organizations keep every endpoint automatically configured, patched, and secured – anywhere in the world. They are trusted by more than 2,500 leading companies and MSPs worldwide and value a ‘one team’ mentality where everyone’s unique skills contribute to an environment that encourages collaboration and ownership.

• Understand the abuse risks faced by customers.
• Design and deploy the anti-abuse controls for features.
• Research, plan, and build anti-abuse architectures for products and features

Redapt Inc. is a pioneering world-class data center infrastructure integrator, technology engineering firm, and cloud services provider. They focus on delivering innovative solutions and services that power their customers' most demanding applications and enable them to extract powerful insights from data that drive true business value.

• Serve as trusted advisor to team’s leadership and partner teams by clearly articulating business risks associated with security issues
• Lead security operation functions – including vulnerability management, SAST, DAST, detection engineering, and incident response – in CI/CD and cloud-native production environments
• Integrate security into our applications throughout the software development lifecycle

They are scaling intelligence to serve humanity by training and deploying frontier models for developers and enterprises, building AI systems to power magical experiences. Cohere is composed of researchers, engineers, and designers who are passionate about their craft, and believes that a diverse range of perspectives is a requirement for building great products.

• Own end-to-end application security for all Self products
• Partner closely with engineering and product teams to remediate critical security findings
• Support SOC 2 and PCI compliance efforts, including audit preparation and evidence collection

Self Financial is a venture-backed, high-growth FinTech company with a mission to increase economic inclusion and financial resilience by empowering people to build credit and build savings. They are passionate about challenging the status quo of the credit industry by providing people accessible tools to take control of their credit.

• Work with development and product teams on security.
• Review code and make decisions about secure coding.
• Code solutions for preventative measures and alerts.

BetterHelp is the world’s largest online therapy service, providing affordable and convenient therapy across the globe. The company's network of over 30,000 licensed therapists has helped millions of people take ownership of their mental health. As a mental health company, they deeply invest in their team’s well-being and professional development.

• Partner with engineering teams to conduct threat modeling.
• Build and maintain automated scanning, penetration testing frameworks, and monitoring tools within our AWS CI/CD pipelines.
• Champion a "security-first" mindset and host workshops that empower developers to write secure code.

Panopto is a customer-centric learning technology company and the leader in visual and audio-based learning. They empower organizations to share knowledge effortlessly. Panopto has been adopted by more than 1,600 companies and universities worldwide with over 11 million end users.

• Lead, develop, and mentor a team of Product Security Architects.
• Own and continuously evolve the Product Security Architecture strategy.
• Oversee and mature the Product Security Risk Register.

GitLab is the intelligent orchestration platform for DevSecOps. They enable organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. They have more than 50 million registered users and they value high-performance culture is driven by values and continuous knowledge exchange.