Reports to: Chief Security Officer

Location: Remote US

Compensation Range: $220,000 to $240,000 base plus bonus and equity

What We Do:

Cybercrime is growing, and more businesses are getting hit by threats that used to target only the biggest organizations. That pushes defenders like us to operate at the highest level, and it deepens our need for good people who want to make a meaningful impact.

Founded in 2015 by former NSA cyber operators, Huntress is a remote-first team working to make enterprise-grade cybersecurity accessible to businesses of all sizes. We work closely with security teams and service providers protecting complex environments, often without the time or headcount to handle it all. That’s why we build our technology in-house and back it with a 24⁄7 human-led Security Operations Center (SOC). As a result, our platform is never disconnected from the experts who manage it, ensuring our customers’ protection.

Huntress now secures more than 5M endpoints and 11M identities worldwide. Those numbers keep growing because more businesses rely on us to help carry the load and operate with more confidence. Every day, you can see that commitment in how we stand with our customers and how we show up for each other.

What You’ll Do

We are seeking a strategic leader to own the future of Detection Engineering & Threat Hunting at Huntress. As a Director, you will manage multiple sub-teams (via Managers) and serve as a trusted advisor to the Sr. Dir of Threat Detection and Response.

Your mission is to align the DE&TH function with the broader company strategy. As we scale, you will determine the structural, technological, and budgetary requirements needed to maintain superior detection efficacy. You will own the relationship with the Product organization. Ensuring that our defensive strategy evolves faster than the adversaries we protect against.

Responsibilities

• Strategy & Vision: Set the direction, strategy, and vision for the entire DE&TH function. You will define the team’s 12-18-month prioritization.
• Manage a team of Managers: You will manage at least two teams or sub-teams via other managers. Your focus is on developing their leadership capabilities, enabling them to execute effectively, and holding them accountable for the health and output of their team.
• Budgeting & Planning: Propose and own plans for budgeting, execution, and hiring. You will develop capacity models to ensure our team’s growth aligns with our overall growth, presenting these resource needs to executive leadership.
• Cross-Functional Leadership: Strategize with senior leaders across Product, Engineering, and Security. You are a key stakeholder in the company’s direction, advocating for the telemetry and architectural changes required to support future detection use cases.
• Systemic Problem Solving: Identify and surface patterns to leadership regarding root causes of problems. You anticipate future challenges and own the delivery of solutions before they become bottlenecks.
• Culture & Standards: Exemplify and hold others accountable to the management standards of the company. You are responsible for creating a diverse, inclusive, and high-performing culture across the entire function.

What You Bring To The Team

• Strategic Leadership: 5+ years of experience in cybersecurity, with significant experience managing managers. You have led large, high-priority projects that impacted the company’s direction.
• Visionary Thinking: You can look past the current quarter. You understand the “Macro” of the threat landscape and can translate that into a “Micro” plan for your teams.
• Business Acumen: You understand how a SOC fits into the business model. You can articulate the ROI of detection engineering and threat hunting to non-technical stakeholders and manage a department budget.
• Force Multiplier: You excel at empowering others. You don’t solve problems for your team; you build the structures and frameworks that allow your team to solve problems themselves while you focus on accountability and scalability.

What We Offer:

• 100% remote work environment - since our founding in 2015
• Generous paid time off policy, including vacation, sick time, and paid holidays
• 12 weeks of paid parental leave
• Highly competitive and comprehensive medical, dental, and vision benefits plans
• 401(k) with a 5% contribution regardless of employee contribution
• Life and Disability insurance plans
• Stock options for all full-time employees
• One-time $500 reimbursement for building/upgrading home office
• Annual allowance for education and professional development assistance
• $75 USD/month digital reimbursement
• Access to the BetterUp platform for coaching, personal, and professional growth

Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are.

We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status.

We do discriminate against hackers who try to exploit businesses of all sizes.

Accommodations:

If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to accommodations@huntresslabs.com . Please note that non-accommodation requests to this inbox will not receive a response.

Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights.

#BI-Remote

Reports to: Chief Security Officer

Location: Remote US

Compensation Range: $220,000 to $240,000 base plus bonus and equity

What We Do:

Cybercrime is growing, and more businesses are getting hit by threats that used to target only the biggest organizations. That pushes defenders like us to operate at the highest level, and it deepens our need for good people who want to make a meaningful impact.

Founded in 2015 by former NSA cyber operators, Huntress is a remote-first team working to make enterprise-grade cybersecurity accessible to businesses of all sizes. We work closely with security teams and service providers protecting complex environments, often without the time or headcount to handle it all. That’s why we build our technology in-house and back it with a 24⁄7 human-led Security Operations Center (SOC). As a result, our platform is never disconnected from the experts who manage it, ensuring our customers’ protection.

Huntress now secures more than 5M endpoints and 11M identities worldwide. Those numbers keep growing because more businesses rely on us to help carry the load and operate with more confidence. Every day, you can see that commitment in how we stand with our customers and how we show up for each other.

What You’ll Do

We are seeking a strategic leader to own the future of Detection Engineering & Threat Hunting at Huntress. As a Director, you will manage multiple sub-teams (via Managers) and serve as a trusted advisor to the Sr. Dir of Threat Detection and Response.

Your mission is to align the DE&TH function with the broader company strategy. As we scale, you will determine the structural, technological, and budgetary requirements needed to maintain superior detection efficacy. You will own the relationship with the Product organization. Ensuring that our defensive strategy evolves faster than the adversaries we protect against.

Responsibilities

• Strategy & Vision: Set the direction, strategy, and vision for the entire DE&TH function. You will define the team’s 12-18-month prioritization.
• Manage a team of Managers: You will manage at least two teams or sub-teams via other managers. Your focus is on developing their leadership capabilities, enabling them to execute effectively, and holding them accountable for the health and output of their team.
• Budgeting & Planning: Propose and own plans for budgeting, execution, and hiring. You will develop capacity models to ensure our team’s growth aligns with our overall growth, presenting these resource needs to executive leadership.
• Cross-Functional Leadership: Strategize with senior leaders across Product, Engineering, and Security. You are a key stakeholder in the company’s direction, advocating for the telemetry and architectural changes required to support future detection use cases.
• Systemic Problem Solving: Identify and surface patterns to leadership regarding root causes of problems. You anticipate future challenges and own the delivery of solutions before they become bottlenecks.
• Culture & Standards: Exemplify and hold others accountable to the management standards of the company. You are responsible for creating a diverse, inclusive, and high-performing culture across the entire function.

What You Bring To The Team

• Strategic Leadership: 5+ years of experience in cybersecurity, with significant experience managing managers. You have led large, high-priority projects that impacted the company’s direction.
• Visionary Thinking: You can look past the current quarter. You understand the “Macro” of the threat landscape and can translate that into a “Micro” plan for your teams.
• Business Acumen: You understand how a SOC fits into the business model. You can articulate the ROI of detection engineering and threat hunting to non-technical stakeholders and manage a department budget.
• Force Multiplier: You excel at empowering others. You don’t solve problems for your team; you build the structures and frameworks that allow your team to solve problems themselves while you focus on accountability and scalability.

What We Offer:

• 100% remote work environment - since our founding in 2015
• Generous paid time off policy, including vacation, sick time, and paid holidays
• 12 weeks of paid parental leave
• Highly competitive and comprehensive medical, dental, and vision benefits plans
• 401(k) with a 5% contribution regardless of employee contribution
• Life and Disability insurance plans
• Stock options for all full-time employees
• One-time $500 reimbursement for building/upgrading home office
• Annual allowance for education and professional development assistance
• $75 USD/month digital reimbursement
• Access to the BetterUp platform for coaching, personal, and professional growth

Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are.

We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status.

We do discriminate against hackers who try to exploit businesses of all sizes.

Accommodations:

If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to accommodations@huntresslabs.com . Please note that non-accommodation requests to this inbox will not receive a response.

Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights.

#BI-Remote

Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you’re brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you’re excited to shape the future of design and collaboration, join us!

Figma’s Security team is growing, and we’re looking for a Security Operations Manager to lead the strategy and execution of our security operations program. In this role, you’ll build and scale the systems, processes, and tooling that help protect Figma and our community. You’ll partner closely with Security Engineering, Platform Security, IT, GRC, and Legal to strengthen our detection and response capabilities, improve operational resilience, and help shape the future of our DART and SOC functions.

This is a full time role that can be held from one of our US hubs or remotely in the United States.

What you’ll do at Figma:

• Own Figma’s security monitoring and incident response program, from detection engineering through post-incident review and continuous improvement
• Build and automate security operations workflows, including alert triage, enrichment, investigation, and response actions using SOAR and custom tooling
• Develop and maintain incident response run books, escalation procedures, and communication plans for security events of varying severity
• Lead incident response preparedness initiatives, including tabletop exercises, red team engagements, and response capability assessments
• Improve the effectiveness of our SIEM and SOAR platforms by reducing noise, increasing signal fidelity, and closing detection coverage gaps
• Build and operationalize threat intelligence capabilities to identify adversary behaviors, prioritize investments, and strengthen detection and response programs
• Partner with Legal, Privacy, and Communications teams to support breach notification and regulatory response obligations during significant security incidents
• Drive security operations strategy through vendor management, operational metrics, and cross-functional initiatives spanning IAM, vulnerability management, DLP, and exposure reduction

We’d love to hear from you if you have:

• 7+ years of experience in security operations, incident response, or a related security engineering function
• Hands-on experience building and automating detection and response workflows using scripting, APIs, or security automation platforms
• Deep expertise with SIEM and SOAR technologies in a cloud-native or SaaS environment
• Demonstrated success building, scaling, or significantly improving a detection and response program
• Experience leading complex security incidents and partnering with Legal, Privacy, and business stakeholders during high-impact events

While it’s not required, it’s an added plus if you also have:

• Operated in a public company environment with SOX, ISO 27001, SOC 2, or FedRAMP requirements
• Applied AI risk management frameworks such as NIST AI RMF, OECD AI Principles, or ISO 42001
• Utilized AI-powered tools to automate security operations workflows and improve team efficiency

At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop their skills. If you’re excited about this role but your past experience doesn’t align perfectly with the points outlined in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

Pay Transparency Disclosure

If based in Figma’s San Francisco or New York hub offices, this role has the annual base salary range stated below.

Job level and actual compensation will be decided based on factors including, but not limited to, individual qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), market demands, and specific work location. The listed range is a guideline, and the range for this role may be modified. For roles that are available to be filled remotely, the pay range is localized according to employee work location by a factor of between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information.

Figma offers equity to employees, as well a competitive package of additional benefits, including health, dental & vision, retirement with company contribution, parental leave & reproductive or family planning support, mental health & wellness benefits, generous PTO, company recharge days, a learning & development stipend, a work from home stipend, and cell phone reimbursement.  Figma also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. Figma’s compensation and benefits are subject to change and may be modified in the future.

Annual Base Salary Range:

$185,000—$296,000 USD

At Figma we celebrate and support our differences. We know employing a team rich in diverse thoughts, experiences, and opinions allows our employees, our product and our community to flourish. Figma is an equal opportunity workplace - we are dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity/expression, veteran status , or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

We will work to ensure individuals with disabilities are provided reasonable accommodation to apply for a role, participate in the interview process, perform essential job functions, and receive other benefits and privileges of employment. If you require accommodation, please reach out to accommodations-ext@figma.com. These modifications enable an individual with a disability to have an equal opportunity not only to get a job, but successfully perform their job tasks to the same extent as people without disabilities.

Examples of accommodations include but are not limited to:

• Holding interviews in an accessible location
• Enabling closed captioning on video conferencing
• Ensuring all written communication be compatible with screen readers
• Changing the mode or format of interviews

To ensure the integrity of our hiring process and facilitate a more personal connection, we require all candidates keep their cameras on during video interviews. Additionally, if hired you will be required to attend in person onboarding.

By applying for this job, the candidate acknowledges and agrees that any personal data contained in their application or supporting materials will be processed in accordance with Figma’s Candidate Privacy Notice.

Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you’re brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you’re excited to shape the future of design and collaboration, join us!

Figma’s Security team is growing, and we’re looking for a Security Operations Manager to lead the strategy and execution of our security operations program. In this role, you’ll build and scale the systems, processes, and tooling that help protect Figma and our community. You’ll partner closely with Security Engineering, Platform Security, IT, GRC, and Legal to strengthen our detection and response capabilities, improve operational resilience, and help shape the future of our DART and SOC functions.

This is a full time role that can be held from one of our US hubs or remotely in the United States.

What you’ll do at Figma:

• Own Figma’s security monitoring and incident response program, from detection engineering through post-incident review and continuous improvement
• Build and automate security operations workflows, including alert triage, enrichment, investigation, and response actions using SOAR and custom tooling
• Develop and maintain incident response run books, escalation procedures, and communication plans for security events of varying severity
• Lead incident response preparedness initiatives, including tabletop exercises, red team engagements, and response capability assessments
• Improve the effectiveness of our SIEM and SOAR platforms by reducing noise, increasing signal fidelity, and closing detection coverage gaps
• Build and operationalize threat intelligence capabilities to identify adversary behaviors, prioritize investments, and strengthen detection and response programs
• Partner with Legal, Privacy, and Communications teams to support breach notification and regulatory response obligations during significant security incidents
• Drive security operations strategy through vendor management, operational metrics, and cross-functional initiatives spanning IAM, vulnerability management, DLP, and exposure reduction

We’d love to hear from you if you have:

• 7+ years of experience in security operations, incident response, or a related security engineering function
• Hands-on experience building and automating detection and response workflows using scripting, APIs, or security automation platforms
• Deep expertise with SIEM and SOAR technologies in a cloud-native or SaaS environment
• Demonstrated success building, scaling, or significantly improving a detection and response program
• Experience leading complex security incidents and partnering with Legal, Privacy, and business stakeholders during high-impact events

While it’s not required, it’s an added plus if you also have:

• Operated in a public company environment with SOX, ISO 27001, SOC 2, or FedRAMP requirements
• Applied AI risk management frameworks such as NIST AI RMF, OECD AI Principles, or ISO 42001
• Utilized AI-powered tools to automate security operations workflows and improve team efficiency

At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop their skills. If you’re excited about this role but your past experience doesn’t align perfectly with the points outlined in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

Pay Transparency Disclosure

If based in Figma’s San Francisco or New York hub offices, this role has the annual base salary range stated below.

Job level and actual compensation will be decided based on factors including, but not limited to, individual qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), market demands, and specific work location. The listed range is a guideline, and the range for this role may be modified. For roles that are available to be filled remotely, the pay range is localized according to employee work location by a factor of between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information.

Figma offers equity to employees, as well a competitive package of additional benefits, including health, dental & vision, retirement with company contribution, parental leave & reproductive or family planning support, mental health & wellness benefits, generous PTO, company recharge days, a learning & development stipend, a work from home stipend, and cell phone reimbursement.  Figma also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. Figma’s compensation and benefits are subject to change and may be modified in the future.

Annual Base Salary Range:

$185,000—$296,000 USD

At Figma we celebrate and support our differences. We know employing a team rich in diverse thoughts, experiences, and opinions allows our employees, our product and our community to flourish. Figma is an equal opportunity workplace - we are dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity/expression, veteran status , or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

We will work to ensure individuals with disabilities are provided reasonable accommodation to apply for a role, participate in the interview process, perform essential job functions, and receive other benefits and privileges of employment. If you require accommodation, please reach out to accommodations-ext@figma.com. These modifications enable an individual with a disability to have an equal opportunity not only to get a job, but successfully perform their job tasks to the same extent as people without disabilities.

Examples of accommodations include but are not limited to:

• Holding interviews in an accessible location
• Enabling closed captioning on video conferencing
• Ensuring all written communication be compatible with screen readers
• Changing the mode or format of interviews

To ensure the integrity of our hiring process and facilitate a more personal connection, we require all candidates keep their cameras on during video interviews. Additionally, if hired you will be required to attend in person onboarding.

By applying for this job, the candidate acknowledges and agrees that any personal data contained in their application or supporting materials will be processed in accordance with Figma’s Candidate Privacy Notice.

Headquarters: Remote

About the Company

Valon is building the AI-native operating system for regulated finance, starting with mortgage servicing.

We're a Series C company backed by a16z, transforming industries that others have written off as too complex to innovate.

Rather than build on top of broken legacy systems, we took a different approach: we built and operate our own mortgage servicing business managing $110+ billion in loans. This wasn't the end goal, it was how we deeply understood the complexity needed to build software that actually works in regulated industries.

The results speak for themselves. We've transformed mortgage servicing from a 0% margin business into 60%+ margins while dramatically improving customer experience. Major enterprise contracts are now deploying across the industry.

ValonOS is our unified platform that makes every process structured and programmable and it is perfectly positioned for the AI era. When everything flows through one system with rich data, AI agents don't just automate tasks, they continuously improve entire operations. Mortgage servicing is just the beginning of our vision to transform regulated industries and beyond.

Security at Valon

Our customers entrust us with some of their most sensitive and personal financial information, and it is the ultimate mission of Valon’s Security team to ensure we have sound programs, processes, and automation in place to safeguard our customers’ data. The Security team protects the infrastructure and data for processing billions of dollars of mortgage loans.

In addition to protecting Valon’s internal systems, the Security team partners closely with Product and Engineering to design and deliver secure, scalable, and trustworthy capabilities for ValonOS. We work cross-functionally across all teams at Valon to enable security throughout the organization. We engage with external security auditors, pentesting firms, and partners to continuously evaluate Valon’s security posture.

Valon offices are located in New York City and San Francisco, but we fully support remote work!

About the Role

We are seeking a seasoned and highly skilled Staff Product Security Engineer - Customer Platform to join our growing team! As a key security member at Valon, you will play a critical role in ensuring the security of our organization's systems, cloud infrastructure, products, and data.

This role blends product security architecture and technical control implementation, incorporating security by design into ValonOS. You will be hands-on and help shape how security is designed, built, and scaled across our SaaS platform both in foundational infrastructure and in customer-facing security features.

Responsibilities

• Define and evolve product security architecture and strategy for Valon’s multi-tenant SaaS platform

• Architect and guide secure implementation of customer-facing security capabilities in conjunction with Engineering (e.g., authentication / authorization models, identity integration, access controls, audit and logging, encryption / key management)

• Build and maintain security reference architectures and standardized secure design patterns for product teams

• Lead threat modeling, security design and code reviews for new features, services, and major architectural changes

• Collaborate with Product, Engineering, Data, Compliance, Legal, and other teams to identify and drive mitigation for product and data security risks

• Support vulnerability triage, remediation strategy, and root cause analysis for product security issues

• Support security compliance and regulatory needs (e.g., SOC 2, CCPA, NYDFS, FTC), including customer-facing security discussions and due diligence

• Develop, implement, and enforce security policies, standards, and procedures

• Support operational activities including security advisory and consultative reviews, incident response, issue remediation, and other security processes

Ideal Background

• Extensive experience in product security, application security, or security architecture roles, with ownership of security design for SaaS platforms including multi-tenancy and customer-facing security capabilities.

• Strong background in cloud security and modern infrastructure, with hands-on experience securing cloud environments (GCP preferred).

• Proven experience in SaaS IAM and tenant security (e.g., authentication/authorization, RBAC, SSO/SAML/OIDC, SCIM, MFA, audit logs).

• Expertise in designing secure platform controls (e.g., APIs, service-to-service auth, encryption/KMS/CMEK, logging/monitoring)

• Demonstrated ability to build and maintain security reference architectures.

• Expert-level experience leading threat modeling and security design reviews including security-focused code reviews.

• Applied knowledge with industry security and compliance frameworks (OWASP, NIST, CIS, SOC 2/ISO 27001 concepts)

• Highly hands-on engineer with proven ability to operate autonomously, drive multiple complex cross-functional efforts, and influence independently.

• Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders.

• Prior software engineering experience and/or coding ability (Python) is preferred.

• Experience working in high-growth or startup environments is a plus.

Minimum Qualifications

• 8+ years in progressive senior security engineering or architect level roles, with 3+ years leading security design for enterprise-grade cloud and SaaS platforms

• Bachelor's degree in Information Security, Computer Science, Technology or related field

• Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP or similar)

• Proven ability to design security reference architectures and implement customer platform security controls and technologies (IAM, API security, encryption/key management, logging/monitoring and others)

• Hands-on experience with modern security technologies and tooling across cloud and application security

Benefits

• Base Compensation Band: $190K - $260K. Base salary offered is determined by a number of factors including the candidate’s experience, qualifications, and skills

  • This Base Compensation pay range applies to our New York City located staff and may differ according to location.

• Compensation: Competitive salary with a meaningful stake in the company via equity, and 401k plan

• Health & well-being: We’ll invest in your physical and mental well-being with comprehensive medical, dental, & vision benefits

• Commuter benefits: We offer pre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenient

• Grow together: Company wide orientation for you to successfully onboard and other learning & development opportunities including regular review cycles that feature 360 degree feedback

• Play together: Quarterly budgets for team and company outings. Use it for team swag, cooking classes, or team dinners!

• Generous time off: Flexible paid time off, sick days, and 11 company holidays

• Baby bonding time!: 12 weeks off for both birthing and non-birthing parents - fully paid so you can focus your energy on your newest addition

Throughout the interview process, please remember that emails will only be from valon.com email addresses. We will never ask for any personally identifiable information during the interview process itself. Please reach out to talent@valon.com if you have any requests to verify the authenticity of an outreach.

Valon is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. Valon makes hiring decisions based solely on qualifications, merit, and business needs at the time.

To apply: https://weworkremotely.com/remote-jobs/valon-tech-staff-product-security-engineer-customer-platform

Reports to: Sr. Director of Adversary Tactics

Location: Remote US

Compensation Range: $190,000.00 to $210,000.00  base plus bonus and equity

What We Do:

Cybercrime is growing, and more businesses are getting hit by threats that used to target only the biggest organizations. That pushes defenders like us to operate at the highest level, and it deepens our need for good people who want to make a meaningful impact.

Founded in 2015 by former NSA cyber operators, Huntress is a remote-first team working to make enterprise-grade cybersecurity accessible to businesses of all sizes. We work closely with security teams and service providers protecting complex environments, often without the time or headcount to handle it all. That’s why we build our technology in-house and back it with a 24⁄7 human-led Security Operations Center (SOC). As a result, our platform is never disconnected from the experts who manage it, ensuring our customers’ protection.

Huntress now secures more than 5M endpoints and 11M identities worldwide. Those numbers keep growing because more businesses rely on us to help carry the load and operate with more confidence. Every day, you can see that commitment in how we stand with our customers and how we show up for each other.

What You’ll Do:

The Huntress Adversary Tactics team has the unique honor of waking up every morning knowing we’re going to make hackers regret targeting our partners and customers. We’re looking for someone who wants to pour their creativity into researching, hunting, and uncovering threats in our customer networks. Competitive candidates have experience leading a team of researchers across the threat intelligence cycle. Candidates should also have experience creating Threat Intelligence reports, advocating for product enhancements, and public speaking.

Threat Intelligence Analysts aggregate threat data from the previous month and build out reports for our customers. These reports may also be used for marketing and help illustrate the value of what Huntress provides to customers and the community. Threat Intelligence Analysts are also responsible for writing blog posts and marketing materials regarding emerging threat trends. They also work closely with Security Researchers and Analysts to obtain more context about threat data.

Familiarity with product management, scripting/development, incident response, malware analysis, configuration management, and antivirus technologies is an additional way to differentiate yourself.

As you can imagine, success doesn’t happen in a vacuum. An effective hunter fosters highly collaborative environments between the Product, Marketing, and Security Operations Center teams to accelerate our mission and secure the 99% of businesses that fall below the enterprise poverty line. This collaboration is needed to produce and prioritize a unified technical vision, ultimately delivering our most impactful features and capabilities.

We defend over 5 million endpoints and 11 million identities, and that number continues to grow each month, across tens of thousands of mid-sized and small business customers. Given this market’s tighter budgets, it’s impossible to assign human analysts to each client. The Adversary Tactics team addresses this challenge head-on by providing input to build and scale highly automated efficiencies—often lightly augmented by our Security Operations Analysts—that make intruders earn every inch of their access while maintaining affordability and healthy gross margins.

Responsibilities:

• Conducts research on emerging adversary tradecraft in the identity space (Microsoft 365, Google) to help scope and conduct hunt missions
• Responsible for aggregating threat data to build out reports for customers to show Huntress’ value, and inform them of various threats that have been seen and reported
• Responsible for creating reports for marketing to show Huntress’ value to the larger community
• Promote Huntress’ reputation through media interaction, public speaking, and blogs
• Works with the Sr. Director of Adversary Tactics, the Security Operations Center, Product, and others to develop the Product and threat operations roadmap
• Provides technical leadership for some members of the Security teams
• Supports the professional development of researchers and others in the organization through coaching and mentorship
• Responsible for enhancing Huntress visibility by ingesting and utilizing IOCs from external threat intel sources
• Responsible for blog posts and other marketing materials regarding threat trends
• Excellent written and verbal communication skills
• Familiarity with utilizing AI in workflows

What You Bring To The Team:

• Minimum of 5 years of experience in the field of Threat Intelligence
• Experience with SIEM tools for scaled log analysis
• Familiarity with detection engineering, detection logic, i.e., Sigma Rules
• Experience researching and scoping threat hunt missions
• Understanding of cybersecurity, threat actors, and end-to-end threat life cycle, including one or more of the following: digital forensics, malware research, incident response, vulnerabilities, and exploits
• Experience with 3rd-party intelligence tools, feeds, and reputation services.
• Experience conducting OSINT gathering and analysis
• Foundational development experience across multiple platforms (e.g., Windows and/or macOS), C/C++, GoLang, and Python (nice to have)
• Proficient knowledge of Windows and/or macOS subsystems and how they interact both at the user and kernel level (nice to have)

What We Offer:

• 100% remote work environment - since our founding in 2015
• Generous paid time off policy, including vacation, sick time, and paid holidays
• 12 weeks of paid parental leave
• Highly competitive and comprehensive medical, dental, and vision benefits plans
• 401(k) with a 5% contribution regardless of employee contribution
• Life and Disability insurance plans
• Stock options for all full-time employees
• One-time $500 reimbursement for building/upgrading home office
• Annual allowance for education and professional development assistance
• $75 USD/month digital reimbursement
• Access to the BetterUp platform for coaching, personal, and professional growth

Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are.

We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status.

We do discriminate against hackers who try to exploit businesses of all sizes.

Accommodations:

If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to accommodations@huntresslabs.com . Please note that non-accommodation requests to this inbox will not receive a response.

Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process, but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights.

#BI-Remote

Reports to: Sr. Director of Adversary Tactics

Location: Remote US

Compensation Range: $190,000.00 to $210,000.00  base plus bonus and equity

What We Do:

Cybercrime is growing, and more businesses are getting hit by threats that used to target only the biggest organizations. That pushes defenders like us to operate at the highest level, and it deepens our need for good people who want to make a meaningful impact.

Founded in 2015 by former NSA cyber operators, Huntress is a remote-first team working to make enterprise-grade cybersecurity accessible to businesses of all sizes. We work closely with security teams and service providers protecting complex environments, often without the time or headcount to handle it all. That’s why we build our technology in-house and back it with a 24⁄7 human-led Security Operations Center (SOC). As a result, our platform is never disconnected from the experts who manage it, ensuring our customers’ protection.

Huntress now secures more than 5M endpoints and 11M identities worldwide. Those numbers keep growing because more businesses rely on us to help carry the load and operate with more confidence. Every day, you can see that commitment in how we stand with our customers and how we show up for each other.

What You’ll Do:

The Huntress Adversary Tactics team has the unique honor of waking up every morning knowing we’re going to make hackers regret targeting our partners and customers. We’re looking for someone who wants to pour their creativity into researching, hunting, and uncovering threats in our customer networks. Competitive candidates have experience leading a team of researchers across the threat intelligence cycle. Candidates should also have experience creating Threat Intelligence reports, advocating for product enhancements, and public speaking.

Threat Intelligence Analysts aggregate threat data from the previous month and build out reports for our customers. These reports may also be used for marketing and help illustrate the value of what Huntress provides to customers and the community. Threat Intelligence Analysts are also responsible for writing blog posts and marketing materials regarding emerging threat trends. They also work closely with Security Researchers and Analysts to obtain more context about threat data.

Familiarity with product management, scripting/development, incident response, malware analysis, configuration management, and antivirus technologies is an additional way to differentiate yourself.

As you can imagine, success doesn’t happen in a vacuum. An effective hunter fosters highly collaborative environments between the Product, Marketing, and Security Operations Center teams to accelerate our mission and secure the 99% of businesses that fall below the enterprise poverty line. This collaboration is needed to produce and prioritize a unified technical vision, ultimately delivering our most impactful features and capabilities.

We defend over 5 million endpoints and 11 million identities, and that number continues to grow each month, across tens of thousands of mid-sized and small business customers. Given this market’s tighter budgets, it’s impossible to assign human analysts to each client. The Adversary Tactics team addresses this challenge head-on by providing input to build and scale highly automated efficiencies—often lightly augmented by our Security Operations Analysts—that make intruders earn every inch of their access while maintaining affordability and healthy gross margins.

Responsibilities:

• Conducts research on emerging adversary tradecraft in the identity space (Microsoft 365, Google) to help scope and conduct hunt missions
• Responsible for aggregating threat data to build out reports for customers to show Huntress’ value, and inform them of various threats that have been seen and reported
• Responsible for creating reports for marketing to show Huntress’ value to the larger community
• Promote Huntress’ reputation through media interaction, public speaking, and blogs
• Works with the Sr. Director of Adversary Tactics, the Security Operations Center, Product, and others to develop the Product and threat operations roadmap
• Provides technical leadership for some members of the Security teams
• Supports the professional development of researchers and others in the organization through coaching and mentorship
• Responsible for enhancing Huntress visibility by ingesting and utilizing IOCs from external threat intel sources
• Responsible for blog posts and other marketing materials regarding threat trends
• Excellent written and verbal communication skills
• Familiarity with utilizing AI in workflows

What You Bring To The Team:

• Minimum of 5 years of experience in the field of Threat Intelligence
• Experience with SIEM tools for scaled log analysis
• Familiarity with detection engineering, detection logic, i.e., Sigma Rules
• Experience researching and scoping threat hunt missions
• Understanding of cybersecurity, threat actors, and end-to-end threat life cycle, including one or more of the following: digital forensics, malware research, incident response, vulnerabilities, and exploits
• Experience with 3rd-party intelligence tools, feeds, and reputation services.
• Experience conducting OSINT gathering and analysis
• Foundational development experience across multiple platforms (e.g., Windows and/or macOS), C/C++, GoLang, and Python (nice to have)
• Proficient knowledge of Windows and/or macOS subsystems and how they interact both at the user and kernel level (nice to have)

What We Offer:

• 100% remote work environment - since our founding in 2015
• Generous paid time off policy, including vacation, sick time, and paid holidays
• 12 weeks of paid parental leave
• Highly competitive and comprehensive medical, dental, and vision benefits plans
• 401(k) with a 5% contribution regardless of employee contribution
• Life and Disability insurance plans
• Stock options for all full-time employees
• One-time $500 reimbursement for building/upgrading home office
• Annual allowance for education and professional development assistance
• $75 USD/month digital reimbursement
• Access to the BetterUp platform for coaching, personal, and professional growth

Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are.

We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status.

We do discriminate against hackers who try to exploit businesses of all sizes.

Accommodations:

If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to accommodations@huntresslabs.com . Please note that non-accommodation requests to this inbox will not receive a response.

Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process, but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights.

#BI-Remote

Reports to: Sr. Director of Adversary Tactics

Location: Remote US

Compensation Range: $190,000.00 to $210,000.00  base plus bonus and equity

What We Do:

Cybercrime is growing, and more businesses are getting hit by threats that used to target only the biggest organizations. That pushes defenders like us to operate at the highest level, and it deepens our need for good people who want to make a meaningful impact.

Founded in 2015 by former NSA cyber operators, Huntress is a remote-first team working to make enterprise-grade cybersecurity accessible to businesses of all sizes. We work closely with security teams and service providers protecting complex environments, often without the time or headcount to handle it all. That’s why we build our technology in-house and back it with a 24⁄7 human-led Security Operations Center (SOC). As a result, our platform is never disconnected from the experts who manage it, ensuring our customers’ protection.

Huntress now secures more than 5M endpoints and 11M identities worldwide. Those numbers keep growing because more businesses rely on us to help carry the load and operate with more confidence. Every day, you can see that commitment in how we stand with our customers and how we show up for each other.

What You’ll Do:

The Huntress Adversary Tactics team has the unique honor of waking up every morning knowing we’re going to make hackers regret targeting our partners and customers. We’re looking for someone who wants to pour their creativity into researching, hunting, and uncovering threats in our customer networks. Competitive candidates have experience leading a team of researchers across the threat intelligence cycle. Candidates should also have experience creating Threat Intelligence reports, advocating for product enhancements, and public speaking.

Threat Intelligence Analysts aggregate threat data from the previous month and build out reports for our customers. These reports may also be used for marketing and help illustrate the value of what Huntress provides to customers and the community. Threat Intelligence Analysts are also responsible for writing blog posts and marketing materials regarding emerging threat trends. They also work closely with Security Researchers and Analysts to obtain more context about threat data.

Familiarity with product management, scripting/development, incident response, malware analysis, configuration management, and antivirus technologies is an additional way to differentiate yourself.

As you can imagine, success doesn’t happen in a vacuum. An effective hunter fosters highly collaborative environments between the Product, Marketing, and Security Operations Center teams to accelerate our mission and secure the 99% of businesses that fall below the enterprise poverty line. This collaboration is needed to produce and prioritize a unified technical vision, ultimately delivering our most impactful features and capabilities.

We defend over 5 million endpoints and 11 million identities, and that number continues to grow each month, across tens of thousands of mid-sized and small business customers. Given this market’s tighter budgets, it’s impossible to assign human analysts to each client. The Adversary Tactics team addresses this challenge head-on by providing input to build and scale highly automated efficiencies—often lightly augmented by our Security Operations Analysts—that make intruders earn every inch of their access while maintaining affordability and healthy gross margins.

Responsibilities:

• Conducts research on emerging adversary tradecraft in the identity space (Microsoft 365, Google) to help scope and conduct hunt missions
• Responsible for aggregating threat data to build out reports for customers to show Huntress’ value, and inform them of various threats that have been seen and reported
• Responsible for creating reports for marketing to show Huntress’ value to the larger community
• Promote Huntress’ reputation through media interaction, public speaking, and blogs
• Works with the Sr. Director of Adversary Tactics, the Security Operations Center, Product, and others to develop the Product and threat operations roadmap
• Provides technical leadership for some members of the Security teams
• Supports the professional development of researchers and others in the organization through coaching and mentorship
• Responsible for enhancing Huntress visibility by ingesting and utilizing IOCs from external threat intel sources
• Responsible for blog posts and other marketing materials regarding threat trends
• Excellent written and verbal communication skills
• Familiarity with utilizing AI in workflows

What You Bring To The Team:

• Minimum of 5 years of experience in the field of Threat Intelligence
• Experience with SIEM tools for scaled log analysis
• Familiarity with detection engineering, detection logic, i.e., Sigma Rules
• Experience researching and scoping threat hunt missions
• Understanding of cybersecurity, threat actors, and end-to-end threat life cycle, including one or more of the following: digital forensics, malware research, incident response, vulnerabilities, and exploits
• Experience with 3rd-party intelligence tools, feeds, and reputation services.
• Experience conducting OSINT gathering and analysis
• Foundational development experience across multiple platforms (e.g., Windows and/or macOS), C/C++, GoLang, and Python (nice to have)
• Proficient knowledge of Windows and/or macOS subsystems and how they interact both at the user and kernel level (nice to have)

What We Offer:

• 100% remote work environment - since our founding in 2015
• Generous paid time off policy, including vacation, sick time, and paid holidays
• 12 weeks of paid parental leave
• Highly competitive and comprehensive medical, dental, and vision benefits plans
• 401(k) with a 5% contribution regardless of employee contribution
• Life and Disability insurance plans
• Stock options for all full-time employees
• One-time $500 reimbursement for building/upgrading home office
• Annual allowance for education and professional development assistance
• $75 USD/month digital reimbursement
• Access to the BetterUp platform for coaching, personal, and professional growth

Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are.

We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status.

We do discriminate against hackers who try to exploit businesses of all sizes.

Accommodations:

If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to accommodations@huntresslabs.com . Please note that non-accommodation requests to this inbox will not receive a response.

Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process, but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights.

#BI-Remote

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and...

All roles at JumpCloud® are Remote unless otherwise specified in the Job Description.

About JumpCloud®

JumpCloud® is the AI-powered unified IT management platform designed to secure the modern workforce. By consolidating identity, device, and access management, JumpCloud provides intelligent, secure IT that scales from human users to autonomous AI agents. We help organizations around the globe eliminate complexity and turn AI risk into an optimized advantage, ensuring the right people and agents have secure access to the right resources at all times.

JumpCloud is Intelligent, Secure IT.

About the team:

As a Security Engineer on the DevSecOps Team, you will be responsible for designing and developing software solutions for protecting data and infrastructure deployed into the cloud. The Security organization is composed of SecOps, GRC, and DevSecOps functions, but all functions work closely together so you will be exposed to many different security areas.

What you will be doing:

• Infrastructure & Automation: Build and maintain infrastructure, including custom software and vendor integrations, to support Engineering’s Security needs (Product Security and Infrastructure Security).

• Cloud Access Engineering: Design and implement secure, automated self-service workflows for cloud infrastructure access and privilege escalation (AWS/GCP).

• Detection & Logging: Manage security infrastructure and SIEM configurations via Infrastructure as Code (Terraform) to ensure a highly auditable detection environment. Build and manage high-volume security data pipelines to ensure forensic logs are retained efficiently and cost-effectively.

• Vulnerability & Posture Management: Help design, overhaul, and improve custom vulnerability aggregation systems to streamline remediation efforts. Manage and tune Cloud Security Posture Management (CSPM) and container security platforms to ensure optimal coverage and reduce alert fatigue.

• Software Supply Chain & AppSec: Integrate and manage Software Supply Chain Security tooling to protect our developer ecosystem. Partner with Engineering to scale our threat modeling program, including developing automated and AI-assisted threat modeling pipelines built directly into the developer workflow.

Necessary skills:

• 4 years of software engineering experience with a strong interest or background in security engineering

• Proficient in writing Golang or Python (more than simple scripts)

• Experience with either AWS or GCP

• Experience with Terraform

• Experience with GitHub Actions

• Excellent written and oral communication

Personal characteristics we are looking for:

• Views security as an enabler, not an inhibitor to innovation

• Results oriented and self driven

• High level of integrity

• Ownership and accountability

• Clear communication

• Creative problem solver

• Passionate about security

Role requirements:

• You must be available for on-call (after hours) duties for any internal tools/services this team owns

• Serve as a responder in the on-call rotation for security incidents and alert triage.

Where you’ll be working/Location:

JumpCloud is committed to being Remote First, meaning that you are able to work remotely within the country noted in the Job Description.

You must be located in and authorized to work in the country noted in the job description to be considered for this role.

Please note: There is an expectation that our engineers participate in on-call shifts. You will be expected commit to being ready and able to respond during your assigned shift, so that alerts don’t go unaddressed.

Language:

JumpCloud has teams in 15+ countries around the world and conducts our internal business in English. The interview and any additional screening process will take place primarily in English. To be considered for a role at JumpCloud, you will be required to speak and write in English fluently.  Any additional language requirements will be included in the details of the job description.

Why JumpCloud?

If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about.

One of JumpCloud’s three core values is to “Build Connections.” To us that means creating “ human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed.” - Rajat Bhargava, CEO

Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud.  Please note JumpCloud is not accepting third party resumes at this time.

JumpCloud is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

Scam Notice:

Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of JumpCloud. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that JumpCloud will never ask for any personal account information, such as credit card details or bank account numbers, during the recruitment process. Additionally, JumpCloud will never send you a check for any equipment prior to employment.

All communication related to interviews and offers from our recruiters and hiring managers will come from official company email addresses (@jumpcloud.com) and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent JumpCloud and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at [email protected] with the subject line “Scam Notice”

#LI-Remote #BI-Remote

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, transcribing or summarizing interviews, and assessing responses. These tools assist our recruitment team but do not replace human judgment in hiring decisions, which are ultimately made by humans. Please see our Privacy Policy (https://jumpcloud.com/privacy) for more information about our personal data practices.

Basic Function

The Senior Application Security Engineer is a hands-on technical leader responsible for securing Lumin Digital’s B2B2C SaaS platform across the full software development lifecycle. This role exists at the intersection of application security and AI-augmented engineering: the ideal candidate actively uses AI-powered tools such as Claude Code and Claude Security in their daily workflow to find vulnerabilities faster, automate remediation, and scale security coverage beyond what traditional approaches allow. As AI rapidly transforms how code is written, reviewed, and deployed, this engineer will lead the effort to secure AI-integrated applications, harden CI/CD pipelines, and establish governance for responsible AI adoption across product and engineering teams. Success in this role requires deep technical fluency, a bias toward building and doing over advising, and the ability to operate independently in a fast-moving, remote-first environment.

Essential Functions and Responsibilities:

• Lead security architecture reviews for new and existing applications, ensuring secure-by-design principles are embedded from initial design through deployment and ongoing operation.

• Develop, enforce, and continuously refine secure coding standards across engineering teams through a combination of automated security scans (SAST, DAST, SCA), AI-assisted code review using tools such as Claude Code, periodic manual code audits, and targeted secure development training.

• Own the design, implementation, and evolution of Application Security Posture Management (ASPM) capabilities, integrating signals from static analysis, dynamic testing, software composition analysis, and runtime telemetry to build risk-scoring models that balance exploitability, data sensitivity, and business impact.

• Continuously improve threat modeling frameworks across application components, third-party integrations, cloud-native architectures, and AI/LLM-powered features, leveraging tools such as Claude Security for accelerated threat model generation and scenario analysis.

• Develop custom security automation tools and scripts to improve detection and response capabilities across cloud environments, including AI-assisted vulnerability auto-fix workflows and integration of AI-powered security tooling into CI/CD pipelines.

• Own and operate the company’s bug bounty program end-to-end: define program strategy and scope, triage and validate external researcher submissions, assess severity, and maintain productive engagement with the security research community.

• Manage vulnerability triage and prioritization processes, ensuring vulnerabilities are assessed based on exploitability, business impact, and compliance requirements, and that remediation timelines align with organizational risk tolerance.

• Influence product roadmaps by identifying and advocating for security enhancements aligned with evolving regulatory requirements, industry best practices, and the emerging threat landscape for AI-integrated applications.

• Mentor security engineers and developers through hands-on guidance in secure coding, vulnerability remediation, and effective use of AI-augmented security workflows.

• Present security findings, risk assessments, and program metrics to senior leadership, clients, auditors, and regulators in a clear, actionable manner.

• Perform other duties as assigned.

Physical Demands:

• While performing the duties of this job, the employee is regularly required to sit; use hands to type, handle, or feel and talk or hear.

• Specific vision abilities required by this job include close vision.

• Ability to occasionally lift/move up to 25 pounds.

• Individuals with a disability who are otherwise able to perform the essential functions of the job may request reasonable accommodation through the Human Resources department.

Supervisory Responsibility:

None

Position Specifications

Education:

• Bachelor’s in Computer Science, Cybersecurity, Information Assurance, Software Engineering, or a related field, or an equivalent combination of education and experience.

• Preferred certifications: CSSLP, OSCP, GWEB, or GWAPT.

Experience:

• Seven (7+) years of progressive experience in application security, software security engineering, or a closely related domain within production SaaS environments.

• Extensive hands-on experience in secure software development, DevSecOps pipeline design, and security testing methodologies (SAST, DAST, SCA, penetration testing).

• Demonstrated experience securing large-scale cloud-native applications, APIs, and microservices architectures.

• Experience leading application security initiatives, defining program strategy, and mentoring engineering teams on secure development practices.

• Demonstrated, regular hands-on use of AI-powered security and development tools (e.g., Claude Code, Claude Security, or comparable coding/security assistants) as part of daily security engineering workflows, not solely in an evaluative, advisory, or training capacity.

• Experience assessing AI-specific attack surfaces in LLM-integrated applications, including prompt injection, context leakage, insecure tool use, and model denial-of-service.

Knowledge, Skills, & Abilities:

Required:

• Deep expertise in AWS security, Kubernetes security, and cloud-native application security best practices.

• Strong programming proficiency with the ability to review and assess security risks in one or more of: Java, C#, JavaScript/TypeScript, Python, Swift, or Kotlin.

• Expertise in secure authentication and authorization mechanisms, including OAuth 2.0, OIDC, SAML, JWT, WebAuthn, and Zero Trust principles.

• Hands-on proficiency with AI-augmented security workflows, including daily use of AI tools (e.g., Claude Code, Claude Security) for vulnerability discovery, remediation assistance, threat modeling, and security automation across the SDLC.

• Strong understanding of OWASP Top 10, OWASP Top 10 for LLM Applications, SANS 25, CVSS/EPSS scoring, and MITRE ATT&CK framework.

• Ability to identify, assess, and mitigate prompt injection vulnerabilities (direct and indirect) in LLM-integrated applications through input validation, output sanitization, instruction hierarchy enforcement, and adversarial prompt testing.

• Experience with secure context window management in AI-powered products, including preventing sensitive data leakage, enforcing context isolation boundaries, and defining data classification policies for AI model inputs.

• Hands-on experience with security automation and scripting (Python, Bash, or equivalent).

• Proficiency in penetration testing methodologies, including automated and manual security testing of web applications, APIs, and mobile platforms.

• Strong knowledge of encryption standards, cryptographic best practices, and secrets management.

• Ability to communicate complex security concepts to both technical and non-technical audiences, and to present risk assessments to senior leadership and external stakeholders.

• Demonstrated ability to work independently in a remote setting while maintaining high performance and accountability.

Preferred:

• Experience evaluating the security posture of AI providers (API security reviews, data residency assessments, vendor risk questionnaires, and contractual security requirements).

• Familiarity with AI model access controls and secrets hygiene in AI pipelines, including least-privilege principles for LLM tool integrations and securing model inference endpoints.

• Experience with SIEM, WAF, and security monitoring tools.

• Familiarity with cloud security controls in AWS, including IAM, security groups, KMS, Lambda security, and cloud monitoring.

• Strong project management abilities and experience collaborating across product, engineering, and compliance teams.

Travel:

• Minimal, generally 12 days or less per year, ~2X team get-togethers a year.

$155,000 - $175,000 a year

LIFE AT LUMIN DIGITAL

Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base — and as a 100% cloud-native company, we’re purpose-built to unlock the full advantages of the cloud for financial institutions and their users.

At Lumin, we thrive on curiosity and innovation. Our culture is built on trust in our expertise and decisions, respect for diverse perspectives and talents, and boldness in pursuing new ideas. These values shape a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered every day. We encourage our team to explore, experiment, and challenge the status quo — because continuous improvement isn’t just a goal, it’s how we operate.

Benefits Include We take care of our people with medical, dental, and vision insurance, a 401(k) with company match, flexible PTO plus 12 paid holidays, paid sick leave, and paid parental and family leave. We also offer a lifestyle spending account, tuition reimbursement, and a cell phone stipend. Additional details are provided during the interview process.

Lumin Digital is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender identity, or any other legally protected basis.

For more information, visit lumindigital.com.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

All roles at JumpCloud® are Remote unless otherwise specified in the Job Description.

About JumpCloud®

JumpCloud® is the AI-powered unified IT management platform designed to secure the modern workforce. By consolidating identity, device, and access management, JumpCloud provides intelligent, secure IT that scales from human users to autonomous AI agents. We help organizations around the globe eliminate complexity and turn AI risk into an optimized advantage, ensuring the right people and agents have secure access to the right resources at all times.

JumpCloud is Intelligent, Secure IT.

About the team:

As a Security Engineer on the DevSecOps Team, you will be responsible for designing and developing software solutions for protecting data and infrastructure deployed into the cloud. The Security organization is composed of SecOps, GRC, and DevSecOps functions, but all functions work closely together so you will be exposed to many different security areas.

What you will be doing:

• Infrastructure & Automation: Build and maintain infrastructure, including custom software and vendor integrations, to support Engineering’s Security needs (Product Security and Infrastructure Security).

• Cloud Access Engineering: Design and implement secure, automated self-service workflows for cloud infrastructure access and privilege escalation (AWS/GCP).

• Detection & Logging: Manage security infrastructure and SIEM configurations via Infrastructure as Code (Terraform) to ensure a highly auditable detection environment. Build and manage high-volume security data pipelines to ensure forensic logs are retained efficiently and cost-effectively.

• Vulnerability & Posture Management: Help design, overhaul, and improve custom vulnerability aggregation systems to streamline remediation efforts. Manage and tune Cloud Security Posture Management (CSPM) and container security platforms to ensure optimal coverage and reduce alert fatigue.

• Software Supply Chain & AppSec: Integrate and manage Software Supply Chain Security tooling to protect our developer ecosystem. Partner with Engineering to scale our threat modeling program, including developing automated and AI-assisted threat modeling pipelines built directly into the developer workflow.

Necessary skills:

• 4 years of software engineering experience with a strong interest or background in security engineering

• Proficient in writing Golang or Python (more than simple scripts)

• Experience with either AWS or GCP

• Experience with Terraform

• Experience with GitHub Actions

• Excellent written and oral communication

Personal characteristics we are looking for:

• Views security as an enabler, not an inhibitor to innovation

• Results oriented and self driven

• High level of integrity

• Ownership and accountability

• Clear communication

• Creative problem solver

• Passionate about security

Role requirements:

• You must be available for on-call (after hours) duties for any internal tools/services this team owns

• Serve as a responder in the on-call rotation for security incidents and alert triage.

Where you’ll be working/Location:

JumpCloud is committed to being Remote First, meaning that you are able to work remotely within the country noted in the Job Description.

You must be located in and authorized to work in the country noted in the job description to be considered for this role.

Please note: There is an expectation that our engineers participate in on-call shifts. You will be expected commit to being ready and able to respond during your assigned shift, so that alerts don’t go unaddressed.

Language:

JumpCloud has teams in 15+ countries around the world and conducts our internal business in English. The interview and any additional screening process will take place primarily in English. To be considered for a role at JumpCloud, you will be required to speak and write in English fluently.  Any additional language requirements will be included in the details of the job description.

Why JumpCloud?

If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about.

One of JumpCloud’s three core values is to “Build Connections.” To us that means creating “ human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed.” - Rajat Bhargava, CEO

Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud.  Please note JumpCloud is not accepting third party resumes at this time.

JumpCloud is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

Scam Notice:

Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of JumpCloud. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that JumpCloud will never ask for any personal account information, such as credit card details or bank account numbers, during the recruitment process. Additionally, JumpCloud will never send you a check for any equipment prior to employment.

All communication related to interviews and offers from our recruiters and hiring managers will come from official company email addresses (@jumpcloud.com) and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent JumpCloud and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at [email protected] with the subject line “Scam Notice”

#LI-Remote #BI-Remote

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, transcribing or summarizing interviews, and assessing responses. These tools assist our recruitment team but do not replace human judgment in hiring decisions, which are ultimately made by humans. Please see our Privacy Policy (https://jumpcloud.com/privacy) for more information about our personal data practices.

Basic Function

The Senior Application Security Engineer is a hands-on technical leader responsible for securing Lumin Digital’s B2B2C SaaS platform across the full software development lifecycle. This role exists at the intersection of application security and AI-augmented engineering: the ideal candidate actively uses AI-powered tools such as Claude Code and Claude Security in their daily workflow to find vulnerabilities faster, automate remediation, and scale security coverage beyond what traditional approaches allow. As AI rapidly transforms how code is written, reviewed, and deployed, this engineer will lead the effort to secure AI-integrated applications, harden CI/CD pipelines, and establish governance for responsible AI adoption across product and engineering teams. Success in this role requires deep technical fluency, a bias toward building and doing over advising, and the ability to operate independently in a fast-moving, remote-first environment.

Essential Functions and Responsibilities:

• Lead security architecture reviews for new and existing applications, ensuring secure-by-design principles are embedded from initial design through deployment and ongoing operation.

• Develop, enforce, and continuously refine secure coding standards across engineering teams through a combination of automated security scans (SAST, DAST, SCA), AI-assisted code review using tools such as Claude Code, periodic manual code audits, and targeted secure development training.

• Own the design, implementation, and evolution of Application Security Posture Management (ASPM) capabilities, integrating signals from static analysis, dynamic testing, software composition analysis, and runtime telemetry to build risk-scoring models that balance exploitability, data sensitivity, and business impact.

• Continuously improve threat modeling frameworks across application components, third-party integrations, cloud-native architectures, and AI/LLM-powered features, leveraging tools such as Claude Security for accelerated threat model generation and scenario analysis.

• Develop custom security automation tools and scripts to improve detection and response capabilities across cloud environments, including AI-assisted vulnerability auto-fix workflows and integration of AI-powered security tooling into CI/CD pipelines.

• Own and operate the company’s bug bounty program end-to-end: define program strategy and scope, triage and validate external researcher submissions, assess severity, and maintain productive engagement with the security research community.

• Manage vulnerability triage and prioritization processes, ensuring vulnerabilities are assessed based on exploitability, business impact, and compliance requirements, and that remediation timelines align with organizational risk tolerance.

• Influence product roadmaps by identifying and advocating for security enhancements aligned with evolving regulatory requirements, industry best practices, and the emerging threat landscape for AI-integrated applications.

• Mentor security engineers and developers through hands-on guidance in secure coding, vulnerability remediation, and effective use of AI-augmented security workflows.

• Present security findings, risk assessments, and program metrics to senior leadership, clients, auditors, and regulators in a clear, actionable manner.

• Perform other duties as assigned.

Physical Demands:

• While performing the duties of this job, the employee is regularly required to sit; use hands to type, handle, or feel and talk or hear.

• Specific vision abilities required by this job include close vision.

• Ability to occasionally lift/move up to 25 pounds.

• Individuals with a disability who are otherwise able to perform the essential functions of the job may request reasonable accommodation through the Human Resources department.

Supervisory Responsibility:

None

Position Specifications

Education:

• Bachelor’s in Computer Science, Cybersecurity, Information Assurance, Software Engineering, or a related field, or an equivalent combination of education and experience.

• Preferred certifications: CSSLP, OSCP, GWEB, or GWAPT.

Experience:

• Seven (7+) years of progressive experience in application security, software security engineering, or a closely related domain within production SaaS environments.

• Extensive hands-on experience in secure software development, DevSecOps pipeline design, and security testing methodologies (SAST, DAST, SCA, penetration testing).

• Demonstrated experience securing large-scale cloud-native applications, APIs, and microservices architectures.

• Experience leading application security initiatives, defining program strategy, and mentoring engineering teams on secure development practices.

• Demonstrated, regular hands-on use of AI-powered security and development tools (e.g., Claude Code, Claude Security, or comparable coding/security assistants) as part of daily security engineering workflows, not solely in an evaluative, advisory, or training capacity.

• Experience assessing AI-specific attack surfaces in LLM-integrated applications, including prompt injection, context leakage, insecure tool use, and model denial-of-service.

Knowledge, Skills, & Abilities:

Required:

• Deep expertise in AWS security, Kubernetes security, and cloud-native application security best practices.

• Strong programming proficiency with the ability to review and assess security risks in one or more of: Java, C#, JavaScript/TypeScript, Python, Swift, or Kotlin.

• Expertise in secure authentication and authorization mechanisms, including OAuth 2.0, OIDC, SAML, JWT, WebAuthn, and Zero Trust principles.

• Hands-on proficiency with AI-augmented security workflows, including daily use of AI tools (e.g., Claude Code, Claude Security) for vulnerability discovery, remediation assistance, threat modeling, and security automation across the SDLC.

• Strong understanding of OWASP Top 10, OWASP Top 10 for LLM Applications, SANS 25, CVSS/EPSS scoring, and MITRE ATT&CK framework.

• Ability to identify, assess, and mitigate prompt injection vulnerabilities (direct and indirect) in LLM-integrated applications through input validation, output sanitization, instruction hierarchy enforcement, and adversarial prompt testing.

• Experience with secure context window management in AI-powered products, including preventing sensitive data leakage, enforcing context isolation boundaries, and defining data classification policies for AI model inputs.

• Hands-on experience with security automation and scripting (Python, Bash, or equivalent).

• Proficiency in penetration testing methodologies, including automated and manual security testing of web applications, APIs, and mobile platforms.

• Strong knowledge of encryption standards, cryptographic best practices, and secrets management.

• Ability to communicate complex security concepts to both technical and non-technical audiences, and to present risk assessments to senior leadership and external stakeholders.

• Demonstrated ability to work independently in a remote setting while maintaining high performance and accountability.

Preferred:

• Experience evaluating the security posture of AI providers (API security reviews, data residency assessments, vendor risk questionnaires, and contractual security requirements).

• Familiarity with AI model access controls and secrets hygiene in AI pipelines, including least-privilege principles for LLM tool integrations and securing model inference endpoints.

• Experience with SIEM, WAF, and security monitoring tools.

• Familiarity with cloud security controls in AWS, including IAM, security groups, KMS, Lambda security, and cloud monitoring.

• Strong project management abilities and experience collaborating across product, engineering, and compliance teams.

Travel:

• Minimal, generally 12 days or less per year, ~2X team get-togethers a year.

$155,000 - $175,000 a year

LIFE AT LUMIN DIGITAL

Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base — and as a 100% cloud-native company, we’re purpose-built to unlock the full advantages of the cloud for financial institutions and their users.

At Lumin, we thrive on curiosity and innovation. Our culture is built on trust in our expertise and decisions, respect for diverse perspectives and talents, and boldness in pursuing new ideas. These values shape a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered every day. We encourage our team to explore, experiment, and challenge the status quo — because continuous improvement isn’t just a goal, it’s how we operate.

Benefits Include We take care of our people with medical, dental, and vision insurance, a 401(k) with company match, flexible PTO plus 12 paid holidays, paid sick leave, and paid parental and family leave. We also offer a lifestyle spending account, tuition reimbursement, and a cell phone stipend. Additional details are provided during the interview process.

Lumin Digital is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender identity, or any other legally protected basis.

For more information, visit lumindigital.com.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

General information Requisition # R67796 Locations USA-Remote Work Posting Date 05/15/2026 Security Clearance Required None Remote Type Fully Remote Time Type Full time Description & Requirements Elevate your career with...

General information Requisition # R67740 Locations USA-Remote Work Posting Date 05/13/2026 Security Clearance Required Secret Remote Type Fully Remote Time Type Full time Description & Requirements Shape the future of...

Joining Collibra’s Product Security team

Collibra is seeking a Senior Product Security Engineer to join our high-impact team. You will be a key individual responsible for identifying vulnerabilities and providing expert remediation consulting for our global product development teams. This role provides critical technical leadership and oversight, ensuring Collibra continues to deliver secure, resilient products and services to our customers. You will act as an application security evangelist, partnering with engineers to accelerate secure time-to-value while leveraging cutting-edge AI and MCP to create context-aware security automation.

This is a remote role .

Product Security Engineers at Collibra are responsible for

• Application security for products and/or features supported by your assigned development teams.
• Performing security testing and triaging findings identified by SAST, SCA, IAST, DAST, and penetration tests.
• Leverage AI and MCP to create intelligent, context-aware security guidance and automation.
• Providing remediation consulting services to assigned development teams.
• Assist with vulnerability management reporting and tracking.
• Coordinating third-party penetration testing engagements, analyzing reports, and opening tickets for remediation.
• Contribute to the configuration and management of security tools.

You have

• 5+ years of application/product security experience.
• 2+ years of experience securing Java, Python, and/or JavaScript web applications.
• Knowledge of enterprise-level software architecture components and cloud infrastructure.
• Experience building trusted advisor relationships with engineers, product owners, and engineering management (up to director level).
• Experience with AI security tooling, context-aware automation for SSDLC.
• Understanding of AI privacy and governance in developer workflows.
• Experience using and building agentic AI systems that work collaboratively.
• Experience advocating for the remediation of application security risk and, simultaneously, the associated development/engineering team(s).
• Experience in identifying vulnerabilities in source code, providing detailed steps to reproduce exploitation, and providing recommendations to engineering teams on how to remediate issues.
• A bachelor’s degree or equivalent related working experience is required.
• This position is not eligible for visa sponsorship.
• Because this role supports the US government, it is required that this candidate be a US citizen who resides on US soil.

You are

• Knowledgeable of CI/CD concepts and experience with integrated SAST, SCA, and DAST tooling.
• Proficient at triaging application vulnerabilities associated with source code, open-source library dependencies, and 3rd party containers.
• Able to assess and communicate the impact of Common Vulnerability Weaknesses (CVEs) on custom application software and advise on risk acceptance/deferment for false positive scenarios, severity adjustments, and acceptable reasoning for operational requirements.
• Experienced in executing as a matrixed/embedded security resource (within a development team) responsible for product, application, or feature group vulnerability assessments, ensuring they are appropriately enumerated and executed.
• Possess a working knowledge of Python, Java, and/or JavaScript software development languages.
• Experienced in Linux and containerization in a cloud environment.
• Experienced in communicating the impact of security vulnerabilities to engineering teams and product leaders.
• Experienced in using SAST, DAST, and SCA tooling.
• Experienced in being a point of contact for outside/3rd party security assessments (pen tests, questionnaires, etc.).
• knowledgeable of vulnerability management concepts, challenges, and reporting.
• Possess a working knowledge of the OWASP Top 10 and can explain its concepts to a diverse audience of engineers and people leaders.
• Familiarity with AI standards and regulations, EU AI Act, SAIF and ISO 42001.

Measures of success

• Within your first month, you will absorb fundamental knowledge about Collibra processes/tools and SDLC.
• Within your third month, you will own application security engineering tasks for one or more development teams responsible for product features.
• Within your sixth month, you will be responsible for managing triaging efforts for 3rd party pen testing and be able to resolve customer product security inquiries independently.

Compensation for this role

The standard base salary range for this position is $168,000.00 - $210,000.00 per year. This position is not eligible for additional commission-based compensation. Salary offers are based on a combination of factors, including, but not limited to, experience, skills, and location. In addition to base salary, we offer a competitive total rewards package, including bonus potential, equity for eligible roles, a Flex Fund monthly stipend, pension/401k plans, and more.

Benefits at Collibra

Collibra recognizes and values that everyone has different needs, interests, and life goals. We built our benefits program with flexibility in mind to support you and your loved ones through a diverse range of circumstances and life events. These flexible offerings sit on a foundation of competitive compensation, health coverage, and time off. Learn more about Collibra’s benefits.

We create inclusion and belonging through how we onboard, meet, connect, engage, and communicate. Learn more about diversity, equity, and inclusion at Collibra.

At Collibra, we’re proud to be an equal opportunity employer. We realize the key to creating a company with a world-class culture and employee experience comes from who we hire and creating a workplace that celebrates everyone.

With this, we proudly consider qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sexual orientation, pregnancy, sex, gender identity, gender expression, genetic information, physical or mental disability, HIV status, registered domestic partner status, caregiver status, marital status, veteran or military status, citizenship status or any other legally protected category. If you have a need that requires accommodation, let us know by completing our Accommodations for Applicants form.

Joining Collibra’s Product Security team

Collibra is seeking a Senior Product Security Engineer to join our high-impact team. You will be a key individual responsible for identifying vulnerabilities and providing expert remediation consulting for our global product development teams. This role provides critical technical leadership and oversight, ensuring Collibra continues to deliver secure, resilient products and services to our customers. You will act as an application security evangelist, partnering with engineers to accelerate secure time-to-value while leveraging cutting-edge AI and MCP to create context-aware security automation.

This is a remote role .

Product Security Engineers at Collibra are responsible for

• Application security for products and/or features supported by your assigned development teams.
• Performing security testing and triaging findings identified by SAST, SCA, IAST, DAST, and penetration tests.
• Leverage AI and MCP to create intelligent, context-aware security guidance and automation.
• Providing remediation consulting services to assigned development teams.
• Assist with vulnerability management reporting and tracking.
• Coordinating third-party penetration testing engagements, analyzing reports, and opening tickets for remediation.
• Contribute to the configuration and management of security tools.

You have

• 5+ years of application/product security experience.
• 2+ years of experience securing Java, Python, and/or JavaScript web applications.
• Knowledge of enterprise-level software architecture components and cloud infrastructure.
• Experience building trusted advisor relationships with engineers, product owners, and engineering management (up to director level).
• Experience with AI security tooling, context-aware automation for SSDLC.
• Understanding of AI privacy and governance in developer workflows.
• Experience using and building agentic AI systems that work collaboratively.
• Experience advocating for the remediation of application security risk and, simultaneously, the associated development/engineering team(s).
• Experience in identifying vulnerabilities in source code, providing detailed steps to reproduce exploitation, and providing recommendations to engineering teams on how to remediate issues.
• A bachelor’s degree or equivalent related working experience is required.
• This position is not eligible for visa sponsorship.
• Because this role supports the US government, it is required that this candidate be a US citizen who resides on US soil.

You are

• Knowledgeable of CI/CD concepts and experience with integrated SAST, SCA, and DAST tooling.
• Proficient at triaging application vulnerabilities associated with source code, open-source library dependencies, and 3rd party containers.
• Able to assess and communicate the impact of Common Vulnerability Weaknesses (CVEs) on custom application software and advise on risk acceptance/deferment for false positive scenarios, severity adjustments, and acceptable reasoning for operational requirements.
• Experienced in executing as a matrixed/embedded security resource (within a development team) responsible for product, application, or feature group vulnerability assessments, ensuring they are appropriately enumerated and executed.
• Possess a working knowledge of Python, Java, and/or JavaScript software development languages.
• Experienced in Linux and containerization in a cloud environment.
• Experienced in communicating the impact of security vulnerabilities to engineering teams and product leaders.
• Experienced in using SAST, DAST, and SCA tooling.
• Experienced in being a point of contact for outside/3rd party security assessments (pen tests, questionnaires, etc.).
• knowledgeable of vulnerability management concepts, challenges, and reporting.
• Possess a working knowledge of the OWASP Top 10 and can explain its concepts to a diverse audience of engineers and people leaders.
• Familiarity with AI standards and regulations, EU AI Act, SAIF and ISO 42001.

Measures of success

• Within your first month, you will absorb fundamental knowledge about Collibra processes/tools and SDLC.
• Within your third month, you will own application security engineering tasks for one or more development teams responsible for product features.
• Within your sixth month, you will be responsible for managing triaging efforts for 3rd party pen testing and be able to resolve customer product security inquiries independently.

Compensation for this role

The standard base salary range for this position is $168,000.00 - $210,000.00 per year. This position is not eligible for additional commission-based compensation. Salary offers are based on a combination of factors, including, but not limited to, experience, skills, and location. In addition to base salary, we offer a competitive total rewards package, including bonus potential, equity for eligible roles, a Flex Fund monthly stipend, pension/401k plans, and more.

Benefits at Collibra

Collibra recognizes and values that everyone has different needs, interests, and life goals. We built our benefits program with flexibility in mind to support you and your loved ones through a diverse range of circumstances and life events. These flexible offerings sit on a foundation of competitive compensation, health coverage, and time off. Learn more about Collibra’s benefits.

We create inclusion and belonging through how we onboard, meet, connect, engage, and communicate. Learn more about diversity, equity, and inclusion at Collibra.

At Collibra, we’re proud to be an equal opportunity employer. We realize the key to creating a company with a world-class culture and employee experience comes from who we hire and creating a workplace that celebrates everyone.

With this, we proudly consider qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sexual orientation, pregnancy, sex, gender identity, gender expression, genetic information, physical or mental disability, HIV status, registered domestic partner status, caregiver status, marital status, veteran or military status, citizenship status or any other legally protected category. If you have a need that requires accommodation, let us know by completing our Accommodations for Applicants form.

Who we are At Twilio, we’re shaping the future of communications, all from the comfort of our homes.