At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world's largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies.

We protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks.

Key Responsibilities

Public Sector & Compliance Governance

• Serve as the Subject Matter Expert (SME) on NIST 800-53 control families and FedRAMP requirements.
• Manage Cloudflare's continuous monitoring program, inclusive of annual assessments and significant change requests.
• Collect, validate, and organize FedRAMP evidence and artifacts to present to auditors, FedRAMP customers, and the FedRAMP PMO.
• Help guide our overall security policy and governance architecture to ensure alignment with evolving government regulations.

Audit Lifecycle Management

• Orchestrate end-to-end audit activities for standards such as PCI, SOC2, ISO, NIST, and FedRAMP.
• Coordinate with auditors to manage data center access, compliance certificate collection, and evidence defense.
• Work cross-functionally with Engineering, Legal, Product, and Operational teams to maintain management and technical controls.
• Support compliance and regulatory projects, including implementation of new legislation / regulation.

Identity & Access Management (IAM) Operations

• Execute monthly Periodic Access Reviews (PARs): Compare portal user lists against ACLs to ensure least-privilege access is maintained across all data centers.
• Manage the lifecycle of portal access: Auditing access, provisioning/deprovisioning users, and maintaining accurate documentation.
• Oversee physical access requests to data centers and ensure strict adherence to security policies.
• Drive the resolution of daily DCSC Jira tickets for portal access, physical access, audits, and site decommissioning.
• Automate and streamline access review processes where possible, utilizing standard communication templates to site managers.

Partner Relations & Reporting

• Own, influence, and orchestrate relationships within the partner Offering teams that can help drive Cloudflare offerings and strategic positioning.
• Monitor and implement changes to individual accountability regime requirements (such as UK, Ireland, Singapore and Australia).
• Maintain centralized documentation, databases, dashboards, and reporting mechanisms to track compliance health.

Requirements

• 3-6 years working in Security Compliance, Information Security, or Risk Management.
• Deep familiarity with all NIST 800-53 control families and FedRAMP requirements.
• Ability to work closely with auditors and articulate technical concepts.
• Experience in auditing of network, operating system, and application security.
• Proven experience managing an audit throughout the full audit lifecycle (from readiness to final report).
• Familiarity with additional security standards and frameworks such as ISO 27000, SOC 2, PCI DSS, ISMAP and IRAP.
• Ability to work cross-functionally with internal stakeholders and strong communications skills.
• High tolerance for ambiguity and ability to work efficiently and independently in a fast-paced, high-volume environment.
• Some travel may be required to engage with regulators and auditors.
• Certifications: CISSP, CIPP, CIPM, CIPT, CISA, or CRISC.
• A relevant professional experience working with technology partners, alliances, or third-party vendors, ideally in the following disciplines: Data center Security Compliance, Access Management, audit administration at a leading high-tech company; offering management.
• Technical skills including the ability to understand (1) product roadmaps; (2) market trends and factors; and (3) complex partner requirements.
• Strong technical proficiency with spreadsheet software (Excel/Google Sheets) including pivot tables and VLOOKUPs for data reconciliation.
• Organized & Disciplined, with a strong focus on driving outcomes.

Preferred

• Prior experience with Data Centre Security Compliance disciplines and audit programs and past history working at a hyperscaler or high-growth tech company.
• Superb organizational skills and demonstrated history managing complex processes including audit cycles, Facts gathering and analytical skills.

XML job scraping automation by YubHub

XML job scraping automation by YubHub

Identity is the key to unlocking the potential of AI. Okta secures AI by building the trusted, neutral infrastructure that enables organisations to safely embrace this new era. This work requires a relentless drive to solve complex challenges with real-world stakes. We are looking for builders and owners who operate with speed and urgency and execute with excellence.

This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.

Staff Security Engineer

Okta is The World’s Identity Company. We free everyone to safely use any technology, anywhere, on any device or app. Our flexible and neutral products, Okta Platform and Auth0 Platform, provide secure access, authentication, and automation, placing identity at the core of business security and growth.

At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences.

Join our team! We’re building a world where Identity belongs to you.

Responsibilities

The Staff Security Engineer is a key role for strengthening the organisation's security posture. You'll be responsible for performing security assessments of third-party integrations and connected apps, with a focus on mitigating API-related security risks. This position is vital for ensuring a 'secure-by-design' approach for critical systems within the organisation.

What You Will Do

• Lead Technical Security Reviews: Perform in-depth security reviews and threat modelling for complex enterprise applications and third-party integrations.

• Operationalize AI for Security: Take the lead in deploying and managing AI for Security use cases, such as integration security reviews, to automate and scale security operations.

• Risk Analysis & Documentation: Analyse and document API permissions and risk levels for major integrations (e.g., Salesforce, Slack, Google) to ensure they meet internal standards.

• Develop Workflow Processes: Collaborate with stakeholders to design and implement repeatable security review workflows, such as the Salesforce API Integration Review.

• Vulnerability & Control Gap Mitigation: Identify potential vulnerabilities and security control gaps in connected apps and recommend technical mitigation strategies to stakeholders.

• Report & Visualize Posture: Contribute to and maintain metrics and dashboards that demonstrate the organisation's overall security posture for leadership.

What You Bring

• Deep Technical Expertise: Proven experience in information security, specifically within application and enterprise security domains.

• API & Integration Specialist: Strong background in assessing and mitigating risks associated with third-party APIs and connected application ecosystems.

• Advanced Security Principles: Understanding of 'secure-by-design' principles and the 'least privilege' model.

• Practical Threat Modelling: Hands-on experience identifying attack vectors and conducting risk assessments for complex systems.

• Tooling & AI Proficiency: Experience working with security platforms for analysing application permissions and an interest or background in applying AI to streamline security tasks.

• Collaborative Influencer: Exceptional communication skills with a track record of aligning multiple teams toward shared security goals.

• Education: A Bachelor's degree in Computer Science, information security, or a related field.

Benefits

In addition to the annual base salary range for this position, Okta offers equity (where applicable), bonus, and benefits, including health, dental, and vision insurance, RRSP with a match, healthcare spending, telemedicine, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.

XML job scraping automation by YubHub

We are looking for builders and owners who operate with speed and urgency and execute with excellence. This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.

The Okta Security team’s mission is to strengthen Okta’s position as the leading Identity-as-a-Service solution by identifying and resolving risks to the employees, product, and most importantly, our customers. The Security Trust & Culture team works to enhance customer trust in Okta’s identity services . We serve as a strategic resource working closely with Okta’s go-to-market teams.

As a Staff level analyst of Customer Assurance, you will support prioritising and efficiently responding to questions about our security programme and other due diligence related requests. You will act as a critical bridge between our customers and our internal engineering teams, ensuring Okta’s security posture is communicated effectively.

Tasks will include training local Sales teams, managing complex escalations in the regional market, and driving technological changes to help Customer Assurance scale its efforts globally. This position requires a unique combination of skills including an ability to coordinate the analysis of technical issues, to communicate clearly about security-relevant topics with both internal and external customers, to collaborate with internal business units to ensure execution of time-sensitive projects, and to present to upper management or the broader organisation as required.

The ideal candidate will have experience with SaaS cloud security risk assessment and a solid understanding of the core principles of identity management. If you want to make a difference in the security programme of a global cloud provider, we want you on board.

Job Duties and Responsibilities:

Serve as the critical bridge between Okta’s customers and internal Engineering/Product Security teams. You must be able to unpack complex customer security concerns, hold in-depth technical discussions with internal engineering to align on solutions, and translate Okta’s security architecture back to the customer to resolve high-stakes inquiries.

Take end-to-end ownership of highly technical security questionnaires and due-diligence requests, Partner seamlessly with internal subject matter experts,including our specialised Federal/FedRAMP teams,to ensure accurate, timely, and high-quality responses for highly regulated customers.

Drive technological changes within Customer Assurance by identifying and implementing AI and automation strategies to streamline workflows, scale global efforts, and reduce response times.

Train and empower regional Go-To-Market and Sales teams on standard engagement protocols, ensuring they can leverage Customer Assurance resources smoothly to accelerate deals.

Collaborate with the Security Trust & Culture team and Regional CSOs to develop, publish, and maintain forward-facing security collateral, FAQs, and field communications.

Work within a global team, participating or leading global handoffs between American timezones and European or Asian, when required for large security or industry events.

Requirements:

Bachelor’s degree in Computer Science or Management Information Systems, or equivalent work experience in technology or information security fields

Minimum 3 years information security, project management, or related experience

A strong, fundamental understanding of core Security principles, architectures, and operations.

Understanding of IT and cloud methodologies, information security, privacy, identity management, risk assessments and IT regulation and compliance standards

Strong oral, written, and presentation skills

Strong written and verbal communication skills, with a proven ability to distill complex technical concepts into clear, concise responses for both technical customers and internal executive stakeholders.

Helpful Certifications / Skills:

Okta Certified Professional/Administrator

Certificate of Cloud Security Knowledge (CCSK) and/or Certificate of Cloud Auditing Knowledge (CCAK)

Certified Information Security Auditor (CISA)

Experience with generative AI tools or process automation platforms is a strong plus.

Familiarity with Federal or highly regulated compliance frameworks (e.g., FedRAMP, StateRAMP, NIST 800-53, or DoD IL4/IL5)

XML job scraping automation by YubHub

Automation to eliminate manual steps involved in understanding security risks, remediating and preventing them would be the charter. The work sits at the intersection of engineering systems and regulatory requirements, translating requirements into scalable, reliable, production grade infrastructure. Often this means building production infrastructure from scratch in many cases, and would need end to end ownership of systems including design, development, testing and deployment including implementing effective integration pipelines (CI/CD) and offering a reliable production system that should be highly available and function at scale.

You will partner closely with various security teams including GRC, platform engineering, and security domain teams to translate business needs into durable technical needs, while retaining full engineering ownership of how those systems are designed, built, and operated.

In this role, you will:

• Design and build scalable systems.
• Develop control integrations and data pipelines to normalize security telemetry across IAM, logs, scanners, and CCM/GRC tools.
• Build metrics engines, dashboards, and insights pipelines that provide real-time visibility into compliance health and emerging risks.

On this team, you will:

• Tackle security & compliance puzzles at cutting-edge scale and complexity
• Collaborate with brilliant engineers who are redefining compliance adherence for cloud infrastructure.
• You'll have the freedom and responsibility to innovate, experiment, and influence how we establish assurance pipelines.

Investing in our people is one of our top priorities, and we value candidates who can bring their diversified experiences to our teams. Here are some qualities we’ve found compatible with our team. We'd love to talk about whether this aligns with your experience and interests and what you’re excited to work on next.

Who You Are:

Minimum Qualifications

• A Bachelor’s degree in Information Security, Computer Science, or a related field or equivalent job experience.
• At least 7+ years of hands-on experience in programming languages like Go.
• At least 3+ years of hands-on experience deploying and managing Kubernetes clusters in a production environment.
• Experience building high qps and critical distributed systems.
• Familiarity with modern CI/CD practices and Infrastructure-as-Code tooling.
• Proven experience building and deploying containerized applications.
• Strong experience with technical architectures involving data flows, event driven architecture, access controls, retention, and third-party integrations.
• Strong hands-on experience with cloud infrastructure (AWS, GCP).

Preferred:

• Information Security Engineering experience.
• Expertise in major compliance and security frameworks (SOC 2, ISO 27001, PCI DSS, HIPAA, FedRAMP, NIST, CSF).
• Background in building automation for distributed cloud environments at scale.
• Experience with remote-access solutions like Teleport (real bonus points if you’ve submitted PRs on their product).
• Understanding of the SSO protocols, specifically OIDC and SAML.
• Hands-on experience with PKI and mTLS.

If you're eager to elevate compliance into a creative, strategic force within a fast-paced, forward-thinking company, we'd love to hear from you!

The base salary range for this role is $165,000 to $242,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).

What We Offer

The range we’ve posted represents the typical compensation range for this role. To determine actual compensation, we review the market rate for each candidate which can include a variety of factors. These include qualifications, experience, interview performance, and location. In addition to a competitive salary, we offer a variety of benefits to support your needs, including:

• Medical, dental, and vision insurance
• 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Ability to Participate in Employee Stock Purchase Program (ESPP)
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption

Our Workplace

While we prioritize a hybrid work environment, remote work may be considered for candidates located more than 30 miles from an office, based on role requirements for specialized skill sets. New hires will be invited to attend onboarding at one of our hubs within their first month. Teams also gather quarterly to support collaboration.

California Consumer Privacy Act - California applicants only

CoreWeave is an equal opportunity employer, committed to fostering an inclusive and supportive workplace. All qualified applicants and candidates will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. As part of this commitment and consistent with the Americans with Disabilities Act (ADA), CoreWeave will ensure that qualified applicants and candidates with disabilities are provided reasonable accommodations for the hiring process, unless such accommodation would cause an undue hardship. If reasonable accommodation is needed, please contact: careers@coreweave.com.

Export Control Compliance

This position requires access to export controlled information. To conform to U.S. Government export regulations applicable to that information, applicant must either be (A) a U.S. person, defined as a (i) U.S. citizen or national, (ii) U.S. lawful permanent resident (green card holder), (iii) refugee under 8 U.S.C. § 1157, or (iv) asylee under 8 U.S.C. § 1158, (B) eligible to access the export controlled information without a required export authorization, or (C) eligible and reasonably likely to obtain the required export authorization from the applicable U.S. government agency. CoreWeave may, for legitimate business reasons, decline to pursue any export licensing process.

XML job scraping automation by YubHub

We’re looking for an Intermediate Infrastructure Security Engineer to further our automation efforts in support of our GitLab Dedicated for Government product offering. You’ll have the opportunity to contribute to tooling that operates our FedRAMP environment, identify and develop remediations for infrastructure vulnerabilities, and partner with more senior engineers to review upcoming project architectures to ensure that they are built to the rigorous standards we hold.

Support the Public Sector SRE team as a stable counterpart, identify and help mitigate security issues, misconfigurations, and vulnerabilities related to GitLab’s cloud, container and Kubernetes infrastructure, build tooling to increase our visibility into environments to expedite vulnerability detection, own efforts securing GitLab's FedRAMP environment, support other security teams as an Infrastructure SME, document best practices and remediations to help engineers learn from common vulnerability types, partner with senior engineers to review new architectures and projects and provide feedback cross-functionally, fulfill the Product Security Division Mission of securing GitLab Infrastructure with our own product (“dogfooding”).

To be successful in this role, you will need to have hands-on experience with public cloud providers (ex. AWS, GCP, Azure), development experience with Ruby, Python, Go, experience with Infrastructure-as-Code (IaC) tools (ex. Terraform, Ansible, Chef), knowledge of the Linux operating system, familiarity with containers (Docker) and orchestration platforms (Kubernetes), an interest in Information Security, demonstrated experience working collaboratively with cross-functional teams, proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details, share our values, and work in accordance with those values.

Due to government requirements, you must be a United States Citizen (defined as any individual who is a citizen of the United States by law, birth, or naturalization) to fill this position.

XML job scraping automation by YubHub

You will cultivate strong relationships with field sales by providing sound, strategic counsel to support ongoing go-to-market efforts. You will help maintain and update our legal agreements, with particular focus on professional services, ensuring that terms and internal policies are positioned to continue enabling rapid revenue growth and maintaining long-term stability for the company.

As a solutions-oriented business partner, you will provide pragmatic, sound legal counsel to internal Databricks clients and our growing customer base based on your understanding of Databricks' technology, professional services offerings, information security architecture, and data privacy/compliance policies.

You will work cross-functionally with our business partners (e.g., Finance, Information Security, Product, and privacy) to align, communicate, and enforce applicable policies and controls in our global contracting processes.

We are looking for a minimum of seven (7) years of technology transactions experience, either at a law firm and/or in-house Attorney role. You should have relevant commercial transactional experience working for and/or supporting cloud-based software companies, including an understanding of professional service delivery to support consumption growth.

Substantial experience drafting, negotiating, and closing complex professional services agreements and a strong understanding of contractual issues related to information security, data privacy, artificial intelligence, and intellectual property is required.

You should have proven ability to successfully navigate and counsel on complex legal issues while balancing and/or mitigating material risk. You should be able to prioritize competing demands and be responsive to client expectations in a fast-paced environment within a limited time period.

Outstanding written and verbal communication skills are essential. A growth mindset, strong attention to detail, excellent critical thinking, and problem-solving abilities are also required.

Experience and/or strong interest in mentoring and guiding junior legal team members is a plus. A JD and good standing to practice law in the relevant jurisdiction are necessary.

XML job scraping automation by YubHub

You will report to the Director & AGC, Commercial Legal. You have 4+ years of relevant commercial legal transactional experience with a focus on complex technology transactions. You have meaningful experience negotiating SaaS commercial transactions and strong knowledge/experience counseling on legal issues related to data privacy, information security, artificial intelligence, and intellectual property, including open source software.

The impact you will have:

• Become an important member of the commercial and go-to-market legal team responsible for reviewing and negotiating commercial customer agreements. Focus on balancing/mitigating risk for the company while continuing to enable our rapid revenue growth.

• Cultivate strong relationships with field sales by providing sound, strategic counsel to close sales transactions and support ongoing go-to-market efforts.

• Help maintain and update our legal agreements, ensuring that terms and internal policies are positioned to continue enabling rapid revenue growth and maintaining long-term stability for the company.

• Serve as a solutions-oriented business partner by providing pragmatic, sound legal counsel to internal Databricks clients and our growing customer base based on your understanding of Databricks' technology, product portfolio, information security architecture, and data privacy/compliance policies.

• Work cross-functionally with our business partners (e.g., Finance, Information Security, Product, and Privacy) to align, communicate, and enforce applicable policies and controls to our global contracting processes.

What we look for:

• Minimum of four (4) years of technology transactions experience either at a law firm and/or in-house Attorney role.

• Relevant commercial transactional experience working for and/or supporting cloud-based software companies, including an understanding of consumption/commit-based business models and the quarterly sales cadence.

• Demonstrated experience drafting, negotiating, and closing complex software sell-side transactions and a strong understanding of contractual issues related to information security, data privacy, artificial intelligence, and intellectual property, including open source software.

• Proven ability to successfully navigate and counsel on complex legal issues while balancing and/or mitigating material risk.

• Able to prioritize competing demands and be responsive to client expectations in a fast-paced environment within a limited time period.

• Outstanding written and verbal communication skills.

• Growth mindset, strong attention to detail, excellent critical thinking, and problem-solving abilities.

• Teaming approach with a focus on building a strong interlock with clients, business partners, and key stakeholders.

• JD and good standing to practice law in the relevant jurisdiction

XML job scraping automation by YubHub

You are technical, a strong operator, and strategic thinker, looking to build, improve, and scale reliable security processes whenever possible. Your leadership of the information security program at Waymark will include all facets of cybersecurity, and the associated user experience of our remote teams, and community-based care workers. You will be responsible for security policy and implementation and operation of technical and administrative safeguards to support those policies. You will use your experience to inform sound judgement to achieve the appropriate management of security risks in a manner consistent with the company’s values. You will use your in-depth knowledge of security in a modern cloud based organization, to identify and address risks to the company, through a combination of hands-on technical contributions and directing and overseeing staff with security responsibilities. You will interact with the broader executive leadership team to communicate evolving needs, matching the security strategy to the size and stage of growth of the company and the information we safeguard.

This is a remote friendly position that can be located anywhere in the United States.

Key Responsibilities & Duties

• Oversee the internal cybersecurity program, road map, and strategy, which includes developing and implementing procedures and policies designed to protect Waymark communications, systems, and assets from internal and external threats and that safeguards health information.
• Oversee and manage Waymark’s MSSP and outsourced IT vendor, including responsibility for security and IT budgets, and IT tools used by Waymark.
• Partner with Product, Engineering, Legal, and Compliance leadership to determine risks and deploy risk management processes, supporting Waymark’s secure software development lifecycle and ensuring that our internally developed products and services meet the expectations of our patients, customers and regulators
• Own, define and oversee the necessary security operational functions such as Identity Management, Vulnerability Management, Incident Response, Security Awareness, and Vendor Risk Management
• Serve as Waymark’s HIPAA Security Officer, ensuring compliance with the HIPAA Security Rule, working closely with the legal team to document, review, maintain, and implement standards, policies, and procedures within security disciplines.
• Lead the strategy, implementation, and maintenance of industry-standard security certifications, including SOC2 Type II.
• Conduct research, analysis, and correlation across a wide variety of source data to identify and prevent compromise of our networks, host systems, and data.
• Track and report on network security to the Waymark executive leadership team

XML job scraping automation by YubHub

The mission of this role is to support the design and enhancement of the Third Party Risk Management program, across both regulated and non-regulated entities, ensuring alignment with regulatory requirements (OCC, FFIEC, MAS, DORA, Federal Reserve, NY DFS, etc) as well as industry leading practices.

This role will also identify program enhancements in support of emerging risks impacting outsourced products / services.

This role will particularly contribute to the execution and optimization of due diligence and ongoing monitoring risk assessments with focus on Information Technology and Information Security as well as Quality Control process enhancement.

Responsibilities

Lead and manage the Third Party Findings Management process across key risk impact categories with specific focus on: weekly, monthly and quarterly status reporting to track findings to closure in partnership with Risk SMEs, and creation of documentation to support Third Party Risk Management program evolution leveraging industry leading practices.

Drive the optimization of the Due Diligence and Ongoing Monitoring risk assessment process across regulated and non-regulated Anchorage Digital legal entities to include reviews of the following key risk impact categories: Financial, Business Continuity, Information Security, as well as additional risk reviews based on risk and complexity of product / service being outsourced.

Lead and manage the TPRM Quality Control process across regulated and non-regulated Anchorage Digital legal entities, including maintaining the schedule of reviews to be performed, assessing the status of in-progress reviews, analyzing findings to identify common themes or trends for training and development, documentation and reporting to key stakeholders specific to review closure activities.

Assist on various TPRM Projects as needed with minimal supervision required

Complexity and Impact of Work

Manage and enhance Procedures related to the Third Party Findings Management process and support the standardization of findings management across regulated and non-regulated legal entities.

Create and manage Procedures related to the Third Party Risk Management Quality Control process and support the implementation of Quality Control across regulated and non-regulated legal entities.

Organizational Knowledge

Collaborate across the organization to understand business requirements in support of TPRM Program to include regulated and non-regulated legal entities in alignment with TPRM program evolution.

Communication and Influence

Independently create and consistently refine summaries, reports, and governance documentation associated with the Third Party Risk Management Program

Independently and consistently refine summaries, reports and governance documentation to support Third Party Findings Management program evolution.

Effectively communicate with stakeholders such as Risk Subject Matter Experts (SMEs) and relevant Relationship Owners and Relationship Managers.

You may be a fit for this role if you have:

Regulated Financial Institution experience Third Party Findings Management experience Information Security assessment experience TPRM Quality Control experience

Although not a requirement, bonus points if:

You previously directly worked with Financial Service regulators to include Office of the Comptroller of the Currency (OCC), New York Department of Financial Services (NY DFS), Federal Financial Institutions Examination Council (FFIEC), Monetary Authority of Singapore (MAS), and other regulatory bodies

You were emotionally moved by the soundtrack to Hamilton, which chronicles the founding of a new financial system.

XML job scraping automation by YubHub

We're a team of scientists, engineers, and machine learning experts working together to advance the state of the art in artificial intelligence. Our mission is to close the 'Agentic Launch Gap'; the critical window where novel AI capabilities outpace traditional security reviews.

As the Security Lead for the Agentic Red Team, you will direct a specialized unit of AI Researchers and Offensive Security Engineers focused on adversarial AI and agentic exploitation. Operating as a technical player-coach, you will architect complex, multi-turn attack scenarios while managing cross-functional partnerships with Product Area leads and Google security to influence launch criteria.

Key Responsibilities:

• Direct Agile Offensive Security: Lead a specialized red team focused on rapid, high-impact engagements targeting production-level AI models and systems.
• Perform Complex AI Exploitation: Develop and carry out advanced attack sequences that focus on vulnerabilities unique to GenAI, such as escalating privileges through tool usage, poisoning data, and executing multi-turn prompt injections.
• Design Automated Validation Systems: Collaborate with Google teams to engineer 'Auto RedTeaming' solutions that transform manual vulnerability discoveries into robust, automated regression testing frameworks.
• Engineer Technical Countermeasures: Create innovative defense-in-depth frameworks and control systems to mitigate agentic logic errors and non-deterministic model behaviors.
• Manage Threat Intelligence Assets: Develop and oversee an evolving inventory of exploit primitives and agent-specific attack patterns used to establish release criteria and evaluate model security benchmarks.
• Establish Security Scope: Collaborate with Google for conventional infrastructure protection, allowing the team to concentrate solely on agentic logic, model inference, and AI-centric exploits.

About You:

• Bachelor's degree in Computer Science, Information Security, or equivalent practical experience.
• Experience in Red Teaming, Offensive Security, or Adversarial Machine Learning.
• Deep technical understanding of LLM architectures and agentic workflows (e.g., chain-of-thought reasoning, tool usage).
• Proven ability to work in a consulting capacity with product teams, driving security improvements in fast-paced release cycles.
• Experience managing or technically leading small, high-performance engineering teams.

In addition, the following would be an advantage:

• Hands-on experience developing exploits for GenAI models (e.g., prompt injection, adversarial examples, training data extraction).
• Familiarity with AI safety benchmarks and evaluation frameworks.
• Experience writing code (Python, Go, or C++) to build automated security tools or fuzzers.
• Ability to communicate complex probabilistic risks to executive stakeholders and engineering teams effectively.

The US base salary range for this full-time position is between $248,000 - $349,000 + bonus + equity + benefits.

XML job scraping automation by YubHub

We're growing fast so we're looking for a Senior Software Engineer to join our Product team! We are proud of our strong engineering culture and the dogged emphasis on customer-centric design. We're working on all sorts of exciting areas of application development: web, mobile, infrastructure, performance, UI/UX design, integrations with dozens of web services, API development, modern front-end frameworks, scalability, video, natural language processing, data science and usability engineering.

Agile methodology and test-driven development are not things we read about in blogs, it's what we do every day! Our technology stack consists of Rails, Node, Python and Java apps based on PostgreSQL, MongoDB, RabbitMQ, Redis and Elastic deployed on Kubernetes and GCP. We're looking for developers in all fields of SaaS application development. We have several teams working on different areas from the core application to mobile/tablet applications, integrations, natural language processing, data science and video technology. We will find the right team for you depending on your skills and technology interests.

Responsibilities:

• Develop and maintain software systems in production
• Strong background in relational database theory and excellent knowledge of Relational Databases (Postgres, MySQL, SQL server, Oracle)
• Familiarity with NOSQL storage (MongoDB, Redis, Elastic, etc.)
• Firm grasp of multi-threading, object-oriented design and asynchronous programming
• Skilled in testing (unit/integration)
• BS/MS degree in Computer Science, Engineering or a related subject
• Being passionate about web technologies

Benefits:

• Comprehensive Health Coverage: A robust health insurance plan that includes coverage for your dependents.
• Competitive Compensation: An attractive salary paired with a performance-based bonus plan.
• Flexible Work Model: Enjoy the best of both worlds with a hybrid setup—two days working from home and three in the office.
• Top-Tier Tools: Apple gear and access to the latest productivity tools to help you excel.
• Stay Connected: A mobile data plan to keep you online wherever you are.
• Delicious Perks: Fresh, tasty food at the office to fuel your productivity.
• Relocation Bonus: To help you settle in smoothly in Athens.

XML job scraping automation by YubHub

You thrive in collaborative settings, working seamlessly with cross-functional teams such as Finance, Legal, Audit, and HR, and are adept at implementing innovative security solutions that elevate organisational posture. Your analytical mindset is matched by your critical thinking skills, allowing you to assess potential threats, evaluate risk mitigation strategies, and communicate findings clearly to executive leadership and stakeholders globally.

You are passionate about advancing risk management programs, enhancing compliance, and tracking enterprise security risks to keep pace with the ever-evolving cybersecurity landscape. Your commitment to continuous learning ensures you stay ahead of industry trends and regulatory changes, making you a valuable partner in Synopsys' growth and transformation.

You take ownership of your work, demonstrate high ethical standards, and enjoy tackling complex challenges unique to the Synopsys business and systems architecture. Your ability to translate technical concepts into actionable business solutions empowers the organisation to achieve its strategic goals securely and efficiently.

Responsibilities

• Conduct security risk assessments of suppliers, partners, and internal systems, rating risks and recommending mitigation controls.
• Identify, document, monitor, and report on risk register items, KPIs/KRIs, and security control efficacy.
• Present security risks and findings to diverse audiences, including risk owners, senior management, and global stakeholders.
• Collaborate with business groups to implement new solutions, processes, and remediate outstanding security issues.
• Work closely within the GRC team to detect potential security weaknesses and develop creative solutions tailored to Synopsys' systems architecture.
• Provide guidance on control implementations, governance frameworks, and corporate security policies.
• Conduct third-party (vendor) risk assessments and communicate requirements to internal and external partners.
• Maintain, enforce, and track the Synopsys Information Security Exception process.
• Stay current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy.

Requirements

• Bachelor's degree in Computer Science, Information Systems, or a related field (or equivalent experience).
• 5-7 years of hands-on experience in information security, risk management, or compliance.
• In-depth knowledge of certification and attestation programs (ISO 27001, SOC 2 Type II, ISO 31000).
• Practical experience with security control frameworks (ISO 27001, NIST 800-53, SOC 2 Type II, NIST CSF).
• Excellent organisational skills and attention to detail, with the ability to prioritise multiple projects.
• Effective communication skills with internal/external customers, executive managers, and global teams.
• Ability to interpret compliance requirements and provide meaningful risk analysis.

Benefits

We offer a comprehensive range of health, wellness, and financial benefits to cater to your needs. Our total rewards include both monetary and non-monetary offerings. Your recruiter will provide more details about the salary range and benefits during the hiring process.

XML job scraping automation by YubHub

Your Key Responsibilities:

• Manage our FLG sites in all matters related to energy, environment, health and safety, and information security management
• Conduct internal audits and accompany external audits according to ISO 14001, ISO 45001, ISO 50001, and TISAX
• Follow up and ensure the implementation of measures from audits and the management review
• Support the maintenance and development of our Legal Compliance Management System
• Collaborate closely with the Quality Management department
• Take responsibility and participate in the expansion of information security

What We Are Looking For:

• Technical degree or equivalent
• Certified 1st & 2nd Party Auditor (ISO 19011) with valid proof
• In-depth knowledge of the standards ISO 14001, ISO 45001, and ISO 50001
• First experiences in the field of information security are an advantage
• Independent, structured working style and high self-motivation
• Very good German and English language skills
• Proficient in MS Office

What We Offer:

• Balance between private and professional life (e.g., flexible working hours, part-time work, 30 days of annual leave, and possibility of taking time off)
• Secure future prospects in a dynamic, globally operating company
• Salary and benefits in line with requirements and performance
• Opportunities for individual further education and training
• Company pension scheme, disability insurance, and long-term account
• Occupational health management (e.g., cooperation with fitness studios, action days, company sports, and social counseling)
• FUCHS promotes equal opportunities. Applications from disabled people will be given special consideration if they are equally qualified.

How to Apply:

If you have any questions, Alexandra Freund will be happy to answer them for you under Alexandra.Freund.EXT@fuchs.com. Join our team and let's move the world together! [jobs.fuchs.com](https://jobs.fuchs.com/)

XML job scraping automation by YubHub

XML job scraping automation by YubHub

At Synopsys, we drive the innovations that shape the way we live and connect. Our technology is central to the Era of Pervasive Intelligence, from self-driving cars to learning machines. We lead in chip design, verification, and IP integration, empowering the creation of high-performance silicon chips and software content.

Job Description

We are seeking a motivated and detail-oriented audit professional with a strong interest in technology, information security, and risk management. You will be responsible for planning and executing IT and/or Information Security audits in accordance with the annual audit plan. You will also perform IT risk assessments to identify key risks and support the development and refinement of the annual IT audit plan.

Responsibilities

• Planning and executing IT and/or Information Security audits in accordance with the annual audit plan.
• Performing IT risk assessments to identify key risks and support the development and refinement of the annual IT audit plan.
• Evaluating the design and operating effectiveness of IT General Controls (ITGCs) and, where applicable, IT Application Controls.
• Supporting SOX compliance activities, including walkthroughs, control testing, issue identification, and remediation follow-up.
• Conducting audits over key systems and platforms, including ERP and cloud-based applications (e.g., SAP and/or Salesforce).
• Collaborating with business, IT, and Information Security stakeholders to understand processes, risks, and controls.
• Preparing clear, concise audit documentation, reports, and presentations that communicate findings, risks, and recommendations.
• Tracking and validating remediation of audit findings and control deficiencies.
• Staying current on emerging technology risks, regulatory expectations, and industry best practices related to IT and cybersecurity.

Benefits

At Synopsys, innovation is driven by our incredible team around the world. We feel honored to work alongside such talented and passionate individuals who choose to make a difference here every day. We're proud to provide the comprehensive benefits and rewards that our team truly deserves.

• Health & Wellness: Comprehensive medical and healthcare plans that work for you and your family.
• Time Away: In addition to company holidays, we have ETO and FTO Programs.
• Family Support: Maternity and paternity leave, parenting resources, adoption and surrogacy assistance, and more.
• ESPP: Purchase Synopsys common stock at a 15% discount, with a 24 month look-back.
• Retirement Plans: Save for your future with our retirement plans that vary by region and country.
• Compensation: Competitive salaries.

Team

You will join a collaborative and forward-thinking Internal Audit team that partners closely with the business and technology functions. The team values quality, integrity, and open communication, and provides opportunities to work across a broad range of systems, processes, and risks. You'll gain exposure to senior stakeholders, develop your technical and audit expertise, and play a meaningful role in strengthening the organization's control environment.

XML job scraping automation by YubHub

Product & Solutions Lead, Safety and Security

Location

San Francisco

Employment Type

Full time

Department

Intelligence & Investigations

Compensation

• $288K – $425K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

This role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.

About the Team

The Intelligence & Investigations (I2) team detects and disrupts abuse and strategic risks so people can use AI safely. We translate real-world signals, investigations, and external threat intelligence into practical mitigations, operating guidance, and partner-ready support that improves safety outcomes across the AI ecosystem.

About the Role

As a Product & Solutions Lead focused on safety and security, you will build and operate 0–1 products, services, and technical solution packages that help developers and public institutions move from experimentation to durable, trusted outcomes—while maintaining public safety, transparency, and respect for privacy and rights.

This role balances two modes of delivery:

1. Bespoke products and technical solutions for strategic internal and external partners, and

1. Scalable product and solution packages that can be reused broadly across partners and deployments.

Training is a component of scale, but not the center of gravity. You will also ship reference implementations, playbooks, evaluation kits, and repeatable operating models that partners can adopt and operate.

You will work directly with engineers and a multidisciplinary group of safety and geopolitical analysts, and data and quantitative scientists to convert complex, evolving challenges into solutions that teams can adopt in high-stakes environments.

This role is based in San Francisco, CA (hybrid, 3 days/week). Relocation support is available.

In this role, you will:

• Own the 0–1 roadmap for safety and security solution offerings: define the target users, problem statements, tools, operating models, success metrics, and the set of reusable deliverables we ship.

• Design and ship bespoke technical solutions for priority partners (internal and external), then abstract what works into reusable patterns and toolkits.

• Build partner-ready technical artifacts: solution blueprints, reference architectures, evaluation and monitoring guidance, incident/response playbooks, and deployment checklists.

• Package open-source and proprietary capabilities into adoption-ready solutions (e.g., reference implementations, configuration patterns, validated workflows).

• Maintain a consistent delivery model across engagements: intake, scoping, governance alignment, execution cadence, and retrospectives that improve the offering over time.

• Translate evolving threats into actionable guidance and updates for solution packages (e.g., scams/fraud patterns, cyber-enabled threats, ecosystem abuse trends).

• Develop lightweight enablement components as needed: targeted technical modules, hands-on labs, and readiness assessments that accelerate adoption of the solutions.

• Define and instrument impact measurement: adoption milestones, readiness indicators, reliability and safety posture improvements, and partner satisfaction with outputs.

• Partner closely across engineering, safety, geopolitical analysis, and quantitative teams to ensure solutions are technically credible, threat-informed, and measurable.

• Communicate crisply and decision-readily to internal and external stakeholders: progress, trade-offs, risks, and recommendations.

You might thrive in this role if you:

• Have 6+ years in product, technical program leadership, solutions, or platform operations, especially in safety, security, risk, integrity, or enterprise/public-sector contexts.

• Have built 0–1 solution offerings (product plus services or productized services): taking ambiguous needs, shipping something concrete, then scaling it into a repeatable model.

• Have a builder’s mindset: comfortable incubating early-stage ideas, testing them with partners, and evolving them into durable, repeatable safety and security solutions.

• Can go deep with engineers and still produce partner-ready artifacts that are clear

XML job scraping automation by YubHub

Vendor Security Program Manager

Location

San Francisco; New York City; Seattle; Washington, DC

Employment Type

Full time

Location Type

Hybrid

Department

Security

Compensation

• SF, Seattle and NYC: $207K – $335K • Offers Equity
• Zone A: $186K – $301.5K • Offers Equity
• Zone B: $165.6K – $268K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

This role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.

About the Team

The Vendor Security team sits at the core of our mission to ensure our technology benefits humanity safely and securely. We provide security assurances and robust compliance frameworks for our technology, people, and products. Our mission is to build trust with the world in our products and company. Our work is technical yet highly operational, strategically aligning with security and engineering teams to navigate and mitigate risks proactively. We prioritize impact, enable innovation, and foster a culture of continuous compliance and security awareness.

About the Role

As a Program Manager within the Vendor Security team, you will play a crucial role in protecting our organisation against external risks posed by suppliers, vendors, partners, and hardware manufacturers. Your responsibilities will include conducting comprehensive security assessments, building a program to manage global supply chain and vendor risks, and driving security initiatives across all of our third-party relationships. You will be analytical, detail-oriented, and proactive, capable of translating complex security evaluations into clear, actionable strategies.

The role is expected to operate with a strong point of view on risk. You will be responsible not only for identifying and documenting vendor and supply-chain risk, but for helping the company make informed trade-offs between speed, scale, and security. This role requires exceptional organisational skills, the ability to effectively communicate across different business functions, and a strong commitment to operational excellence in a dynamic environment.

This role may be based out of one of our US offices (San Francisco, Seattle, NYC or DC.) We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.

In this role, you will:

• Be the interface for Security to the rest of the organisation for vendors.

• Own vendor security risk decisions and escalation paths, including clearly documenting risk acceptance, mitigation plans, and executive-level trade-offs when security requirements cannot be fully met.

• Conduct deep, evidence-based security assessments of third parties, including review of architectures, configurations, controls, logs, and operational practices - moving beyond questionnaires and attestations to validate real-world security posture of vendors.

• Assess and manage security risk across a diverse vendor landscape, including SaaS providers, cloud and infrastructure partners, hardware manufacturers, chip suppliers, and other strategic or high-impact suppliers.

• Develop, build, and continuously improve the vendor security program and security supply chain risk management function at OpenAI.

• Develop, propose, and implement effective controls to mitigate identified vendor risks.

• Build and maintain collaborative partnerships with key internal stakeholders including Infrastructure Security, Product, Engineering, Legal, Procurement, and Threat Intelligence to ensure comprehensive security coverage of the vendor and third-party supply chain.

• Streamline and automate vendor and supply chain security processes to increase efficiency and reduce manual overhead.

You might thrive in this role if you have:

• Proven experience conducting third-party or supply chain security assessments, including building and scaling a vendor management security program.

• An in-depth understanding of information security principles and controls, including data protection, access management, proactive and reactive security measures, and application security.

• Comfort operating in ambiguity, with the ability to form defensible security opinions even when information is incomplete or uncertain.

• Strong analytical and problem-solving skills, with the ability to identify and mitigate complex security risks.

• Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and stakeholders.

• Strong organisational and project management skills, with the ability to prioritise tasks and manage multiple projects simultaneously.

• A strong commitment to operational excellence and continuous improvement, with a focus on delivering high-quality results in a dynamic environment.

• A passion for security and a desire to make a meaningful impact in the field.

XML job scraping automation by YubHub

Location

New York City

Employment Type

Full time

Location Type

Hybrid

Department

Security

Compensation

• $260K – $385K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance related bonus for eligible employees and benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick and safe time (1 hour per 30 hours worked)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

About the Team

Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI’s technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our Security team tenets include: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture.

About the Role

As a Security Engineer, Application Security you will be responsible for identifying and mitigating security vulnerabilities within software applications through building security tools, code reviews, penetration testing, and security assessments.

We’re looking for people who will work closely with development teams to ensure secure coding practices are integrated throughout the software development lifecycle, preventing security risks before they emerge. You will also provide security guidance to developers and other stakeholders, fostering a culture of security awareness within the organization.

The role is preferred to be based in San Francisco, Seattle or New York City but may consider remote work. We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.

In this role, you will:

• Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.

• Develop and Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats.

• Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines.

• Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.

• Vulnerability Management: Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts.

• Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.

• Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications.

You might thrive in this role if you:

• Extensive experience in information security, cybersecurity, or a related field, with a significant portion of that experience in leadership or management roles.

• Deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response.

• Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks.

• Proficiency in programming languages (such as Python, Java, C++, etc.), knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption methods.

• Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve this, we are building a team of talented engineers, researchers, and designers who share our vision and values.

XML job scraping automation by YubHub

Security Engineer, Application Security

Location

San Francisco

Employment Type

Full time

Location Type

Hybrid

Department

Security

Compensation

• $260K – $385K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance related bonus for eligible employees and benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick and safe time (1 hour per 30 hours worked)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

This role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.

About the Team

Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI’s technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our Security team tenets include: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture.

About the Role

As a Security Engineer, Application Security you will be responsible for identifying and mitigating security vulnerabilities within software applications through building security tools, code reviews, penetration testing, and security assessments.

We’re looking for people who will work closely with development teams to ensure secure coding practices are integrated throughout the software development lifecycle, preventing security risks before they emerge. You will also provide security guidance to developers and other stakeholders, fostering a culture of security awareness within the organization.

The role is preferred to be based in San Francisco, Seattle or New York City but may consider remote work. We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.

In this role, you will:

• Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.

• Develop and Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats.

• Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines.

• Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.

• Vulnerability Management: Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts.

• Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.

• Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications.

You might thrive in this role if you:

• Extensive experience in information security, cybersecurity, or a related field, with a significant portion of that experience in leadership or management roles.

• Deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response.

• Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks.

• Proficiency in programming languages (such as Python, Java, C++, etc.), knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption methods.

• Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve this, we are committed to advancing the state-of-the-art in AI research and development.

XML job scraping automation by YubHub

Location

Seattle

Employment Type

Full time

Department

Security

Compensation

• $260K – $385K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance related bonus for eligible employees and benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick and safe time (1 hour per 30 hours worked)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

About the Team

Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI’s technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our Security team tenets include: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture.

About the Role

As a Security Engineer, Application Security you will be responsible for identifying and mitigating security vulnerabilities within software applications through building security tools, code reviews, penetration testing, and security assessments.

We’re looking for people who will work closely with development teams to ensure secure coding practices are integrated throughout the software development lifecycle, preventing security risks before they emerge. You will also provide security guidance to developers and other stakeholders, fostering a culture of security awareness within the organization.

The role is preferred to be based in San Francisco, Seattle or New York City but may consider remote work. We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.

In this role, you will:

• Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.

• Develop and Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats.

• Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines.

• Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.

• Vulnerability Management: Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts.

• Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.

• Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications.

You might thrive in this role if you:

• Extensive experience in information security, cybersecurity, or a related field, with a significant portion of that experience in leadership or management roles.

• Deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response.

• Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks.

• Proficiency in programming languages (such as Python, Java, C++, etc.), knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption methods.

• Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass

XML job scraping automation by YubHub

What you'll do

Act as the primary interface between the research team and the deployment ecosystem, ensuring seamless transition from innovation to production.

• Own interactions with external AI and LLM providers to facilitate integration and optimize performance across platforms.
• Lead information security and compliance approvals for product deployments, maintaining high standards of data protection and privacy.
• Design, build, and evolve the build and development environment, including robust CI/CD pipelines for automation and reliability.
• Manage releases end-to-end, from scheduling and execution to closure, ensuring timely and high-quality product delivery.
• Drive porting efforts and cross-platform support, broadening product reach and enabling scalability across cloud environments.

What you need

• Strong proficiency in Git, CI/CD, and version control workflows.
• Expertise in operating systems and cloud deployments (Azure, GCP, AWS).
• Hands-on experience with Docker/Kubernetes and infrastructure-as-code practices.
• Ability to design and build distributed systems at scale.
• Proficiency in Python or another scripting language for automation.
• Experience in model inferencing frameworks (vLLM, TGI) is highly desirable.

XML job scraping automation by YubHub