We are looking for builders and owners who operate with speed and urgency and execute with excellence. This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.

We're building a world where Identity belongs to you.

Okta is the leading independent provider of enterprise identity. The Okta Identity Cloud enables organisations to securely connect the right people to the right technologies at the right time. With over 6,500 pre-built integrations to applications and infrastructure providers, Okta customers can easily and securely use the best technologies for their business.

Access Management Foundation Team

The Access Management Pillar at Okta is on a mission to seamlessly and securely authorise users to access any resource they need to get their work done. Our goal is to lead the industry in Zero Trust identity management. The Access Foundation Backend Team is at the core of this mission, building and maintaining the foundational components and frameworks that power Okta's identity and access management solutions.

We develop Okta cloud services and client software that allow users to seamlessly login to devices and use Okta authenticators to access applications securely.

Learn more about Okta’s Engineering on our blog.

About You

We are looking for a seasoned Principal Engineer to join our team and help us build the future of identity and access management. Ideal candidate should be:

• A strong Java developer with a passion for building high-quality, secure, and performant applications and frameworks.
• Excited by the opportunity to work on cutting-edge security and identity management challenges and are a thought leader who can drive technical strategy and mentor other engineers.
• A collaborative individual with excellent communication skills, capable of working with cross-functional teams to deliver on a shared vision.
• Not just be a builder; but a force multiplier who can create frameworks and solutions that enable other teams to be more productive.

Job Duties and Responsibilities:

• Design, develop, and maintain core components of the Okta Access Management platform
• Lead the architectural design and implementation of new features and services, with a focus on scalability, performance, and security.
• Build and maintain frameworks that enable other engineering teams to ship modular and secure code quickly.
• Collaborate with product managers, architects, and other engineering teams to define the technical strategy and lead the prototyping of framework components
• Following best practices, contribute to technical designs, proposals, and architectural decisions.
• Drive a culture of quality and continuous improvement, with a focus on robust testing, monitoring, and operational excellence.
• Stay up-to-date with the latest industry trends and technologies in identity, security, and distributed systems.

Minimum Requirements:

• 12+ years of experience building and scaling Java-based web applications and services.
• A deep understanding of design patterns, scalability patterns, security engineering, and object-oriented principles.
• Experience working in a fast-paced, agile environment, with a strong understanding of CI/CD practices.
• Strong communication skills and the ability to work across functions

Nice to have:

• Experience with identity and access management (IAM) protocols such as SAML, OAuth, FIDO, and WebAuthn
• Experience with security best practices and threat modeling
• Experience with one or more UI technologies such as Angular, ReactJS, Backbone, and Vue.
• Knowledge of cybersecurity principles, secure coding practices, and certifications like CISSP or Security+

Education and Training:

• Bachelor’s degree in Computer Science or equivalent experience.
• 12+ years of software development experience

XML job scraping automation by YubHub

Your work will contribute to the full secret management lifecycle, from push protection to pipeline-based scanning, validation, and auditability, so developers can move quickly without taking on avoidable security risk.

This is a strong opportunity if you want to work on security features with clear customer impact, improve detection quality, and help teams act when credentials, API keys, or other secrets are exposed.

You'll focus on backend systems that power Secret Detection across GitLab's DevSecOps platform, working closely with product management and engineering peers in an async-first environment.

In your first year, you'll contribute to core product capabilities, improve performance and result quality, and help shape technical direction through code reviews, RFCs, and proof of concepts.

Some examples of our projects:

• Prevent secret leaks in source code with GitLab Secret Push Protection
• Verify validity of secret detection findings

Responsibilities

• Guide the design and implementation of backend features for GitLab Secret Detection in Ruby on Rails, GraphQL, and Go, delivering capabilities that improve coverage, reliability, or response time for secret detection workflows.
• Build clean, well-tested, maintainable code that meets GitLab standards for reliability and performance, helping reduce regressions and maintain backend systems at scale.
• Partner with product management and engineering peers to deliver backend capabilities that improve detection, validation, remediation, and audit trail coverage across the secret management lifecycle.
• Improve detection quality by reducing false positives, strengthening secret validation workflows, and enabling faster, more effective remediation paths.
• Contribute to code reviews, RFCs, and proof-of-concept work that guide technical approaches across the Secret Detection category.
• Identify technical debt and operational inefficiencies, then propose and implement practical improvements.
• Diagnose performance and optimization issues in backend systems and implement improvements that increase efficiency, scalability, and service reliability.
• Work effectively in a globally distributed, async-first team while participating in planning, engineering discussions, and pairing when needed.

Requirements

• Experience building backend applications and services using Ruby on Rails, with working knowledge of GraphQL and interest in backend-focused product development.
• Experience designing and delivering secure, maintainable systems that power production web applications at scale.
• Knowledge of security concepts, common vulnerabilities, mitigation techniques, and secure coding practices.
• Background developing or working with security tools or products, especially in areas related to code scanning or secret detection.
• Experience investigating performance issues and improving backend reliability, efficiency, and maintainability.
• Ability to work closely with cross-functional partners, including product, design, and technical writing, to deliver useful product outcomes.
• Communicate clearly in writing and in conversation, especially in remote, async-first environments with distributed teams.
• Bring transferable experience and a willingness to grow into parts of the security or Go stack.

About the Team

The Secret Detection team owns GitLab's Secret Detection category, and we build the backend systems and related user workflows that help developers identify and mitigate exposed secrets as code is contributed.

We work with the broader security product suite while maintaining focused investment in secret scanning quality, validation, remediation, and developer experience.

Our work spans Rails and Go services, and we work primarily asynchronously across time zones as a globally distributed team.

Current opportunities include expanding coverage across the secret management lifecycle and improving result quality across the findings our tools detect.

For more on how we work, see the Team Handbook page.

Benefits

• Benefits to support your health, finances, and well-being
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave
• Home office support

XML job scraping automation by YubHub

Responsibilities: Conduct in-depth code reviews and static analysis to identify and mitigate security vulnerabilities in our applications Design and implement secure coding guidelines and best practices for development teams Collaborate closely with development teams to integrate security practices throughout the CI/CD pipeline Perform threat modeling and risk assessments for applications, developing mitigation strategies for potential risks Manage vulnerability tracking and remediation efforts, providing guidance to development teams Support incident response activities related to application security Stay current on emerging security threats and trends in cloud-native technologies and AI, continuously enhancing our security measures Evaluate and secure software supply chains, including producing and maintaining Software Bills of Materials (SBOMs) Address security concerns specific to AI and machine learning models, with a focus on the OWASP LLM Top 10

Basic Qualifications: Bachelor's degree in Computer Science, Cybersecurity, or a related field 3-5 years of experience in application security, with a strong focus on code security practices Deep understanding of secure coding practices, application security frameworks, and common vulnerabilities (e.g., OWASP Top 10) Proficiency in Python or Rust programming languages and experience with secure coding practices in these languages Experience securing CI/CD pipelines and implementing DevSecOps practices Familiarity with software supply chain security and SBOM generation tools Experience with security testing tools (e.g., Burp Suite, OWASP ZAP) and static/dynamic code analysis Understanding of AI/ML security implications, particularly those outlined in the OWASP LLM Top 10 Excellent communication skills, able to explain complex security issues to both technical and non-technical audiences

Preferred Skills and Experience: Experience with cloud platforms (e.g., GCP, AWS, Azure) and their security features Relevant security certifications (e.g., CSSLP, OSWE) Background in data privacy and compliance regulations relevant to cloud-native applications and AI systems Experience with GitOps and infrastructure-as-code security Familiarity with federated learning and privacy-preserving machine learning techniques Experience in building custom security tooling to enhance and automate security processes Interest in leveraging AI to automate security tasks and improve efficiency Contributions to open-source security projects or tools Experience in securing AI/ML models and data pipelines

Compensation and Benefits: $200,000 - $340,000 USD Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

XML job scraping automation by YubHub

The Application Security team at Anthropic is at the forefront of building security into every phase of the software development lifecycle. In this hands-on technical role, you will partner closely with software engineers and researchers to ensure security is a core consideration from initial design through implementation.

You will lead threat modeling and secure design reviews to proactively identify and mitigate risks early, and help with continuous risk assessment. You will build tools and systems to support developers shipping code securely, adhering to secure coding best practices.

Your insights will shape our tooling, detection capabilities, and defenses against emerging threats to AI/ML. You'll develop the standards, processes, and educational resources that enable all Anthropic engineers to be security champions.

Responsibilities:

• Help secure AI products and internal tools that are introducing industry-novel security risks and pushing established security boundaries
• Lead “shift left” security efforts to build security into the software development lifecycle
• Conduct secure design reviews and threat modeling. Identify and prioritise risks, attack surfaces, and vulnerabilities
• Develop tooling to scale security code reviews and respond to developer questions, including advising developers on remediating vulnerabilities and following secure coding practices
• Manage Anthropic's vulnerability management program, including integrating data ingestion pipelines, coding logic to prioritise vulnerability fixes, supporting teams remediating vulnerabilities and developing automated systems at scale
• Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with the ethical hacker community
• Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development
• Develop and document security policies, standards, and playbooks. Conduct security awareness training for engineers

You may be a good fit if you:

• Have 5+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments
• Strong proficiency in at least one programming language (e.g., Python, Rust, Go, Java)
• Lead with empathy, a collaborative spirit, and a learning mindset to work cross-functionally with engineers of all levels to build security into the software development life cycle
• Leverage creative and strategic thinking to reduce risk through secure design and simplicity, not just controls
• Possess broad security knowledge to connect the dots across domains and identify holistic ways to decrease the overall threat surface
• Are keen to distill complex security concepts into clear actions and drive consensus without direct authority
• Embody a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education
• Have a strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes
• Bring experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses
• Are practiced at collaborating cross-functionally and effectively balancing security requirements with business objectives
• Advocate for security fundamentals like least privilege, defence-in-depth, and eliminating complexity that could sub-linearly scale security through smart design

Strong candidates may also:

• Hands-on technical expertise securing complex cloud environments and microservices architectures leveraging technologies like Kubernetes, Docker, and AWS / GCP
• Exposure to offensive security techniques like vulnerability testing, bug bounty, pen testing, and red team exercises
• Familiarity with AI/ML security risks such as prompt injection, data poisoning, model extraction, etc. and mitigations
• Experience building security tools, applications, and automated tools
• Solid foundational knowledge of both software and security engineering principles and are keen to continue learning
• Excellent communication skills, able to distill complex security topics for broad audiences
• Worked and thrived in fast-paced environments, and comfortable navigating ambiguity

The annual compensation range for this role is $300,000 - $405,000 USD.

XML job scraping automation by YubHub

Location

New York City

Employment Type

Full time

Location Type

Hybrid

Department

Security

Compensation

• $260K – $385K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance related bonus for eligible employees and benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick and safe time (1 hour per 30 hours worked)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

About the Team

Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI’s technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our Security team tenets include: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture.

About the Role

As a Security Engineer, Application Security you will be responsible for identifying and mitigating security vulnerabilities within software applications through building security tools, code reviews, penetration testing, and security assessments.

We’re looking for people who will work closely with development teams to ensure secure coding practices are integrated throughout the software development lifecycle, preventing security risks before they emerge. You will also provide security guidance to developers and other stakeholders, fostering a culture of security awareness within the organization.

The role is preferred to be based in San Francisco, Seattle or New York City but may consider remote work. We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.

In this role, you will:

• Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.

• Develop and Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats.

• Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines.

• Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.

• Vulnerability Management: Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts.

• Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.

• Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications.

You might thrive in this role if you:

• Extensive experience in information security, cybersecurity, or a related field, with a significant portion of that experience in leadership or management roles.

• Deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response.

• Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks.

• Proficiency in programming languages (such as Python, Java, C++, etc.), knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption methods.

• Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve this, we are building a team of talented engineers, researchers, and designers who share our vision and values.

XML job scraping automation by YubHub

Security Engineer, Application Security

Location

San Francisco

Employment Type

Full time

Location Type

Hybrid

Department

Security

Compensation

• $260K – $385K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance related bonus for eligible employees and benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick and safe time (1 hour per 30 hours worked)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

This role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.

About the Team

Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI’s technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our Security team tenets include: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture.

About the Role

As a Security Engineer, Application Security you will be responsible for identifying and mitigating security vulnerabilities within software applications through building security tools, code reviews, penetration testing, and security assessments.

We’re looking for people who will work closely with development teams to ensure secure coding practices are integrated throughout the software development lifecycle, preventing security risks before they emerge. You will also provide security guidance to developers and other stakeholders, fostering a culture of security awareness within the organization.

The role is preferred to be based in San Francisco, Seattle or New York City but may consider remote work. We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.

In this role, you will:

• Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.

• Develop and Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats.

• Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines.

• Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.

• Vulnerability Management: Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts.

• Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.

• Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications.

You might thrive in this role if you:

• Extensive experience in information security, cybersecurity, or a related field, with a significant portion of that experience in leadership or management roles.

• Deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response.

• Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks.

• Proficiency in programming languages (such as Python, Java, C++, etc.), knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption methods.

• Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve this, we are committed to advancing the state-of-the-art in AI research and development.

XML job scraping automation by YubHub

Location

Seattle

Employment Type

Full time

Department

Security

Compensation

• $260K – $385K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance related bonus for eligible employees and benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick and safe time (1 hour per 30 hours worked)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

About the Team

Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI’s technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our Security team tenets include: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture.

About the Role

As a Security Engineer, Application Security you will be responsible for identifying and mitigating security vulnerabilities within software applications through building security tools, code reviews, penetration testing, and security assessments.

We’re looking for people who will work closely with development teams to ensure secure coding practices are integrated throughout the software development lifecycle, preventing security risks before they emerge. You will also provide security guidance to developers and other stakeholders, fostering a culture of security awareness within the organization.

The role is preferred to be based in San Francisco, Seattle or New York City but may consider remote work. We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.

In this role, you will:

• Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.

• Develop and Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats.

• Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines.

• Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.

• Vulnerability Management: Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts.

• Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.

• Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications.

You might thrive in this role if you:

• Extensive experience in information security, cybersecurity, or a related field, with a significant portion of that experience in leadership or management roles.

• Deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response.

• Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks.

• Proficiency in programming languages (such as Python, Java, C++, etc.), knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption methods.

• Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass

XML job scraping automation by YubHub