Key Responsibilities:

• Design and build out our rules, processes, and platform for our secure development lifecycle.
• Deliver and review code that is well-documented, tested, and operable.
• Work cross-function to architect scalable and secure solutions to a variety of Pinterest's problems.
• Conduct regular security assessments including design reviews.
• Help rework our existing controls to address increased productivity due to AI and new AI threats.

Requirements:

• Bachelor's degree in Computer Science, Engineering, or a related field, or equivalent experience.
• 5+ years of experience in product security, application security, or security-related software engineering role.
• Enthusiasm for the constant fight to ensure security and privacy.
• Proficiency in a dynamic programming language such as Python.

XML job scraping automation by YubHub

You will be the technical authority on hardware root of trust, secure boot, firmware integrity, embedded system hardening, and the security of third-party hardware integrations. Your work ensures that every component on the vessel is resilient against tampering, exploitation, and supply chain compromise, designed in from the start and maintained across the fleet lifecycle.

Key Responsibilities:

• Conduct hardware security assessments including fault injection, side-channel analysis, interface evaluation, and bus protocol analysis across Saronic-built and third-party hardware including sensors, radios, navigation systems, propulsion controllers, and communication modules

• Evaluate and harden physical interfaces, debug ports, maintenance access points, and removable media interfaces on vessel hardware

• Evaluate supply chain security risks for hardware components and recommend provenance validation, anti-tamper, and attestation controls

• Develop and maintain a hardware security testing capability including tooling, methodology, and repeatable test procedures

• Design and implement secure boot chains establishing hardware root of trust from power-on through application launch, integrating TPM, secure elements, and HSMs for device identity, key storage, measured boot, and remote attestation

• Design and implement secure firmware update mechanisms including signed updates, rollback protection, and verified delivery across the fleet

• Own the cryptographic key lifecycle for hardware-bound keys, including provisioning, rotation, revocation, and escrow

• Harden embedded Linux systems on vessel platforms, including kernel configuration, mandatory access controls, secure IPC, and attack surface reduction

• Secure operational technology protocols and interfaces used in vessel control systems, propulsion, navigation, and sensor fusion including CAN bus, NMEA, and maritime/industrial communication protocols

• Define security boundaries, trust zones, and segmentation strategies for vessel-internal compute and communication architectures

• Drive threat modeling across vessel hardware subsystems and translate findings into actionable engineering requirements

• Produce secure-by-design reference architectures and define hardware and firmware security standards, testing requirements, and acceptance criteria integrated into engineering workflows

Required Qualifications:

• 6+ years of hands-on experience in hardware security, embedded systems security, firmware security, or a closely related security engineering role

• Deep expertise in hardware hacking techniques including fault injection, side-channel attacks, JTAG/SWD exploitation, bus sniffing/injection, and physical security assessments

• Demonstrated experience designing and implementing secure boot chains, hardware root of trust, and secure firmware update mechanisms in production systems

• Strong experience assessing third-party hardware integrations and evaluating supply chain security risks

• Deep knowledge of embedded Linux security hardening, kernel security, and mandatory access control frameworks

• Experience with operational technology security, industrial protocols, or control system security

• Proficiency in C, C++, Python, or Rust in the context of firmware, embedded, or systems-level security work, and with hardware security testing tools

• Ability to obtain and maintain a security clearance

Preferred Qualifications:

• Experience in defense, aerospace, robotics, autonomy, maritime, or other high-assurance environments

• Experience with autonomous systems, unmanned vehicles, or safety-critical embedded platforms

• Experience with RTOS, microcontroller security, or resource-constrained device environments

• Knowledge of CAN bus, NMEA protocols, maritime communication systems, RF/GPS/GNSS security, or ICS security standards

• Familiarity with defense or safety-critical compliance frameworks (NIST SP 800-53, IEC 62443, Common Criteria, or equivalent)

• Relevant certifications such as OSEE, GXPN, GSE, or hardware-focused credentials

XML job scraping automation by YubHub

Your day-to-day will involve leading security architecture/design review and threat modeling sessions with product and engineering teams, translating threats into actionable, risk-rated engineering remediations prioritized by severity, conducting hands-on penetration testing and security assessments across our full product stack, and driving PSIRT operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers, and on-call incidents.

You will also shape the posture of our AI-assisted development environment, defining and enforcing enterprise policies for Claude and Cursor, and partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features, briefing executives on emerging AI threats, mentoring junior security engineers, and collaborating with the AI team on securing ML pipelines.

As a champion of security culture, you will run developer training on secure coding with AI assistants, evangelize security by design for products, and ensure every engineer understands that product security is an enabler and not a gate.

You will bring 10+ years of product security experience spanning application security, cloud security, and secure SDLC, expert-level threat modeling using STRIDE, PASTA, or equivalent across web, mobile, cloud, embedded, and AI systems, hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware, and deep hands-down AI security expertise and expert-level understanding of OWASP Top 10 for LLM, API, Web, Mobile, and practical experience with MITRE.

You will have strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor, and understand MCP security risks and know how to architect enterprise guardrails that enable safe AI-assisted development.

You will also have strong programming ability and capability to review code, build security tools, automate workflows, and be credible with the engineering teams you partner with.

Preferred experience includes hardware and embedded security experience with knowledge of secure boot, firmware integrity, hardware root of trust, and IoT threat modeling experience, and experience in the Financial industry, knowledge of PCI DSS, COPPA, or demonstrated ability to learn regulated domains quickly.

Work perks at Greenlight include medical, dental, vision, and HSA match, paid life insurance, AD&D, and disability benefits, traditional 401k with company match, unlimited PTO, paid company holidays and pop-up bonus holidays, professional development stipends, mental health resources, 1:1 financial planners, fertility healthcare, 100% paid parental and caregiving leave, plus cleaning service and meals during your leave, flexible WFH, both remote and in-office opportunities, fully stocked kitchen, catered lunches, and occasional in-office happy hours, and employee resource groups.

XML job scraping automation by YubHub

Vendor Security Program Manager

Location

San Francisco; New York City; Seattle; Washington, DC

Employment Type

Full time

Location Type

Hybrid

Department

Security

Compensation

• SF, Seattle and NYC: $207K – $335K • Offers Equity
• Zone A: $186K – $301.5K • Offers Equity
• Zone B: $165.6K – $268K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

This role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.

About the Team

The Vendor Security team sits at the core of our mission to ensure our technology benefits humanity safely and securely. We provide security assurances and robust compliance frameworks for our technology, people, and products. Our mission is to build trust with the world in our products and company. Our work is technical yet highly operational, strategically aligning with security and engineering teams to navigate and mitigate risks proactively. We prioritize impact, enable innovation, and foster a culture of continuous compliance and security awareness.

About the Role

As a Program Manager within the Vendor Security team, you will play a crucial role in protecting our organisation against external risks posed by suppliers, vendors, partners, and hardware manufacturers. Your responsibilities will include conducting comprehensive security assessments, building a program to manage global supply chain and vendor risks, and driving security initiatives across all of our third-party relationships. You will be analytical, detail-oriented, and proactive, capable of translating complex security evaluations into clear, actionable strategies.

The role is expected to operate with a strong point of view on risk. You will be responsible not only for identifying and documenting vendor and supply-chain risk, but for helping the company make informed trade-offs between speed, scale, and security. This role requires exceptional organisational skills, the ability to effectively communicate across different business functions, and a strong commitment to operational excellence in a dynamic environment.

This role may be based out of one of our US offices (San Francisco, Seattle, NYC or DC.) We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.

In this role, you will:

• Be the interface for Security to the rest of the organisation for vendors.

• Own vendor security risk decisions and escalation paths, including clearly documenting risk acceptance, mitigation plans, and executive-level trade-offs when security requirements cannot be fully met.

• Conduct deep, evidence-based security assessments of third parties, including review of architectures, configurations, controls, logs, and operational practices - moving beyond questionnaires and attestations to validate real-world security posture of vendors.

• Assess and manage security risk across a diverse vendor landscape, including SaaS providers, cloud and infrastructure partners, hardware manufacturers, chip suppliers, and other strategic or high-impact suppliers.

• Develop, build, and continuously improve the vendor security program and security supply chain risk management function at OpenAI.

• Develop, propose, and implement effective controls to mitigate identified vendor risks.

• Build and maintain collaborative partnerships with key internal stakeholders including Infrastructure Security, Product, Engineering, Legal, Procurement, and Threat Intelligence to ensure comprehensive security coverage of the vendor and third-party supply chain.

• Streamline and automate vendor and supply chain security processes to increase efficiency and reduce manual overhead.

You might thrive in this role if you have:

• Proven experience conducting third-party or supply chain security assessments, including building and scaling a vendor management security program.

• An in-depth understanding of information security principles and controls, including data protection, access management, proactive and reactive security measures, and application security.

• Comfort operating in ambiguity, with the ability to form defensible security opinions even when information is incomplete or uncertain.

• Strong analytical and problem-solving skills, with the ability to identify and mitigate complex security risks.

• Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and stakeholders.

• Strong organisational and project management skills, with the ability to prioritise tasks and manage multiple projects simultaneously.

• A strong commitment to operational excellence and continuous improvement, with a focus on delivering high-quality results in a dynamic environment.

• A passion for security and a desire to make a meaningful impact in the field.

XML job scraping automation by YubHub