We are seeking a Staff Security Engineer to lead the most complex technical work in CoreWeave's Vulnerability Management program.
\nAs a Staff Security Engineer, you will design and implement scalable triage, prioritization, and remediation-tracking systems across application, infrastructure, and hardware domains. You will set technical standards, drive high-impact initiatives, and mentor engineers through technical leadership, while partnering with leadership on priorities and execution risks.
\nKey Responsibilities:
\nRequirements:
\nPreferred Qualifications:
\nSalary and Benefits: The base salary range for this role is $188,000 to $275,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).
\nWork Environment:
\nWhile we prioritize a hybrid work environment, remote work may be considered for candidates located more than 30 miles from an office, based on role requirements for specialized skill sets. New hires will be invited to attend onboarding at one of our hubs within their first month. Teams also gather quarterly to support collaboration.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_770c5fe8-cce","directApply":true,"hiringOrganization":{"@type":"Organization","name":"CoreWeave","sameAs":"https://www.coreweave.com","logo":"https://logos.yubhub.co/coreweave.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/coreweave/jobs/4653130006","x-work-arrangement":"hybrid","x-experience-level":"staff","x-job-type":"full-time","x-salary-range":"$188,000 to $275,000","x-skills-required":["vulnerability management","application security","platform security","cloud security engineering","security automation","AI/ML systems","detection pipelines","Python","Go","modern vulnerability management tooling","GPU/DPU environments","firmware security","hardware vulnerabilities","high-performance computing"],"x-skills-preferred":["AI/ML-powered security systems","LLM integration","automated decision-making","human-in-the-loop validation","security automation platforms","TINES","serverless frameworks","AWS Lambda","GCP Cloud Functions","DevOps","DevSecOps","SRE","Kubernetes security","container scanning","admission controllers","supply chain security","runtime protection"],"datePosted":"2026-04-18T15:59:06.360Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Livingston, NJ / New York, NY / Sunnyvale, CA / Bellevue, WA"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"vulnerability management, application security, platform security, cloud security engineering, security automation, AI/ML systems, detection pipelines, Python, Go, modern vulnerability management tooling, GPU/DPU environments, firmware security, hardware vulnerabilities, high-performance computing, AI/ML-powered security systems, LLM integration, automated decision-making, human-in-the-loop validation, security automation platforms, TINES, serverless frameworks, AWS Lambda, GCP Cloud Functions, DevOps, DevSecOps, SRE, Kubernetes security, container scanning, admission controllers, supply chain security, runtime protection","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":188000,"maxValue":275000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_aec0a354-6fe"},"title":"Staff Backend Engineer, SSCS: Supply Chain","description":"As a Staff Backend Engineer at GitLab, you will help shape a major investment in our Software Supply Chain Security offering. In this role, you'll serve as a senior technical leader for backend systems that help customers secure how software is built, verified, and delivered inside the GitLab platform.
\nYou'll work on foundational capabilities across package policy enforcement, build provenance, artifact signing, and malicious package detection, with a strong focus on enterprise-grade security and performance. You'll define architecture before systems are built, write clear technical proposals, and guide implementation across interconnected parts of GitLab such as CI/CD, dependency management, and security workflows.
\nThis role is a strong fit for someone who enjoys solving complex backend problems, influencing technical direction across teams, and building security features that matter to customers facing real threats. You'll do this in GitLab's remote, asynchronous, and values-driven environment, where written communication, ownership, and teamwork are central to how we work.
\nSome examples of our projects:
\nResponsibilities:
\nRequirements:
\nAbout the team:
\nThe SSCS Add-On team is part of GitLab's Software Supply Chain Security stage and is focused on building a commercial offering that addresses real supply chain security challenges for enterprise customers. The team works on capabilities that combine multiple parts of the GitLab product into a more complete security solution for organisations with strong compliance and risk management needs.
\nThe work is both technically interesting and strategically important. The team is building in a space shaped by fast-moving threats, evolving customer requirements, and close coordination with nearby teams across the broader security area. That combination creates an environment where engineers can contribute to product direction while solving practical backend challenges in a visible part of GitLab's platform.
\nFor more on how related teams work, see Team Handbook Page.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_aec0a354-6fe","directApply":true,"hiringOrganization":{"@type":"Organization","name":"GitLab","sameAs":"https://about.gitlab.com/","logo":"https://logos.yubhub.co/about.gitlab.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/gitlab/jobs/8480559002","x-work-arrangement":"remote","x-experience-level":"staff","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["Ruby on Rails","Go","Backend applications","Architecture","Technical leadership","Security","Supply chain security","Software development"],"x-skills-preferred":[],"datePosted":"2026-04-18T15:55:35.423Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Remote, India"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Ruby on Rails, Go, Backend applications, Architecture, Technical leadership, Security, Supply chain security, Software development"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_b5ce114e-dac"},"title":"Cloud Engineer – Factory Systems and Operational Technology","description":"Anduril Industries is a defence technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology and business model of the 21st century's most innovative companies to the defence industry, Anduril is changing how military systems are designed, built and sold.
\nThe company's family of systems is powered by Lattice OS, an AI-powered operating system that turns thousands of data streams into a real-time, 3D command and control centre.
\nAs the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge autonomy, AI, computer vision, sensor fusion and networking technology to the military in months, not years.
\nWe are seeking a mission-driven Cloud Infrastructure Engineer to take a leading role in designing and implementing world-class defensive controls. This is a high-impact role with the autonomy to shape security architecture and protect the technology that is changing the future of defence.
\nKey Responsibilities:
\nRequirements:
\nPreferred Qualifications:
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_b5ce114e-dac","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Anduril Industries","sameAs":"https://www.anduril.com/","logo":"https://logos.yubhub.co/anduril.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/andurilindustries/jobs/5087348007","x-work-arrangement":"onsite","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$129,000-$193,000 USD","x-skills-required":["Cloud Security","DevOps","SRE","Infrastructure as Code","Terraform","CloudFormation","Bicep","Python","Go","Rust","Public Cloud Networking","VPCs","Subnets","Routing","Security Groups"],"x-skills-preferred":["Kubernetes","Cloud Security Posture Management","Threat Detection Tooling","CI/CD Pipelines","Software Supply Chain Security","Compliance Frameworks","FedRAMP","MRL","SOC 2","CMMC","On-Premises Network Engineering"],"datePosted":"2026-04-18T15:49:59.253Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Costa Mesa, California, United States"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Cloud Security, DevOps, SRE, Infrastructure as Code, Terraform, CloudFormation, Bicep, Python, Go, Rust, Public Cloud Networking, VPCs, Subnets, Routing, Security Groups, Kubernetes, Cloud Security Posture Management, Threat Detection Tooling, CI/CD Pipelines, Software Supply Chain Security, Compliance Frameworks, FedRAMP, MRL, SOC 2, CMMC, On-Premises Network Engineering","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":129000,"maxValue":193000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_5003c49e-cf6"},"title":"Engineering Manager, SSCS: Supply Chain","description":"As an Engineering Manager, you'll guide GitLab's dedicated Software Supply Chain Security (SSCS) Add-On engineering team as it develops core capabilities including Dependency Firewall, Build Provenance, Malicious Packages detection, and Artifact Signing.
\nThis is a founding management role where you'll help shape how the team works, partner closely with the Staff Backend Engineer, Product Manager, and SSCS stage management, and turn a defined roadmap into steady, high-quality delivery for enterprise customers with strict security and compliance needs.
\nYou'll focus on developing the team, creating a healthy operating rhythm, and establishing predictable execution for the SSCS SKU.
\nYou'll join a product area where customers in regulated industries are already validating the need, and your work will help GitLab deliver software supply chain security features that customers can rely on.
\nWhile technical credibility matters, your main focus will be growing a strong backend engineering team, enabling team members in their development, and creating the conditions for long-term delivery and quality.
\nResponsibilities:
\nRequirements:
\nAbout the team: The SSCS Add-On team is a product engineering team within GitLab's Software Supply Chain Security stage. We work on key capabilities in the SSCS Add-On SKU and collaborate closely with product and engineering partners to deliver security features for customers operating in regulated environments.
\nYou'll report to the SSCS Senior Engineering Manager and partner directly with the Staff Backend Engineer and Product Manager.
\nAs a distributed team working asynchronously across regions, we are focused on strong delivery practices, team health, and scaling the product area with clarity and accountability.
\nFor more on how related teams work, see Team Handbook Page.
\nHow GitLab Supports Full-Time Employees:
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_5003c49e-cf6","directApply":true,"hiringOrganization":{"@type":"Organization","name":"GitLab","sameAs":"https://about.gitlab.com/","logo":"https://logos.yubhub.co/about.gitlab.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/gitlab/jobs/8478405002","x-work-arrangement":"remote","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["GitLab","Software Supply Chain Security","Dependency Firewall","Build Provenance","Malicious Packages detection","Artifact Signing","Backend engineering","Security","DevOps","Platform engineering","Package registries","CI/CD pipeline security","Signing infrastructure","Supply chain security","Artifact management","Compliance-focused product areas","Frameworks and ecosystems","SLSA","Sigstore"],"x-skills-preferred":[],"datePosted":"2026-04-18T15:49:15.915Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Remote, India"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"GitLab, Software Supply Chain Security, Dependency Firewall, Build Provenance, Malicious Packages detection, Artifact Signing, Backend engineering, Security, DevOps, Platform engineering, Package registries, CI/CD pipeline security, Signing infrastructure, Supply chain security, Artifact management, Compliance-focused product areas, Frameworks and ecosystems, SLSA, Sigstore"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_44ff0179-993"},"title":"Senior Backend Engineer (RoR), SSCS: Pipeline Security","description":"As a Senior Backend Engineer on the Pipeline Security team, you'll take technical ownership of GitLab's native Secrets Manager, a production system built on OpenBao that helps secure sensitive credentials across GitLab CI/CD pipelines.
\nYou'll work at the intersection of backend engineering and infrastructure, shaping architecture in Ruby on Rails and Go, guiding decisions around role-based access control (RBAC), GraphQL APIs, and Kubernetes deployment configuration.
\nIn your first year, you'll help move Secrets Manager toward general availability, establish technical patterns the team can build on, and represent the team's point of view in cross-functional discussions.
\nYou'll have end-to-end ownership, from design through production operations, with room to identify what should be built next and improve how the team delivers secure, reliable features.
\nResponsibilities
\nRequirements
\nAbout the Team
\nThe Pipeline Security team builds features that make GitLab CI pipelines more secure and trustworthy for teams running sensitive workloads. We own key parts of pipeline security within GitLab's CI/CD experience, with our current focus on native secrets management for CI pipelines and Supply-chain Levels for Software Artifacts (SLSA) Level 3 capabilities to strengthen software supply chain security.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_44ff0179-993","directApply":true,"hiringOrganization":{"@type":"Organization","name":"GitLab","sameAs":"https://about.gitlab.com/","logo":"https://logos.yubhub.co/about.gitlab.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/gitlab/jobs/8432221002","x-work-arrangement":"remote","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$117,600-$252,000 USD","x-skills-required":["Ruby on Rails","Go","OpenBao","Role-Based Access Control (RBAC)","GraphQL APIs","Kubernetes deployment configuration","Helm charts","CI/CD concepts","Secrets management approaches","Security practices for handling credentials in CI environments"],"x-skills-preferred":["Container security","Software supply chain security"],"datePosted":"2026-04-18T15:45:33.847Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Remote, Canada; Remote, Ireland; Remote, Israel; Remote, Netherlands; Remote, United Kingdom; Remote, US"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Ruby on Rails, Go, OpenBao, Role-Based Access Control (RBAC), GraphQL APIs, Kubernetes deployment configuration, Helm charts, CI/CD concepts, Secrets management approaches, Security practices for handling credentials in CI environments, Container security, Software supply chain security","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":117600,"maxValue":252000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_a3a1df2f-184"},"title":"Principal Engineer, Software Supply Chain Security","description":"As the Principal Engineer, Software Supply Chain Security, you'll own the technical strategy that secures how software is built and delivered on GitLab's DevSecOps platform. You'll provide architectural leadership across multiple engineering teams.
\nYour work will shape GitLab's enterprise security posture in the rapidly growing software supply chain security market. You'll focus on SLSA Level 3 compliance, secrets management, CI/CD security hardening, and the foundations of GitLab's global zero trust architecture.
\nSome examples of our projects:
\nYou'll lead the end-to-end software supply chain security architecture for GitLab's CI/CD platform, including SLSA Level 3 implementation and CI infrastructure hardening. You'll drive cross-team technical strategy and decisions across our Software Supply Chain Security (SSCS) stage teams, aligning engineering work to SSCS strategic plans.
\nYou'll collaborate with infrastructure and CI/CD teams to design and land long-term initiatives for secure, scalable runner architecture, container isolation, and pipeline security at scale. You'll propose and validate technical implementations that support architectural changes to improve CI/CD scaling and performance on critical paths.
\nYou'll teach, mentor, and coach Staff Engineers and individual contributors, raising the bar on supply chain threat modeling, secrets management, artifact signing, and SBOM lifecycle practices.
\nYou'll partner with Engineering Managers and senior leadership to define roadmaps, break down complex initiatives, and enable Staff Engineers to lead sub-department-wide efforts.
\nYou'll engage with customers and external stakeholders as a technical consultant and spokesperson for GitLab's software supply chain security capabilities and roadmap.
\nYou'll collaborate with product, security, and compliance stakeholders to ensure features meet enterprise security, governance, and regulatory expectations in the software supply chain security market.
\nKey responsibilities include:
\nKey requirements include:
\nPreferred qualifications include:
\nOur Software Supply Chain Security stage engineering teams are responsible for authentication and access within GitLab. We also build features that help customers manage vulnerabilities, dependencies, security policies, and compliance frameworks across their organizations.
\nThe base salary range for this role's listed level is currently for residents of the United States only. This range is intended to reflect the role's base salary rate in locations throughout the US. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, alignment with market data, and geographic location. The base salary range does not include any bonuses, equity, or benefits.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_a3a1df2f-184","directApply":true,"hiringOrganization":{"@type":"Organization","name":"GitLab","sameAs":"https://about.gitlab.com/","logo":"https://logos.yubhub.co/about.gitlab.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/gitlab/jobs/8373553002","x-work-arrangement":"remote","x-experience-level":"staff","x-job-type":"full-time","x-salary-range":"$157,900-$338,400 USD","x-skills-required":["software supply chain security","threat modeling","SLSA implementation","attestation systems","SBOM generation","lifecycle management","artifact signing","verification","Sigstore ecosystem","Cosign","Fulcio","Rekor","in-toto attestations","CI/CD security","runner isolation","pipeline security controls","secrets management","distributed systems","infrastructure","container security","Kubernetes security","admission controllers","policy controllers","workload isolation","registry hardening","Go","Rust","CI/CD workflows","DevSecOps best practices"],"x-skills-preferred":["background in distributed systems and infrastructure","practical experience with container security and Kubernetes security","proficiency in Go or Rust in a production environment","expert-level understanding of CI/CD workflows and DevSecOps best practices","experience operating as a Principal or Staff Engineer across multiple development teams"],"datePosted":"2026-04-18T15:45:22.426Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Remote, Canada; Remote, Israel; Remote, Netherlands; Remote, United Kingdom; Remote, US"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"software supply chain security, threat modeling, SLSA implementation, attestation systems, SBOM generation, lifecycle management, artifact signing, verification, Sigstore ecosystem, Cosign, Fulcio, Rekor, in-toto attestations, CI/CD security, runner isolation, pipeline security controls, secrets management, distributed systems, infrastructure, container security, Kubernetes security, admission controllers, policy controllers, workload isolation, registry hardening, Go, Rust, CI/CD workflows, DevSecOps best practices, background in distributed systems and infrastructure, practical experience with container security and Kubernetes security, proficiency in Go or Rust in a production environment, expert-level understanding of CI/CD workflows and DevSecOps best practices, experience operating as a Principal or Staff Engineer across multiple development teams","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":157900,"maxValue":338400,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_8fc80897-0ec"},"title":"Intermediate Backend Engineer, SSCS: Supply Chain","description":"As an Intermediate Backend Engineer on the SSCS Add-On team at GitLab, you'll help build a dedicated software supply chain security feature for regulated enterprise organisations.
\nIn this role, you'll contribute to capabilities that help customers control software dependencies, verify artifact integrity, and identify malicious packages before they reach production.
\nYour work will sit at the intersection of backend engineering, product integration, and security-focused development.
\nYou'll build in Ruby on Rails, work alongside Go services as needed, and help connect Add-On functionality with GitLab's existing security scanning experience so findings are surfaced consistently for users.
\nBecause the team is small, you'll have meaningful influence on implementation details, team practices, and the product experience.
\nThis role is part of GitLab's all-remote, async-first, values-driven environment, where clear written communication and thoughtful coordination across time zones are essential.
\nResponsibilities
\nRequirements
\nAbout the Team
\nThe SSCS Add-On team is part of GitLab's Software Supply Chain Security stage and is focused on building a commercial offering that addresses real supply chain security challenges for enterprise customers.
\nThe team works on capabilities that combine multiple parts of the GitLab product into a more complete security solution for organisations with strong compliance and risk management needs.
\nThe work is both technically interesting and strategically important.
\nThe team is building in a space shaped by fast-moving threats, evolving customer requirements, and close coordination with nearby teams across the broader security area.
\nThat combination creates an environment where engineers can contribute to product direction while solving practical backend challenges in a visible part of GitLab's platform.
\nFor more on how related teams work, see Team Handbook Page.
\nHow GitLab Supports Full-Time Employees
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_8fc80897-0ec","directApply":true,"hiringOrganization":{"@type":"Organization","name":"GitLab","sameAs":"https://about.gitlab.com/","logo":"https://logos.yubhub.co/about.gitlab.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/gitlab/jobs/8480565002","x-work-arrangement":"remote","x-experience-level":"mid","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["Ruby on Rails","Golang","PostgreSQL","RSpec","testing discipline"],"x-skills-preferred":["package ecosystems","software supply chain security","dependency management","DevSecOps","security-adjacent product development"],"datePosted":"2026-04-18T15:43:56.533Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Remote, India"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Ruby on Rails, Golang, PostgreSQL, RSpec, testing discipline, package ecosystems, software supply chain security, dependency management, DevSecOps, security-adjacent product development"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_cbaf9906-291"},"title":"Platform Hardware Security","description":"We're seeking a Platform Hardware Security Engineer to design and implement security architectures for bare-metal infrastructure. You'll work with teams across Anthropic to build firmware, bootloaders, operating systems, and attestation systems to ensure the integrity of our infrastructure from the ground up.
\nThis role requires expertise in low-level systems security and the ability to architect solutions that balance security requirements with the performance demands of training AI models across our massive fleet.
\nResponsibilities:
\nWho you are:
\nStrong candidates may also have:
\nAnnual Salary: $405,000-$485,000 USD
\nLogistics:
\nWhy work with us?
\nGuidance on Candidates' AI Usage: Learn about our policy for using AI in our application process
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_cbaf9906-291","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Anthropic","sameAs":"https://www.anthropic.com/","logo":"https://logos.yubhub.co/anthropic.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/anthropic/jobs/4929689008","x-work-arrangement":"hybrid","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$405,000-$485,000 USD","x-skills-required":["Secure boot","Measured boot","Attestation technologies","Cryptographic protocols","Hardware security modules","UEFI/BIOS or embedded firmware security","Bootloader hardening","Chain of trust implementation","Low-level programming","Systems programming","Firmware vulnerability assessment","Threat modeling","Supply chain security","NIST firmware security guidelines","Hardware security frameworks"],"x-skills-preferred":["Confidential computing technologies","Hardware-based TEEs","SLSA framework","Software supply chain security standards","Large-scale HPC or cloud infrastructure","Open-source security projects","Formal verification","Security proof techniques","Silicon root of trust implementations","Vendor collaboration","AI/ML infrastructure security"],"datePosted":"2026-04-18T15:43:00.394Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"New York City, NY | Seattle, WA; San Francisco, CA | New York City, NY | Seattle, WA; Washington, DC"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Secure boot, Measured boot, Attestation technologies, Cryptographic protocols, Hardware security modules, UEFI/BIOS or embedded firmware security, Bootloader hardening, Chain of trust implementation, Low-level programming, Systems programming, Firmware vulnerability assessment, Threat modeling, Supply chain security, NIST firmware security guidelines, Hardware security frameworks, Confidential computing technologies, Hardware-based TEEs, SLSA framework, Software supply chain security standards, Large-scale HPC or cloud infrastructure, Open-source security projects, Formal verification, Security proof techniques, Silicon root of trust implementations, Vendor collaboration, AI/ML infrastructure security","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":405000,"maxValue":485000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_05b1c668-59d"},"title":"Director, Product Security Architecture","description":"We are seeking a Director, Product Security Architecture to lead our Security Architecture function within the Security Platforms & Architecture (SPA) sub-department and to serve as a strategic security partner to key product and engineering leadership groups across GitLab.\\n\\nIn this role, you will manage and grow a team of Product Security Architects and our closely-aligned risk and metrics engineer who are each dedicated to major product areas of Security, AI, and Core DevOps. Your team will focus on turning product security risks, requirements, and insights into clear architectural guidance, "paved roads," and multi-quarter risk reduction programs that align with how Product and Engineering actually plan and deliver.\\n\\nYou will operate in an environment where feature delivery and platform capabilities are accelerating, architectures and technologies are evolving, and teams are continually balancing ambitious product goals with a strong security posture. In this context, you will help Product Security:\\n\\n- Maximize risk reduction by identifying strategic opportunities that fit naturally into existing R&D work\\n- Ensure that material product security risks and tradeoffs are surfaced, acknowledged, and decided at the right leadership levels\\n- Lead SPA/AppSec scaling strategies that increase coverage and support non-linear developer gains, with a clear focus on enabling developer velocity with minimal friction\\n\\nWhile many strong candidates will come from a deep product security background, this role is also an excellent fit for experienced software or architecture leaders who have consistently delivered secure, resilient systems in complex R&D environments and are excited to lead security outcomes in close partnership with engineering.\\n\\nKey Responsibilities:\\n\\n- Lead, develop, and mentor a team of Product Security Architects and closely-aligned specialists who are dedicated to major product functional areas (e.g., Sec Section, AI, Core DevOps)\\n- Own and continuously evolve the Product Security Architecture strategy and partnership model, shifting architects from embedded consultants to accelerators of secure architecture delivery, and serve as a strategic partner to Product and Engineering Directors/VPs\\n- Oversee and mature the Product Security Risk Register, ensuring systemic product security risks are clearly articulated, prioritized with Product and Engineering, and paired with multi-quarter risk reduction plans that reduce long-term product security debt.\\n- Operate Product Security Architecture in a risk-aligned, business-enabling way that focuses Security Architects on the highest-impact, hardest-to-change architectural decisions, helping teams make clear, informed tradeoffs without slowing delivery.\\n- Define and drive security visions, standards, "paved roads," and secure-by-default platform behaviors and configurations that enable product teams to make sound security decisions with minimal overhead, including evolving existing behaviors over time to strengthen the baseline security posture.\\n- Lead the Product Security AI strategy for scaling, including adoption of AI-assisted and platform-level investments that expand security review coverage, reduce toil, and support non-linear developer gains while enabling developer velocity.\\n- Partner with Application Security, Infrastructure Security, Security Research, Security Operations, Security Risk, and Security Compliance on end-to-end risk reduction, including security-related controls, quality standards, and integration of research and operational learnings into architectures.\\n- Define and track meaningful architecture-related metrics and Key Risk Indicators, and represent Product Security in cross-functional forums, clearly articulating risk, tradeoffs, and recommended paths forward.\\n\\nRequirements:\\n\\n- Significant experience (typically 10+ years) leading software, architecture, or application security initiatives in high-velocity R&D organizations, with a strong grounding in building and evolving complex software systems\\n- Strong application security and secure design literacy, whether from direct AppSec roles or from owning secure delivery of large-scale systems, including familiarity with common vulnerability classes, modern software architectures, and practical mitigation patterns\\n- Deep understanding of systemic product security risks in large-scale platforms, with expertise in at least some of: CI/CD and pipeline security, software supply chain security, identity and access management (AuthN/Z), AI/ML security, or multi-tenant SaaS architectures\\n- Proven ability to operate effectively in constrained environments: balancing business goals and risk reduction, focusing attention on the highest-impact, hardest-to-reverse decisions, and framing options in terms of risk, cost, and customer impact rather than absolutes.\\n- Demonstrated success building trust with Product and Engineering Directors/VPs, influencing multi-quarter roadmaps, and co-owning outcomes rather than acting solely as a gate.\\n- Experience designing and rolling out scalable security patterns,standards, "paved roads," and secure-by-default configurations,that reduce risk while minimizing additional toil for product and engineering teams.\\n- Experience collaborating with Compliance, Audit, and Security Operations on the definition, implementation, and demonstration of security controls and security-related quality standards, and translating technical designs into clear language for auditors, engineers, and senior leaders.\\n- Experience supporting organizations through significant technology and architectural change (e.g., adoption of new languages and frameworks, or evolution from monoliths toward microservices or domain-oriented architectures) while maintaining or improving security posture.\\n- Ability to operate at multiple altitudes,from executive-level strategy and stakeholder alignment down to detailed technical design discussions when necessary,with excellent written and verbal communication in an all-remote, asynchronous environment.\\n- Comfort with AI-augmented workflows and enthusiasm for leveraging tools like GitLab Duo to scale the Product Security Architecture function, along with strong alignment to GitLab’s values and a track record of thriving in a highly collaborative, remote-first culture.\\n- Nice to have: Experience with security requirements and frameworks relevant to GitLab’s customers (e.g., FedRAMP, ISO 27001, SOC 2, PCI-DSS);
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_05b1c668-59d","directApply":true,"hiringOrganization":{"@type":"Organization","name":"GitLab","sameAs":"https://about.gitlab.com/","logo":"https://logos.yubhub.co/about.gitlab.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/gitlab/jobs/8461323002","x-work-arrangement":"remote","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["Application Security","Secure Design","CI/CD and Pipeline Security","Software Supply Chain Security","Identity and Access Management","AI/ML Security","Multi-Tenant SaaS Architectures"],"x-skills-preferred":[],"datePosted":"2026-04-18T15:42:42.048Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Remote, Canada; Remote, EMEA; Remote, US"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Application Security, Secure Design, CI/CD and Pipeline Security, Software Supply Chain Security, Identity and Access Management, AI/ML Security, Multi-Tenant SaaS Architectures"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_9bf55fe3-b2b"},"title":"Detection & Response Engineer","description":"We are seeking a skilled and proactive Detection & Response Engineer to join our security team. In this critical role, you will be responsible for detecting, investigating, and responding to security incidents across our cloud-native and AI-focused infrastructure.
\nResponsibilities
\nBasic Qualifications
\nPreferred Skills and Experience
\nCompensation and Benefits
\n$200,000 - $340,000 USD
\nBase salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_9bf55fe3-b2b","directApply":true,"hiringOrganization":{"@type":"Organization","name":"xAI","sameAs":"https://www.xai.com/","logo":"https://logos.yubhub.co/xai.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/xai/jobs/4559148007","x-work-arrangement":"onsite","x-experience-level":"mid","x-job-type":"full-time","x-salary-range":"$200,000 - $340,000 USD","x-skills-required":["cybersecurity principles","attack techniques","defensive strategies","scripting language","SIEM platforms","log analysis tools","cloud environments","network protocols","system administration","common attack vectors"],"x-skills-preferred":["relevant security certifications","threat intelligence platforms","AI/ML security implications","software supply chain security","containerized environments","Kubernetes security","custom security tools","digital forensics","malware analysis"],"datePosted":"2026-04-18T15:23:47.430Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Palo Alto, CA"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"cybersecurity principles, attack techniques, defensive strategies, scripting language, SIEM platforms, log analysis tools, cloud environments, network protocols, system administration, common attack vectors, relevant security certifications, threat intelligence platforms, AI/ML security implications, software supply chain security, containerized environments, Kubernetes security, custom security tools, digital forensics, malware analysis","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":200000,"maxValue":340000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_6d2bed6a-1bd"},"title":"Application Security Engineer","description":"We are seeking a skilled and innovative Application Security Engineer to join our technology-driven company. In this role, you will be responsible for ensuring the security and integrity of our cloud-native applications and systems throughout the software development lifecycle, with a particular focus on code security, CI/CD pipelines, and emerging AI technologies.
\nResponsibilities: Conduct in-depth code reviews and static analysis to identify and mitigate security vulnerabilities in our applications Design and implement secure coding guidelines and best practices for development teams Collaborate closely with development teams to integrate security practices throughout the CI/CD pipeline Perform threat modeling and risk assessments for applications, developing mitigation strategies for potential risks Manage vulnerability tracking and remediation efforts, providing guidance to development teams Support incident response activities related to application security Stay current on emerging security threats and trends in cloud-native technologies and AI, continuously enhancing our security measures Evaluate and secure software supply chains, including producing and maintaining Software Bills of Materials (SBOMs) Address security concerns specific to AI and machine learning models, with a focus on the OWASP LLM Top 10
\nBasic Qualifications: Bachelor's degree in Computer Science, Cybersecurity, or a related field 3-5 years of experience in application security, with a strong focus on code security practices Deep understanding of secure coding practices, application security frameworks, and common vulnerabilities (e.g., OWASP Top 10) Proficiency in Python or Rust programming languages and experience with secure coding practices in these languages Experience securing CI/CD pipelines and implementing DevSecOps practices Familiarity with software supply chain security and SBOM generation tools Experience with security testing tools (e.g., Burp Suite, OWASP ZAP) and static/dynamic code analysis Understanding of AI/ML security implications, particularly those outlined in the OWASP LLM Top 10 Excellent communication skills, able to explain complex security issues to both technical and non-technical audiences
\nPreferred Skills and Experience: Experience with cloud platforms (e.g., GCP, AWS, Azure) and their security features Relevant security certifications (e.g., CSSLP, OSWE) Background in data privacy and compliance regulations relevant to cloud-native applications and AI systems Experience with GitOps and infrastructure-as-code security Familiarity with federated learning and privacy-preserving machine learning techniques Experience in building custom security tooling to enhance and automate security processes Interest in leveraging AI to automate security tasks and improve efficiency Contributions to open-source security projects or tools Experience in securing AI/ML models and data pipelines
\nCompensation and Benefits: $200,000 - $340,000 USD Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_6d2bed6a-1bd","directApply":true,"hiringOrganization":{"@type":"Organization","name":"xAI","sameAs":"https://www.xai.com/","logo":"https://logos.yubhub.co/xai.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/xai/jobs/4559147007","x-work-arrangement":"onsite","x-experience-level":"mid","x-job-type":"full-time","x-salary-range":"$200,000 - $340,000 USD","x-skills-required":["Python","Rust","Secure coding practices","Application security frameworks","Common vulnerabilities","OWASP Top 10","CI/CD pipelines","DevSecOps practices","Software supply chain security","SBOM generation tools","Security testing tools","Static/dynamic code analysis","AI/ML security implications","OWASP LLM Top 10"],"x-skills-preferred":["Cloud platforms","Security certifications","Data privacy and compliance regulations","GitOps","Infrastructure-as-code security","Federated learning","Privacy-preserving machine learning techniques","Custom security tooling","AI automation","Open-source security projects","AI/ML model security"],"datePosted":"2026-04-18T15:23:13.995Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Palo Alto, CA"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Python, Rust, Secure coding practices, Application security frameworks, Common vulnerabilities, OWASP Top 10, CI/CD pipelines, DevSecOps practices, Software supply chain security, SBOM generation tools, Security testing tools, Static/dynamic code analysis, AI/ML security implications, OWASP LLM Top 10, Cloud platforms, Security certifications, Data privacy and compliance regulations, GitOps, Infrastructure-as-code security, Federated learning, Privacy-preserving machine learning techniques, Custom security tooling, AI automation, Open-source security projects, AI/ML model security","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":200000,"maxValue":340000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_2c812f80-7cc"},"title":"Director of Quality","description":"Meet Yubico, the creator of the most secure passkeys and leading provider of hardware authentication security keys. Our company's mission is to make secure login easy and available for everyone.
\nWe are a global company with a strong company culture and employees located in over 14 countries. Yubico's headquarters are based in Stockholm, Sweden and Santa Clara, CA.
\nThe Role
\nWe are seeking a strategic and hands-on Director of Quality to architect and drive the Quality Management System for our global YubiKey production, warehousing, and fulfillment operations. In this pivotal role, you will move beyond standard quality checks to establish a multi-layered prevention model that mirrors our security philosophy.
\nTasks & Responsibilities:
\nQuality Strategy:
\nArchitect and drive the implementation of a scalable Quality Management System (QMS) according to ISO 9001 standards.
\nAccelerate and structure the ongoing transition from tribal knowledge to documented, auditable, and repeatable process to support QMS.
\nEstablish a multi-tier quality framework where failures are caught by overlapping layers of defense, including supplier quality, incoming inspection, in-process automated gating, and final outgoing audit.
\nInternal Education Program:
\nBuild and lead an internal Quality Academy to drive QMS delivery.
\nCollaborate with Engineering to push for rigorous DFMEA and tool requirements, recognizing them as the supplier of manufacturing capabilities while educating Operators on SOPs/OCAPs and Leadership on quality metrics.
\nQuality Operations:
\nPartner closely with Engineering during the Design phase to drive Design Failure Mode and Effects Analysis (DFMEA).
\nProvide requirements and drive execution to ensure 'design gating' - preventing products from moving to production without a clear quality plan.
\nProcess Resilience (PFMEA):
\nLead the execution of risk-based Process Failure Mode and Effects Analysis (PFMEA) during the Production and Fulfillment phase.
\nMake these technical documents 'readable' and actionable for floor staff to prevent errors in configuration, warehouse, packaging, and fulfillment.
\nDevelop and maintain rigorous Control Plans that specify exactly how quality is monitored at every step.
\nImplement detection methods, including new inspection methods and functional testing.
\nMaterial Review Board (MRB) Leadership:
\nChair the MRB and manage the deviation/waiver process.
\nEnsure rigorous engineering validation is performed before any out-of-spec material is approved for production runs.
\nOut of Control Action Plans (Rectify):
\nDefine clear, readable 'Out of Control Action Plans' (OCAP).
\nTransform reactive firefighting into systematic rectification by ensuring production teams know exactly when to Stop, Call, Wait, or Adjust when metrics drift.
\nSupply Chain Counterfeit Prevention Program:
\nOwn and execute the Counterfeit Prevention Program.
\nImplement strict controls over component sourcing and chain of custody to protect the security integrity of YubiKeys.
\nSupplier Quality Management:
\nBasic Requirements:
\n10+ years of progressive experience in global Quality Assurance (supporting global supply chain (e.g., North America, EMEA, APJ) within hardware production, customization and fulfillment with significant leadership experience.
\nQuality Management Systems: Proven track record of architecting and implementing a QMS from the ground up or upgrading one to ISO 9001 standards.
\nAbility to facilitate workshops and drive these processes with internal audiences.
\nSecurity Mindset: Familiar with and able to execute on Counterfeit Prevention Programs (e.g., AS9100/9120) and supply chain security protocols.
\nEducation: Bachelor's degree in Engineering, Quality Management, or related technical field
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_2c812f80-7cc","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Yubico","sameAs":"https://www.yubico.com/","logo":"https://logos.yubhub.co/yubico.com.png"},"x-apply-url":"https://jobs.lever.co/yubico/dde84684-68c5-4a06-865c-39d1e1e2f656","x-work-arrangement":"onsite","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$185,000-$210,000 per year","x-skills-required":["Quality Management Systems","ISO 9001","Advanced Product Quality Planning","DFMEA","PFMEA","Control Plans","Counterfeit Prevention Programs","Supply Chain Security Protocols"],"x-skills-preferred":[],"datePosted":"2026-04-17T13:11:58.406Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Santa Clara"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Quality Management Systems, ISO 9001, Advanced Product Quality Planning, DFMEA, PFMEA, Control Plans, Counterfeit Prevention Programs, Supply Chain Security Protocols","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":185000,"maxValue":210000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_eec951b9-d96"},"title":"Security Engineer","description":"We're seeking a Security Engineer at the senior-level or above to own the product security and authorization lifecycle for Saronic's autonomous surface vessels. You will serve as the responsible security engineer for one or more vessel programs, owning the security posture from design through production, authorization, and operational deployment.
\nThis is a hands-on security engineering role; not a GRC or project management role. You'll identify the frameworks that apply, architect the vessel's security to satisfy them, and drive authorization to completion. Where standards don't yet exist, you'll define them.
\nKey Responsibilities:
\nRequired Qualifications:
\nPreferred Qualifications:
\nAdditional Information:
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_eec951b9-d96","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Saronic Technologies","sameAs":"https://www.saronictech.com/","logo":"https://logos.yubhub.co/saronictech.com.png"},"x-apply-url":"https://jobs.lever.co/saronic/6e800df8-6173-4f13-863e-b8803017f317","x-work-arrangement":"onsite","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["product security","systems security engineering","authorization engineering","threat modeling","security architecture","risk assessment","cyber-physical systems","embedded systems","operational technology environments","NIST SP 800-53","NIST SP 800-171","CMMC 2.0","RMF","CSRMC","ATO/IATT","continuous ATO","FedRAMP","IEC 62443","IMO MASS Code","IACS UR E26/E27"],"x-skills-preferred":["product security lead","systems security engineer","authorization lead","defense platform","program of record","government Authorizing Officials","program offices","DOT&E","technical security representative","defense technology startups","DARPA programs","organizations","defense acquisition system","maritime-specific frameworks","ITAR/EAR compliance","supply chain security","manufacturing security"],"datePosted":"2026-04-17T12:58:42.019Z","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"product security, systems security engineering, authorization engineering, threat modeling, security architecture, risk assessment, cyber-physical systems, embedded systems, operational technology environments, NIST SP 800-53, NIST SP 800-171, CMMC 2.0, RMF, CSRMC, ATO/IATT, continuous ATO, FedRAMP, IEC 62443, IMO MASS Code, IACS UR E26/E27, product security lead, systems security engineer, authorization lead, defense platform, program of record, government Authorizing Officials, program offices, DOT&E, technical security representative, defense technology startups, DARPA programs, organizations, defense acquisition system, maritime-specific frameworks, ITAR/EAR compliance, supply chain security, manufacturing security"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_f2ee807d-528"},"title":"Security Engineer","description":"We're seeking a Security Engineer at the senior-level or above focused on software and systems security to own the security of Saronic's software platforms, build systems, and deployment infrastructure from development through production.
\nAs a Security Engineer, you will be the technical authority on how Saronic builds, ships, and runs secure software. You will lead secure code review, SAST, DAST, and fuzzing efforts, and define secure coding standards for Rust development including memory safety practices, safe FFI boundaries, and secure error handling.
\nYou will conduct threat modeling for software systems and translate findings into actionable security requirements integrated into design reviews and sprint planning. You will drive vulnerability management for software dependencies, including tracking, prioritization, and remediation of vulnerabilities in third-party crates and libraries.
\nYou will secure and harden NixOS configurations for vessel platforms and development infrastructure, leveraging Nix's reproducibility and declarative model for security enforcement. You will design system hardening profiles in NixOS including kernel hardening, service isolation, mandatory access controls, and minimal attack surface configurations.
\nYou will define and enforce package management and dependency policies within the Nix ecosystem, ensuring build closures are auditable, reproducible, and free from unauthorized or vulnerable packages. You will architect secure system update and rollback mechanisms using NixOS capabilities, ensuring fleet-wide consistency and integrity.
\nYou will design and implement security controls across the CI/CD pipeline including source integrity, build isolation, artifact signing, and deployment verification with build environments that are ephemeral, isolated, and hardened.
\nYou will build and maintain software supply chain security practices aligned to SLSA framework principles, including provenance tracking, hermetic builds, signed attestations, and SBOM generation.
\nYou will integrate security scanning (SAST, SCA, container scanning, secrets detection) into CI/CD pipelines as automated guardrails, and create self-service pipeline templates that enable teams to ship without bottlenecks.
\nYou will design secure deployment patterns for vessel software updates, including secure delivery, integrity verification, and rollback capabilities.
\nYou will implement runtime application security controls including logging, monitoring, and anomaly detection for deployed services.
\nYou will define software and systems security standards, patterns, and reference architectures that engineering teams adopt as the default secure path.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_f2ee807d-528","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Saronic Technologies","sameAs":"https://www.saronictechnologies.com/","logo":"https://logos.yubhub.co/saronictechnologies.com.png"},"x-apply-url":"https://jobs.lever.co/saronic/70738ef6-22be-464f-a451-09882093482d","x-work-arrangement":"onsite","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["Rust","NixOS","CI/CD pipeline security","software supply chain security","SLSA framework principles","provenance tracking","hermetic builds","signed attestations","SBOM generation","security scanning","SAST","SCA","container scanning","secrets detection"],"x-skills-preferred":["NixOS experience","hands-on NixOS experience","experience securing software for embedded or resource-constrained Linux environments"],"datePosted":"2026-04-17T12:58:06.790Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"San Francisco"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Rust, NixOS, CI/CD pipeline security, software supply chain security, SLSA framework principles, provenance tracking, hermetic builds, signed attestations, SBOM generation, security scanning, SAST, SCA, container scanning, secrets detection, NixOS experience, hands-on NixOS experience, experience securing software for embedded or resource-constrained Linux environments"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_c629a0da-f6c"},"title":"Security Engineer","description":"We're seeking a Security Engineer at the senior-level or above focused on hardware, embedded systems, and firmware security to own the security posture of Saronic's vessel hardware platforms from silicon to system.
\nYou will be the technical authority on hardware root of trust, secure boot, firmware integrity, embedded system hardening, and the security of third-party hardware integrations. Your work ensures that every component on the vessel is resilient against tampering, exploitation, and supply chain compromise, designed in from the start and maintained across the fleet lifecycle.
\nKey Responsibilities:
\nConduct hardware security assessments including fault injection, side-channel analysis, interface evaluation, and bus protocol analysis across Saronic-built and third-party hardware including sensors, radios, navigation systems, propulsion controllers, and communication modules
\nEvaluate and harden physical interfaces, debug ports, maintenance access points, and removable media interfaces on vessel hardware
\nEvaluate supply chain security risks for hardware components and recommend provenance validation, anti-tamper, and attestation controls
\nDevelop and maintain a hardware security testing capability including tooling, methodology, and repeatable test procedures
\nDesign and implement secure boot chains establishing hardware root of trust from power-on through application launch, integrating TPM, secure elements, and HSMs for device identity, key storage, measured boot, and remote attestation
\nDesign and implement secure firmware update mechanisms including signed updates, rollback protection, and verified delivery across the fleet
\nOwn the cryptographic key lifecycle for hardware-bound keys, including provisioning, rotation, revocation, and escrow
\nHarden embedded Linux systems on vessel platforms, including kernel configuration, mandatory access controls, secure IPC, and attack surface reduction
\nSecure operational technology protocols and interfaces used in vessel control systems, propulsion, navigation, and sensor fusion including CAN bus, NMEA, and maritime/industrial communication protocols
\nDefine security boundaries, trust zones, and segmentation strategies for vessel-internal compute and communication architectures
\nDrive threat modeling across vessel hardware subsystems and translate findings into actionable engineering requirements
\nProduce secure-by-design reference architectures and define hardware and firmware security standards, testing requirements, and acceptance criteria integrated into engineering workflows
\nRequired Qualifications:
\n6+ years of hands-on experience in hardware security, embedded systems security, firmware security, or a closely related security engineering role
\nDeep expertise in hardware hacking techniques including fault injection, side-channel attacks, JTAG/SWD exploitation, bus sniffing/injection, and physical security assessments
\nDemonstrated experience designing and implementing secure boot chains, hardware root of trust, and secure firmware update mechanisms in production systems
\nStrong experience assessing third-party hardware integrations and evaluating supply chain security risks
\nDeep knowledge of embedded Linux security hardening, kernel security, and mandatory access control frameworks
\nExperience with operational technology security, industrial protocols, or control system security
\nProficiency in C, C++, Python, or Rust in the context of firmware, embedded, or systems-level security work, and with hardware security testing tools
\nAbility to obtain and maintain a security clearance
\nPreferred Qualifications:
\nExperience in defense, aerospace, robotics, autonomy, maritime, or other high-assurance environments
\nExperience with autonomous systems, unmanned vehicles, or safety-critical embedded platforms
\nExperience with RTOS, microcontroller security, or resource-constrained device environments
\nKnowledge of CAN bus, NMEA protocols, maritime communication systems, RF/GPS/GNSS security, or ICS security standards
\nFamiliarity with defense or safety-critical compliance frameworks (NIST SP 800-53, IEC 62443, Common Criteria, or equivalent)
\nRelevant certifications such as OSEE, GXPN, GSE, or hardware-focused credentials
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_c629a0da-f6c","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Saronic Technologies","sameAs":"https://www.saronictechnologies.com/","logo":"https://logos.yubhub.co/saronictechnologies.com.png"},"x-apply-url":"https://jobs.lever.co/saronic/4b15b1b4-3c34-47ad-b964-dbcf0f8a3dc4","x-work-arrangement":"onsite","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["Hardware security","Embedded systems security","Firmware security","Fault injection","Side-channel analysis","Interface evaluation","Bus protocol analysis","Physical security assessments","Secure boot chains","Hardware root of trust","Firmware integrity","Embedded system hardening","Third-party hardware integrations","Supply chain security risks","Provenance validation","Anti-tamper","Attestation controls","Hardware security testing","Tooling","Methodology","Repeatable test procedures","Device identity","Key storage","Measured boot","Remote attestation","Signed updates","Rollback protection","Verified delivery","Cryptographic key lifecycle","Provisioning","Rotation","Revocation","Escrow","Embedded Linux systems","Kernel configuration","Mandatory access controls","Secure IPC","Attack surface reduction","Operational technology protocols","Industrial protocols","Control system security","CAN bus","NMEA","Maritime/industrial communication protocols","Security boundaries","Trust zones","Segmentation strategies","Threat modeling","Actionable engineering requirements","Secure-by-design reference architectures","Hardware and firmware security standards","Testing requirements","Acceptance criteria","Engineering workflows","C","C++","Python","Rust","Hardware security testing tools"],"x-skills-preferred":["Defense","Aerospace","Robotics","Autonomy","Maritime","High-assurance environments","Autonomous systems","Unmanned vehicles","Safety-critical embedded platforms","RTOS","Microcontroller security","Resource-constrained device environments","NMEA protocols","Maritime communication systems","RF/GPS/GNSS security","ICS security standards","Defense or safety-critical compliance frameworks","OSEE","GXPN","GSE","Hardware-focused credentials"],"datePosted":"2026-04-17T12:57:49.070Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"San Francisco"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Hardware security, Embedded systems security, Firmware security, Fault injection, Side-channel analysis, Interface evaluation, Bus protocol analysis, Physical security assessments, Secure boot chains, Hardware root of trust, Firmware integrity, Embedded system hardening, Third-party hardware integrations, Supply chain security risks, Provenance validation, Anti-tamper, Attestation controls, Hardware security testing, Tooling, Methodology, Repeatable test procedures, Device identity, Key storage, Measured boot, Remote attestation, Signed updates, Rollback protection, Verified delivery, Cryptographic key lifecycle, Provisioning, Rotation, Revocation, Escrow, Embedded Linux systems, Kernel configuration, Mandatory access controls, Secure IPC, Attack surface reduction, Operational technology protocols, Industrial protocols, Control system security, CAN bus, NMEA, Maritime/industrial communication protocols, Security boundaries, Trust zones, Segmentation strategies, Threat modeling, Actionable engineering requirements, Secure-by-design reference architectures, Hardware and firmware security standards, Testing requirements, Acceptance criteria, Engineering workflows, C, C++, Python, Rust, Hardware security testing tools, Defense, Aerospace, Robotics, Autonomy, Maritime, High-assurance environments, Autonomous systems, Unmanned vehicles, Safety-critical embedded platforms, RTOS, Microcontroller security, Resource-constrained device environments, NMEA protocols, Maritime communication systems, RF/GPS/GNSS security, ICS security standards, Defense or safety-critical compliance frameworks, OSEE, GXPN, GSE, Hardware-focused credentials"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_fb4fa003-a73"},"title":"Platform Hardware Security Engineer","description":"About the Role
\nWe're seeking a Platform Hardware Security Engineer to design and implement security architectures for bare-metal infrastructure. You'll work with teams across Anthropic to build firmware, bootloaders, operating systems, and attestation systems to ensure the integrity of our infrastructure from the ground up.
\nThis role requires expertise in low-level systems security and the ability to architect solutions that balance security requirements with the performance demands of training AI models across our massive fleet.
\nWhat you'll do:
\nWho you are:
\nStrong candidates may also have:
\nLogistics
\nWe encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work.
\nYour safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/careers directly for confirmed position openings.
\nHow we're different
\nWe believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_fb4fa003-a73","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Anthropic","sameAs":"https://job-boards.greenhouse.io","logo":"https://logos.yubhub.co/anthropic.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/anthropic/jobs/4929689008","x-work-arrangement":"hybrid","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$405,000 - $485,000 USD","x-skills-required":["firmware security","hardware security","secure boot","measured boot","attestation technologies","cryptographic protocols","hardware security modules","UEFI/BIOS","embedded firmware security","bootloader hardening","chain of trust implementation","low-level programming","systems programming","firmware vulnerability assessment","threat modeling","supply chain security","NIST firmware security guidelines","hardware security frameworks"],"x-skills-preferred":["confidential computing technologies","hardware-based TEEs","SLSA framework","software supply chain security standards","large-scale HPC or cloud infrastructure","open-source security projects","formal verification","security proof techniques","silicon root of trust implementations","AI/ML infrastructure security"],"datePosted":"2026-03-08T13:47:08.377Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"New York City, NY; Seattle, WA; San Francisco, CA; Washington, DC"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"firmware security, hardware security, secure boot, measured boot, attestation technologies, cryptographic protocols, hardware security modules, UEFI/BIOS, embedded firmware security, bootloader hardening, chain of trust implementation, low-level programming, systems programming, firmware vulnerability assessment, threat modeling, supply chain security, NIST firmware security guidelines, hardware security frameworks, confidential computing technologies, hardware-based TEEs, SLSA framework, software supply chain security standards, large-scale HPC or cloud infrastructure, open-source security projects, formal verification, security proof techniques, silicon root of trust implementations, AI/ML infrastructure security","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":405000,"maxValue":485000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_23a792a8-cc4"},"title":"Vendor Security Program Manager","description":"Job Posting
\nVendor Security Program Manager
\nLocation
\nSan Francisco; New York City; Seattle; Washington, DC
\nEmployment Type
\nFull time
\nLocation Type
\nHybrid
\nDepartment
\nSecurity
\nCompensation
\nThe base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.
\nMore details about our benefits are available to candidates during the hiring process.
\nThis role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.
\nAbout the Team
\nThe Vendor Security team sits at the core of our mission to ensure our technology benefits humanity safely and securely. We provide security assurances and robust compliance frameworks for our technology, people, and products. Our mission is to build trust with the world in our products and company. Our work is technical yet highly operational, strategically aligning with security and engineering teams to navigate and mitigate risks proactively. We prioritize impact, enable innovation, and foster a culture of continuous compliance and security awareness.
\nAbout the Role
\nAs a Program Manager within the Vendor Security team, you will play a crucial role in protecting our organisation against external risks posed by suppliers, vendors, partners, and hardware manufacturers. Your responsibilities will include conducting comprehensive security assessments, building a program to manage global supply chain and vendor risks, and driving security initiatives across all of our third-party relationships. You will be analytical, detail-oriented, and proactive, capable of translating complex security evaluations into clear, actionable strategies.
\nThe role is expected to operate with a strong point of view on risk. You will be responsible not only for identifying and documenting vendor and supply-chain risk, but for helping the company make informed trade-offs between speed, scale, and security. This role requires exceptional organisational skills, the ability to effectively communicate across different business functions, and a strong commitment to operational excellence in a dynamic environment.
\nThis role may be based out of one of our US offices (San Francisco, Seattle, NYC or DC.) We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.
\nIn this role, you will:
\nYou might thrive in this role if you have:
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_23a792a8-cc4","directApply":true,"hiringOrganization":{"@type":"Organization","name":"OpenAI","sameAs":"https://jobs.ashbyhq.com","logo":"https://logos.yubhub.co/openai.com.png"},"x-apply-url":"https://jobs.ashbyhq.com/openai/fb1e823e-cfcc-4293-8893-cc77e467c561","x-work-arrangement":"hybrid","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$207K – $335K • Offers Equity","x-skills-required":["information security principles and controls","data protection","access management","proactive and reactive security measures","application security","third-party or supply chain security assessments","vendor management security program","security risk management","compliance frameworks","security awareness","operational excellence","project management","communication and interpersonal skills"],"x-skills-preferred":["cloud security","infrastructure security","threat intelligence","security analytics","incident response","security testing","penetration testing","security consulting","security training","security awareness training"],"datePosted":"2026-03-06T18:37:35.209Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"San Francisco; New York City; Seattle; Washington, DC"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"information security principles and controls, data protection, access management, proactive and reactive security measures, application security, third-party or supply chain security assessments, vendor management security program, security risk management, compliance frameworks, security awareness, operational excellence, project management, communication and interpersonal skills, cloud security, infrastructure security, threat intelligence, security analytics, incident response, security testing, penetration testing, security consulting, security training, security awareness training","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":207000,"maxValue":335000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_bc395d84-515"},"title":"Senior Global Security Investigator","description":"Senior Global Security Investigator
\nAbout the Team
\nSecurity is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity.
\nThe Security team protects OpenAI’s technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our Security team tenets include: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture.
\nAbout the Role
\nWe are seeking a senior Global Security Investigator with a technical background to lead complex, long-running security investigations involving a full spectrum of threats – whether originating from internal employees, external threat actors, or supply chain partners. This role is about seeing the full chessboard and independently driving complex, multi-month cases across cyber, physical, and human domains.
\nIn this role you will:
\nYou might thrive in this role if you have:
\nCompensation
\nThe base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus for eligible employees and benefits.
\nBenefits
\nMore details about our benefits are available to candidates during the hiring process.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_bc395d84-515","directApply":true,"hiringOrganization":{"@type":"Organization","name":"OpenAI","sameAs":"https://jobs.ashbyhq.com","logo":"https://logos.yubhub.co/openai.com.png"},"x-apply-url":"https://jobs.ashbyhq.com/openai/8b2e1585-dbcc-4739-9dc5-3980697d6659","x-work-arrangement":"hybrid","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$288K – $500K • Offers Equity","x-skills-required":["Bachelor’s degree in Criminal Justice, Cybersecurity, or a related field","8+ years of investigative experience in counterintelligence, insider risk, forensic investigations, cybersecurity, supply chain security, or related domains","Unimpeachable integrity, sound judgment, and the ability to handle confidential matters with discretion","An active US security clearance, or willingness and eligibility to obtain one","Deep specialization in geopolitical threat domains, with hands-on experience identifying, assessing, and mitigating adversarial risks through tailored countermeasures","Expert knowledge of common security tooling, including EDR, DLP, UEBA, SIEM, SOAR and other related platforms","Demonstrated ability to independently write complex queries, automate data workflows, and analyze structured datasets","Excellent written and verbal communication skills, including the ability to distill complex findings into clear, actionable reports and explain technical issues to non-technical stakeholders","Exceptional collaboration skills with the ability to work across diverse teams (HR, Legal, IT, etc.) to lead projects and investigations with minimal guidance"],"x-skills-preferred":["EDR","DLP","UEBA","SIEM","SOAR","Cybersecurity","Supply chain security","Forensic investigations","Counterintelligence","Insider risk"],"datePosted":"2026-03-06T18:28:30.579Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"San Francisco; New York City; Seattle; Washington, DC"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Bachelor’s degree in Criminal Justice, Cybersecurity, or a related field, 8+ years of investigative experience in counterintelligence, insider risk, forensic investigations, cybersecurity, supply chain security, or related domains, Unimpeachable integrity, sound judgment, and the ability to handle confidential matters with discretion, An active US security clearance, or willingness and eligibility to obtain one, Deep specialization in geopolitical threat domains, with hands-on experience identifying, assessing, and mitigating adversarial risks through tailored countermeasures, Expert knowledge of common security tooling, including EDR, DLP, UEBA, SIEM, SOAR and other related platforms, Demonstrated ability to independently write complex queries, automate data workflows, and analyze structured datasets, Excellent written and verbal communication skills, including the ability to distill complex findings into clear, actionable reports and explain technical issues to non-technical stakeholders, Exceptional collaboration skills with the ability to work across diverse teams (HR, Legal, IT, etc.) to lead projects and investigations with minimal guidance, EDR, DLP, UEBA, SIEM, SOAR, Cybersecurity, Supply chain security, Forensic investigations, Counterintelligence, Insider risk","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":288000,"maxValue":500000,"unitText":"YEAR"}}}]}