Location: Seoul, South Korea; Singapore

Department: Security

Job Type: Full time

Work Arrangement: Hybrid

About the Team

Security is at the foundation of OpenAI's mission to ensure that artificial general intelligence benefits all of humanity. Our Security team protects OpenAI's technology, people, and products. We are technical in what we build but operational in how we do our work, and we are committed to supporting all products and research at OpenAI.

As part of this, our Secure Manufacturing & Stealth is a dedicated function that partners closely with supply chain and operations teams to protect OpenAI's most sensitive projects. We design and enforce safeguards that ensure our innovations remain confidential until launch, while enabling our engineers and partners to move quickly and effectively. Our team's tenets include: prioritizing for impact, preparing for future transformative technologies, building trust with cross-functional partners, and fostering a robust culture of security and confidentiality.

About the Role

We are seeking a Head of Secure Manufacturing and Stealth (SMS) - APAC to lead OpenAI's efforts protecting sensitive product development and production operations in the APAC supply chain. You will design and drive the program that safeguards our most advanced projects and systems, working at the intersection of physical security, supply chain assurance, and insider risk.

This role focuses on securing OpenAI's global supply chain and manufacturing ecosystem, driving complex, multi-month security initiatives across vendors, manufacturing partners, and internal operations teams. You will work closely with the Head of Secure Manufacturing & Stealth to identify risks across production environments and ensure that appropriate safeguards are implemented throughout the hardware lifecycle. In this role, you will serve as the primary security partner to supply chain and operations teams, coordinating with engineering, legal, and external vendors to protect sensitive projects while enabling efficient manufacturing and product development.

This role is based in the Asia-Pacific region. This position requires travel up to ~25% to international vendor and partner locations.

In this role, you will:

• Own the strategy and execution of supply chain programs that protect OpenAI's most advanced projects and systems.

• Lead cross-functional initiatives with Engineering, Operations, Legal, and Security to establish controls for preventing leaks, data loss, and supply chain compromise.

• Conduct proactive risk assessments and investigations across production and partner environments, including third-party and vendor ecosystems.

• Develop, enforce, and audit policies and practices to protect confidentiality and control access at production and integration sites.

• Collaborate with technical and operational teams to close detection gaps, strengthen monitoring capabilities, and implement tailored countermeasures across cyber, physical, and human domains.

• Partner with external suppliers, vendors, and law enforcement to ensure global consistency in security practices and incident response.

• Continuously refine processes and security controls based on lessons learned and the evolving threat landscape.

You might thrive in this role if you:

• Have 8+ years of experience in global production, supply chain security, product secrecy, counterintelligence, insider risk, or related investigative/operational domains.

• Bring a deep understanding of production environments, hardware lifecycle, and supply chain risks, with hands-on experience implementing safeguards in global operations.

• Demonstrate unimpeachable integrity, sound judgment, and the ability to handle confidential matters with discretion.

• Possess strong expertise in security tooling and risk frameworks, and physical security systems.

• Have proven ability to lead complex programs and write clear, actionable reports for technical and non-technical audiences.

• Excel at cross-functional collaboration, building trust with engineers, operations, legal, and external partners to drive adoption of security controls.

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass and value the many different perspectives, voices, and experiences that form the full spectrum of humanity.

We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic.

For additional information, please see OpenAI's Affirmative Action and Equal Employment Opportunity Policy Statement.

Background checks for applicants will be administered in accordance with applicable law, and qualified applicants with arrest or conviction records will be considered for employment consistent with those laws, including the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, for US-based candidates. For unincorporated Los Angeles County workers: we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: protect computer hardware entrusted to you from theft, loss or damage; return all computer hardware in your possession (including the data contained therein) upon termination of employment or end of assignment; and maintain the confidentiality of proprietary, confidential, and non-public information. In addition, job duties require access to secure and protected information technology systems and related data security obligations.

To notify OpenAI that you believe this job posting is non-compliant, please submit a report through this form. No response will be provided to inquiries unrelated to job posting compliance.

We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made via this link.

OpenAI Global Applicant Privacy Policy

At OpenAI, we believe artificial intelligence has the potential to help people solve immense global challenges, and we want the upside of AI to be widely shared. Join us in shaping the future of technology.

XML job scraping automation by YubHub

Join the team as Twilio's next Senior Manager, Platform Engineering - Secure Supply Chain. This position is needed to lead Twilio's Platform Engineering Secure Supply Chain team, which provides critical infrastructure for software development across the company. The team owns systems spanning source control management, build systems, and artifact management, ensuring secure and efficient software delivery for all of Twilio.

Responsibilities:

• Lead and develop a team of engineers responsible for Twilio's secure supply chain infrastructure, including source control management (SCM), build systems, and artifact management platforms
• Define and execute strategic vision for secure supply chain capabilities that create leverage and centralize the cost of change across the entire engineering organization
• Partner closely with Security, Compliance, and Product Engineering leadership to establish and enforce secure supply chain standards, policies, and best practices company-wide
• Drive operational excellence through metrics, service level objectives, and continuous improvement initiatives that balance security requirements with developer productivity
• Build and maintain strong relationships with internal customers and stakeholders, translating business needs into technical solutions and roadmap priorities
• Develop engineering talent through coaching, mentorship, and career development while fostering a culture of ownership, collaboration, and technical excellence
• Champion automation, self-service capabilities, and platform thinking to scale secure supply chain practices across Twilio's diverse product portfolio
• Collaborate with peer engineering leaders across the Platform organization to ensure cohesive technical strategy and efficient delivery
• Communicate technical strategy, progress, and challenges effectively to senior leadership and cross-functional stakeholders

Qualifications:

• 8+ years of experience in software engineering, platform engineering, or infrastructure roles, with at least 4+ years in engineering management leading teams of 8-12 engineers
• Proven track record leading platform engineering team and developer platform initiatives at scale in complex, multi-product organizations
• Experience leading teams through significant technical migrations or platform modernization efforts
• Deep technical knowledge of source control systems (GitHub), build systems (Buildkite, GitHub Actions, Harness), and artifact management platforms (Artifactory, Nexus, container registries)
• Strong understanding of secure supply chain practices in cloud environments (AWS, GCP, Azure) including cloud-native CI/CD, container security, infrastructure-as-code, and cloud service integrations
• Demonstrated experience partnering with Security and Compliance teams to implement security controls, vulnerability management, and compliance requirements without compromising developer velocity
• Strong people leadership skills including hiring, performance management, coaching, and developing high-performing engineering teams
• Excellent stakeholder management and communication skills with ability to influence and align cross-functional partners at all levels of the organization
• Strategic thinking with ability to balance short-term execution against long-term vision and organizational impact
• Experience managing budgets, vendor relationships, and making build-vs-buy decisions for platform capabilities

Desired:

• Experience with software supply chain security frameworks (SLSA, SBOM, vulnerability scanning, dependency management)
• Background in highly regulated industries or companies with significant compliance requirements (SOX, PCI, SOC2, FedRAMP, ISO)
• Contributions to open source projects or industry thought leadership in secure supply chain or developer platforms

What We Offer:

Working at Twilio offers many benefits, including competitive pay, generous time off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.

Compensation:

• Please note the salary range information provided applies only to candidates residing in California, Colorado, Hawaii, Illinois, Maryland, Massachusetts, Minnesota, New Jersey, New York, Vermont, Washington D.C., and Washington State due to local requirements.
• Compensation for candidates in other locations will be discussed during the hiring process.
• The estimated pay ranges for this role are as follows:

+ Based in Colorado, Hawaii, Illinois, Maryland, Massachusetts, Minnesota, Vermont or Washington D.C.: $207,200.00 - $259,000.00 + Based in New York, New Jersey, Washington State, or California (outside of the San Francisco Bay area): $219,360.00 - $274,200.00 + Based in the San Francisco Bay area, California: $243,680.00 - $304,600.00

Application deadline information:

Applications for this role are intended to be accepted until April 6, 2026, but may change based on business needs.

XML job scraping automation by YubHub

As a Staff Security Engineer, you will design and implement scalable triage, prioritization, and remediation-tracking systems across application, infrastructure, and hardware domains. You will set technical standards, drive high-impact initiatives, and mentor engineers through technical leadership, while partnering with leadership on priorities and execution risks.

Key Responsibilities:

• Lead high-complexity VM technical initiatives and deliver architecture decisions for assigned program areas
• Design and build scalable triage automation, including integrations, decision logic, and production hardening
• Implement end-to-end workflow components from assessment and detection to ticket routing and remediation tracking
• Provide deep technical leadership on hardware-adjacent vulnerabilities (GPU firmware, DPU firmware/BlueField, and BMC surfaces)
• Act as senior technical responder for embargoed disclosures and zero-day events, coordinating with owner teams that deploy fixes
• Improve prioritization logic, severity models, and exception workflows through code, design reviews, and technical proposals
• Produce actionable technical metrics and risk insights for leadership consumption
• Lead root-cause analysis for high-impact vulnerability incidents and implement durable technical improvements
• Mentor IC3/IC4/IC5 engineers through design guidance, code review, and incident coaching
• Partner with security, engineering, and operational stakeholders to improve workflow reliability and accelerate remediation outcomes

Requirements:

• 9+ years of relevant experience with demonstrated strategic impact in vulnerability management, application security, platform security, or cloud security engineering
• Proven track record building and scaling security automation (SOAR workflows, AI/ML systems, detection pipelines) in production environments
• Deep subject matter expertise with vulnerability management best practices: CVSS, EPSS, CISA KEV, threat intelligence integration, and risk-based prioritization frameworks
• Excellent development background with strong coding skills in Python, Go, or similar languages for building scalable, production-grade security systems
• Significant experience with modern vulnerability management tooling (for example Wiz, Semgrep, Rapid7, Tenable, or equivalent)
• Experience with specialized infrastructure: GPU/DPU environments, firmware security, hardware vulnerabilities, or high-performance computing
• Demonstrated track record mentoring engineers across levels and driving cross-functional technical initiatives at organizational scale
• Strong business acumen and understanding of how security decisions impact engineering velocity, customer trust, and business outcomes

Preferred Qualifications:

• Practical experience building AI/ML-powered security systems (LLM integration, automated decision-making, human-in-the-loop validation) in production
• Experience managing hardware vendor security partnerships (embargoed disclosures and pre-release collaboration)
• Production experience with security automation platforms such as TINES and serverless frameworks (AWS Lambda, GCP Cloud Functions)
• Strong DevOps, DevSecOps, or SRE background with deep experience in AWS/GCP/Azure cloud services and Infrastructure as Code (Terraform, CloudFormation)
• Deep understanding of Kubernetes security (container scanning, admission controllers, supply chain security, runtime protection)
• Experience leading security programs through rapid hypergrowth (10x+ infrastructure scaling) in startup or cloud-native environments
• Practical experience managing vulnerabilities within a FedRAMP-certified environment or similar regulatory frameworks

Salary and Benefits: The base salary range for this role is $188,000 to $275,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).

Work Environment:

While we prioritize a hybrid work environment, remote work may be considered for candidates located more than 30 miles from an office, based on role requirements for specialized skill sets. New hires will be invited to attend onboarding at one of our hubs within their first month. Teams also gather quarterly to support collaboration.

XML job scraping automation by YubHub

You'll work on foundational capabilities across package policy enforcement, build provenance, artifact signing, and malicious package detection, with a strong focus on enterprise-grade security and performance. You'll define architecture before systems are built, write clear technical proposals, and guide implementation across interconnected parts of GitLab such as CI/CD, dependency management, and security workflows.

This role is a strong fit for someone who enjoys solving complex backend problems, influencing technical direction across teams, and building security features that matter to customers facing real threats. You'll do this in GitLab's remote, asynchronous, and values-driven environment, where written communication, ownership, and teamwork are central to how we work.

Some examples of our projects:

• Dependency Firewall for package policy enforcement across supported registries
• Artifact attestation and signing using supply chain security standards and the Sigstore ecosystem

Responsibilities:

• Define and drive the technical architecture for the SSCS Add-On, including backend systems for package policy enforcement, provenance generation, artifact signing, and malicious package detection.
• Lead design and implementation work for Supply-chain Levels for Software Artifacts (SLSA) Level 2 and Level 3 capabilities within GitLab CI/CD.
• Architect integrations with Sigstore services such as Cosign, Fulcio, and Rekor, including approaches for signing workflows, verification, and trust boundaries.
• Design backend services and request paths that support allow, deny, and quarantine package policies with strong performance and reliability expectations.
• Review merge requests with a focus on security, architectural consistency, maintainability, and test quality.
• Mentor Backend Engineers across experience levels, helping raise the technical bar through design guidance, feedback, and hiring participation.
• Partner with Product, Infrastructure, Authentication, Authorization, and Security counterparts on cross-team technical decisions.
• Contribute to relevant open source and industry conversations, including working groups related to software supply chain security where appropriate.

Requirements:

• Strong experience building backend applications with Ruby on Rails in a high-scale production environment.
• Professional experience with Go for backend or infrastructure-oriented services.
• A track record of leading architecture across multiple systems and influencing technical direction through strong engineering judgment.
• Experience writing clear technical proposals, request for comments documents, and decision records in an async, documentation-first environment.
• A solid security mindset and comfort working on products where trust, risk reduction, and secure defaults are central requirements.
• Familiarity with software supply chain security concepts such as build provenance, artifact signing, dependency security, or software bill of materials.
• Strong teamwork and communication skills, with the ability to work effectively across distributed teams and functions.
• Interest in GitLab's values and in building secure, scalable product capabilities that help customers ship software with confidence.

About the team:

The SSCS Add-On team is part of GitLab's Software Supply Chain Security stage and is focused on building a commercial offering that addresses real supply chain security challenges for enterprise customers. The team works on capabilities that combine multiple parts of the GitLab product into a more complete security solution for organisations with strong compliance and risk management needs.

The work is both technically interesting and strategically important. The team is building in a space shaped by fast-moving threats, evolving customer requirements, and close coordination with nearby teams across the broader security area. That combination creates an environment where engineers can contribute to product direction while solving practical backend challenges in a visible part of GitLab's platform.

For more on how related teams work, see Team Handbook Page.

XML job scraping automation by YubHub

This is a founding management role where you'll help shape how the team works, partner closely with the Staff Backend Engineer, Product Manager, and SSCS stage management, and turn a defined roadmap into steady, high-quality delivery for enterprise customers with strict security and compliance needs.

You'll focus on developing the team, creating a healthy operating rhythm, and establishing predictable execution for the SSCS SKU.

You'll join a product area where customers in regulated industries are already validating the need, and your work will help GitLab deliver software supply chain security features that customers can rely on.

While technical credibility matters, your main focus will be growing a strong backend engineering team, enabling team members in their development, and creating the conditions for long-term delivery and quality.

Responsibilities:

• Guide a backend engineering team building the SSCS Add-On across dependency enforcement, build provenance, malicious package detection, and artifact signing.

• Be responsible for driving engineering delivery for general availability milestones by aligning sequencing, scope, and dependencies with the Staff Backend Engineer and Product Manager.

• Develop the team by partnering with Talent Acquisition on sourcing, interview design, candidate evaluation, and hiring decisions.

• Run regular 1:1s, performance reviews, and career development conversations that enable growth and clear expectations.

• Advance engineering quality by monitoring cycle time, defect rates, and test coverage, and by addressing risks early.

• Coordinate quarterly planning and roadmap tradeoff discussions with SSCS stage leadership and Product.

• Work with Finance and other partners on headcount pacing and team planning as the Add-On scales.

• Represent the SSCS Add-On team within stage leadership discussions and help ensure strong communication across functions.

Requirements:

• Over 3 years of experience guiding backend product engineering teams in security, DevOps, or platform engineering environments.

• Ability to hire and grow backend or security engineers in distributed team environments, with practical understanding of the talent landscape for these roles.

• Technical credibility to contribute to architecture discussions involving package registries, CI/CD pipeline security, and signing infrastructure.

• Experience managing predictable delivery across multi-quarter product roadmaps and managing cross-team dependencies.

• Comfort working in an asynchronous, documentation-driven organization with clear written communication.

• Familiarity with supply chain security, artifact management, or compliance-focused product areas, or transferable experience from related domains.

• Working knowledge of concepts related to frameworks and ecosystems such as SLSA and Sigstore.

• Ability to build credibility with engineers, product partners, and customer-facing stakeholders through clear judgment, coaching, and teamwork.

About the team: The SSCS Add-On team is a product engineering team within GitLab's Software Supply Chain Security stage. We work on key capabilities in the SSCS Add-On SKU and collaborate closely with product and engineering partners to deliver security features for customers operating in regulated environments.

You'll report to the SSCS Senior Engineering Manager and partner directly with the Staff Backend Engineer and Product Manager.

As a distributed team working asynchronously across regions, we are focused on strong delivery practices, team health, and scaling the product area with clarity and accountability.

For more on how related teams work, see Team Handbook Page.

How GitLab Supports Full-Time Employees:

• Benefits to support your health, finances, and well-being

• Flexible Paid Time Off

• Team Member Resource Groups

• Equity Compensation & Employee Stock Purchase Plan

• Growth and Development Fund

• Parental leave

• Home office support

XML job scraping automation by YubHub

You'll work at the intersection of backend engineering and infrastructure, shaping architecture in Ruby on Rails and Go, guiding decisions around role-based access control (RBAC), GraphQL APIs, and Kubernetes deployment configuration.

In your first year, you'll help move Secrets Manager toward general availability, establish technical patterns the team can build on, and represent the team's point of view in cross-functional discussions.

You'll have end-to-end ownership, from design through production operations, with room to identify what should be built next and improve how the team delivers secure, reliable features.

Responsibilities

• Build and maintain secure, readable backend code primarily in Ruby on Rails, with some development in Go for targeted components.

• Design backend architecture for complex security features, including secrets access control, pipeline security enforcement, and OpenBao integration.

• Lead the development of role-based access control models, GraphQL APIs, and supporting application patterns for features owned by the team.

• Own features end to end, from technical design and implementation through deployment, validation, and production support.

• Collaborate with Product, security partners, and other engineering teams to document tradeoffs, align on direction, and deliver iteratively in a distributed environment.

• Improve code quality, maintainability, security, and performance through code review, design iteration, and internal standards for a high-scale web environment.

• Build and maintain Helm charts, including configuration, tuning, documentation, and automated testing for Kubernetes-based deployments.

• Validate features in Kubernetes environments, including GitLab Cloud Native and Cloud Native Hybrid deployments, using GitLab testing and performance testing frameworks.

Requirements

• Experience building and maintaining backend features with a focus on secure design, data handling, and production reliability.

• Ability to write production-quality code in Ruby on Rails, including use of framework security patterns and review for common application risks.

• Working knowledge of CI/CD concepts and the ways pipelines can be misconfigured, abused, or expose sensitive data.

• Familiarity with secrets management approaches and security practices for handling credentials in CI environments; experience with tools such as HashiCorp Vault or similar systems is helpful.

• Comfort collaborating across Product and engineering teams in an asynchronous, distributed environment and communicating technical tradeoffs clearly in writing.

• Ability to review merge requests with a security-first mindset and improve solutions through feedback and iteration.

• Experience debugging production issues, including investigation of security-related behavior and proposing practical fixes.

• Openness to learning adjacent domains and tools, including Go, container security, and software supply chain security; we welcome transferable experience from different technical backgrounds.

About the Team

The Pipeline Security team builds features that make GitLab CI pipelines more secure and trustworthy for teams running sensitive workloads. We own key parts of pipeline security within GitLab's CI/CD experience, with our current focus on native secrets management for CI pipelines and Supply-chain Levels for Software Artifacts (SLSA) Level 3 capabilities to strengthen software supply chain security.

XML job scraping automation by YubHub

Your work will shape GitLab's enterprise security posture in the rapidly growing software supply chain security market. You'll focus on SLSA Level 3 compliance, secrets management, CI/CD security hardening, and the foundations of GitLab's global zero trust architecture.

Some examples of our projects:

• SLSA Level 3 compliance and provenance attestation across GitLab's CI/CD platform
• Integrated secrets management and runner security for container-isolated, secure pipelines

You'll lead the end-to-end software supply chain security architecture for GitLab's CI/CD platform, including SLSA Level 3 implementation and CI infrastructure hardening. You'll drive cross-team technical strategy and decisions across our Software Supply Chain Security (SSCS) stage teams, aligning engineering work to SSCS strategic plans.

You'll collaborate with infrastructure and CI/CD teams to design and land long-term initiatives for secure, scalable runner architecture, container isolation, and pipeline security at scale. You'll propose and validate technical implementations that support architectural changes to improve CI/CD scaling and performance on critical paths.

You'll teach, mentor, and coach Staff Engineers and individual contributors, raising the bar on supply chain threat modeling, secrets management, artifact signing, and SBOM lifecycle practices.

You'll partner with Engineering Managers and senior leadership to define roadmaps, break down complex initiatives, and enable Staff Engineers to lead sub-department-wide efforts.

You'll engage with customers and external stakeholders as a technical consultant and spokesperson for GitLab's software supply chain security capabilities and roadmap.

You'll collaborate with product, security, and compliance stakeholders to ensure features meet enterprise security, governance, and regulatory expectations in the software supply chain security market.

Key responsibilities include:

• Providing architectural leadership across multiple engineering teams
• Shaping GitLab's enterprise security posture in the rapidly growing software supply chain security market
• Focusing on SLSA Level 3 compliance, secrets management, CI/CD security hardening, and the foundations of GitLab's global zero trust architecture

Key requirements include:

• Deep expertise in software supply chain security, including threat modeling for supply chain attack vectors, SLSA implementation and attestation systems, and SBOM generation and lifecycle management
• Strong knowledge of artifact signing and verification using the Sigstore ecosystem, including Cosign, Fulcio, Rekor, and in-toto attestations
• Experience designing and hardening CI/CD security, such as runner isolation, pipeline security controls, and secrets management in large-scale environments

Preferred qualifications include:

• Background in distributed systems and infrastructure, including building resilient CI/CD platforms that process high pipeline volumes and optimizing performance for critical paths
• Practical experience with container security and Kubernetes security, including admission controllers, policy controllers, workload isolation, and registry hardening
• Proficiency in Go or Rust in a production environment, combined with expert-level understanding of CI/CD workflows and DevSecOps best practices
• Experience operating as a Principal or Staff Engineer across multiple development teams, providing architectural leadership and partnering with Engineering Managers and senior leaders
• Demonstrated capacity to clearly communicate complex problems and solutions

Our Software Supply Chain Security stage engineering teams are responsible for authentication and access within GitLab. We also build features that help customers manage vulnerabilities, dependencies, security policies, and compliance frameworks across their organizations.

The base salary range for this role's listed level is currently for residents of the United States only. This range is intended to reflect the role's base salary rate in locations throughout the US. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, alignment with market data, and geographic location. The base salary range does not include any bonuses, equity, or benefits.

XML job scraping automation by YubHub

In this role, you'll contribute to capabilities that help customers control software dependencies, verify artifact integrity, and identify malicious packages before they reach production.

Your work will sit at the intersection of backend engineering, product integration, and security-focused development.

You'll build in Ruby on Rails, work alongside Go services as needed, and help connect Add-On functionality with GitLab's existing security scanning experience so findings are surfaced consistently for users.

Because the team is small, you'll have meaningful influence on implementation details, team practices, and the product experience.

This role is part of GitLab's all-remote, async-first, values-driven environment, where clear written communication and thoughtful coordination across time zones are essential.

Responsibilities

• Implement well-scoped backend features across the Add-On's supply chain security product, including package policy integrations, ingestion pipeline improvements, signing and verification support, and reliability-focused work, delivering maintainable code on agreed timelines and meeting team-defined delivery commitments.

• Build and maintain integrations between Add-On functionality and GitLab's existing software composition analysis scanning infrastructure so findings appear consistently and accurately in merge request security reports, reducing integration issues and supporting a reliable user experience.

• Write and maintain comprehensive automated test coverage, including RSpec and integration tests, to improve test reliability, reduce regressions, and support safe, consistent releases as the codebase grows.

• Take on work across multiple feature areas as priorities evolve, contributing as a generalist where the team needs support most.

• Participate actively in code review by giving thoughtful, actionable feedback and incorporating feedback constructively into your own work to help maintain code quality and reduce rework.

• Contribute clear internal documentation for the features and behavior you ship so teammates can support, extend, and troubleshoot the product effectively.

• Coordinate with adjacent Software Supply Chain Security teams, including Dependency Firewall and Malware Database, as the Add-On brings together capabilities from across GitLab, helping deliver aligned functionality and smoother cross-team execution.

• Collaborate effectively in an async-first environment across global time zones, including occasional off-hours overlap when needed, to keep work moving and decisions documented clearly.

Requirements

• Backend development experience with the ability to deliver maintainable production code.

• Solid proficiency in Ruby on Rails and strong PostgreSQL fundamentals.

• Familiarity with Golang, or a willingness to learn and work across both Ruby on Rails and Go.

• Strong testing discipline, including experience with RSpec or an equivalent testing framework.

• Clear, direct written communication skills and experience collaborating with distributed teammates in asynchronous workflows.

• Ability to manage scoped work independently, communicate progress clearly, and adjust as team priorities shift.

• Interest in package ecosystems such as npm, Maven, PyPI, or OCI containers, or adjacent experience that helps you ramp in this domain.

• Interest in software supply chain security, dependency management, DevSecOps, or security-adjacent product development, with the ability to apply security considerations in backend development work.

About the Team

The SSCS Add-On team is part of GitLab's Software Supply Chain Security stage and is focused on building a commercial offering that addresses real supply chain security challenges for enterprise customers.

The team works on capabilities that combine multiple parts of the GitLab product into a more complete security solution for organisations with strong compliance and risk management needs.

The work is both technically interesting and strategically important.

The team is building in a space shaped by fast-moving threats, evolving customer requirements, and close coordination with nearby teams across the broader security area.

That combination creates an environment where engineers can contribute to product direction while solving practical backend challenges in a visible part of GitLab's platform.

For more on how related teams work, see Team Handbook Page.

How GitLab Supports Full-Time Employees

• Benefits to support your health, finances, and well-being

• Flexible Paid Time Off

• Team Member Resource Groups

• Equity Compensation & Employee Stock Purchase Plan

• Growth and Development Fund

• Parental leave

• Home office support

XML job scraping automation by YubHub

This role requires expertise in low-level systems security and the ability to architect solutions that balance security requirements with the performance demands of training AI models across our massive fleet.

Responsibilities:

• Design and implement secure boot chains from firmware through OS initialization for diverse hardware platforms (CPUs, BMCs, switches, peripherals, and embedded microcontrollers)

• Architect attestation systems that provide cryptographic proof of system state from hardware root of trust through application layer

• Develop measured boot implementations and runtime integrity monitoring

• Create reference architectures and security requirements for bare-metal deployments

• Integrate security controls with infrastructure teams without impacting training performance

• Prototype and validate security mechanisms before production deployment

• Conduct firmware vulnerability assessments and penetration testing

• Build firmware analysis pipelines for continuous security monitoring

• Document security architectures and maintain threat models

• Collaborate with software and hardware vendors to ensure security capabilities meet our requirements

Who you are:

• 8+ years of experience in systems security, with at least 5 years focused on firmware and hardware security (firmware, bootloaders, and OS-level security)

• Hands-on experience with secure boot, measured boot, and attestation technologies (TPM, Intel TXT, AMD SEV, ARM TrustZone)

• Strong understanding of cryptographic protocols and hardware security modules

• Experience with UEFI/BIOS or embedded firmware security, bootloader hardening, and chain of trust implementation

• Proficiency in low-level programming (C, Rust, Assembly) and systems programming

• Knowledge of firmware vulnerability assessment and threat modeling

• Track record of designing security architectures for complex, distributed systems

• Experience with supply chain security

• Ability to work effectively across hardware and software boundaries

• Knowledge of NIST firmware security guidelines and hardware security frameworks

Strong candidates may also have:

• Experience with confidential computing technologies and hardware-based TEEs

• Knowledge of SLSA framework and software supply chain security standards

• Experience securing large-scale HPC or cloud infrastructure

• Contributions to open-source security projects (coreboot, CHIPSEC, etc.)

• Background in formal verification or security proof techniques

• Experience with silicon root of trust implementations

• Experience working with building foundational technical designs, operational leadership, and vendor collaboration

• Previous work with AI/ML infrastructure security

Annual Salary: $405,000-$485,000 USD

Logistics:

• Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience

• Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience

• Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position

• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.

• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

Why work with us?

• Competitive compensation and benefits

• Optional equity donation matching

• Generous vacation and parental leave

• Flexible working hours

• Lovely office space in which to collaborate with colleagues

Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process

XML job scraping automation by YubHub

Responsibilities

• Monitor and analyse security alerts and logs to identify potential threats and anomalies
• Develop, implement, and maintain detection rules and correlation logic in our SIEM platform
• Conduct thorough investigations of security incidents, performing root cause analysis and impact assessments
• Lead incident response efforts, coordinating with relevant teams to contain and mitigate threats
• Create and maintain incident response playbooks and runbooks
• Perform regular threat hunting activities to proactively identify potential security risks
• Develop and refine metrics and reporting to track the effectiveness of detection and response capabilities
• Collaborate with other security teams to improve overall security posture and incident handling processes
• Stay current with emerging threats, attack techniques, and defensive strategies in the cloud-native and AI domains

Basic Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, or a related field
• 3-5 years of experience in security operations, incident response, or a similar role
• Strong understanding of cybersecurity principles, attack techniques, and defensive strategies
• Proficiency in at least one scripting language (e.g., Python, Rust) for automation and tool development
• Experience with SIEM platforms and log analysis tools
• Familiarity with cloud environments (e.g., AWS, GCP, Azure) and their security features
• Knowledge of network protocols, system administration, and common attack vectors
• Strong analytical and problem-solving skills with attention to detail
• Excellent communication skills and ability to work effectively under pressure

Preferred Skills and Experience

• Relevant security certifications (e.g., GCIH, GCIA, SANS)
• Experience with threat intelligence platforms and their integration into detection processes
• Familiarity with AI/ML security implications, particularly those outlined in the OWASP LLM Top 10
• Knowledge of software supply chain security and SBOM analysis
• Experience with containerized environments and Kubernetes security
• Experience in building custom security tools or integrations to enhance detection and response capabilities
• Interest in leveraging AI to improve threat detection and automate response processes
• Contributions to open-source security projects or threat research
• Experience with digital forensics and malware analysis

Compensation and Benefits

$200,000 - $340,000 USD

Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

XML job scraping automation by YubHub

Responsibilities: Conduct in-depth code reviews and static analysis to identify and mitigate security vulnerabilities in our applications Design and implement secure coding guidelines and best practices for development teams Collaborate closely with development teams to integrate security practices throughout the CI/CD pipeline Perform threat modeling and risk assessments for applications, developing mitigation strategies for potential risks Manage vulnerability tracking and remediation efforts, providing guidance to development teams Support incident response activities related to application security Stay current on emerging security threats and trends in cloud-native technologies and AI, continuously enhancing our security measures Evaluate and secure software supply chains, including producing and maintaining Software Bills of Materials (SBOMs) Address security concerns specific to AI and machine learning models, with a focus on the OWASP LLM Top 10

Basic Qualifications: Bachelor's degree in Computer Science, Cybersecurity, or a related field 3-5 years of experience in application security, with a strong focus on code security practices Deep understanding of secure coding practices, application security frameworks, and common vulnerabilities (e.g., OWASP Top 10) Proficiency in Python or Rust programming languages and experience with secure coding practices in these languages Experience securing CI/CD pipelines and implementing DevSecOps practices Familiarity with software supply chain security and SBOM generation tools Experience with security testing tools (e.g., Burp Suite, OWASP ZAP) and static/dynamic code analysis Understanding of AI/ML security implications, particularly those outlined in the OWASP LLM Top 10 Excellent communication skills, able to explain complex security issues to both technical and non-technical audiences

Preferred Skills and Experience: Experience with cloud platforms (e.g., GCP, AWS, Azure) and their security features Relevant security certifications (e.g., CSSLP, OSWE) Background in data privacy and compliance regulations relevant to cloud-native applications and AI systems Experience with GitOps and infrastructure-as-code security Familiarity with federated learning and privacy-preserving machine learning techniques Experience in building custom security tooling to enhance and automate security processes Interest in leveraging AI to automate security tasks and improve efficiency Contributions to open-source security projects or tools Experience in securing AI/ML models and data pipelines

Compensation and Benefits: $200,000 - $340,000 USD Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

XML job scraping automation by YubHub

We are a global company with a strong company culture and employees located in over 14 countries. Yubico's headquarters are based in Stockholm, Sweden and Santa Clara, CA.

The Role

We are seeking a strategic and hands-on Director of Quality to architect and drive the Quality Management System for our global YubiKey production, warehousing, and fulfillment operations. In this pivotal role, you will move beyond standard quality checks to establish a multi-layered prevention model that mirrors our security philosophy.

Tasks & Responsibilities:

Quality Strategy:

• Architect and drive the implementation of a scalable Quality Management System (QMS) according to ISO 9001 standards.

• Accelerate and structure the ongoing transition from tribal knowledge to documented, auditable, and repeatable process to support QMS.

• Establish a multi-tier quality framework where failures are caught by overlapping layers of defense, including supplier quality, incoming inspection, in-process automated gating, and final outgoing audit.

Internal Education Program:

• Build and lead an internal Quality Academy to drive QMS delivery.

• Collaborate with Engineering to push for rigorous DFMEA and tool requirements, recognizing them as the supplier of manufacturing capabilities while educating Operators on SOPs/OCAPs and Leadership on quality metrics.

Quality Operations:

• Partner closely with Engineering during the Design phase to drive Design Failure Mode and Effects Analysis (DFMEA).

• Provide requirements and drive execution to ensure 'design gating' - preventing products from moving to production without a clear quality plan.

Process Resilience (PFMEA):

• Lead the execution of risk-based Process Failure Mode and Effects Analysis (PFMEA) during the Production and Fulfillment phase.

• Make these technical documents 'readable' and actionable for floor staff to prevent errors in configuration, warehouse, packaging, and fulfillment.

Develop and maintain rigorous Control Plans that specify exactly how quality is monitored at every step.

Implement detection methods, including new inspection methods and functional testing.

Material Review Board (MRB) Leadership:

• Chair the MRB and manage the deviation/waiver process.

• Ensure rigorous engineering validation is performed before any out-of-spec material is approved for production runs.

Out of Control Action Plans (Rectify):

• Define clear, readable 'Out of Control Action Plans' (OCAP).

• Transform reactive firefighting into systematic rectification by ensuring production teams know exactly when to Stop, Call, Wait, or Adjust when metrics drift.

Supply Chain Counterfeit Prevention Program:

• Own and execute the Counterfeit Prevention Program.

• Implement strict controls over component sourcing and chain of custody to protect the security integrity of YubiKeys.

Supplier Quality Management:

• Enforce rigorous quality standards for raw material suppliers and contract manufacturers, ensuring compliance with our security and reliability requirements.

Basic Requirements:

• 10+ years of progressive experience in global Quality Assurance (supporting global supply chain (e.g., North America, EMEA, APJ) within hardware production, customization and fulfillment with significant leadership experience.

• Quality Management Systems: Proven track record of architecting and implementing a QMS from the ground up or upgrading one to ISO 9001 standards.

• Ability to facilitate workshops and drive these processes with internal audiences.

• Security Mindset: Familiar with and able to execute on Counterfeit Prevention Programs (e.g., AS9100/9120) and supply chain security protocols.

• Education: Bachelor's degree in Engineering, Quality Management, or related technical field

XML job scraping automation by YubHub

We're seeking a Platform Hardware Security Engineer to design and implement security architectures for bare-metal infrastructure. You'll work with teams across Anthropic to build firmware, bootloaders, operating systems, and attestation systems to ensure the integrity of our infrastructure from the ground up.

This role requires expertise in low-level systems security and the ability to architect solutions that balance security requirements with the performance demands of training AI models across our massive fleet.

What you'll do:

• Design and implement secure boot chains from firmware through OS initialization for diverse hardware platforms (CPUs, BMCs, switches, peripherals, and embedded microcontrollers)
• Architect attestation systems that provide cryptographic proof of system state from hardware root of trust through application layer
• Develop measured boot implementations and runtime integrity monitoring
• Create reference architectures and security requirements for bare-metal deployments
• Integrate security controls with infrastructure teams without impacting training performance
• Prototype and validate security mechanisms before production deployment
• Conduct firmware vulnerability assessments and penetration testing
• Build firmware analysis pipelines for continuous security monitoring
• Document security architectures and maintain threat models
• Collaborate with software and hardware vendors to ensure security capabilities meet our requirements

Who you are:

• 8+ years of experience in systems security, with at least 5 years focused on firmware and hardware security (firmware, bootloaders, and OS-level security)
• Hands-on experience with secure boot, measured boot, and attestation technologies (TPM, Intel TXT, AMD SEV, ARM TrustZone)
• Strong understanding of cryptographic protocols and hardware security modules
• Experience with UEFI/BIOS or embedded firmware security, bootloader hardening, and chain of trust implementation
• Proficiency in low-level programming (C, Rust, Assembly) and systems programming
• Knowledge of firmware vulnerability assessment and threat modeling
• Track record of designing security architectures for complex, distributed systems
• Experience with supply chain security
• Ability to work effectively across hardware and software boundaries
• Knowledge of NIST firmware security guidelines and hardware security frameworks

Strong candidates may also have:

• Experience with confidential computing technologies and hardware-based TEEs
• Knowledge of SLSA framework and software supply chain security standards
• Experience securing large-scale HPC or cloud infrastructure
• Contributions to open-source security projects (coreboot, CHIPSEC, etc.)
• Background in formal verification or security proof techniques
• Experience with silicon root of trust implementations
• Experience working with building foundational technical designs, operational leadership, and vendor collaboration
• Previous work with AI/ML infrastructure security

Logistics

• Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience.
• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work.

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/careers directly for confirmed position openings.

How we're different

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts.

XML job scraping automation by YubHub