As a specialist in digital networking, you will be responsible for conducting vulnerability tests, supporting penetration tests, and participating in vulnerability management. You will also be involved in adapting and maintaining security guidelines and supporting operational technology security.

We offer a dynamic and innovative work environment, opportunities for professional growth, and a competitive salary.

Key responsibilities:

• Conducting vulnerability tests and penetration tests
• Participating in vulnerability management
• Adapting and maintaining security guidelines
• Supporting operational technology security

Requirements:

• Good academic record
• Proficiency in German language (written and spoken)
• High learning ability and interest in cybersecurity
• Good English language skills
• Team and communication skills
• Sensitive and structured working style
• Strong sense of responsibility

Benefits:

• Competitive salary
• Opportunities for professional growth
• Dynamic and innovative work environment

If you are interested in this opportunity, please submit your application with your resume and cover letter.

Note: This position is also suitable for individuals with disabilities.

XML job scraping automation by YubHub

The team fosters a collaborative environment and is building a best-in-class program to partner with the business to protect the Firm’s information and computer systems. Millennium is a complex and robust technical environment and securing the Firm from external and internal threats is a top priority.

Responsibilities

• Define and implement security guardrails for Generative AI, LLMs, and Agentic frameworks, ensuring safe enterprise adoption.
• Conduct specialized threat modeling, red teaming, and risk assessments for AI/ML models (e.g., testing for prompt injection, model theft, and data poisoning).
• Lead risk management activities, including application risk assessments, design reviews, and mitigation strategies for IT projects.
• Engage throughout the SDLC to identify vulnerabilities, conduct code reviews/penetration testing, and enforce secure coding standards.
• Evangelize AppSec and AI security best practices through developer education, training materials, and outreach.
• Design robust security architectures and integrate automated security testing (SAST/DAST/SCA) into CI/CD pipelines.
• Partner with Technology, Trading, Legal, and Compliance to create policies and communicate technical risks to non-technical stakeholders.

Qualifications

• Bachelor's degree or higher in Computer Science, Computer Engineering, IT Security or related field.
• 5+ years’ experience working as an Application Security Engineer, Software Engineer, or similar role.
• Deep understanding of AI-specific risks (OWASP Top 10 for LLMs) and experience securing applications utilizing LLMs.
• Experience working with AI models, Agentic frameworks and security risks associated with AI.
• Experience in working with global teams, collaborating on code and presentations.
• Demonstrated work experience in hybrid on-premise and Public Cloud environments (AWS/GCP/Azure)
• Strong understanding of security architectures, secure configuration principles/coding practices, cryptography fundamentals and encryption protocols.
• Experience with common SCM & CI/CD technologies like GitHub, Jenkins, Artifactory, etc. and integrating Security Scanning and Vulnerability Management into the CI/CD Pipelines
• Familiarity with static and dynamic security analysis tools, and SCA/SBOM solutions.
• Hands on experience with Secrets Management & Password Vault technologies such as Delinea Secret Server and/or Hashicorp Vault, etc.
• Strong experience in secure programming in languages such as Python, Java, C++, C#, or similar.
• Familiarity with Infrastructure as Code tools (CloudFormation, Terraform, Ansible, etc.)
• Familiarity with web application security testing tools and methodologies.
• Knowledge of various security frameworks and standards such as ISO 27001, NIST, OWASP, etc.
• Knowledge of Linux, OS internals and containers is a plus.
• Certifications like CISSP, CISM, CompTIA Security+, or CEH are advantageous.

XML job scraping automation by YubHub

The successful candidate will have a proven understanding in enterprise security and AI security and will focus on defining and implementing security guardrails for Generative AI, LLMs, and Agentic frameworks, ensuring safe enterprise adoption.

Key responsibilities include:

• Defining and implementing security guardrails for Generative AI, LLMs, and Agentic frameworks
• Conducting specialized threat modeling, red teaming, and risk assessments for AI/ML models
• Leading risk management activities, including application risk assessments, design reviews, and mitigation strategies for IT projects
• Engaging throughout the SDLC to identify vulnerabilities, conduct code reviews/penetration testing, and enforce secure coding standards
• Evangelizing AppSec and AI security best practices through developer education, training materials, and outreach

Qualifications include:

• Bachelor's degree or higher in Computer Science, Computer Engineering, IT Security or related field
• 5+ years' experience working as an Application Security Engineer, Software Engineer, or similar role
• Deep understanding of AI-specific risks (OWASP Top 10 for LLMs) and experience securing applications utilizing LLMs
• Experience working with AI models, Agentic frameworks and security risks associated with AI
• Experience in working with global teams, collaborating on code and presentations

Preferred qualifications include:

• Demonstrated work experience in hybrid on-premise and Public Cloud environments (AWS/GCP/Azure)
• Strong understanding of security architectures, secure configuration principles/coding practices, cryptography fundamentals and encryption protocols
• Experience with common SCM & CI/CD technologies like GitHub, Jenkins, Artifactory, etc. and integrating Security Scanning and Vulnerability Management into the CI/CD Pipelines
• Familiarity with static and dynamic security analysis tools, and SCA/SBOM solutions
• Hands on experience with Secrets Management & Password Vault technologies such as Delinea Secret Server and/or Hashicorp Vault, etc.
• Strong experience in secure programming in languages such as Python, Java, C++, C#, or similar
• Familiarity with Infrastructure as Code tools (CloudFormation, Terraform, Ansible, etc.)
• Familiarity with web application security testing tools and methodologies
• Knowledge of various security frameworks and standards such as ISO 27001, NIST, OWASP, etc.
• Knowledge of Linux, OS internals and containers is a plus
• Certifications like CISSP, CISM, CompTIA Security+, or CEH are advantageous

We offer a competitive salary and benefits package, as well as opportunities for professional growth and development.

XML job scraping automation by YubHub

The team fosters a collaborative environment and is building a best-in-class program to partner with the business to protect the Firm's information and computer systems.

Principal Responsibilities:

• Provide a high level of security consultancy and engineering support for Windows/Active Directory/Azure security solutions including analysis and development of Windows security solutions.
• Strong understanding of modern authentication protocols, e.g., OIDC / OAUTH 2.
• Contribute to the vision, strategy, and drive design and implementation for authentication platforms both on premises and in the cloud.
• Provide security consultancy and engineering support for SAML, OIDC and Kerberos authentication across different Identity providers, including analysis and development of SSO, PKI, and other authentication solutions.
• Able to demonstrate clear understanding of current risks and threats related to Identity Management at technical and managerial levels.
• Actively monitor new and emerging security and privacy related technologies, trends, issues, and solutions and assess their applicability to key business initiatives and strategies.
• Participate in Information Security Incident Response activities for the Firm's environment.
• Liaison with key stakeholders to create and enforce policy including Technology organization, Trading units, Legal, Internal Audit, and Compliance.
• Provide support to Security and other technical operations staff to ensure smooth turnover from Engineering to Production - and provide mentoring to junior level security professionals.
• Develop and maintain documentation of all Security products including specific tools, technologies, and processes.

Qualifications/Skills Required:

• Bachelor's degree in computer science or engineering preferred.
• 7 + years' experience working in a technical role with a minimum of 2 + years' experience focusing on information security in the financial industry (preferred).
• Excellent understanding and experience of engineering Microsoft security solutions – including desktop and server operating systems, EntraID, Active Directory, Group Policy, Desired Configuration State, DNS, Messaging.
• Ability to understand code in C#/.NET and / or Python and strong scripting experience in PowerShell.
• Experience managing IaaS, SaaS solutions and services using CI/CD pipelines. Jenkins, Terraform experience is a strong plus.
• Solid understanding of SAML, OIDC and Kerberos authentication and related technology controls and best practices.
• Experience with Office 365 security controls including usage of Azure Active Directory, Conditional Access, o365 logging APIs, Microsoft CAS, and Microsoft Authenticator.
• Understanding and experience with implementing Data Loss Prevention (DLP) solutions, policies, and technologies.
• Understanding of Azure Information Protection (AIP) and its components, including labeling, classification, and encryption.
• Ability to develop and implement strategies to ensure compliance with data protection regulations, such as GDPR or HIPAA, utilizing DLP and AIP solutions.
• Strong knowledge and experience in a variety of security technologies including: EDR, SIEM, Vulnerability Management is a plus.
• Relevant security certification (CISSP, GCIA, CISM, etc.) and/or product certifications (PingFederate, Azure, Windows, AD etc.) a plus.

The estimated base salary range for this position is $175,000 to $250,000, which is specific to New York and may change in the future. Millennium pays a total compensation package which includes a base salary, discretionary performance bonus, and a comprehensive benefits package.

XML job scraping automation by YubHub

As a Staff Security Engineer, you will design and implement scalable triage, prioritization, and remediation-tracking systems across application, infrastructure, and hardware domains. You will set technical standards, drive high-impact initiatives, and mentor engineers through technical leadership, while partnering with leadership on priorities and execution risks.

Key Responsibilities:

• Lead high-complexity VM technical initiatives and deliver architecture decisions for assigned program areas
• Design and build scalable triage automation, including integrations, decision logic, and production hardening
• Implement end-to-end workflow components from assessment and detection to ticket routing and remediation tracking
• Provide deep technical leadership on hardware-adjacent vulnerabilities (GPU firmware, DPU firmware/BlueField, and BMC surfaces)
• Act as senior technical responder for embargoed disclosures and zero-day events, coordinating with owner teams that deploy fixes
• Improve prioritization logic, severity models, and exception workflows through code, design reviews, and technical proposals
• Produce actionable technical metrics and risk insights for leadership consumption
• Lead root-cause analysis for high-impact vulnerability incidents and implement durable technical improvements
• Mentor IC3/IC4/IC5 engineers through design guidance, code review, and incident coaching
• Partner with security, engineering, and operational stakeholders to improve workflow reliability and accelerate remediation outcomes

Requirements:

• 9+ years of relevant experience with demonstrated strategic impact in vulnerability management, application security, platform security, or cloud security engineering
• Proven track record building and scaling security automation (SOAR workflows, AI/ML systems, detection pipelines) in production environments
• Deep subject matter expertise with vulnerability management best practices: CVSS, EPSS, CISA KEV, threat intelligence integration, and risk-based prioritization frameworks
• Excellent development background with strong coding skills in Python, Go, or similar languages for building scalable, production-grade security systems
• Significant experience with modern vulnerability management tooling (for example Wiz, Semgrep, Rapid7, Tenable, or equivalent)
• Experience with specialized infrastructure: GPU/DPU environments, firmware security, hardware vulnerabilities, or high-performance computing
• Demonstrated track record mentoring engineers across levels and driving cross-functional technical initiatives at organizational scale
• Strong business acumen and understanding of how security decisions impact engineering velocity, customer trust, and business outcomes

Preferred Qualifications:

• Practical experience building AI/ML-powered security systems (LLM integration, automated decision-making, human-in-the-loop validation) in production
• Experience managing hardware vendor security partnerships (embargoed disclosures and pre-release collaboration)
• Production experience with security automation platforms such as TINES and serverless frameworks (AWS Lambda, GCP Cloud Functions)
• Strong DevOps, DevSecOps, or SRE background with deep experience in AWS/GCP/Azure cloud services and Infrastructure as Code (Terraform, CloudFormation)
• Deep understanding of Kubernetes security (container scanning, admission controllers, supply chain security, runtime protection)
• Experience leading security programs through rapid hypergrowth (10x+ infrastructure scaling) in startup or cloud-native environments
• Practical experience managing vulnerabilities within a FedRAMP-certified environment or similar regulatory frameworks

Salary and Benefits: The base salary range for this role is $188,000 to $275,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).

Work Environment:

While we prioritize a hybrid work environment, remote work may be considered for candidates located more than 30 miles from an office, based on role requirements for specialized skill sets. New hires will be invited to attend onboarding at one of our hubs within their first month. Teams also gather quarterly to support collaboration.

XML job scraping automation by YubHub

Key responsibilities include:

• Ensuring successful business outcomes for customers that lead to world-class retention and expansion for Tanium by collaborating with an account team of Sales, Solution Engineers, Domain Architects, and more
• Working with senior team members to understand the unique complexity and segmentation of the customers served and creating the best path to full Tanium platform adoption and expansion, leveraging understanding of not only the customer's environment but also insights as to how to overcome obstacles to implement new technologies
• Developing and maintaining necessary relationships with customers to ensure alignment to their business needs
• Identifying where Tanium can be further integrated into customer business processes and controls to increase ROI and expand into new solution areas
• Performing activities and data management that help to drive adoption and value against an agreed-upon plan with the customer

The ideal candidate will have 1-3 years of experience in Customer Success, Account Management, Technical Project Management, Sales Development, Service Management / Professional Services, preferably in a SaaS business model or within SLED organisations. Experience in Information Technology Operations, Security, or Vulnerability Management workflows is a plus.

We are looking for a highly organised self-starter who thrives in a fast-paced environment and is comfortable working in ambiguity. The successful candidate will be curious, willing to learn from others in their discipline, their customers, and other roles at Tanium, and eager to contribute suggestions and ideas to further customer and Tanium goals.

XML job scraping automation by YubHub

You will be in a customer-facing role, working with and supporting Solution Architects, which requires hands-on production experience with public cloud - AWS, Azure, and GCP.

SSAs help customers with the design and successful implementation of essential workloads while aligning their technical roadmap to expand the use of the Databricks Platform.

As a deep go-to-expert reporting to the Specialist Field Engineering Manager, you will continue to strengthen your technical skills through mentorship, learning, and internal training programs and establish yourself in an area of specialty - whether that be cloud deployments, security, networking, or more.

Responsibilities:

• Provide technical leadership to guide strategic customers to the successful administration of Databricks, ranging from design to deployment

• Architect production-level deployments, including meeting necessary security and networking requirements

• Become a technical expert in an area such as cloud platforms, automation, security, networking, or identity management

• Assist Solution Architects with more advanced aspects of the technical sale including custom proof of concept content and custom architectures

• Provide tutorials and training to improve community adoption (including hackathons and conference presentations)

• Contribute to the Databricks Community

Requirements:

• 5+ years of experience in a technical role with expertise in at least one of the following:

• Cloud Platforms & Architecture: Cloud Native Architecture in CSPs such as AWS, Azure, and GCP, Serverless Architecture

• Security: Platform security, Network security, Data Security, Gen AI & Model Security, Encryption, Vulnerability Management, Compliance

• Networking: Architecture design, implementation, and performance

• Identify management: Provisioning, SCIM, OAuth, SAML, Federation

• Platform Administration: High availability and disaster recovery, cluster management, observability, logging, monitoring, audit, cost management

• Infrastructure Automation and InfraOps with IaC tools like Terraform

• Maintain and extend the Databricks environment to adapt to evolving complex needs.

• Deep Specialty Expertise in at least one of the following areas:

• Security - understanding how to secure data platforms and manage identities

• Complex deployments

• Public Cloud experience - experience designing data platforms on cloud infrastructure and services, such as AWS, Azure, or GCP, using best practices in cloud security and networking.

• Bachelor's degree in Computer Science, Information Systems, Engineering, or equivalent experience through work experience.

• Hands-on experience with Python, Java, or Scala, and proficiency in SQL, and Terraform experience are desirable.

• 2 years of professional experience with Big Data technologies (Ex: Spark, Hadoop, Kafka) and architectures

• 2 years of customer-facing experience in a pre-sales or post-sales role

• Can meet expectations for technical training and role-specific outcomes within 6 months of hire

• This role can be remote, but we prefer that you be located in the job listing area and can travel up to 30% when needed.

Pay Range Transparency:

Databricks is committed to fair and equitable compensation practices. The pay range(s) for this role is listed below and represents the expected salary range for non-commissionable roles or on-target earnings for commissionable roles. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to job-related skills, depth of experience, relevant certifications and training, and specific work location. Based on the factors above, Databricks anticipates utilizing the full width of the range. The total compensation package for this position may also include eligibility for annual performance bonus, equity, and the benefits listed above.

Zone 2 Pay Range $264,000-$363,000 USD

Zone 3 Pay Range $264,000-$363,000 USD

Zone 4 Pay Range $264,000-$363,000 USD

XML job scraping automation by YubHub

These tools have already found real zero-days in Firefox, the Linux kernel, and other critical software. The challenge is no longer just finding vulnerabilities; it is managing the consequences of finding them at unprecedented scale and speed.

Traditional coordinated disclosure frameworks were designed for a world where a researcher might find one serious vulnerability every few weeks. AI-powered discovery has changed that equation entirely; Claude can surface hundreds of findings in a single codebase in a single day.

This role exists to ensure that every finding reaches the right maintainer, at the right pace, with the right context, and that Anthropic meets its Responsible Scaling Policy (RSP) commitments in the process.

You will own the end-to-end CVD lifecycle: from internal triage and human validation of AI-generated findings, through tiered disclosure timelines, to external coordination with vendors, open-source maintainers, and organizations.

This role requires deep collaboration across Security Engineering, Legal, Communications, Product, and Frontier Red Team to ensure Anthropic operates as a responsible steward of the vulnerabilities its tools discover.

Responsibilities:

• Own end-to-end CVD program strategy and execution: Define and drive the roadmap for coordinated vulnerability disclosure, from AI-generated finding through maintainer notification, remediation tracking, and public disclosure.

• Lead internal triage and quality assurance: Establish and manage the human review process that validates all AI-generated findings before external disclosure.

• Design and operate tiered disclosure timelines: Implement severity-based disclosure windows with appropriate extension policies.

• Build and manage pacing and submission models: Develop rate-limiting frameworks that govern how many findings are submitted to each project, scaled to maintainer capacity and project size.

• Lead external coordination and partner engagement: Manage relationships with open-source maintainers and closed-source vendors.

• Establish program metrics and reporting: Define and track the metrics that determine program health, including fix rates, false-positive rates, median time-to-patch, and qualitative maintainer feedback.

• Drive response category classification: Manage the process for classifying findings into response categories (latent vulnerability, active exploitation, ecosystem-level pattern) and ensure the appropriate response protocol is triggered for each category.

• Lead cross-functional coordination: Manage stakeholder relationships across Security Engineering, Legal, Communications, Product, and Frontier Red Team to drive alignment and execution on disclosure initiatives.

• Collaborate with senior leadership and executives: Communicate program vision, risks, and progress with executive presence.

You May Be a Good Fit If You Have:

• 10+ years of experience in cybersecurity, vulnerability management, or security operations, with at least 4+ years leading vulnerability disclosure, vulnerability management, or coordinated response programs.

• Deep understanding of coordinated vulnerability disclosure processes, including experience working with CERT/CC, MITRE CVE, or similar coordination bodies.

• Technical familiarity with vulnerability discovery tooling, static analysis, fuzzing infrastructure (e.g., OSS-Fuzz, CodeQL), and the triage workflows that turn raw findings into actionable reports.

• Experience engaging directly with open-source maintainers and understanding the dynamics of open-source project governance, contributor capacity, and maintainer burnout.

• Proven experience as a Technical Program Manager or similar role in a cybersecurity or technology-focused environment, with a track record of leading complex, cross-organizational programs to successful completion.

• Executive communication skills with demonstrated ability to influence decisions at the senior leadership and C-suite level.

Ability to manage highly ambiguous problems and navigate challenges to achieve program objectives in a fast-paced, evolving environment.

Strong collaboration skills with proven ability to partner across diverse technical and non-technical stakeholders including Security Engineering, Legal, Communications, and Product teams.

Strong Candidates May Also Have:

• Experience building vulnerability disclosure or coordinated response programs from the ground up in high-growth technology companies.

• Background as a CVE Numbering Authority (CNA) operator, or experience managing the operational requirements of CVE issuance, embargo coordination, and formal vulnerability tracking.

• Familiarity with AI/ML-powered security tooling and the unique challenges of managing AI-generated vulnerability reports at scale, including false-positive filtering and quality assurance.

• Experience with vulnerability management platforms and tracking systems (e.g., HackerOne, Bugcrowd, or custom internal tooling).

• Prior work in security research, penetration testing, or red teaming that provides firsthand understanding of the vulnerability lifecycle from discovery through remediation.

• Familiarity with compliance frameworks (SOC 2, ISO 27001, FedRAMP) and their intersection with vulnerability disclosure requirements.

Experience managing multi-stakeholder disclosure scenarios involving ecosystem-level vulnerabilities that affect multiple projects simultaneously.

XML job scraping automation by YubHub

Key responsibilities include:

• Performing hands-on vulnerability triage and risk assessment using team-defined standards and playbooks
• Tracking remediation progress with owner teams, escalating blockers, and ensuring clean issue closure
• Supporting automated triage workflows by validating outputs and improving signal quality
• Contributing to automated remediation campaigns (e.g., EOL cleanup, vulnerable software upgrades, and fix verification)
• Supporting zero-day and embargo response by helping inventory affected assets and tracking owner-team deployment status
• Participating in incident investigations by gathering technical evidence and supporting impact analysis
• Participating in on-call rotation for critical vulnerability events
• Maintaining high-quality documentation, runbooks, and operational updates

The ideal candidate will have 3+ years of relevant experience in vulnerability management, security operations, application security, or related security engineering. Key skills include a strong understanding of vulnerability assessment fundamentals, hands-on experience with vulnerability management platforms, proficiency in scripting/automation for workflow support, and familiarity with cloud security concepts.

In addition to a competitive salary, we offer a variety of benefits to support your needs, including medical, dental, and vision insurance, 100% paid for by CoreWeave, company-paid life insurance, and flexible PTO.

XML job scraping automation by YubHub

Application Security is part of our wider Financial Scale organization, which means you will work closely with Security Operations, GRC, Product Security, Front End Platform, IT Infrastructure teams.

We’re looking for individuals with a strong background and interest in penetration testing. You should have a demonstrated ability to find vulnerabilities in complex systems and craft exploits to demonstrate business impact.

This role is highly cross-functional and collaborative, you will have the opportunity to work with every engineering team across Brex.

Building a world-class financial service requires world-class security. Brex is pioneering the next wave of AI-driven financial services for dynamic, high-impact companies like Coinbase, Robinhood, and Anthropic. We're at the early stages of integrating AI across our product suite, this role will have the opportunity to influence and secure the future of AI Security at Brex.

You'll be at the forefront of securing our novel AI implementations, identifying attack vectors in agentic-powered features, and partnering with product and engineering teams to build AI capabilities that our customers can trust with their critical financial operations.

Responsibilities: Identifying vulnerabilities, demonstrating business impact, and articulating the risk of specific vulnerabilities to drive prioritization efforts Perform penetration testing and design reviews, looking for vulnerabilities and insecure designs, work with engineering and product to design secure product features Maintain and build internal tools to automate security efforts, perform SAST and DAST testing of the Brex platform, and support secure development practices Build and contribute to a culture of collaborative security excellence through technical leadership, learning sessions, and mentorship within the team and wider organization

Requirements: 5+ years work experience in an Application Security or related role Ability to find vulnerabilities in complex systems, demonstrating business impact through custom attack chains Experience with a wide range of secure development activities including, threat modeling, developer education, and incident response Knowledge of Python, scripting languages, and AI/agentic workflows to automate tasks, build tools and improve productivity Collaborative mindset paired with strong written and verbal communication skills

Bonus points: Proficiency with Kotlin, gRPC, GraphQL, Kubernetes Previous experience as a software engineer Consultancy experience performing web application security reviews Experience with securing distributed systems in AWS and cloud environments Experience with pentesting and securing agentic features and systems Contributions to the wider technical community, open source, public research, mentorship, community organizing, blogging, CVEs, presentations, etc

Compensation: The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

XML job scraping automation by YubHub

This role combines technical depth, strategic thinking, and the autonomy to design workflows that will protect infrastructure driving the future of AI.

Key Responsibilities:

• Build and scale AI-powered triage workflows: evaluate tools (LLM integration, TINES orchestration), architect solutions, and deploy to production
• Drive intelligent, risk-based vulnerability prioritization while simultaneously training AI models,your assessments become the foundation for automation
• Influence automation priorities: recommend which areas of the vulnerability pipeline would most benefit from automation to improve team efficiency
• Design and implement automated detection-to-ticket pipelines: build workflows that generate vulnerability detections, test them, scale across the environment, and auto-create Jira tickets
• Execute remediation campaigns: build automated workflows for EOL product removal, vulnerable software upgrades, and OS migrations at scale
• Manage embargoed vendor disclosures from hardware partners, including embargo verification and zero-day response coordination
• Lead security incident investigations related to high-profile vulnerabilities, coordinating cross-functional response and impact assessment
• Participate in on-call rotation for rapid-response vulnerability analysis during active zero-day events or critical security incidents
• Partner with IT, Infrastructure, and Engineering teams to drive remediation efforts, enforce SLAs, and escalate blockers strategically
• Write daily operations reports documenting vulnerability trends, remediation velocity, and emerging threats for security leadership
• Drive process improvements and workflow automation to improve operational efficiency and reduce manual toil

Requirements:

• 7+ years of relevant experience with demonstrated impact in vulnerability management, application security, platform security, or cloud security engineering
• Bachelor’s or Master’s degree in Computer Science, Computer Engineering, Electrical Engineering, or equivalent practical experience
• Proven hands-on experience building security automation (SOAR workflows, detection pipelines, or vulnerability prioritization frameworks)
• Deep subject matter expertise with vulnerability management best practices: CVSS, EPSS, CISA KEV, exploit intelligence, and compensating controls
• Strong development background with proficiency in Python, Go, or similar languages for building production-grade security tools
• Experience with modern vulnerability management tooling such as Wiz, Semgrep, Rapid7, or similar platforms
• Demonstrated ability to partner with cross-functional teams (IT, SRE, Engineering) to drive remediation without formal authority
• Strong familiarity with common security vulnerabilities and the ability to judge their severity and business impact

Preferred Qualifications:

• Practical experience building AI/ML-powered security workflows (LLM integration, automated triage, human-in-the-loop validation)
• Experience managing hardware security vulnerabilities (GPU/DPU firmware, BMC/IPMI, specialized compute environments)
• Production experience with security automation platforms such as TINES, Splunk SOAR, or serverless frameworks (AWS Lambda)
• Strong DevOps, DevSecOps, or SRE background with experience in AWS/GCP/Azure cloud services and Infrastructure as Code (Terraform, CloudFormation)
• Deep understanding of container security and Kubernetes (image scanning, admission control, runtime protection, supply chain security)
• Experience supporting customer audits (SOC 2, ISO 27001, FedRAMP) with vulnerability evidence and control validation
• Experience integrating vulnerability management into modern CI/CD pipelines with a 'shift-left' mentality

What We Offer:

The base salary range for this role is $165,000 to $242,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).

The range we’ve posted represents the typical compensation range for this role. To determine actual compensation, we review the market rate for each candidate which can include a variety of factors. These include qualifications, experience, interview performance, and location.

XML job scraping automation by YubHub

Your expertise will be crucial in building proactive security strategies that align with our business goals and protect the company from an ever-evolving threat landscape. This position demands deep expertise in security principles and a comprehensive understanding of the entire infrastructure stack and IAM systems to design robust, future-ready security solutions.

You will be instrumental in safeguarding our systems' resilience and integrity against ever-evolving cyber threats. You will play a critical role in shaping our security strategy for modern platforms across AWS, Azure, GCP, network infrastructure, storage, and SaaS solutions, help establish a strong least privilege (PoLP) model, providing specialized IAM expertise, and securely supporting SaaS with sensitive information (NHI).

You will also be a key contributor in building our internal strategy for secure AI development. Additionally, you will support the secure integration of SaaS platforms such as Google Workspace, collaboration tools, and GTM systems, maintaining alignment with enterprise security standards.

Close collaboration with cross-functional teams is essential to embed security throughout the technology stack.

The impact you will have:

• Design and implement secure, scalable reference architectures for the Databricks IT across Cloud Infra (Compute, DBs, Network, Storage), SaaS, Custom Built Applications, Data & AI systems.
• Establish and enforce security controls for: Core Security Areas: - Databricks Workspace Management: Workspace isolation, Unity Catalog for data governance.
• Secure Networking: VPC configs, PrivateLink, IP Allow Lists.
• Identity and Access Management (IAM): SSO, SCIM user provisioning, RBAC via Un, Strong MFA best practices for enterprise identities and customers.
• Data Encryption: At rest and in transit, customer-managed keys for critical assets.
• Data Exfiltration Prevention: Admin console settings, VPC endpoint controls.
• Cluster Security: User isolation, compliance with enhanced security monitoring/Compliance Security Profiles (HIPAA, PCI-DSS, FedRAMP).
• Offensive Security: Test and challenge the effectiveness of the organization’s security defenses by mimicking the tactics, techniques, and procedures used by actual attackers.
• Specialized Security Functions: - Non-human Identity Management: Design and implement secure authentication and authorization for automated systems (service accounts, API keys, machine identities), focusing on automation and integration with existing identity management systems.
• IAM Best Practices: Develop and document comprehensive Identity and Access Management policies, including user provisioning, de-provisioning, access reviews, privileged access management, and multi-factor authentication, ensuring security and compliance.
• Data Loss Prevention (DLP): Implement DLP solutions to identify, monitor, and protect sensitive data across endpoints, networks, and cloud environments, preventing unauthorized access, use, or transmission.
• SaaS Proxy Design and Implementation: Design and implement cloud-based proxies for SaaS applications (SASE solutions) to provide secure access, enforce security policies, monitor user activity, and protect against threats.
• Cloud Infrastructure Best Practices: Establish and document best practices for VPC configurations, cloud networking, and infrastructure as code using Terraform, ensuring secure network segmentation, routing, firewalls, and VPNs for consistent, automated, and secure deployments.
• Least Privilege Access for Data Security: Design and implement data security controls based on the principle of least privilege, ensuring users and systems have only the minimum necessary access through fine-grained controls, data classification, and regular access reviews.
• Guide internal IT on Databricks’ security and compliance certifications (SOC 2, ISO 27001/27017/27018, HIPAA, PCI-DSS, FedRAMP), and support security reviews/audits.
• Support incident response, vulnerability management, threat modeling, and red teaming using audit logs, cluster policies, and enhanced monitoring.
• Stay current on industry trends and emerging threats in GenAI, AI Agentic flow, MCPs to enhance security posture.
• Advise executive leadership on security architecture, risks, and mitigation.
• Mentor security engineers and developers on secure design and best practices.

What we look for:

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field
• Master’s degree in Computer Science specifically in Information Security or a related discipline is strongly preferred
• Minimum 12 years in cybersecurity, with 5+ in security architecture or senior technical roles.
• Experience in FedRAMP High systems/ GovCloud preferred.
• Must have direct experience designing and securing enterprise platforms in complex multi-cloud environments, deep knowledge of enterprise architecture and security features (control plane/data plane separation, network infra, workspace hardening, network segmentation/ isolation), and hands-on experience automating security controls with Terraform and scripting.
• Proven expertise securing data analytics pipelines, SaaS integrations, and workload isolation in enterprise ecosystems.
• Experience with Enterprise Security Analysis Tools and monitoring/security policy optimization.
• Deep experience in threat modeling, design, PoC, and implementing large-scale enterprise solutions.
• Extensive hands-on experience in AWS cloud security, network security, with knowledge of Zero Trust, Data Protection, and Appsec.
• Strong understanding of enterprise IAM systems (Okta, SailPoint, VDI, Entra ID) and Data Protection.
• Expert experience with SIEM platforms, XDR, and cloud-native threat detection tools.
• Expert in web application security, OWASP, API security, and secure design and testing.
• Hands-on experience with security automation is required, with proficiency in AI-assisted development, Python, Cursor, Lambda, Terraform, or comparable scripting/IaC tools for operational efficiency.
• Industry certifications like CISSP, CCSP, CEH, AWS Certified Security – Specialty, AWS Certified Solutions Architect – Professional, or AWS Certified Advanced Networking – Specialty (or equivalent) are preferred.
• Ability to influence stakeholders and drive alignment.
• Strategic thinker with a passion for security innovation, continuous improvement, and building scalable defenses.

Pay Range Transparency

Databricks is committed to fair and equitable compensation practices. The pay range(s) for this role is listed below and represents the expected salary range for non-commissionable roles or on-target earnings for commissionable roles. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to job-related skills, depth of experience, relevant certifications and training, and specific work location. Based on the factors above, Databricks anticipates utilizing the full width of the range. The total compensation package for this position may also include eligibility for annual performance bonus, equity, and the benefits listed above.

XML job scraping automation by YubHub

About the Role: The Application Security team at Anthropic is at the forefront of building security into every phase of the software development lifecycle. As an Application Security Engineer, you will partner closely with software engineers and researchers to ensure that security is a core consideration from initial design through implementation. You will lead threat modeling and secure design reviews to proactively identify and mitigate risks early, and help with continuous risk assessment. You will build tools and systems to support developers shipping code securely, adhering to secure coding best practices.

Responsibilities:

• Help secure AI products and internal tools that are introducing industry-novel security risks and pushing established security boundaries
• Lead “shift left” security efforts to build security into the software development lifecycle
• Conduct secure design reviews and threat modeling. Identify and prioritize risks, attack surfaces, and vulnerabilities
• Develop tooling to scale security code reviews and respond to developer questions, including advising developers on remediating vulnerabilities and following secure coding practices
• Manage Anthropic's vulnerability management program, including integrating data ingestion pipelines, coding logic to prioritize vulnerability fixes, supporting teams remediating vulnerabilities and developing automated systems at scale
• Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with the ethical hacker community
• Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development
• Develop and document security policies, standards, and playbooks. Conduct security awareness training for engineers

Requirements:

• 5+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments
• Strong proficiency in at least one programming language (e.g., Python, Rust, Go, Java)
• Lead with empathy, a collaborative spirit, and a learning mindset to work cross-functionally with engineers of all levels to build security into the software development life cycle
• Leverage creative and strategic thinking to reduce risk through secure design and simplicity, not just controls
• Possess broad security knowledge to connect the dots across domains and identify holistic ways to decrease the overall threat surface
• Are keen to distill complex security concepts into clear actions and drive consensus without direct authority
• Embody a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education
• Have a strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes
• Bring experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses
• Are practiced at collaborating cross-functionally and effectively balancing security requirements with business objectives
• Advocate for security fundamentals like least privilege, defense-in-depth, and eliminating complexity that could sub-linearly scale security through smart design

Preferred Qualifications:

• Hands-on technical expertise securing complex cloud environments and microservices architectures leveraging technologies like Kubernetes, Docker, and AWS / GCP
• Exposure to offensive security techniques like vulnerability testing, bug bounty, pen testing, and red team exercises
• Familiarity with AI/ML security risks such as prompt injection, data poisoning, model extraction, etc. and mitigations
• Experience building security tools, applications, and automated tools
• Solid foundational knowledge of both software and security engineering principles and are keen to continue learning
• Excellent communication skills, able to distill complex security topics for broad audiences
• Worked and thrived in fast-paced environments, and comfortable navigating ambiguity

Annual Compensation Range:

$300,000-$405,000 USD

Logistics:

• Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience
• Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience
• Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position
• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

How to Apply:

If you're interested in this role, please submit your application through our website. We look forward to reviewing your application!

Note:

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links,visit anthropic.com/careers directly for confirmed position openings.

XML job scraping automation by YubHub

As a member of our security team, you will work alongside security, infrastructure, and engineering partners to monitor security signals, investigate issues, improve operational processes, and strengthen our overall security posture.

In this role, you will have the opportunity to learn from experienced security professionals, develop your skills in security operations, and contribute to the growth and success of our organization.

We are looking for a curious, detail-oriented individual with a foundational understanding of security operations concepts, familiarity with basic networking, operating systems, and cloud concepts, and comfort working in terminal and web-based tools.

If you are a problem solver, customer-oriented, versatile, resilient, and eager to learn, we'd love to hear from you.

XML job scraping automation by YubHub

Plaid powers the tools millions of people rely on to live a healthier financial life. We work with thousands of companies like Venmo, SoFi, several of the Fortune 500, and many of the largest banks to make it easy for people to connect their financial accounts to the apps and services they want to use.

The Product Security team is responsible for the processes, policies, controls, and engineering systems that secure Plaid's developer- and consumer-facing products. The team focuses on areas including application security, vulnerability management, secure development lifecycle, penetration testing, and cloud security.

We're looking for a Product Security Engineer who is fundamentally a builder. Unlike traditional product security roles, this position is designed for a software engineer who wants to solve security challenges at scale by developing production-grade services, libraries, and frameworks.

In this role, you'll build and maintain Plaid's vulnerability management orchestration service, automate workflows to reduce operational toil, and create solutions that eliminate entire classes of vulnerabilities. You'll also partner closely with product engineers to ensure services meet security standards, support incident response and security awareness efforts, and collaborate across the security platform organization to deliver the engineering foundations that make secure development the default at Plaid.

Responsibilities

• Build the secure engineering foundations that secure the future of digital finance.
• Develop maintainable and secure software to enhance Plaid's security posture and create paved roads for developers for easy and default integration of security controls.
• Design, develop, and maintain security-critical services and components.
• Develop internal tooling to automate vulnerability detection, dependency management, and remediation workflows within the CI/CD pipeline.
• Replace manual security gates with engineered solutions that allow product teams to ship faster and more securely.
• Communicate effectively with managers and team members regarding project deliverables and progress.
• Design and implement technical solutions that align with the evolving needs of the business.
• Proactively identify and address security vulnerabilities in products and services.
• Actively participate in incident response and security awareness initiatives.

Qualifications

• 2 + years of professional experience building and scaling production services.
• Ability to architect software systems to meet security, privacy, usability, scalability and cost requirements.

While these experience and characteristics are not prerequisites, candidates who possess them would be well-suited for the role:

• Experience building systems or services related to vulnerability management, data encryption, key management, secret management, user authentication, service authentication, authorization systems, and security policy enforcement.
• Experience designing distributed systems and microservices with a focus on performance and reliability.
• Familiarity with modern cloud infrastructure (AWS, Kubernetes, Terraform) and how to integrate security controls into them.
• A passion for creating tools and libraries that other engineers love to use.
• Passionate about educating others on security and privacy.

Additional Information

Our mission at Plaid is to unlock financial freedom for everyone. To support that mission, we seek to build a diverse team of driven individuals who care deeply about making the financial ecosystem more equitable. We recognize that strong qualifications can come from both prior work experiences and lived experiences. We encourage you to apply to a role even if your experience doesn't fully match the job description.

We are always looking for team members that will bring something unique to Plaid!

XML job scraping automation by YubHub

Key responsibilities include:

• Leading and growing the team: Manage the SOC team, shape the roadmap, delegate effectively, and mentor engineers.

• Driving operations: Define vulnerability management processes and coordinate stakeholders for timely remediation. Design, implement, and operate SIEM/SOAR infrastructure (ingestion, normalization, correlation, alerting, playbooks). Specify logging requirements across our main stacks and centralize telemetry in the SIEM. Develop and tune correlation rules and detections; manage CTI intake and operationalize intel. Run continuous improvement to reduce false positives and raise signal quality. Establish crisp procedures for alert triage, escalation, and incident handling & investigation. Lead incident communications with stakeholders and ensure thorough documentation.

• Engineering and enablement: Contribute to security tooling, automation, and integrations that speed up detection/response. Produce guidance and documentation for product/infra teams; contribute to compliance in the SOC perimeter.

• Exercises and assurance: Coordinate red/blue exercises, post-mortems, and targeted audits to validate coverage and resilience.

The ideal candidate will have 8+ years of experience leading SOC/CSIRT functions, with proven leadership. Hands-on experience with SIEM (e.g., Elastic Security, Sekoia, Splunk) and SOAR platforms is required. Strong experience in vulnerability management (e.g., DefectDojo, Dependency-Track) and remediation workflows is also necessary. Solid grasp of the cyber kill chain / attack lifecycle, detection engineering, and log source coverage is essential. Excellent problem-solving and communication skills are required, as well as the ability to operate in a fast-paced startup environment.

XML job scraping automation by YubHub

Role summary Mistral AI is looking for a DevSecOps Engineer to architect and maintain the security posture of our rapidly scaling AI infrastructure and application lifecycle. You will treat security as a seamless enabler for our research and engineering teams. Your objective is to embed robust security controls into our CI/CD pipelines, infrastructure environments, and developer workflows, without compromising deployment velocity.

Responsibilities • Drive threat modeling and risk prioritization exercises, serving as the security counterpart to system-design reviews for our core infrastructure and new products. • Own end-to-end vulnerability management across CI/CD pipelines and runtime environments, covering both underlying infrastructure and applications. • Secure our Kubernetes deployments and containerized workloads, implementing advanced pod and node hardening to prevent lateral movement across distributed systems. • Define and enforce Infrastructure-as-Code security by building robust Terraform guardrails and integrating policy-as-code directly into deployment pipelines. • Design and execute a comprehensive security tooling strategy, managing solutions for CNAPP, CSPM, SAST, SCA, secrets management, and SBOM-CVE tracking. • Champion developer enablement by building secure defaults, streamlining remediation workflows, and drafting actionable security guidelines. • Build foundational security automation to scale alongside hyper-growth, minimizing manual overhead while establishing a pragmatic security culture from the ground up.

About you • 5+ years of experience in DevSecOps, Security Engineering, or Cloud Security, ideally acting as an early security hire in a fast-paced or hyper-scale environment. • Deep understanding of Kubernetes and container security, alongside strong experience securing Infrastructure-as-Code (Terraform) across major cloud providers. • Strong programming and scripting skills (Python, Go, or similar) to build security automation and seamlessly integrate diverse security tools into the developer workflow. • Extensive experience deploying and tuning modern security tooling with a pragmatic approach to vulnerability management and threat modeling. • Strong communication skills with a proven track record of partnering with developers and researchers to embed secure defaults without creating engineering friction.

XML job scraping automation by YubHub

With Greenlight, parents can automate allowance, manage chores, set flexible spend controls, and invest for their family's future. Kids and teens learn to earn, save, spend wisely, and invest.

At Greenlight, we believe every child should have the opportunity to become financially healthy and happy. It's no small task, and that's why we leap out of bed every morning to come to work. Because creating a better, brighter future for the next generation depends on it.

Greenlight's internship is a paid program for current college students. Throughout the internship, you'll collaborate on thoughtful projects and bring your fresh perspectives to impact our product and families.

We are looking for a Security Intern to join Greenlight's Security team. In this role, you will be a proactive defender, meticulous auditor, and a dash of collaborative problem-solver.

As a Security Intern, you won't just follow checklists or scan code, but rather you will be a part of developing secure processes and ensuring compliance that protects our applications and informs strategic security decisions.

This is the perfect opportunity for an individual who is passionate about cybersecurity, has the drive to solve complex security problems, and is comfortable working in a fast-paced environment and dealing with ambiguity.

You will work closely with our Product Security and Governance, Risk, and Compliance (GRC) teams to assess security risks, support vulnerability management, and contribute to the development of security policies.

Strong team orientation is a must-have.

What you will be doing:

• Apply security principles and coursework in a real-world application security environment.
• Dive into security tool data (e.g., vulnerability scanners, SAST/DAST) to explore and prepare data for analysis related to application risk.
• Collaborate with the security team to conduct analysis that drives risk-based decision-making for application security posture.
• Visualize application security posture and compliance results in interactive dashboards used by security and engineering leaders.
• Contribute to the documentation of security controls, risks, and compliance requirements to enable better understanding and adherence across the organization.
• QA and validate security governance and compliance data to ensure top data quality and consistent reporting on risk and control status.
• Perform exploratory data analysis on security events, vulnerabilities, and control metrics to identify patterns, trends, and anomalies related to application risk and compliance.
• Stakeholder Communication - Presenting your findings and security recommendations to application owners and governance stakeholders to drive remediation and compliance adherence.

What you should bring:

• A 3.0 GPA or higher
• Strong background in cybersecurity risks & principles, system controls, and/or computing
• Currently pursuing a degree in Cybersecurity, Information Systems, Computer Science or a related field
• Experience with Python, SQL or Java is a plus
• Ability to thrive in a fast-paced, entrepreneurial, high-energy environment with shifting priorities
• Comfortable dealing with ambiguity, making assumptions, and drawing conclusions
• Strong communication skills
• Local residency in the Atlanta area for the summer of 2026
• A desire to support our mission to shine a light on the world of money for kids, teens and families.
• A willingness to learn and adapt as needed in a fast-paced environment.
• Attention to detail
• Excitement for the Greenlight product and excitement to learn about the fintech industry

Learning Opportunities:

• Hands-on experience working with real security tools and vulnerability data (SAST/DAST) to assess application risk
• Build data analysis and visualization skills by turning security insights into dashboards used by engineering and security leaders
• Collaborate with Product Security and GRC teams to influence real security decisions, policies, and risk remediation in a live fintech environment

Additional Information

Who we are: It takes a special team to aim for a never-been-done-before mission like ours. We’re looking for people who love working together because they know it makes us stronger, people who look to others and ask, “How can I help?” and then “How can we make this even better?” If you’re ready to roll up your sleeves and help create a world where every child grows up to be happy and healthy in money and life, apply to join our team.

Greenlight is an equal opportunity employer and will not discriminate against any employee or applicant based on age, race, color, national origin, gender, gender identity or expression, sexual orientation, religion, physical or mental disability, medical condition (including pregnancy, childbirth, or a medical condition related to pregnancy or childbirth), genetic information, marital status, veteran status, or any other characteristic protected by federal, state or local law. Greenlight is committed to an inclusive work environment and interview experience. If you require reasonable accommodations to participate in our hiring process, please reach out to your recruiter directly or email accomodations@greenlight.me.

XML job scraping automation by YubHub

As a seasoned cybersecurity professional, you will architect and implement scalable, resilient automation frameworks that seamlessly integrate SIEM, SOAR, EDR/XDR, cloud security, identity, vulnerability management, and threat intelligence platforms.

You will design and deploy AI/LLM-enabled workflows to enhance alert triage, enrichment, investigation summarization, decision support, and response actions.

You will collaborate closely with internal stakeholders and external teams to align security outcomes with business priorities.

You will foster a culture of engineering excellence and continuous improvement within SecOps.

Key responsibilities include:

• Owning and defining the end-to-end automation and orchestration strategy for Security Operations
• Architecting and implementing scalable, resilient automation frameworks
• Designing and deploying AI/LLM-enabled workflows
• Collaborating with internal stakeholders and external teams
• Fostering a culture of engineering excellence and continuous improvement

Requirements include:

• 10+ years of experience in cybersecurity
• Expertise in designing and deploying large-scale security automation and orchestration in enterprise environments
• Hands-on experience with SOAR platforms, SIEMs, EDR/XDR, and security telemetry pipelines
• Proven ability to apply AI/ML, including LLM-based agentic technologies, to security workflows
• Advanced scripting and automation skills
• Strong data analytics skills
• Solid systems architecture skills
• Excellent written and verbal communication skills

As a member of the Synopsys Cybersecurity team, you will work alongside experts in SOC, IR, Threat Intelligence, Detection Engineering, and more, collaborating to build resilient, scalable, and innovative security solutions.

Synopsys offers a comprehensive range of health, wellness, and financial benefits to cater to your needs. Our total rewards include both monetary and non-monetary offerings.

XML job scraping automation by YubHub

You will collaborate with IT and engineering teams to establish and track patching and remediation priorities, focusing on CMMC scoring impact. You will maintain ownership of all Plans of Action and Milestones (POA&Ms), validating remediation closure evidence, and ensuring alignment with DoD and CMMC requirements. You will also support continuous control monitoring activities for ongoing compliance between assessments.

As a Cyber Security Engineer, you will communicate compliance posture, risks, and remediation status to both technical and non-technical audiences, and support user and stakeholder education. You will also escalate unresolved compliance or remediation risks to cybersecurity and audit leadership as appropriate.

This is an exciting opportunity to join a driven and collaborative Cybersecurity team at Synopsys, working alongside experts in IT, Engineering, and Business Operations. You will report to the Executive Director of Cybersecurity and play a central role in audit readiness, evidence management, and cross-functional collaboration.

To be successful in this role, you will need:

• Security+ (SEC+) or equivalent industry-recognized cybersecurity certification
• 4+ years of experience performing Information Assurance, ISSO, ISSE, or equivalent cybersecurity assurance functions
• 2+ years supporting cybersecurity operations in a DoD or defense-adjacent enterprise environment
• Experience supporting NIST SP 800-171, RMF-aligned, or CMMC-related compliance activities
• Ability to obtain and maintain a U.S. DoD, FBI, or DHS security clearance
• Strong technical understanding of modern hardware, software, and enterprise infrastructure environments
• Familiarity with vulnerability management platforms, compliance evidence repositories, and security monitoring outputs
• Excellent organizational, prioritization, and time-management skills
• Strong analytical and problem-solving abilities with attention to detail
• Ability to work effectively across technical and non-technical teams to resolve complex compliance issues
• Strong written and verbal communication skills, including the ability to present information to leadership and stakeholder groups
• Demonstrated ability to manage multiple competing priorities in a high-assurance environment

If you are a collaborative team player who thrives in cross-functional environments, detail-oriented and diligent, proactive and resourceful, clear communicator who can translate technical concepts to non-technical audiences, analytical thinker with strong problem-solving skills, adaptable and resilient, and ethical and trustworthy, committed to maintaining high standards of integrity and confidentiality, then we encourage you to apply for this exciting opportunity.

XML job scraping automation by YubHub

We are looking for a SOC (Security Operations Center) Team Lead to build and lead our SOC function end-to-end. You will own vulnerability management, alerting and detection engineering, incident response, and the security tooling/infrastructure that enable these missions. You’ll define processes, collaborate closely with Product, Infra and IT, and continuously improve detection quality and response time.

Key responsibilities

• Lead & grow the team: Manage the SOC team, shape the roadmap, delegate effectively, and mentor engineers.

• Drive operations: - Define vulnerability management processes and coordinate stakeholders for timely remediation. - Design, implement, and operate SIEM/SOAR infrastructure (ingestion, normalization, correlation, alerting, playbooks). - Specify logging requirements across our main stacks and centralize telemetry in the SIEM. - Develop and tune correlation rules and detections; manage CTI intake and operationalize intel. - Run continuous improvement to reduce false positives and raise signal quality. - Establish crisp procedures for alert triage, escalation, and incident handling & investigation. - Lead incident communications with stakeholders and ensure thorough documentation.

• Engineering & enablement: - Contribute to security tooling, automation, and integrations that speed up detection/response. - Produce guidance and documentation for product/infra teams; contribute to compliance in the SOC perimeter.

• Exercises & assurance: - Coordinate red/blue exercises, post-mortems, and targeted audits to validate coverage and resilience.

Requirements

• 8+ years of experience leading SOC/CSIRT functions, with proven leadership.

• Hands-on with SIEM (e.g., Elastic Security, Sekoia, Splunk) and SOAR platforms.

• Strong experience in vulnerability management (e.g., DefectDojo, Dependency-Track) and remediation workflows.

• Solid grasp of the cyber kill chain / attack lifecycle, detection engineering, and log source coverage.

• Excellent problem-solving and communication skills; able to operate in a fast-paced startup environment.

• Builder mindset: pragmatic, automation-oriented, comfortable with ambiguity and ownership.

Nice to have

• Bring scripting/automation skills (e.g., Python, Bash) for data pipelines/playbooks.

• Know modern infra/app stacks (Linux, containers, Kubernetes, cloud), EDR/IDS/IPS.

• Have exposure to compliance frameworks (ISO 27001, SOC 2) and security audits/pen-tests.

• Have run purple team exercises and measurable detection-coverage programs.

• Are comfortable partnering with Product/Platform teams and influencing roadmaps.

XML job scraping automation by YubHub

What we're all about

At Quantexa, we're a team of innovators and problem solvers who are passionate about creating real change for our clients and their industries. We're driven by a desire to do things better than the last time, and we're always looking for talented individuals to join our team.

The opportunity

We're seeking a highly skilled Cyber Security Engineer to join our Security Operations team. As a Cyber Security Engineer, you will play a key part in protecting Quantexa's systems and data from cyber threats. You will be responsible for the day-to-day operation, optimisation, and monitoring of core security platforms, with a particular focus on Zscaler, Cloud monitoring through Wiz, and Endpoint Detection and Response through CrowdStrike.

Responsibilities

Wiz (Cloud Security Posture Management)

• Monitor and triage Wiz findings daily, validating alerts and determining operational impact.
• Perform tuning and threat hunting within Wiz and other tooling.
• Identify misconfigurations, excessive permissions, and exposed assets, escalating where required.
• Track remediation progress with engineering owners and ensure closure of high-priority issues.

Zscaler (Web Security Tunnel 2.0)

• Review and triage Zscaler alerts and policy violations, following documented response procedures.
• Investigate suspicious traffic, access attempts, and user activity to determine legitimacy and risk.
• Support enforcement actions by validating policy alignment and working with IT and Cloud teams to remediate issues.
• Monitor coverage and configuration across users and locations, identifying gaps or misconfigurations.
• Support policy tuning by analysing false positives and recommending rule or policy adjustments.
• Contribute to playbook development, operational maturity, and ongoing service readiness.

CrowdStrike (Endpoint Detection and Response)

• Review and triage endpoint detections, applying documented response steps.
• Execute containment actions, including network isolation and sensor troubleshooting.
• Validate full sensor coverage across the estate and address gaps in coordination with IT.
• Support tuning activities by analysing false positives and proposing rule refinements.
• Contribute to playbook improvements and operational readiness tasks.

Security Operations

• Conduct initial investigation of security incidents, collect evidence, and escalate based on severity with a keen eye on the quality of the output.
• Perform daily review of alerts across our SIEM, Wiz, CrowdStrike, and other platforms.
• Validate vulnerabilities and configuration weaknesses raised by scanning tools.
• Ability to interpret and operationalise threat intelligence, understand how it informs detection, prioritisation, and response activities, and clearly communicate technical threat intelligence to non-technical stakeholders.
• Support cloud security controls, identity hygiene checks, and network policy reviews.
• Contribute to the ongoing maturity and documentation of operational processes.

Collaboration and Ways of Working

• Act as a trusted operational partner to the Cyber Security Manager and the wider Information Security team, providing proactive support and consistent engagement.
• Partner closely with DevOps, IT, and Engineering teams to drive timely and effective remediation actions.
• Deliver clear and concise updates on incidents and operational activities proactively, without the need for prompting.
• Actively participate in team stand ups, contributing constructively to continuous improvement and operational maturity.
• Support senior engineers with platform enhancements, integrations, and controlled change activities.

What you'll bring

• Demonstrated hands-on experience with security operations, incident triage, or vulnerability management.
• Familiarity with EDR platforms (ideally CrowdStrike) and security telemetry analysis.
• Knowledge of cloud environments, particularly Azure including Entra and Conditional Access, and a good understanding of cloud security concepts.
• Ability to understand alert context, assess impact, and follow structured response processes.
• Strong attention to detail, disciplined documentation, and good communication skills.

Benefits

• Competitive salary
• Company bonus
• Hybrid workplace & free access to global WeWork locations & events
• Pension Scheme with a company contribution of 6% (if you contribute 4% or more)
• 25 days annual leave
• Flexible working hours
• Professional development opportunities
• Access to a range of employee benefits, including health insurance, gym membership, and more

XML job scraping automation by YubHub

The Application Security team at Anthropic is at the forefront of building security into every phase of the software development lifecycle. In this hands-on technical role, you will partner closely with software engineers and researchers to ensure security is a core consideration from initial design through implementation.

You will lead threat modeling and secure design reviews to proactively identify and mitigate risks early, and help with continuous risk assessment. You will build tools and systems to support developers shipping code securely, adhering to secure coding best practices.

Your insights will shape our tooling, detection capabilities, and defenses against emerging threats to AI/ML. You'll develop the standards, processes, and educational resources that enable all Anthropic engineers to be security champions.

Responsibilities:

• Help secure AI products and internal tools that are introducing industry-novel security risks and pushing established security boundaries
• Lead “shift left” security efforts to build security into the software development lifecycle
• Conduct secure design reviews and threat modeling. Identify and prioritise risks, attack surfaces, and vulnerabilities
• Develop tooling to scale security code reviews and respond to developer questions, including advising developers on remediating vulnerabilities and following secure coding practices
• Manage Anthropic's vulnerability management program, including integrating data ingestion pipelines, coding logic to prioritise vulnerability fixes, supporting teams remediating vulnerabilities and developing automated systems at scale
• Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with the ethical hacker community
• Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development
• Develop and document security policies, standards, and playbooks. Conduct security awareness training for engineers

You may be a good fit if you:

• Have 5+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments
• Strong proficiency in at least one programming language (e.g., Python, Rust, Go, Java)
• Lead with empathy, a collaborative spirit, and a learning mindset to work cross-functionally with engineers of all levels to build security into the software development life cycle
• Leverage creative and strategic thinking to reduce risk through secure design and simplicity, not just controls
• Possess broad security knowledge to connect the dots across domains and identify holistic ways to decrease the overall threat surface
• Are keen to distill complex security concepts into clear actions and drive consensus without direct authority
• Embody a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education
• Have a strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes
• Bring experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses
• Are practiced at collaborating cross-functionally and effectively balancing security requirements with business objectives
• Advocate for security fundamentals like least privilege, defence-in-depth, and eliminating complexity that could sub-linearly scale security through smart design

Strong candidates may also:

• Hands-on technical expertise securing complex cloud environments and microservices architectures leveraging technologies like Kubernetes, Docker, and AWS / GCP
• Exposure to offensive security techniques like vulnerability testing, bug bounty, pen testing, and red team exercises
• Familiarity with AI/ML security risks such as prompt injection, data poisoning, model extraction, etc. and mitigations
• Experience building security tools, applications, and automated tools
• Solid foundational knowledge of both software and security engineering principles and are keen to continue learning
• Excellent communication skills, able to distill complex security topics for broad audiences
• Worked and thrived in fast-paced environments, and comfortable navigating ambiguity

The annual compensation range for this role is $300,000 - $405,000 USD.

XML job scraping automation by YubHub

We’re looking for a Security Engineering Lead to own and drive Anthropic’s Corporate Security programme. This is a player-coach Tech Lead Manager (TLM) role: you’ll be both the most senior technical individual contributor on corporate security and the people leader for a lean, high-impact team of Security Engineers.

Corporate Security at Anthropic encompasses everything that protects our people, endpoints, networks, SaaS ecosystem, and corporate data—the full surface area outside of production infrastructure. The scope is broad and the team is deliberately small, which means you’ll need deep technical skills across multiple domains, strong judgment about where to invest, and a bias toward automation and engineering-driven solutions over manual process.

You’ll report into Security leadership and partner closely with IT, Infrastructure Security, Detection & Response, and GRC teams. This role is high-visibility and high-autonomy: you’ll be expected to define the roadmap, make architectural decisions, and represent Corporate Security across the company.

Responsibilities:

Technical Leadership & Hands-on Engineering

• Own the security architecture, tooling, and controls for Anthropic’s corporate environment end-to-end, including endpoint fleets (macOS, Windows, ChromeOS), campus and office networks, SaaS applications, mobile devices
• Design, build, and ship security automation, integrations, and internal tooling—including leveraging Claude and LLMs to accelerate security workflows
• Define and enforce security baselines, hardening standards, and configuration policies across all corporate platforms
• Define what it means to operate safely in an environment where AI agents act more like humans than actual humans
• Evaluate, select, deploy, and operate corporate security tools (EDR/XDR, MDM, ZTNA, CASB/SSPM, email security, DLP, browser security, etc.)
• Drive vulnerability management for corporate assets, including patch orchestration, risk-based prioritization, and exception management
• Lead security reviews of new SaaS adoptions, corporate infrastructure changes, and IT projects

People Leadership & Team Building

• Manage, mentor, and grow a purposefully lean team of Security Engineers; set clear expectations, run effective 1:1s, and create an environment where engineers do the best work of their careers
• Hire and build the team as scope expands—own the hiring bar and pipeline for Corporate Security Engineering roles
• Balance your own IC contributions with the team’s needs; know when to go deep on a problem yourself and when to delegate and coach
• Foster a culture of operational excellence, blameless incident review, and continuous improvement

Strategy & Cross-Functional Partnership

• Define and own the Corporate Security roadmap, aligning investments to Anthropic’s risk profile and growth trajectory
• Partner with IT Operations to ensure security is embedded in endpoint provisioning, network design, and SaaS lifecycle management
• Collaborate with Detection & Response on telemetry coverage, detection engineering, and incident handling for corporate-sourced events
• Partner with Infrastructure and Security Engineering teams to ensure security standards are consistent across all of Anthropic
• Communicate security posture, risks, and investment needs to Security leadership and cross-functional stakeholders clearly and persuasively

You may be a good fit if you:

• Have 8+ years of Security Engineering experience in a corporate/enterprise security domain (endpoint security, network security, SaaS security, identity, or a combination)
• Have 2+ years of experience managing or tech-leading a team of engineers, with a demonstrated track record of developing talent and shipping results through others
• Are a strong engineer who still writes code regularly—you can prototype a tool, write a detection, build an integration, or debug a complex configuration issue
• Have deep experience with macOS fleet security (this is our primary platform) and solid working knowledge of Windows and ChromeOS security
• Have hands-on experience deploying and operating EDR/XDR, MDM, ZTNA/zero trust, and identity security solutions at scale
• Understand modern SaaS security challenges: shadow IT, OAuth token sprawl, data exfiltration paths, SaaS-to-SaaS integrations, and SSPM/CASB tooling
• Can work independently with high autonomy, manage ambiguity, and make sound risk-based prioritization decisions in a fast-paced environment
• Have excellent communication skills and can translate complex security topics into clear recommendations for technical and non-technical audiences

Strong candidates may have:

• Securing corporate environments at high-growth AI, cloud, or developer-tools companies
• Maturing a Corporate Security function from early stage, including defining scope, selecting the initial toolset, and hiring the founding team
• Advanced macOS security (system extensions, endpoint security framework, MDM profile engineering, Declarative Device Management)
• Network security architecture for hybrid/multi-office environments, including SD-WAN, ZTNA, DNS security, and network segmentation
• Browser security and isolation technologies (e.g., Island, Talon/Palo Alto, Chrome Enterprise)
• Proficiency in Python, Go, or similar languages for building sec

XML job scraping automation by YubHub

In this role, you will own cloud security across GCP (primary) and supplemental environments in AWS and Azure, as well as containerized systems, SaaS platforms, and our multi-tenant AI infrastructure. You’ll improve our security posture through strong architecture, posture management, secure-by-default development practices, and close partnership with Engineering, Compliance, Security Architecture, and Platform teams.

This is a highly impactful, hands-on leadership role—perfect for someone who wants to solve complex security challenges at scale while influencing product, engineering, and go-to-market teams.

Cloud Security Engineering

• Lead configuration hardening across GCP, with additional oversight of workloads and integrations running in AWS and Azure.
• Own and optimise CSPM platforms across multi-cloud environments—establishing configuration baselines, guardrails, and remediation workflows.
• Secure critical SaaS platforms, ensuring proper configurations, access controls, and engineering integrations.
• Lead infrastructure vulnerability management across multi-cloud systems, containers, registries, and platform services.
• Enhance security across containerised and Kubernetes (GKE/EKS/AKS) workloads, including runtime protections, network policies, and workload identity.
• Assess secure logging configurations across cloud/SaaS providers, ensuring audit logs, retention, and routing meet monitoring and architecture needs.

Secure Development & Architecture Enablement

• Partner with engineering teams to make services secure by default, embedding security into development workflows, CI/CD pipelines, and cloud-native deployments.

Cross-Functional Responsibilities

• Collaborate with Security Monitoring, Compliance/GRC, Architecture, DevOps, Platform Engineering, and ML Infrastructure.
• Participate in communicating security advisories, best practices, and updates to Replit’s customers.
• Support incident investigations as a cloud security subject-matter expert.

Required Skills & Experience:

• 7+ years of experience in cloud engineering, with 3+ years in a senior or lead role.
• Hands-on experience with CSPM tools (Wiz, Lacework, Prisma, Orca, SCC, etc.).
• Deep expertise in GCP security (IAM, VPC, KMS, GKE, Cloud Logging).
• Experience securing and governing SaaS platforms and identity integrations.
• Operational experience with infrastructure vulnerability management across cloud and container environments.
• Working knowledge of AWS and/or Azure security services and configurations.
• Experience with container and Kubernetes security across GKE, EKS, or AKS.
• Strong IaC security experience with Terraform, Pulumi, or similar tooling.
• Familiarity with compliance standards (SOC 2, ISO 27001, PCI DSS).

Preferred Qualifications:

• Experience supporting engineering teams in building secure-first, cloud-native or PaaS environments.
• Background securing AI/ML pipelines, model-serving infrastructure, or developer platform services.
• Experience in high-growth technology or cloud-native product companies.
• Experience with securing AI/agentic systems and sensitive data pipelines.
• Automation/scripting with Python.
• Relevant certifications (e.g., GCP Professional Cloud Security Engineer, AWS/Azure security certs).

What We Value:

• Problem-solving mindset — Ability to break down complex security and operational challenges into clear engineering solutions.
• Autonomy — Comfortable leading initiatives, collaborating effectively, and driving outcomes with minimal oversight.
• Communication excellence — Able to translate deep technical concepts for engineers, executives, and enterprise customers.
• Continuous learning — Passion for staying current with AI security, cloud-native advances, and emerging threats.
• Automation-first approach — Belief in reducing operational toil and building scalable, self-healing systems.

Full-Time Employee Benefits Include:

• Competitive Salary & Equity
• 401(k) Program with a 4% match
• Health, Dental, Vision and Life Insurance
• Short Term and Long Term Disability
• Paid Parental, Medical, Caregiver Leave
• Commuter Benefits
• Monthly Wellness Stipend
• Autonomous Work Environment
• In Office Set-Up Reimbursement
• Flexible Time Off (FTO) + Holidays
• Quarterly Team Gatherings
• In Office Amenities

XML job scraping automation by YubHub

This role requires strong technical ability to reproduce vulnerabilities, deep understanding of web/app/cloud exploit classes, and experience operating bug bounty and coordinated disclosure programs. You will work closely with Engineering, Cloud Security, SecOps, SRE, and IT teams to ensure vulnerabilities are fixed quickly and communicated responsibly.

Vulnerability Intake, Triage & Validation

• Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels.
• Independently validate, reproduce, severity-score, and document findings.
• Identify duplicates and maintain a clean vulnerability records pipeline.
• Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorisation risks (Oauth, OIDC).

Remediation Coordination & SLA Management

• Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation.
• Provide detailed reproduction steps, proof-of-concepts, and technical analyses.
• Track SLAs, remediation progress, regression testing, and systemic improvements.
• Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance.

Bug Bounty & Vulnerability Disclosure Program Management

• Design and evolve the bug bounty program, including scope, rules, and reward structures.
• Manage platform selection, private vs. public launches, and community engagement.
• Communicate clearly with researchers, provide clarifications, and handle feedback or disputes.
• Determine reward payouts, bonus decisions, and recognition for top contributors.

Coordinated Disclosure & CVE Management

• Lead the coordinated vulnerability disclosure process for internal and external findings.
• Negotiate disclosure timelines with researchers and partners.
• Coordinate CVE assignments and publications, and prepare customer/public advisories.

Required Skills

• Experience running or triaging for bug bounty programs (HackerOne ideally).
• Strong ability to triage, validate, and reproduce vulnerabilities independently.
• Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc.
• Familiarity with cloud platforms (GCP preferred) and SaaS architectures.
• Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals.

Nice to Have

• Scripting or automation experience (Python, Go, Bash).
• Pentesting background or exposure to offensive security work.
• Familiarity with compliance frameworks such as SOC 2 and ISO 27001.
• Experience authoring public advisories or CVE writeups.
• Hands-on experience with SIEM, Cloud Logging, and investigative tooling.

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.

Full-Time Employee Benefits Include:

• Competitive Salary & Equity
• 401(k) Program with a 4% match
• Health, Dental, Vision and Life Insurance
• Short Term and Long Term Disability
• Paid Parental, Medical, Caregiver Leave
• Commuter Benefits
• Monthly Wellness Stipend
• Autonomous Work Environment
• In Office Set-Up Reimbursement
• Flexible Time Off (FTO) + Holidays
• Quarterly Team Gatherings
• In Office Amenities

Want to learn more about what we are up to?

• Meet the Replit Agent
• Replit: Make an app for that
• Replit Blog
• Amjad TED Talk

Interviewing + Culture at Replit

• Operating Principles
• Reasons not to work at Replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.

Compensation Range: $180K - $325K

XML job scraping automation by YubHub

Location

Tokyo, Japan

Employment Type

Full time

Location Type

Hybrid

Department

About the Team

The Technical Success team is responsible for ensuring the safe and effective deployment of ChatGPT and OpenAI API applications for developers and enterprises, acting as a trusted advisor so customers maximize value from our models and products.

As OpenAI’s enterprise footprint grows—especially across regulated industries—security and compliance diligence is increasingly happening live with CISOs, risk teams, privacy officers, and auditors.

About the Role

We are hiring a Security Solutions Engineer to serve as the customer-facing security and compliance pre-sales subject matter expert for priority customer accounts—especially in regulated industries. You will lead security deep dives, diligence workflows, and questionnaires, and help customers understand OpenAI’s security posture, controls, and architectural patterns.

This role is designed to increase deal velocity and customer confidence while reducing the operational load on internal security teams by owning the customer-facing workstream and escalating selectively.

In this role, you will

• Lead customer security engagements end-to-end: discovery, security deep dives, live calls, follow-ups, and action tracking—especially for regulated customers.

• Own security questionnaires/RFIs for priority customers: coordinate inputs, ensure accuracy, drive turnaround time, and manage escalations.

• Translate security posture into customer-relevant narratives: data flows, tenant boundaries, identity and access controls, encryption, logging/monitoring, incident response, privacy controls, and risk mitigations.

• Guide customers to standardized resources (e.g., trust collateral) and explain what is standard vs. what requires escalation or exceptions.

• Partner closely with GRC and Security teams to escalate non-standard requirements, clarify control intent, and ensure customer-facing responses remain aligned with approved posture.

• Create scalable enablement: playbooks, FAQs, response libraries, and training that reduce repeated work for Solutions Engineers and Sales.

• Represent the voice of regulated customers internally by identifying themes and recurring blockers; propose improvements to packaging, documentation, and product readiness.

You’ll thrive in this role if you

• Have 5+ years (guideline) in a customer-facing security role such as security pre-sales/solutions engineering, security consulting, security architecture, or GRC-adjacent customer advisory in B2B SaaS or cloud environments.

• Can credibly engage and influence CISOs, security architects, privacy teams, and procurement/risk stakeholders in real-time discussions.

• Understand modern cloud/security fundamentals: IAM, network/security architecture, encryption/key management concepts, logging/monitoring, vulnerability management, incident response, and secure SDLC.

• Are strong in structured writing and can produce crisp, consistent answers under time pressure (questionnaires, RFIs, executive summaries).

• Can operate in ambiguity, own problems end-to-end, and create repeatable processes that scale beyond yourself.

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass and value the many different perspectives, voices, and experiences that form the full spectrum of humanity.

XML job scraping automation by YubHub

The Technical Success team is responsible for ensuring the safe and effective deployment of ChatGPT and OpenAI API applications for developers and enterprises, acting as a trusted advisor so customers maximize value from our models and products.

As OpenAI’s enterprise footprint grows—especially across regulated industries—security and compliance diligence is increasingly happening live with CISOs, risk teams, privacy officers, and auditors.

About the Role

We are hiring a Security Solutions Engineer to serve as the customer-facing security and compliance pre-sales subject matter expert for priority customer accounts—especially in regulated industries. You will lead security deep dives, diligence workflows, and questionnaires, and help customers understand OpenAI’s security posture, controls, and architectural patterns.

This role is designed to increase deal velocity and customer confidence while reducing the operational load on internal security teams by owning the customer-facing workstream and escalating selectively.

This role is based in Singapore. We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.

In this role, you will

• Lead customer security engagements end-to-end: discovery, security deep dives, live calls, follow-ups, and action tracking—especially for regulated customers.

• Own security questionnaires/RFIs for priority customers: coordinate inputs, ensure accuracy, drive turnaround time, and manage escalations.

• Translate security posture into customer-relevant narratives: data flows, tenant boundaries, identity and access controls, encryption, logging/monitoring, incident response, privacy controls, and risk mitigations.

• Guide customers to standardized resources (e.g., trust collateral) and explain what is standard vs. what requires escalation or exceptions.

• Partner closely with GRC and Security teams to escalate non-standard requirements, clarify control intent, and ensure customer-facing responses remain aligned with approved posture.

• Create scalable enablement: playbooks, FAQs, response libraries, and training that reduce repeated work for Solutions Engineers and Sales.

• Represent the voice of regulated customers internally by identifying themes and recurring blockers; propose improvements to packaging, documentation, and product readiness.

You’ll thrive in this role if you

• Have 5+ years (guideline) in a customer-facing security role such as security pre-sales/solutions engineering, security consulting, security architecture, or GRC-adjacent customer advisory in B2B SaaS or cloud environments.

• Can credibly engage and influence CISOs, security architects, privacy teams, and procurement/risk stakeholders in real-time discussions.

• Understand modern cloud/security fundamentals: IAM, network/security architecture, encryption/key management concepts, logging/monitoring, vulnerability management, incident response, and secure SDLC.

• Are strong in structured writing and can produce crisp, consistent answers under time pressure (questionnaires, RFIs, executive summaries).

• Can operate in ambiguity, own problems end-to-end, and create repeatable processes that scale beyond yourself.

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass and value the many different perspectives, voices, and experiences that form the full spectrum of humanity.

XML job scraping automation by YubHub

What you'll do

You will be responsible for the strategic development and operational management of SOC and CDC projects with a focus on SIEM, XDR, SOAR, and vulnerability management solutions. This includes responsibility for architecture, transition, and optimization of detection and response platforms (e.g. SIEM modernization, XDR introduction, tool rollouts, detection engineering).

• Strategische Weiterentwicklung und operative Steuerung von SOC- und CDC-Projekten mit Fokus auf SIEM-, XDR-, SOAR- und Vulnerability-Management-Lösungen
• Verantwortung für Architektur, Transition und Optimierung von Detection- und Response-Plattformen (z. B. SIEM-Modernisierung, XDR-Einführung, Tool-Rollouts, Detection Engineering)

What you need

To be successful in this role, you will need the following skills:

• Abgeschlossenes Studium im MINT-Bereich oder vergleichbare Qualifikation sowie mindestens 5–7 Jahre Berufserfahrung in der Cyber Security mit Schwerpunkt SOC, SIEM, XDR oder Detection Engineering
• Leidenschaft für Security-Architekturen, Incident Response, Detection Use Cases und idealerweise Vulnerability Management
• Expertise im Unternehmerischen Denken sowie Erfahrung in Projektleitung, Presales oder Business Development im Beratungsumfeld und idealer Weise Erfahrung mit Microsoft Sentinel, Microsoft Defender, Crowdstrike oder PaloAlto Cortex SOAR

XML job scraping automation by YubHub