Create an Account
Create an account for powerful AI tools, award-winning courses, and access to our vibrant community.
or
Already have an account?
Create an account for powerful AI tools, award-winning courses, and access to our vibrant community.
Already have an account?
Join 250,000+ professionals and teams at Microsoft, Shopify, and even NASA. 🚀
Already have an account? Login
Find the best remote jobs. Answer a few questions and we'll deploy a powerful assistant to help you search, create alerts, and more.
1 What roles are you open to?
2 Experience level
3 Work style
Did you know? If memory is enabled, Writing.io can remember your job search preferences and help you to improve your resume, craft customized outreach and more.
Category
Design and develop software solutions for cloud infrastructure security, including DevSecOps automation, access controls, detection systems, and vulnerability management.
All roles at JumpCloud® are Remote unless otherwise specified in the Job Description.
JumpCloud® is the AI-powered unified IT management platform designed to secure the modern workforce. By consolidating identity, device, and access management, JumpCloud provides intelligent, secure IT that scales from human users to autonomous AI agents. We help organizations around the globe eliminate complexity and turn AI risk into an optimized advantage, ensuring the right people and agents have secure access to the right resources at all times.
As a Security Engineer on the DevSecOps Team, you will be responsible for designing and developing software solutions for protecting data and infrastructure deployed into the cloud. The Security organization is composed of SecOps, GRC, and DevSecOps functions, but all functions work closely together so you will be exposed to many different security areas.
Infrastructure & Automation: Build and maintain infrastructure, including custom software and vendor integrations, to support Engineering’s Security needs (Product Security and Infrastructure Security).
Cloud Access Engineering: Design and implement secure, automated self-service workflows for cloud infrastructure access and privilege escalation (AWS/GCP).
Detection & Logging: Manage security infrastructure and SIEM configurations via Infrastructure as Code (Terraform) to ensure a highly auditable detection environment. Build and manage high-volume security data pipelines to ensure forensic logs are retained efficiently and cost-effectively.
Vulnerability & Posture Management: Help design, overhaul, and improve custom vulnerability aggregation systems to streamline remediation efforts. Manage and tune Cloud Security Posture Management (CSPM) and container security platforms to ensure optimal coverage and reduce alert fatigue.
Software Supply Chain & AppSec: Integrate and manage Software Supply Chain Security tooling to protect our developer ecosystem. Partner with Engineering to scale our threat modeling program, including developing automated and AI-assisted threat modeling pipelines built directly into the developer workflow.
4 years of software engineering experience with a strong interest or background in security engineering
Proficient in writing Golang or Python (more than simple scripts)
Experience with either AWS or GCP
Experience with Terraform
Experience with GitHub Actions
Excellent written and oral communication
Views security as an enabler, not an inhibitor to innovation
Results oriented and self driven
High level of integrity
Ownership and accountability
Clear communication
Creative problem solver
Passionate about security
You must be available for on-call (after hours) duties for any internal tools/services this team owns
Serve as a responder in the on-call rotation for security incidents and alert triage.
Where you’ll be working/Location:
JumpCloud is committed to being Remote First, meaning that you are able to work remotely within the country noted in the Job Description.
You must be located in and authorized to work in the country noted in the job description to be considered for this role.
Please note: There is an expectation that our engineers participate in on-call shifts. You will be expected commit to being ready and able to respond during your assigned shift, so that alerts don’t go unaddressed.
Language:
JumpCloud has teams in 15+ countries around the world and conducts our internal business in English. The interview and any additional screening process will take place primarily in English. To be considered for a role at JumpCloud, you will be required to speak and write in English fluently. Any additional language requirements will be included in the details of the job description.
Why JumpCloud?
If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about.
One of JumpCloud’s three core values is to “Build Connections.” To us that means creating “ human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed.” - Rajat Bhargava, CEO
Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud. Please note JumpCloud is not accepting third party resumes at this time.
JumpCloud is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Scam Notice:
Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of JumpCloud. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that JumpCloud will never ask for any personal account information, such as credit card details or bank account numbers, during the recruitment process. Additionally, JumpCloud will never send you a check for any equipment prior to employment.
All communication related to interviews and offers from our recruiters and hiring managers will come from official company email addresses (@jumpcloud.com) and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent JumpCloud and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at [email protected] with the subject line “Scam Notice”
#LI-Remote #BI-Remote
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, transcribing or summarizing interviews, and assessing responses. These tools assist our recruitment team but do not replace human judgment in hiring decisions, which are ultimately made by humans. Please see our Privacy Policy (https://jumpcloud.com/privacy) for more information about our personal data practices.
Design and develop security infrastructure, automation, and cloud access controls while managing SIEM configurations, vulnerability systems, and security tooling across cloud platforms.
All roles at JumpCloud® are Remote unless otherwise specified in the Job Description.
JumpCloud® is the AI-powered unified IT management platform designed to secure the modern workforce. By consolidating identity, device, and access management, JumpCloud provides intelligent, secure IT that scales from human users to autonomous AI agents. We help organizations around the globe eliminate complexity and turn AI risk into an optimized advantage, ensuring the right people and agents have secure access to the right resources at all times.
As a Security Engineer on the DevSecOps Team, you will be responsible for designing and developing software solutions for protecting data and infrastructure deployed into the cloud. The Security organization is composed of SecOps, GRC, and DevSecOps functions, but all functions work closely together so you will be exposed to many different security areas.
Infrastructure & Automation: Build and maintain infrastructure, including custom software and vendor integrations, to support Engineering’s Security needs (Product Security and Infrastructure Security).
Cloud Access Engineering: Design and implement secure, automated self-service workflows for cloud infrastructure access and privilege escalation (AWS/GCP).
Detection & Logging: Manage security infrastructure and SIEM configurations via Infrastructure as Code (Terraform) to ensure a highly auditable detection environment. Build and manage high-volume security data pipelines to ensure forensic logs are retained efficiently and cost-effectively.
Vulnerability & Posture Management: Help design, overhaul, and improve custom vulnerability aggregation systems to streamline remediation efforts. Manage and tune Cloud Security Posture Management (CSPM) and container security platforms to ensure optimal coverage and reduce alert fatigue.
Software Supply Chain & AppSec: Integrate and manage Software Supply Chain Security tooling to protect our developer ecosystem. Partner with Engineering to scale our threat modeling program, including developing automated and AI-assisted threat modeling pipelines built directly into the developer workflow.
4 years of software engineering experience with a strong interest or background in security engineering
Proficient in writing Golang or Python (more than simple scripts)
Experience with either AWS or GCP
Experience with Terraform
Experience with GitHub Actions
Excellent written and oral communication
Views security as an enabler, not an inhibitor to innovation
Results oriented and self driven
High level of integrity
Ownership and accountability
Clear communication
Creative problem solver
Passionate about security
You must be available for on-call (after hours) duties for any internal tools/services this team owns
Serve as a responder in the on-call rotation for security incidents and alert triage.
Where you’ll be working/Location:
JumpCloud is committed to being Remote First, meaning that you are able to work remotely within the country noted in the Job Description.
You must be located in and authorized to work in the country noted in the job description to be considered for this role.
Please note: There is an expectation that our engineers participate in on-call shifts. You will be expected commit to being ready and able to respond during your assigned shift, so that alerts don’t go unaddressed.
Language:
JumpCloud has teams in 15+ countries around the world and conducts our internal business in English. The interview and any additional screening process will take place primarily in English. To be considered for a role at JumpCloud, you will be required to speak and write in English fluently. Any additional language requirements will be included in the details of the job description.
Why JumpCloud?
If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about.
One of JumpCloud’s three core values is to “Build Connections.” To us that means creating “ human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed.” - Rajat Bhargava, CEO
Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud. Please note JumpCloud is not accepting third party resumes at this time.
JumpCloud is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Scam Notice:
Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of JumpCloud. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that JumpCloud will never ask for any personal account information, such as credit card details or bank account numbers, during the recruitment process. Additionally, JumpCloud will never send you a check for any equipment prior to employment.
All communication related to interviews and offers from our recruiters and hiring managers will come from official company email addresses (@jumpcloud.com) and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent JumpCloud and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at [email protected] with the subject line “Scam Notice”
#LI-Remote #BI-Remote
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, transcribing or summarizing interviews, and assessing responses. These tools assist our recruitment team but do not replace human judgment in hiring decisions, which are ultimately made by humans. Please see our Privacy Policy (https://jumpcloud.com/privacy) for more information about our personal data practices.
Leads threat modeling, manages cloud security findings, and partners with engineering teams to secure platform infrastructure while exploring AI-driven security automation.
LaunchDarkly’s Product Security team is hiring a Product Security Engineer II to strengthen how we secure the platform engineers build with every day. You’ll bring depth in security fundamentals and program design as a member of a small, high-leverage team with strong engineering instincts.
LaunchDarkly is critical infrastructure. Our security team keeps it safe for the global systems that depend on us. You’ll spend most of your time on threat modeling and cloud security posture, with rotating exposure to the rest of the ProdSec surface area. Your work will help developers move fast without sacrificing security, through automation, guidance, and the kind of partnership that makes the secure path the easy one.
You’ll report to the Director of Security and work closely with software engineers, product managers, and other security engineers. We expect you to bring a sharp point of view on where AI can take work off the team’s plate and make our coverage deeper.
Lead threat modeling engagements on the features and services where the risk warrants it.
Partner with the ProdSec lead to evolve the practice from on-request to repeatable, with clear criteria for when an engagement is worth running.
Own day-to-day triage of CNAPP findings end to end. Investigate, prioritize, route to service owners, and close the loop. Look for patterns that point to systemic fixes instead of one-off cleanup.
Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team’s work demands.
Partner with product engineering teams as a trusted reviewer. Catch issues early, explain the why, propose paths forward. Say no when needed, with reasons and alternatives.
Bring AI to the work. Use it to accelerate triage, summarize findings, draft threat models, scan code, and reduce toil. Help the team build durable patterns for safe and effective use, not one-off prompts.
Push the security floor up over time through documentation, office hours, small tooling improvements, and the kind of compounding work that prevents incidents rather than responds to them.
You’re proactive by default. You’d rather spot drift early and fix the cause than chase symptoms after an incident.
You believe security is a craft of habits and systems. Small consistent improvements beat heroic one-offs.
You invest in relationships with the engineering, product, and leadership teams you work with.
You know security work moves at the speed of trust.
You’re a good partner. You’re helpful and direct, you say no with reasons and alternatives, and you don’t mistake gatekeeping for rigor.
You’re security-first by background but engineering-curious by nature. You want to understand how the systems work, not just what’s wrong with them.
You treat AI as part of the toolkit. You’re skeptical where you should be, aggressive where it pays off, and you want to work somewhere that’s serious about both.
2 to 4 years of full-time experience in a security-focused role. AppSec, ProdSec, or cloud security preferred.
Comfortable reading and critiquing pull requests in a modern stack. You don’t need to ship production services, but you should follow the code, ask sharp questions, and write small tools when it helps.
Experience participating in or leading threat modeling exercises. Familiar with at least one structured approach (STRIDE, attack trees, or equivalent).
Working knowledge of cloud security posture. Exposure to a CNAPP is a strong plus.
Strong fundamentals: OWASP Top 10, authentication and authorization patterns, secrets management, common cloud misconfigurations.
Hands-on experience applying AI tooling to security or engineering work. You can point to specific examples where it changed how you operated.
Nice to Haves:
Experience with developer tools, SaaS platforms, or feature management
Bug bounty triage experience (HackerOne, Bugcrowd)
Familiarity with Go, Python, or TypeScript
Contributions to internal security tooling or open-source security projects
Pay:
Target pay ranges based on Geographic Zones* for Level 2:
LaunchDarkly operates from a place of high trust and transparency; we are happy to state the pay range for our open roles to best align with your needs. Exact compensation may vary based on skills, experience, and location.
*Within the United States, our geographic pay zones are defined by counties surrounding major metropolitan areas.
**Restricted Stock Units (RSUs), health, vision, and dental insurance, and mental health benefits in addition to salary.
Modern software delivery was supposed to be the foundation for a thriving digital business but reality has proven otherwise. Slow, inefficient development cycles, costly outages, and fragmented customer experiences are preventing developers from building their best software. The LaunchDarkly platform helps developers innovate on new features faster while protecting them with a safety valve to instantly rewind when things go wrong. Developers can target product experiences to any customer segment and maximize the business impact of every feature. And by gradually rolling out new application components, they escape nightmare “big-bang” technology migrations.
The LaunchDarkly platform was built to guide engineers to the next frontier of DevOps by:
At LaunchDarkly, we believe in the power of teams. We’re building a team that is humble, open, collaborative, respectful and kind. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, or disability status. LD invites any applicant to review our written Affirmative Action Plan. To do so, contact People Ops at hr@launchdarkly.com.
Do you need a disability accommodation?
Fill out this accommodations request form and someone from our People Operations team will contact you for assistance.
Your safety matters to us. To protect yourself from potential scams, LaunchDarkly recruiters will only contact you from @LaunchDarkly.com email addresses or via LinkedIn from “Verified Recruiter” accounts.Be cautious of emails from other domains. Legitimate LaunchDarkly recruiters will never ask for money, fees, or banking information before making a job offer. LaunchDarkly will never make a job offer without conducting a formal interview process. Our interview process does not involve asking detailed questions by email. If you are ever unsure about a communication that you receive, don’t click any links—visit Careers | LaunchDarkly directly for confirmed job openings and links to apply.
Please notify us of any fraudulent representation by sending an email to careers@launchdarkly.com.
Security engineer maintains custody systems, hardens signing infrastructure, builds anti-scam tooling, and conducts security reviews for blockchain protocols and systems.
Mysten Labs believes that decentralized and open protocols are the bedrock of the internet of value. This is why at Mysten Labs, we are creating foundational infrastructure to accelerate the adoption of decentralized protocols based on blockchain technologies.
Security engineers own the operational and software security of the Sui blockchain, wallet, Move language, and other Mysten systems.
Security engineers support and work closely with the engineers working on the sensitive components of these systems. In addition, they are the key points of contact for audit engagements and bug bounty reports.
We are hiring security engineers now as we expand the ecosystem and production services. We have a strong team in protocol security, but we need experts in operational and software security who can help us navigate the challenges of running world class infrastructure.
Responsibilities
Maintain and improve the custody systems that hold validator keys, operational keys, and important objects for Mysten-run smart contracts and general on-chain operations, including key generation, storage, access controls, signing workflows, aggregation, rotation, and recovery procedures
Harden the signing path end-to-end: review and improve the code, infrastructure, and operational practices around how transactions are authorized, reviewed, and submitted on-chain
Build and improve anti-scam and anti-abuse tooling for the Sui ecosystem, detecting phishing sites, malicious dApps, drainer contracts, and other threats that target Sui users, and partnering with wallet ecosystem teams on mitigations.
Conduct code and design reviews of components that interact with sensitive keys or handle on-chain assets, with a focus on cryptographic correctness, access control, and operational safety
Participate in investigation and response for security issues and incidents that touch custody or ecosystem abuse, and drive concrete fixes that prevent the same class of issue from recurring
Preferred Qualifications
3+ years of hands-on experience in security engineering, application security, or product security.
Knowledge relevant to key management in production, for example HSMs, cloud KMS, MPC or threshold-signature systems, hardware wallets, or comparable custody infrastructure.
Proficiency in one or more of: Rust, TypeScript, Python, or Move, and experience reviewing and writing security-sensitive code.
Solid understanding of applied cryptography fundamentals and the common ways cryptographic systems are misused in practice.
A builder mentality: comfortable operating with ambiguity, diving into unfamiliar codebases, and shipping the fix yourself rather than handing it off.
Strong written and verbal communication: you can explain a finding or an issue clearly to the engineer who needs to fix it and to a non-technical stakeholder who needs to understand the risk.
Interest in the web3 space is required; prior experience shipping in crypto, fintech, or other regulated/high-stakes environments is a plus.
Employment is contingent upon the successful completion of a background check, which may include verification of employment history, education credentials, criminal history, and other relevant information.
Regarding the recent rash of technology job scams: Be aware that emails from genuine Mysten Labs group recruiters will always come from the @ mystenlabs.com domain or related subdomains (e.g., mystenlabs.com/careers ). Remember: you can always verify positions on our job boards at www.mystenlabs.com/careers .
To support an efficient and fair hiring process, we may use technology-assisted tools, including artificial intelligence (AI), to help identify and evaluate candidates. All hiring decisions are ultimately made by human reviewers.
Our team is remote first and we are hiring across the world. Here at Mysten Labs, you’ll be joining a world-class team with tremendous growth potential as we bring the next billion users to web3. We raised a $300M Series B round from top Silicon Valley led venture funds like Jump Crypto, Andreessen Horowitz (a16z), Binance Labs, Redpoint, Lightspeed, Coinbase Ventures, Electric Capital, Standard Crypto, NFX, Slow Ventures, Scribble Ventures, Samsung Next, Lux Capital, among other investment firms and strategic partners. Come join us and build the future of web3!
Product Security Engineer II leads threat modeling, investigates cloud security findings, and partners with engineering teams to secure platform infrastructure while leveraging AI for triage and automation.
LaunchDarkly’s Product Security team is hiring a Product Security Engineer II to strengthen how we secure the platform engineers build with every day. You’ll bring depth in security fundamentals and program design as a member of a small, high-leverage team with strong engineering instincts.
LaunchDarkly is critical infrastructure. Our security team keeps it safe for the global systems that depend on us. You’ll spend most of your time on threat modeling and cloud security posture, with rotating exposure to the rest of the ProdSec surface area. Your work will help developers move fast without sacrificing security, through automation, guidance, and the kind of partnership that makes the secure path the easy one.
You’ll report to the Director of Security and work closely with software engineers, product managers, and other security engineers. We expect you to bring a sharp point of view on where AI can take work off the team’s plate and make our coverage deeper.
Lead threat modeling engagements on the features and services where the risk warrants it.
Partner with the ProdSec lead to evolve the practice from on-request to repeatable, with clear criteria for when an engagement is worth running.
Own day-to-day triage of CNAPP findings end to end. Investigate, prioritize, route to service owners, and close the loop. Look for patterns that point to systemic fixes instead of one-off cleanup.
Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the team’s work demands.
Partner with product engineering teams as a trusted reviewer. Catch issues early, explain the why, propose paths forward. Say no when needed, with reasons and alternatives.
Bring AI to the work. Use it to accelerate triage, summarize findings, draft threat models, scan code, and reduce toil. Help the team build durable patterns for safe and effective use, not one-off prompts.
Push the security floor up over time through documentation, office hours, small tooling improvements, and the kind of compounding work that prevents incidents rather than responds to them.
You’re proactive by default. You’d rather spot drift early and fix the cause than chase symptoms after an incident.
You believe security is a craft of habits and systems. Small consistent improvements beat heroic one-offs.
You invest in relationships with the engineering, product, and leadership teams you work with.
You know security work moves at the speed of trust.
You’re a good partner. You’re helpful and direct, you say no with reasons and alternatives, and you don’t mistake gatekeeping for rigor.
You’re security-first by background but engineering-curious by nature. You want to understand how the systems work, not just what’s wrong with them.
You treat AI as part of the toolkit. You’re skeptical where you should be, aggressive where it pays off, and you want to work somewhere that’s serious about both.
2 to 4 years of full-time experience in a security-focused role. AppSec, ProdSec, or cloud security preferred.
Comfortable reading and critiquing pull requests in a modern stack. You don’t need to ship production services, but you should follow the code, ask sharp questions, and write small tools when it helps.
Experience participating in or leading threat modeling exercises. Familiar with at least one structured approach (STRIDE, attack trees, or equivalent).
Working knowledge of cloud security posture. Exposure to a CNAPP is a strong plus.
Strong fundamentals: OWASP Top 10, authentication and authorization patterns, secrets management, common cloud misconfigurations.
Hands-on experience applying AI tooling to security or engineering work. You can point to specific examples where it changed how you operated.
Nice to Haves:
Experience with developer tools, SaaS platforms, or feature management
Bug bounty triage experience (HackerOne, Bugcrowd)
Familiarity with Go, Python, or TypeScript
Contributions to internal security tooling or open-source security projects
Pay:
Target pay ranges based on Geographic Zones* for Level 2:
LaunchDarkly operates from a place of high trust and transparency; we are happy to state the pay range for our open roles to best align with your needs. Exact compensation may vary based on skills, experience, and location.
*Within the United States, our geographic pay zones are defined by counties surrounding major metropolitan areas.
**Restricted Stock Units (RSUs), health, vision, and dental insurance, and mental health benefits in addition to salary.
Modern software delivery was supposed to be the foundation for a thriving digital business but reality has proven otherwise. Slow, inefficient development cycles, costly outages, and fragmented customer experiences are preventing developers from building their best software. The LaunchDarkly platform helps developers innovate on new features faster while protecting them with a safety valve to instantly rewind when things go wrong. Developers can target product experiences to any customer segment and maximize the business impact of every feature. And by gradually rolling out new application components, they escape nightmare “big-bang” technology migrations.
The LaunchDarkly platform was built to guide engineers to the next frontier of DevOps by:
At LaunchDarkly, we believe in the power of teams. We’re building a team that is humble, open, collaborative, respectful and kind. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, or disability status. LD invites any applicant to review our written Affirmative Action Plan. To do so, contact People Ops at hr@launchdarkly.com.
Do you need a disability accommodation?
Fill out this accommodations request form and someone from our People Operations team will contact you for assistance.
Your safety matters to us. To protect yourself from potential scams, LaunchDarkly recruiters will only contact you from @LaunchDarkly.com email addresses or via LinkedIn from “Verified Recruiter” accounts.Be cautious of emails from other domains. Legitimate LaunchDarkly recruiters will never ask for money, fees, or banking information before making a job offer. LaunchDarkly will never make a job offer without conducting a formal interview process. Our interview process does not involve asking detailed questions by email. If you are ever unsure about a communication that you receive, don’t click any links—visit Careers | LaunchDarkly directly for confirmed job openings and links to apply.
Please notify us of any fraudulent representation by sending an email to careers@launchdarkly.com.
Security engineer owns operational and software security for Sui blockchain systems, manages custody infrastructure, hardens signing paths, and responds to security incidents.
Mysten Labs believes that decentralized and open protocols are the bedrock of the internet of value. This is why at Mysten Labs, we are creating foundational infrastructure to accelerate the adoption of decentralized protocols based on blockchain technologies.
Security engineers own the operational and software security of the Sui blockchain, wallet, Move language, and other Mysten systems.
Security engineers support and work closely with the engineers working on the sensitive components of these systems. In addition, they are the key points of contact for audit engagements and bug bounty reports.
We are hiring security engineers now as we expand the ecosystem and production services. We have a strong team in protocol security, but we need experts in operational and software security who can help us navigate the challenges of running world class infrastructure.
Responsibilities
Maintain and improve the custody systems that hold validator keys, operational keys, and important objects for Mysten-run smart contracts and general on-chain operations, including key generation, storage, access controls, signing workflows, aggregation, rotation, and recovery procedures
Harden the signing path end-to-end: review and improve the code, infrastructure, and operational practices around how transactions are authorized, reviewed, and submitted on-chain
Build and improve anti-scam and anti-abuse tooling for the Sui ecosystem, detecting phishing sites, malicious dApps, drainer contracts, and other threats that target Sui users, and partnering with wallet ecosystem teams on mitigations.
Conduct code and design reviews of components that interact with sensitive keys or handle on-chain assets, with a focus on cryptographic correctness, access control, and operational safety
Participate in investigation and response for security issues and incidents that touch custody or ecosystem abuse, and drive concrete fixes that prevent the same class of issue from recurring
Preferred Qualifications
3+ years of hands-on experience in security engineering, application security, or product security.
Knowledge relevant to key management in production, for example HSMs, cloud KMS, MPC or threshold-signature systems, hardware wallets, or comparable custody infrastructure.
Proficiency in one or more of: Rust, TypeScript, Python, or Move, and experience reviewing and writing security-sensitive code.
Solid understanding of applied cryptography fundamentals and the common ways cryptographic systems are misused in practice.
A builder mentality: comfortable operating with ambiguity, diving into unfamiliar codebases, and shipping the fix yourself rather than handing it off.
Strong written and verbal communication: you can explain a finding or an issue clearly to the engineer who needs to fix it and to a non-technical stakeholder who needs to understand the risk.
Interest in the web3 space is required; prior experience shipping in crypto, fintech, or other regulated/high-stakes environments is a plus.
Employment is contingent upon the successful completion of a background check, which may include verification of employment history, education credentials, criminal history, and other relevant information.
Regarding the recent rash of technology job scams: Be aware that emails from genuine Mysten Labs group recruiters will always come from the @ mystenlabs.com domain or related subdomains (e.g., mystenlabs.com/careers ). Remember: you can always verify positions on our job boards at www.mystenlabs.com/careers .
To support an efficient and fair hiring process, we may use technology-assisted tools, including artificial intelligence (AI), to help identify and evaluate candidates. All hiring decisions are ultimately made by human reviewers.
Our team is remote first and we are hiring across the world. Here at Mysten Labs, you’ll be joining a world-class team with tremendous growth potential as we bring the next billion users to web3. We raised a $300M Series B round from top Silicon Valley led venture funds like Jump Crypto, Andreessen Horowitz (a16z), Binance Labs, Redpoint, Lightspeed, Coinbase Ventures, Electric Capital, Standard Crypto, NFX, Slow Ventures, Scribble Ventures, Samsung Next, Lux Capital, among other investment firms and strategic partners. Come join us and build the future of web3!
Owns operational and software security for blockchain infrastructure, managing custody systems, hardening signing paths, and conducting security reviews for sensitive components.
Mysten Labs believes that decentralized and open protocols are the bedrock of the internet of value. This is why at Mysten Labs, we are creating foundational infrastructure to accelerate the adoption of decentralized protocols based on blockchain technologies.
Security engineers own the operational and software security of the Sui blockchain, wallet, Move language, and other Mysten systems.
Security engineers support and work closely with the engineers working on the sensitive components of these systems. In addition, they are the key points of contact for audit engagements and bug bounty reports.
We are hiring security engineers now as we expand the ecosystem and production services. We have a strong team in protocol security, but we need experts in operational and software security who can help us navigate the challenges of running world class infrastructure.
Responsibilities
Maintain and improve the custody systems that hold validator keys, operational keys, and important objects for Mysten-run smart contracts and general on-chain operations, including key generation, storage, access controls, signing workflows, aggregation, rotation, and recovery procedures
Harden the signing path end-to-end: review and improve the code, infrastructure, and operational practices around how transactions are authorized, reviewed, and submitted on-chain
Build and improve anti-scam and anti-abuse tooling for the Sui ecosystem, detecting phishing sites, malicious dApps, drainer contracts, and other threats that target Sui users, and partnering with wallet ecosystem teams on mitigations.
Conduct code and design reviews of components that interact with sensitive keys or handle on-chain assets, with a focus on cryptographic correctness, access control, and operational safety
Participate in investigation and response for security issues and incidents that touch custody or ecosystem abuse, and drive concrete fixes that prevent the same class of issue from recurring
Preferred Qualifications
3+ years of hands-on experience in security engineering, application security, or product security.
Knowledge relevant to key management in production, for example HSMs, cloud KMS, MPC or threshold-signature systems, hardware wallets, or comparable custody infrastructure.
Proficiency in one or more of: Rust, TypeScript, Python, or Move, and experience reviewing and writing security-sensitive code.
Solid understanding of applied cryptography fundamentals and the common ways cryptographic systems are misused in practice.
A builder mentality: comfortable operating with ambiguity, diving into unfamiliar codebases, and shipping the fix yourself rather than handing it off.
Strong written and verbal communication: you can explain a finding or an issue clearly to the engineer who needs to fix it and to a non-technical stakeholder who needs to understand the risk.
Interest in the web3 space is required; prior experience shipping in crypto, fintech, or other regulated/high-stakes environments is a plus.
Employment is contingent upon the successful completion of a background check, which may include verification of employment history, education credentials, criminal history, and other relevant information.
Regarding the recent rash of technology job scams: Be aware that emails from genuine Mysten Labs group recruiters will always come from the @ mystenlabs.com domain or related subdomains (e.g., mystenlabs.com/careers ). Remember: you can always verify positions on our job boards at www.mystenlabs.com/careers .
To support an efficient and fair hiring process, we may use technology-assisted tools, including artificial intelligence (AI), to help identify and evaluate candidates. All hiring decisions are ultimately made by human reviewers.
Our team is remote first and we are hiring across the world. Here at Mysten Labs, you’ll be joining a world-class team with tremendous growth potential as we bring the next billion users to web3. We raised a $300M Series B round from top Silicon Valley led venture funds like Jump Crypto, Andreessen Horowitz (a16z), Binance Labs, Redpoint, Lightspeed, Coinbase Ventures, Electric Capital, Standard Crypto, NFX, Slow Ventures, Scribble Ventures, Samsung Next, Lux Capital, among other investment firms and strategic partners. Come join us and build the future of web3!
Cybersecurity Analyst protects organizational digital assets and infrastructure from security threats and vulnerabilities.
Manages information security compliance, risk assessments, and regulatory frameworks like ISO 27001 and NIST CSF to protect organizational assets.
Evelyn Partners is a UK leader in wealth management, providing personalised, expert investment management and financial planning advice to support clients in embracing what’s next.
Our success hinges on our people and that’s our secret for longevity. We are a team of passionate professionals and everything we do is guided by our purpose – placing the power of good advice into more hands, we go further to understand the needs of our clients and what matters most to them. We’re here to help them make significant decisions with confidence, provide strong foundations for the future and guide them towards their goals.
What will you be doing?
We’re seeking a talented individual to join our team in Liverpool, which is responsible for the execution of day-to-day information security risk management activities and the enhancement of the overall effectiveness and efficiency of the information security risk management capabilities across the Evelyn Partners Enterprise.
You will play a crucial role in ensuring our organisation’s compliance with information security standards and frameworks, particularly Cyber Essentials, ISO 27001 and NIST Cybersecurity Framework (CSF) v2.
As Information Security Compliance Analyst, your responsibilities will include among others:
To be successful in this role, you should:
Desired:
As a colleague here at Evelyn Partners, you will have access to benefits that include:
We are proud to value the differences that a diverse workforce brings, representative of society and our clients. At Evelyn Partners we have a wide range of highly active employee resource groups and we’re delivering multiple diversity, equity and inclusion initiatives across the organisation. It is our commitment to provide a workspace where all colleagues, regardless of identity, background, or circumstance, feel respected as individuals and feel that they can achieve their full potential and work in a safe, supportive, and inclusive environment.
We are happy to make any reasonable adjustments to accommodate for your needs throughout the application process. Please let your Recruiter know.
Security Engineer owns and operates SOAR/SIEM platforms, builds automation playbooks, manages endpoint security, and responds to threats across the infrastructure.
The Basics
The Security Engineer will collaborate with Security, IT, and Engineering teams to defend and strengthen our security operations posture. You will be an integral part of the IT Security Engineering Team, responsible for owning and operating our SOAR and SIEM platforms, driving endpoint security initiatives, and building the automation and processes needed to detect, respond to, and remediate threats across the environment.
What you’ll do
We’re looking for someone with
Security Experience
Engineering Experience
Nice to Have
About Tanium
Tanium is the Autonomous IT company. Driven by AI and real-time endpoint intelligence, Tanium Autonomous IT empowers IT and security teams to make their organizations unstoppable.
Many of the world’s leading organizations trust Tanium’s single, unified platform for endpoint management and security to innovate faster, stay resilient and move business forward with confidence, at scale. To learn how Tanium delivers Autonomous IT for unstoppable business – visit www.tanium.com and follow us on LinkedIn and X.
On a mission. Together.
At Tanium, we are stewards of a culture that emphasizes the importance of collaboration, respect, and diversity. In our pursuit of revolutionizing the way some of the largest enterprises and governments in the world solve their most difficult IT challenges, we are strengthened by our unique perspectives and by our collective actions.
As a global organization with stakeholders around the world, it’s imperative that the diversity of our customers and communities is reflected internally in our team members. We strive to create a diverse and inclusive environment where everyone feels they have opportunities to succeed and grow because we know that only together can we do great things.
Our commitment to excellence and innovation has earned us a place on the Forbes Cloud 100 list for ten consecutive years, and we continue to be recognized worldwide as a great place to work.
Each of our team members has 5 days set aside as volunteer time off (VTO) to contribute to the communities they live in and give back to the causes they care about most.
What you’ll get
The annual base salary range for this full-time position is $113,000 to $173,000. This range is an estimate for what Tanium will pay a new hire. The actual annual base salary offered may be adjusted based on a variety of factors, including but not limited to, location, education, skills, training, and experience.
In addition to an annual base salary, team members will receive equity awards and a generous benefits package consisting of medical, dental and vision plan, family planning benefits, health savings account, flexible spending account, transportation savings account, 401(k) retirement savings plan with company match, life, accident and disability coverage, business travel accident insurance, employee assistance programs, disability insurance, and other well-being benefits.
For more information on how Tanium processes your personal data, please see our Privacy Policy
Security Engineer owns and operates SOAR/SIEM platforms, builds automation playbooks, manages endpoint security tools, and responds to threats across the infrastructure.
The Basics
The Security Engineer will collaborate with Security, IT, and Engineering teams to defend and strengthen our security operations posture. You will be an integral part of the IT Security Engineering Team, responsible for owning and operating our SOAR and SIEM platforms, driving endpoint security initiatives, and building the automation and processes needed to detect, respond to, and remediate threats across the environment.
What you’ll do
We’re looking for someone with
Security Experience
Engineering Experience
Nice to Have
About Tanium
Tanium is the Autonomous IT company. Driven by AI and real-time endpoint intelligence, Tanium Autonomous IT empowers IT and security teams to make their organizations unstoppable.
Many of the world’s leading organizations trust Tanium’s single, unified platform for endpoint management and security to innovate faster, stay resilient and move business forward with confidence, at scale. To learn how Tanium delivers Autonomous IT for unstoppable business – visit www.tanium.com and follow us on LinkedIn and X.
On a mission. Together.
At Tanium, we are stewards of a culture that emphasizes the importance of collaboration, respect, and diversity. In our pursuit of revolutionizing the way some of the largest enterprises and governments in the world solve their most difficult IT challenges, we are strengthened by our unique perspectives and by our collective actions.
As a global organization with stakeholders around the world, it’s imperative that the diversity of our customers and communities is reflected internally in our team members. We strive to create a diverse and inclusive environment where everyone feels they have opportunities to succeed and grow because we know that only together can we do great things.
Our commitment to excellence and innovation has earned us a place on the Forbes Cloud 100 list for ten consecutive years, and we continue to be recognized worldwide as a great place to work.
Each of our team members has 5 days set aside as volunteer time off (VTO) to contribute to the communities they live in and give back to the causes they care about most.
What you’ll get
The annual base salary range for this full-time position is $113,000 to $173,000. This range is an estimate for what Tanium will pay a new hire. The actual annual base salary offered may be adjusted based on a variety of factors, including but not limited to, location, education, skills, training, and experience.
In addition to an annual base salary, team members will receive equity awards and a generous benefits package consisting of medical, dental and vision plan, family planning benefits, health savings account, flexible spending account, transportation savings account, 401(k) retirement savings plan with company match, life, accident and disability coverage, business travel accident insurance, employee assistance programs, disability insurance, and other well-being benefits.
For more information on how Tanium processes your personal data, please see our Privacy Policy
Automates, secures, and monitors data integration and analytics platforms in a DoD cloud environment.
Designs and maintains cloud security infrastructure, builds DevSecOps tooling, and ensures secure deployment practices across enterprise systems.
Make a difference here.
UltraViolet Cyber is a leading platform-enabled unified security operations company providing a comprehensive suite of security operations solutions. Founded and operated by security practitioners with decades of experience, the UltraViolet Cyber security-as-code platform combines technology innovation and human expertise to make advanced real-time cybersecurity accessible for all organizations by eliminating risks of separate red and blue teams.
By creating continuously optimized identification, detection, and resilience from today’s dynamic threat landscape, UltraViolet Cyber provides both managed and custom-tailored unified security operations solutions to the Fortune 500, Federal Government, and Commercial clients. UltraViolet Cyber is headquartered in McLean, Virginia, with global offices across the U.S. and in India.
We are providing top tier engineering services to key customers across North America. This Cloud Security Engineer will be dedicated to supporting an enterprise SaaS customer of UltraViolet’s to operate our cloud security infrastructure and tooling, and to build cutting edge security tools to ensure our security posture.
The role will work on a diverse set of projects and will also include development of prototypes and proof-of-concepts.
$100,000 - $150,000 a year
UltraViolet Cyber maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect our company’s differing products, services, industries and lines of business. Candidates are typically placed into the range based on the preceding factors.
We sincerely thank all applicants in advance for submitting their interest in this position. We know your time is valuable.
UltraViolet Cyber welcomes and encourages diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability, or veteran status.
If you want to make an impact, UltraViolet Cyber is the place for you!
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
Builds and maintains cloud security infrastructure, develops DevSecOps tooling, and ensures security compliance across enterprise SaaS environments.
Make a difference here.
UltraViolet Cyber is a leading platform-enabled unified security operations company providing a comprehensive suite of security operations solutions. Founded and operated by security practitioners with decades of experience, the UltraViolet Cyber security-as-code platform combines technology innovation and human expertise to make advanced real-time cybersecurity accessible for all organizations by eliminating risks of separate red and blue teams.
By creating continuously optimized identification, detection, and resilience from today’s dynamic threat landscape, UltraViolet Cyber provides both managed and custom-tailored unified security operations solutions to the Fortune 500, Federal Government, and Commercial clients. UltraViolet Cyber is headquartered in McLean, Virginia, with global offices across the U.S. and in India.
We are providing top tier engineering services to key customers across North America. This Cloud Security Engineer will be dedicated to supporting an enterprise SaaS customer of UltraViolet’s to operate our cloud security infrastructure and tooling, and to build cutting edge security tools to ensure our security posture.
The role will work on a diverse set of projects and will also include development of prototypes and proof-of-concepts.
$100,000 - $150,000 a year
UltraViolet Cyber maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect our company’s differing products, services, industries and lines of business. Candidates are typically placed into the range based on the preceding factors.
We sincerely thank all applicants in advance for submitting their interest in this position. We know your time is valuable.
UltraViolet Cyber welcomes and encourages diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability, or veteran status.
If you want to make an impact, UltraViolet Cyber is the place for you!
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
Manages complex enterprise network infrastructure, troubleshoots network issues, handles incident/change management, and improves monitoring tools with focus on perimeter security and network architecture.
Designs, implements, and maintains cybersecurity systems and infrastructure to protect organizational assets and data.
Design and build automated vulnerability detection and remediation pipelines using AI-assisted tools to eliminate manual security ticketing and continuously harden cloud infrastructure.
Basic Function
Lumin Digital is building a Vulnerability Automation Engineering team that eliminates the traditional vulnerability management ticket queue entirely. As a Vulnerability Automation Engineer, you will design, build, and operate lights-off pipelines that continuously discover assets, assess posture, scan for vulnerabilities, harden configurations, and auto-remediate findings across cloud-native and infrastructure-as-code environments. You will leverage AI-assisted engineering tools, including agentic coding assistants like Claude Code, to build secure, autonomous workflows that replace manual coordination with engineered solutions. This role exists for engineers who teach organizations how to operate, not the other way around. Success means vulnerabilities are resolved before a human ever needs to read about them.
Essential Functions and Responsibilities:
Design and implement end-to-end vulnerability automation pipelines that continuously discover assets, assess configurations, identify vulnerabilities, and execute or orchestrate remediation, without manual ticketing or human-in-the-loop coordination.
Build and maintain agentic AI workflows using tools such as Claude Code and MCP-based integrations to automate security engineering tasks, including code review for vulnerability patterns, configuration drift detection, and patch deployment across cloud-native environments.
Engineer new and enhance existing automated asset discovery and inventory systems that maintain a real-time, authoritative view of all infrastructure, services, and endpoints across environments, including ephemeral and containerized workloads.
Develop and operationalize automated configuration hardening pipelines that enforce security baselines (CIS Benchmarks, internal standards) as code, with drift detection and auto-remediation capabilities.
Create and maintain infrastructure-as-code templates, policy-as-code rules, and automated playbooks that embed security controls directly into deployment pipelines, preventing or resolving vulnerabilities at build time rather than discovering them post-deployment.
Build self-service remediation tooling and agentic support systems that empower development and infrastructure teams to resolve security findings autonomously, reducing cross-team dependencies and accelerating mean time to remediation.
Integrate vulnerability data sources (scanners, SCA tools, cloud-native security services, threat intelligence feeds) into unified automation platforms, normalizing and enriching findings to drive intelligent prioritization and automated response.
Develop metrics, dashboards, and automated reporting that provide real-time visibility into vulnerability posture, remediation velocity, and automation coverage, enabling leadership to measure program effectiveness without manual evidence gathering.
Collaborate with product, engineering, operations, and other risk teams to embed vulnerability automation into CI/CD pipelines, infrastructure provisioning workflows, and operational runbooks.
Perform other duties as assigned.
Physical Demands:
While performing the duties of this Job, the employee is regularly required to sit; use hands to type, handle, or feel and talk or hear
Specific vision abilities required by this job include close vision
Ability to occasionally lift/move up to 25 pounds
Individuals with a disability who are otherwise able to perform the essential functions of the job may request reasonable accommodation through the Human Resources department.
Supervisory Responsibility:
Position Specifications
Education:
Bachelor’s degree in Computer Science, Cybersecurity, Software Engineering, or a related field; or equivalent combination of education and demonstrated engineering experience in vulnerability lifecycle management and security automation.
Industry certifications that demonstrate hands-on technical depth are valued but not required. Relevant examples include: GPYC, GPEN, GXPN, AWS Security Specialty, GCP Professional Cloud Security Engineer, CKS (Certified Kubernetes Security Specialist), or HashiCorp Terraform Associate.
Experience:
5+ years of hands-on experience in security engineering, DevSecOps, vulnerability management, or infrastructure automation, with a strong emphasis on building automated systems rather than operating manual processes.
Demonstrated experience building and shipping automation pipelines in production environments using Python, Go, Bash, or similar languages, with infrastructure-as-code tools such as Terraform.
Proven track record of working in cloud-native environments with deep familiarity in containerized workloads, Kubernetes, serverless architectures, and CI/CD pipeline integration.
Experience with vulnerability scanning and security assessment platforms (e.g., Tenable, Qualys, Wiz, Snyk, Trivy, Grype, or cloud-native equivalents) and the ability to integrate them programmatically into automated workflows.
Knowledge, Skills, & Abilities:
Deep understanding of vulnerability classes (OWASP Top 10, CWE, CVE/CVSS, EPSS) and modern prioritization frameworks that go beyond raw CVSS scores to factor exploitability, asset criticality, and business context.
Proficiency with AI-assisted development tools (Claude Code, GitHub Copilot, or similar agentic coding assistants) and the ability to design, prompt-engineer, and orchestrate AI agents for security automation workflows.
Strong software engineering fundamentals: version control (Git), code review, testing, CI/CD, API design, and the ability to write production-quality, maintainable code—not just scripts.
Hands-on experience with cloud security tooling and APIs (AWS Config, GuardDuty, Inspector, Security Hub), container security.
Familiarity with security data engineering concepts: API and database integration, data normalization, and building automated evidence-collection pipelines for compliance and audit support.
Excellent written and verbal communication skills, with the ability to translate complex automation architectures into clear documentation, runbooks, and knowledge-transfer materials for cross-functional teams.
Self-directed engineering mindset with a bias toward action, a low tolerance for manual toil, and a drive to eliminate recurring work through automation. You see a repeated manual process as a bug, not a task.
Nice to have: Experience with MCP (Model Context Protocol) integrations, building custom AI tool-use pipelines, or contributing to open-source security automation projects.
Travel:
$170,000 - $190,000 a year
LIFE AT LUMIN DIGITAL
Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. Lumin is 100% cloud-native, purpose-built to unlock the full advantages of the cloud for financial institutions and their users.
At Lumin, we thrive on curiosity and innovation. Our culture fosters trust - in our expertise and decisions, respect - for diverse perspectives and talents, and boldness - in pursuing innovative paths. These values guide us, shaping a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered. Focused on continuous improvement and innovation, we encourage our team to explore, experiment, and put new ideas into action, challenging the usual way of doing things.
Lumin Digital is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender identity, or any other legally protected basis, in accordance with applicable law.
For more information, visit lumindigital.com.
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
Application security engineer who partners with engineering teams on secure code reviews, vulnerability management, and threat modeling throughout the SDLC.
Heartflow is a medical technology company advancing the diagnosis and management of coronary artery disease, the #1 cause of death worldwide, using cutting-edge technology. The flagship product—an AI-driven, non-invasive cardiac test supported by the ACC/AHA Chest Pain Guidelines called the Heartflow FFRCT Analysis—provides a color-coded, 3D model of a patient’s coronary arteries indicating the impact blockages have on blood flow to the heart. Heartflow is the first AI-driven non-invasive integrated heart care solution across the CCTA pathway that helps clinicians identify stenoses in the coronary arteries (RoadMap™Analysis), assess coronary blood flow (FFRCT Analysis), and characterize and quantify coronary atherosclerosis (Plaque Analysis). Our pipeline of products is growing and so is our team; join us in helping to revolutionize precision heartcare.
Heartflow is a publicly traded company (HTFL) that has received international recognition for exceptional strides in healthcare innovation, is supported by medical societies around the world, cleared for use in the US, UK, Europe, Japan and Canada, and has been used for more than 500,000 patients worldwide.
We are looking for an Application Security Engineer to work with our engineering team to ensure security is an integral part of our Software Development Lifecycle (SDLC). In this role, you’ll have the chance to use your security and software development background to protect patients as we build products that leverage AI to improve healthcare. If you enjoy working with talented engineers to solve complex technical challenges and want to see your work make a direct difference in patient outcomes, we encourage you to apply. This role is a hybrid, requiring three days a week in our San Francisco office.
What You’ll Do:
What You Bring:
What Helps You Stand Out:
A reasonable estimate of the base salary compensation range is $145,000 to $180,000 per year, bonus, and equity. #LI-IB1
Heartflow is an Equal Opportunity Employer. We are committed to a work environment that supports, inspires, and respects all individuals and do not discriminate against any employee or applicant because of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law. This policy applies to every aspect of employment at Heartflow, including recruitment, hiring, training, relocation, promotion, and termination.
Positions posted for Heartflow are not intended for or open to third party recruiters / agencies. Submission of any unsolicited resumes for these positions will be considered to be free referrals.
Heartflow has become aware of a fraud where unknown entities are posing as Heartflow recruiters in an attempt to obtain personal information from individuals as part of our application or job offer process. Before providing any personal information to outside parties, please verify the following: A) all legitimate Heartflow recruiter email addresses end with “@heartflow.com” and B) the position described is found on our careers site at www.heartflow.com/about/careers/.
Leads CMMC compliance initiatives for DoD contractors by developing policies, writing security documentation, and managing audit-ready evidence across multiple client engagements.
Role: Cybersecurity Compliance Consultant
Location/Type: U.S. • Remote
Pay: $100,000–$125,000
Schedule: Full-time
Your work gets clients audit-ready.
You turn messy systems into compliant, defensible environments.
Own documentation and client outcomes from day one.
You like clear ownership.
You can manage multiple clients without hand-holding.
At Urrly, fairness matters. We use AI to review every application against the same clear requirements for the role. This means every candidate is evaluated on job-related factors like skills, certifications, and experience—not on personal attributes such as gender, race, age, or background. Our goal is to create a more objective, consistent, and equal opportunity hiring process for all applicants.
Apply Today to work remotely while owning real CMMC compliance work end-to-end.
Conducts authorized penetration tests against Azure and Microsoft 365 environments to identify security weaknesses and validate remediation effectiveness.
Atmosera empowers businesses to redefine what’s possible with modern technology and human expertise. Our exceptional experience across Applications, Data & AI, DevOps, Security, and the Microsoft Azure platform enables organizations to accelerate innovation, enhance security, and optimize operational agility. As a Microsoft Partner with seven specializations, GitHub AI Partner of the Year, a member of the GitHub Advisory Board, and a member of the prestigious Microsoft Intelligent Security Association (MISA), Atmosera expertly delivers cutting-edge, integrated solutions that deliver business value.
The Azure Penetration Test Engineer is responsible for conducting authorized security testing against Microsoft Azure and Microsoft 365 environments to identify, exploit, and document security weaknesses. This role focuses on cloud-native attack paths, identity compromise, misconfigurations, and exposure risks specific to Azure infrastructure-as-a-service, platform-as-a-service, and SaaS workloads.
The engineer operates as a trusted advisor to security, engineering, and leadership teams by producing actionable findings, validating remediation effectiveness, and aligning testing activities with industry frameworks such as NIST, MITRE ATT&CK, and Microsoft cloud security best practices. This role requires strong hands‑on technical depth, professional reporting skills, and the ability to work independently within defined rules of engagement.
Penetration Testing and Offensive Security
Conduct penetration tests against Azure and M365 environments, including but not limited to:
Simulate real‑world attacker techniques, including credential theft, token abuse, privilege escalation, lateral movement, and persistence within Azure and M365 environments.
Validate security controls implemented across Defender for Cloud, Defender for Identity, Defender for Endpoint, and Sentinel detection pipelines.
Identity and Access Attack Scenarios
Assess identity attack surfaces including:
Demonstrate practical attack paths that result in data access, privilege escalation, or persistent control.
Reporting and Documentation
Produce clear, professional penetration test reports that include:
Present findings directly to security leadership and technical stakeholders as required.
Collaboration and Advisory Support
Work closely with:
Provide retesting and validation support following remediation efforts.
Continuous Improvement
Stay current on emerging Azure attack techniques, Microsoft security platform changes, and cloud exploitation research.
Contribute to internal penetration testing methodologies, tooling, and runbooks.
This role may require participation in authorized testing windows, coordination across time zones, and occasional after‑hours testing based on client or organizational requirements.
This is a contractor position in the United States with the ability to work from home but may require travel to a client site.
Atmosera is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. All employment is decided on the basis of qualifications, merit, and business need.
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
