Writing.io Jobs

Find the best remote jobs. Answer a few questions and we'll deploy a powerful assistant to help you search, create alerts, and more.

1 What roles are you open to?

2 Experience level

3 Work style

Did you know? If memory is enabled, Writing.io can remember your job search preferences and help you to improve your resume, craft customized outreach and more.

Security IT Auditor I at Pathward

Performs IT audits to ensure compliance with regulations and internal policies, testing controls and communicating findings to stakeholders.

Junior Hybrid Posted about 6 hours ago RemoteFirstJobs Product
What this role involves

We are a hybrid, remote-office company dedicated to growing our talent anywhere!

We have onsite locations in: Sioux Falls, SD,  Scottsdale, AZ,  Louisville, KY,  Troy, MI,  Franklin, TN,  Easton, PA.

At Pathward, we take tremendous pride in our purpose to create financial inclusion for all™. We are a financial empowerment company that works with innovators to increase financial availability, choice, and opportunity for all.  We strive to remove barriers that traditional institutions put in the way of financial access, and promote economic mobility by providing responsible, secure, high quality financial products.

We are a team of problem solvers and innovators who celebrate our differences and know that our unique perspectives make us stronger and well-positioned for success.  We celebrate, and embrace, our team members through our *HUMBLE*HUNGRY*SMART approach, and we believe that we are strongest when we embrace the voices of our employees, customers, partners, and the communities we serve.

About the Role:

The position is responsible for performing audits within Information Technology for the purpose of ensuring compliance with external regulations as well as internal policies.  It will also communicate audit findings to multiple stakeholder groups.

What You Will Do:

  • Collaborate with audit team members as well as members of IT to develop audit objectives, engagement scopes, and testing strategies aligned with departmental standards and risk priorities.
  • Assist in the planning, execution, and reporting of IT audit engagements, including SOX ITGC testing, risk-based technology reviews, and issue validation procedures. Assist in the department’s risk assessment processes, providing qualitative/quantitative analysis over the Company’s auditable entities, and ensuring alignment with audit stakeholders.
  • Analyze and summarize data to identify control deficiencies, process inefficiencies, or noncompliance with policies, procedures, or regulations. Communicate findings and recommendations to audit leadership and business stakeholders in a clear manner. Utilize data analytics to test large datasets, identify anomalies, and draw insights that enhance audit efficiency and coverage.
  • Monitor issued audit findings, perform validation testing over defined remediation plans, and present remediation statuses to stakeholders. Identify opportunities to strengthen controls, improve operational effectiveness, and reduce risk exposure across technology and business processes.
  • Other duties as assigned

What You Will Need:

  • Bachelor’s degree or equivalent education and work experience.

  • Up to 2+ years with bachelor’s or equivalent.

  • Communication skills (written and verbal)

  • Collaboration and building relationships

  • Attention to detail

  • Learning agility

The responsibilities listed above are not all inclusive and may be changed at any time.

Salary range:  $50,000 – $84,000

The salary range reflects the minimum and maximum target for a new hire in this role. Individual pay within the range will be determined by multiple factors which can include but are not limited to a candidate’s experience, qualifications, skills, and location. Your recruiter can share more about the specific salary for your location during the hiring process. Ranges may be modified in the future.

This role is also eligible for an annual performance-based incentive opportunity.  Pathward offers a comprehensive benefits package for eligible employees, including health insurance, 401(k) retirement benefits, life insurance, disability benefits, paid time off, and more.

#LI-Remote

Don’t have everything listed under qualifications? If you’re excited about this role but your experiences don’t match exactly to everything in the posting, we encourage you to apply anyway. You may be just the right candidate for this or other Pathward roles. Pathward is an equal employment opportunity employer and considers candidates for roles without regard to their race, sex, national origin, ethnicity, age, disability or any other category protected by law.

Who we are:

Our commitment to inclusion is woven into our DNA. We believe that we are strongest when we embrace the voices of our employees, customers, partners, and the communities we serve.

We provide equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, ethnicity, religion, sex, sexual orientation, gender identity, transgender status, pregnancy, national origin, age (age 40 and over), disability, genetic information, marital status, hair texture or hairstyle, ancestry, service in the uniformed services, protected veteran status, status as a victim of domestic violence or any other class protected by federal, state and local laws.

Please click here to learn more about our benefits and review information about our Privacy Policy, Affirmative Action Plan and other notices. Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. For assistance completing an application, please contact a Pathward People & Culture Representative by emailing – careers@pathward.com

Please click here to view Pathward’s Applicant Privacy Notice.

Applications will be accepted for a minimum of 3 days after posting, and there is no predetermined date by which applications should be submitted.

Knowingly submitting false information will result in disqualification for consideration of future positions, termination of employment and forfeiture of other rights.

Candidate Scam Warning

We encourage you to be cautious of hiring scams that impersonate Pathward. Copy and paste the following URL into your browser to learn more: https://www.pathward.com/about-us/people-culture/careers/

Read the full description
Security Vulnerability Operation Center Lead

Leads vulnerability operations and security monitoring for an AI cloud infrastructure platform, managing threat detection and incident response.

Lead Posted about 13 hours ago Jobicy AI
What this role involves
About Nebius: Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from...
Read the full description
Security Offensive Security Lead

Leads offensive security initiatives and penetration testing programs to identify and remediate vulnerabilities in cloud infrastructure.

Lead Posted about 13 hours ago Jobicy AI
What this role involves
About Nebius: Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from...
Read the full description
Security ICF: Software Security Engineer- Cloud/GovCloud (Top Secret cleared)

Software security engineer who monitors and assesses application/system vulnerabilities, performs secure code reviews, and implements security controls across cloud and on-premise environments.

Mid Remote Posted about 15 hours ago We Work Remotely — Programming
What this role involves

Headquarters: Nationwide Remote Office (US99)
URL: http://icf.com

Please note: This role is contingent upon a contract award. While it is not an immediate opening, we are actively conducting interviews and extending offers in anticipation of the award.  

The Work:  ICF is seeking an experienced and driven Software Security Engineer to lead and oversee mission-critical initiatives in support of our government customer. In this role, you will help safeguard applications and cloud-based systems by integrating security best practices throughout the software development lifecycle. 

Job Location: This position is remote. If you accept this position, you should note that ICF does monitor employee work locations and blocks access from foreign locations/foreign IP addresses and also prohibits personal VPN connections.  

You may be asked to travel once a quarter to an office or client site.  

Our core work hours are 8am - 5pm Eastern Time with the option to start earlier or work later depending on your time zone. 

What You Will Do:  

  • Proactively monitor and assess application and system security to identify vulnerabilities and potential threats. 

  • Perform secure code reviews and static/dynamic analysis to strengthen application security and ensure adherence to secure coding standards. 

  • Test and evaluate security tools, applications, and system configurations to validate compliance with federal and DoD security requirements. 

  • Investigate and remediate potential security vulnerabilities, recommending and implementing corrective actions to reduce risk. 

  • Design and implement security controls, tools, and automation to enhance protection across cloud and on-premise environments. 

  • Provide guidance and training to development teams on secure coding practices and DevSecOps principles. 

  • Develop and maintain technical documentation related to security architecture, risk findings, and mitigation strategies. 

  • Prepare and deliver executive-level briefings, status reports, and performance updates to government stakeholders and corporate leadership. 

  • Maintain a positive, results-oriented work environment by building partnerships with internal and external partners. 

What You Will Bring With You:  

  • Active Top Secret clearance. 

  • Proven experience (2+ years) in application security, secure software development, or cybersecurity engineering.

What We Would Like You To Bring With You: 

  • Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related technical field. 

  • 2 years’ experience with working on/around cloud platforms in AWS. 

  • Hands-on experience performing secure code reviews and vulnerability assessments using industry-standard tools (e.g., SAST, DAST, SCA). 

  • Experience implementing security controls in cloud environments (e.g., AWS GovCloud or similar secure federal cloud environments). 

  • Strong understanding of secure coding standards (e.g., OWASP, NIST, DoD STIGs). 

  • Experience supporting systems within regulated or high-security environments. 

  • Ability to self-organize, priorities and conduct research on multiple projects under tight deadlines in a fast-paced environment. 

  • An ability to communicate and write clearly in English. 

 

Professional Skills: 

  • Highly effective analytical, problem-solving, and decision-making capabilities. 

  • Excellent communication and interpersonal skills to interface effectively at all levels of the business. 

Working at ICF

ICF is a global advisory and technology services provider, but we’re not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future.

We can only solve the world's toughest challenges by building a workplace that allows everyone to thrive. We are an equal opportunity employer. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO policy.

We will consider for employment qualified applicants with arrest and conviction records.

 

Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation, please email Candidateaccommodation@icf.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent  to provide needed reasonable accommodations.  

Read more about workplace discrimination rights or our benefit offerings which are included in the Transparency in (Benefits) Coverage Act. 

 

Candidate AI Usage Policy

At ICF, we are committed to ensuring a fair interview process for all candidates based on their own skills and knowledge. As part of this commitment, the use of artificial intelligence (AI) tools to generate or assist with responses during interviews (whether in-person or virtual) is not permitted. This policy is in place to maintain the integrity and authenticity of the interview process.  

However, we understand that some candidates may require accommodation that involves the use of AI. If such an accommodation is needed, candidates are instructed to contact us in advance at candidateaccommodation@icf.com. We are dedicated to providing the necessary support to ensure that all candidates have an equal opportunity to succeed.  


 

Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position.

The pay range for this position based on full-time employment is:

$81,499.00 - $138,549.00

Nationwide Remote Office (US99)

To apply: https://weworkremotely.com/remote-jobs/icf-software-security-engineer-cloud-govcloud-top-secret-cleared

Read the full description
Security Senior Cloud Security Engineer - AI Resilience & Security Enhancements (Contract) at Form3

Senior Cloud Security Engineer designs and implements security controls, governance frameworks, and resilience improvements across cloud-native payment infrastructure.

Senior Posted 1 day ago RemoteFirstJobs Product
What this role involves

THE PROJECT 📝

We’re looking for an experienced Senior Cloud Security Engineer to join Form3 on a contract basis to deliver a strategic programme of security enhancements across our cloud-native payments platform.

Focusing on improving cloud security, operational resilience and governance across our engineering ecosystem, you will work closely with our Platform Engineering and Security teams to design and implement practical security improvements that enhance how we build, deploy and operate critical payment infrastructure.

You’ll play a key role in strengthening areas such as cloud platform security, software supply chain security, identity and access management, AI governance, cryptographic controls and automated security assurance, ensuring solutions are scalable, production-ready and aligned with regulatory expectations.

Key responsibilities

  • Assess the current cloud security posture across Form3 environments, identifying risks, control gaps and opportunities for improvement.
  • Design and implement scalable cloud security controls that improve the resilience and security of our cloud-native platform.
  • Enhance perimeter security controls across cloud infrastructure.
  • Strengthen CI/CD pipeline security through secure build processes, automated security testing, deployment governance and artefact integrity.
  • Improve production access security, including RBAC, least-privilege implementation, deployment tooling and operational processes.
  • Enhance software supply chain security through dependency management, container image scanning, provenance, signing and vulnerability remediation.
  • Contribute to the secure adoption and governance of AI-enabled engineering capabilities, including controls for data protection, auditability and operational resilience.
  • Provide technical leadership and guidance on cloud security architecture and secure engineering practices.
  • Produce high-quality technical documentation, including solution designs, implementation plans, operational procedures and security evidence.
  • Collaborate closely with engineering, platform and security teams to deliver maintainable, production-ready security improvements.
  • Ensure all deliverables align with operational resilience requirements, regulatory obligations and internal security standards.
  • Deliver changes using structured, low-risk change management practices while maintaining service availability.

WE’RE LOOKING FOR 🔍

Essential

  • Extensive experience designing and implementing cloud security solutions within large-scale cloud-native environments.
  • Strong hands-on experience securing public cloud platforms (AWS preferred).
  • Expertise in cloud security architecture, identity and access management, workload protection and infrastructure security.
  • Experience securing CI/CD pipelines and modern software delivery practices.
  • Strong understanding of software supply chain security, including dependency management, artefact signing, provenance and vulnerability management.
  • Experience implementing least-privilege access models and RBAC.
  • Knowledge of security monitoring, risk assessment and security governance.
  • Experience working within highly regulated or business-critical production environments.
  • Excellent stakeholder management and communication skills, with the ability to influence engineering teams.
  • Strong technical documentation and design skills.

Desirable

  • Experience implementing security controls for AI or machine learning platforms.
  • Knowledge of cryptographic controls and key management.
  • Experience with Infrastructure as Code and policy-as-code tooling.
  • Familiarity with payment platforms or financial services environments.
  • Understanding of operational resilience frameworks and regulatory requirements affecting critical financial infrastructure.
  • Relevant cloud or security certifications (AWS Security Specialty, CISSP, CCSP or similar).

TECH STACK ⚙️

  • AWS – Cloud infrastructure and security controls.
  • Kubernetes – Container orchestration and workload security.
  • Terraform – Infrastructure as Code and security automation.
  • CI/CD tooling – Secure software delivery, build security and deployment governance.
  • Container security tooling – Image scanning, vulnerability management and runtime protection.
  • Identity & Access Management (IAM) – Least privilege, RBAC and privileged access controls.
  • Software Supply Chain Security – Dependency scanning, artefact signing, provenance and integrity controls.
  • Security monitoring & observability platforms – Detection, auditability and operational visibility.
  • AI governance and security controls – Supporting secure adoption of AI-enabled engineering capabilities.

INTERVIEW PROCESS ✍️

Stage 1: Screening Call with Talent Team

Stage 2: Kubernetes & Linux Interview

Stage 3: Cloud Security & Engineering Best Practices interview

We always aim to stick to the above process, however there may be occasions when an additional interview stage is needed for us to be sure we’re hiring the right fit for the role.

HIRING LOCATIONS📍

Here are the locations that we are looking to engage with contractors from. Please note, we are not looking to engage with contractors outside of these locations.

  • Austria
  • Bulgaria
  • Croatia
  • Cyprus
  • Estonia
  • Greece
  • Hungary
  • Italy
  • Latvia
  • Lithuania
  • Malta
  • Romania
  • Slovakia
  • Slovenia

All contractors start their first day in our office to collect the equipment needed to work remotely.

ABOUT FORM3 💭

Revolutionising the world of payments with our cloud-native, multi-cloud platform. For more information about Form3, check out the following pages:

What we do | Life at Form3 | Payments Cannot Fail Series | .Tech Podcast

OUR DEI&B COMMITMENT

We hire talented people from a variety of backgrounds and experiences and are committed to a work environment based on diversity, open-mindedness and curiosity. We’re united by our company values (we even created them together!) and we celebrate our unique differences.

Our employee lifecycle processes are designed to embrace equal opportunity and prevent discrimination against our people regardless of personal characteristics. It is our strong belief that the more inclusive and belonging we are as a business, the better our work will be.

As an inclusive employer, we guarantee to interview all neurodiverse and physically disabled applicants who meet the minimum criteria for this role. We also encourage candidates to notify us of any reasonable adjustments that may be required during the recruitment process. This includes providing job adverts in alternative, accessible formats or adjustments required at interview stage.

If you consider yourself to be neurodiverse or physically disabled under the UN definition of disability and would like to be considered under this scheme and/or require any reasonable adjustments please let us know by sending an email to careers@form3.tech clearly stating your consent for us to process this data.

For more information please refer to our Recruitment Data Policy.

Read the full description
Security Senior Application Security Engineer at Google Fiber

Senior Application Security Engineer secures applications and development ecosystems by managing defenses, architecting CI/CD security controls, and governing AI integrations within the SDLC.

Senior Remote Posted 1 day ago RemoteFirstJobs Product
What this role involves

At GFiber, we believe that great internet has the power to drive innovation, strengthen communities, enable the impossible, and do all the everyday things that make all of our world go round. And the job of creating better internet is never done - so we’re growing! Our team is committed to building a place where people who want to make a difference can grow their careers and find their spot to belong.

GFiber is an Alphabet company that brings Google Fiber and Google Fiber Webpass internet services to homes and businesses across the United States. Our teams are expanding as we connect more cities and people to exceptional internet.

The application window will be open until at least July 19th, 2026. This opportunity will remain online based on business needs which may be before or after the specified date.

This role is not eligible for immigration sponsorship.

Role Description

As a Senior Application Security Engineer, you will be a core technical advisor for securing GFiber’s applications and development ecosystems. You will partner closely with engineering teams to review code, secure software delivery pipelines, and design frameworks that make writing secure code the path of least resistance. You will lead initiatives ranging from managing threat detection boundaries to establishing cutting-edge AI integrations within our development lifecycle. This is a highly collaborative role where you will influence engineering practices, champion security culture across teams, and occasionally share strategic insights with senior leadership.

In this role, you’ll:

  • Manage and optimize core application defenses, including the Web Application Firewall (WAF) and automated vulnerability scanning tools, while monitoring key security metrics.
  • Architect and maintain security gating processes within the CI/CD pipeline to ensure secure, seamless software delivery.
  • Govern and secure our growing AI pipeline within the SDLC by implementing input/output monitoring, context controls, and safety guardrails around AI-generated code.
  • Partner with development teams to remediate vulnerabilities, scale the security champions program, and co-lead our public bug bounty initiative.
  • Mentor junior engineers and analysts, and occasionally present security postures, trends, and program milestones to upper management.

At a minimum, we would like you to have:

  • Bachelor’s degree in Computer Science, a related technical field, or equivalent practical experience.
  • 5 years of experience with managing Web Application Firewalls (WAF) and integrating automated security gating into CI/CD pipelines.
  • Experience with vulnerability management and cloud-hosted application security scanning tools.
  • Experience collaborating directly with software development teams on threat mitigation.
  • Experience with scripting or programming languages (i.e., Python, Java, Kotlin) to automate security processes.

It’s preferred if you have:

  • Experience implementing security guardrails, context controls, or monitoring for Large Language Models (LLMs) and AI-assisted development tools.
  • Experience leading or growing a security champions program or a bug bounty platform.
  • Experience mentoring junior security professionals or teaching secure coding practices to engineering teams.
  • Experience analyzing technical security risks and presenting metrics or findings to upper management.
  • Knowledge of ISP infrastructure, web-scale networks, or cloud environments (e.g., GCP, AWS).

The US base salary range for this full-time position is between $156,900 - $229,700 + bonus + benefits. As pay varies by location, your recruiter will share more about the specific salary range for your targeted location during the hiring process.

#LI-DNI

GFiber is committed to equal opportunity employment regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, citizenship, marital status, disability or Veteran status. Disclosure is voluntary, and this information will be kept confidential in compliance with Google’s Candidate Privacy Policy. For more information please refer to our Equal Employment Opportunity Policy and the EEOC’s “Know your rights: workplace discrimination is illegal” (PDF).

It’s important to us to create an accessible, inclusive workplace for everyone. If you have a need that requires accommodation, please let us know by completing ouraccommodations for applicants form. Our candidate accommodations team will then connect with you to confidentially discuss your options.

Read the full description
Security Sr. Security Engineer at Brave

Conducts security reviews, penetration testing, triages security reports, and implements security-relevant code across Brave's browser and search products.

Senior Remote Posted 1 day ago RemoteFirstJobs Product
What this role involves

Senior Security Engineer

Remote

About Brave

Brave is on a mission to protect the human right to privacy online. We’ve built a free web browser that blocks creepy third-party ads and trackers by default, a private search engine with a truly independent index, a browser-native crypto wallet, and a private ad network (opt-in!) that directly rewards you for your attention. And we’re just getting started. Already 110+ million people have switched to Brave for a faster, more private web. Millions more switch every month.

The internet is a sea of privacy-harmful ads, hackers, and echo chambers. Big Tech makes huge profits off our data, and tells us what’s true and what’s not. Brave is fighting back. Join us!

Summary

We are hiring a staff engineer on the Brave security and privacy team! You will help keep our users safe across Brave’s products, including Brave browser and Brave Search. Responsibilities include:

  1. Security reviews of Brave products
  2. Triaging and fixing security reports
  3. Designing and implementing security-relevant code
  4. Penetration tests of Brave products and infrastructure

Brave is widely-recognized as one of the best browsers for security and privacy, doing industry-leading work with a team that’s a fraction of the size of Big Tech-supported browsers.

Required qualifications

  • At least 5 years experience (or equivalent) in security engineering
  • Experience in penetration testing and/or security auditing
  • Proficiency in C++, both implementing and reviewing
  • Strong familiarity with the Web security model
  • Experience securing AWS infrastructure
  • Very comfortable working and communicating async with a geographically-distributed software development team
  • Be comfortable diving into an extremely large, unfamiliar and complex codebase
  • Be comfortable with Git and collaborating on GitHub

Preferred qualifications

  • Experience contributing to large open source codebases and/or participating in open source communities
  • Proficiency in Web technologies (HTML, CSS, JavaScript)
  • Proficiency in Go and Rust
  • DevOps experience
  • Contributions to other Web browsers
  • Familiarity with Chromium’s architecture, especially security
  • Ability to write clear technical documentation and less technical writing for blog posts or public communication.
  • Be excited about privacy, anonymity, and censorship resistance!
Read the full description
Security SOC Specialist II at Expel

Junior SOC analyst monitors networks for security threats, responds to phishing attacks and incidents, and learns incident response techniques from experienced security professionals.

Junior Posted 1 day ago RemoteFirstJobs Product
What this role involves

You’ve caught the security bug. Maybe it was the 18th breach-related credit-monitoring notification that started you down a research rabbit hole. Maybe you like the competitive nature of going against the world’s best attackers. Maybe you like computers and protecting people and just realized there is a job that checks both of those boxes. One thing is for certain; you are set on becoming a cyber security analyst. You’ve read the blogs, watched tutorials, downloaded Wireshark and collected some network traffic, maybe even gotten a cert. Now it’s time to join the fight!

90+% of data breaches begin with phishing, and our growing Managed Phishing service sets out to keep our customers secure. If you want to help grow this team, and break into security analysis, we’d love to speak with you! A Junior Security Operations Center Analyst position at Expel may be just what you’re looking for. Not only will you help our customers stay safe, you’ll learn how to think like an attacker, respond to real attacks, and be encouraged to innovate and solve problems. Surrounded by seasoned analysts, you’ll have no shortage of mentors eager to help you master the art.

What Expel Can Do For You

  • Get you out of the lab and into real networks with real evil
  • Give you an opportunity to learn from seasoned security analysts and incident responders every single day
  • Immerse you in a collaborative, encouraging, growth-minded culture
  • Challenge you to push the bounds of our security vision, preparing you for future roles in Managed Detection & Response (MDR)

What You Can Do For Expel (With the help of training, of course)

  • Apply your real passion for information security at protecting our customers
  • Participate in our 24x7 shift rotation: bad actors remain active throughout nights, weekends, and holidays so we’re always watching.
  • Be perpetually dissatisfied with the state of affairs, then help us get better
  • Help us meaningfully impact the security of our customers’ organizations
  • Once we bring you up to speed, constantly experiment to find new ways of catching bad actors

What You Should Bring With You

  • Flexibility and an openness to new challenges because, hey, startup life
  • Client comes first mindset - you aim to answer questions and process customer requests quickly and to a high standard
  • An inquisitive mind and a noble spirit
  • A keen sense of humor
  • A fundamental understanding of phishing, TCP/IP, and core application layer protocols
  • Basic understanding  of Windows, Mac, and Linux operating systems and command line tools
  • Awareness of cloud applications (O365, Okta, etc) and cloud infrastructure (AWS, GCP, Azure)
  • Familiarity with the attack lifecycle (or kill chain, if you prefer)
  • Knowledge of attack vectors, threat tactics, and attacker techniques.
  • Excellent analytical and prioritization skills- you can navigate competing priorities, spot the details most people don’t and ask for help when you need it
  • Clear and concise written communications-you know how to change your tone for the audience and can seamlessly switch between slacking a team member, a customer, or writing a report
  • A bachelor’s degree in a technical field or a compelling story

Additional notes

Compensation for this role is €45,000 EUR + 20% bonus & equity.

We believe in paying transparently and equitably. Your salary will ultimately be based on factors such as your experience, skills, team equity, and market data. You’ll also be eligible for unlimited PTO (which we model and encourage), work location flexibility, up to 24 weeks of parental leave, and really excellent health benefits.

We’re only hiring those authorized to work in Ireland. We do not currently sponsor immigration visas.

We’re an Equal Opportunity Employer: You’ll receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

We’ll ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please let us know if you need accommodation of any kind.

#LI-Remote

Salary Range

€45.000—€45.000 EUR

Read the full description
Security Senior Cloud Security Engineer - AI Resilience & Security Enhancements (Contract) at Form3

Design and implement cloud security controls, strengthen CI/CD pipeline security, manage identity/access, and ensure AI governance across a cloud-native payments platform.

Senior Posted 1 day ago RemoteFirstJobs Product
What this role involves

THE PROJECT 📝

We’re looking for an experienced Senior Cloud Security Engineer to join Form3 on a contract basis to deliver a strategic programme of security enhancements across our cloud-native payments platform.

Focusing on improving cloud security, operational resilience and governance across our engineering ecosystem, you will work closely with our Platform Engineering and Security teams to design and implement practical security improvements that enhance how we build, deploy and operate critical payment infrastructure.

You’ll play a key role in strengthening areas such as cloud platform security, software supply chain security, identity and access management, AI governance, cryptographic controls and automated security assurance, ensuring solutions are scalable, production-ready and aligned with regulatory expectations.

Key responsibilities

  • Assess the current cloud security posture across Form3 environments, identifying risks, control gaps and opportunities for improvement.
  • Design and implement scalable cloud security controls that improve the resilience and security of our cloud-native platform.
  • Enhance perimeter security controls across cloud infrastructure.
  • Strengthen CI/CD pipeline security through secure build processes, automated security testing, deployment governance and artefact integrity.
  • Improve production access security, including RBAC, least-privilege implementation, deployment tooling and operational processes.
  • Enhance software supply chain security through dependency management, container image scanning, provenance, signing and vulnerability remediation.
  • Contribute to the secure adoption and governance of AI-enabled engineering capabilities, including controls for data protection, auditability and operational resilience.
  • Provide technical leadership and guidance on cloud security architecture and secure engineering practices.
  • Produce high-quality technical documentation, including solution designs, implementation plans, operational procedures and security evidence.
  • Collaborate closely with engineering, platform and security teams to deliver maintainable, production-ready security improvements.
  • Ensure all deliverables align with operational resilience requirements, regulatory obligations and internal security standards.
  • Deliver changes using structured, low-risk change management practices while maintaining service availability.

WE’RE LOOKING FOR 🔍

Essential

  • Extensive experience designing and implementing cloud security solutions within large-scale cloud-native environments.
  • Strong hands-on experience securing public cloud platforms (AWS preferred).
  • Expertise in cloud security architecture, identity and access management, workload protection and infrastructure security.
  • Experience securing CI/CD pipelines and modern software delivery practices.
  • Strong understanding of software supply chain security, including dependency management, artefact signing, provenance and vulnerability management.
  • Experience implementing least-privilege access models and RBAC.
  • Knowledge of security monitoring, risk assessment and security governance.
  • Experience working within highly regulated or business-critical production environments.
  • Excellent stakeholder management and communication skills, with the ability to influence engineering teams.
  • Strong technical documentation and design skills.

Desirable

  • Experience implementing security controls for AI or machine learning platforms.
  • Knowledge of cryptographic controls and key management.
  • Experience with Infrastructure as Code and policy-as-code tooling.
  • Familiarity with payment platforms or financial services environments.
  • Understanding of operational resilience frameworks and regulatory requirements affecting critical financial infrastructure.
  • Relevant cloud or security certifications (AWS Security Specialty, CISSP, CCSP or similar).

TECH STACK ⚙️

  • AWS – Cloud infrastructure and security controls.
  • Kubernetes – Container orchestration and workload security.
  • Terraform – Infrastructure as Code and security automation.
  • CI/CD tooling – Secure software delivery, build security and deployment governance.
  • Container security tooling – Image scanning, vulnerability management and runtime protection.
  • Identity & Access Management (IAM) – Least privilege, RBAC and privileged access controls.
  • Software Supply Chain Security – Dependency scanning, artefact signing, provenance and integrity controls.
  • Security monitoring & observability platforms – Detection, auditability and operational visibility.
  • AI governance and security controls – Supporting secure adoption of AI-enabled engineering capabilities.

INTERVIEW PROCESS ✍️

Stage 1: Screening Call with Talent Team

Stage 2: Kubernetes & Linux Interview

Stage 3: Cloud Security & Engineering Best Practices interview

We always aim to stick to the above process, however there may be occasions when an additional interview stage is needed for us to be sure we’re hiring the right fit for the role.

HIRING LOCATIONS📍

Here are the locations that we are looking to engage with contractors from. Please note, we are not looking to engage with contractors outside of these locations.

  • Austria
  • Bulgaria
  • Croatia
  • Cyprus
  • Estonia
  • Greece
  • Hungary
  • Italy
  • Latvia
  • Lithuania
  • Malta
  • Romania
  • Slovakia
  • Slovenia

All contractors start their first day in our office to collect the equipment needed to work remotely.

ABOUT FORM3 💭

Revolutionising the world of payments with our cloud-native, multi-cloud platform. For more information about Form3, check out the following pages:

What we do | Life at Form3 | Payments Cannot Fail Series | .Tech Podcast

OUR DEI&B COMMITMENT

We hire talented people from a variety of backgrounds and experiences and are committed to a work environment based on diversity, open-mindedness and curiosity. We’re united by our company values (we even created them together!) and we celebrate our unique differences.

Our employee lifecycle processes are designed to embrace equal opportunity and prevent discrimination against our people regardless of personal characteristics. It is our strong belief that the more inclusive and belonging we are as a business, the better our work will be.

As an inclusive employer, we guarantee to interview all neurodiverse and physically disabled applicants who meet the minimum criteria for this role. We also encourage candidates to notify us of any reasonable adjustments that may be required during the recruitment process. This includes providing job adverts in alternative, accessible formats or adjustments required at interview stage.

If you consider yourself to be neurodiverse or physically disabled under the UN definition of disability and would like to be considered under this scheme and/or require any reasonable adjustments please let us know by sending an email to careers@form3.tech clearly stating your consent for us to process this data.

For more information please refer to our Recruitment Data Policy.

Read the full description
Security EB IT-Dienstleistungen: IT-Security Manager BCM (m/w/d)

Develops and manages business continuity and information security management systems for a municipal government, ensuring operational resilience of critical business processes.

Senior Hybrid Posted 1 day ago We Work Remotely — Programming
What this role involves

Headquarters: Dresden, SACHSEN, 01069, Germany
URL: http://dresden.de

Wir sind ein Eigenbetrieb innerhalb der Stadtverwaltung Dresden mit einer komplexen IT- und Geschäftsprozesslandschaft. Zur Sicherstellung der Betriebsfähigkeit unserer kritischen Geschäftsprozesse suchen wir zum nächstmöglichen Zeitpunkt eine engagierte Persönlichkeit als # ***IT-Security Manager BCM (w/m/d)*** **Chiffre:                         EB17 04/2026** **Arbeitszeit:                 Vollzeit, 39 Wochenarbeitsstunden, unbefristet                  ** **Entgeltgruppe:           EG 10** ## Was wir bieten - ein attraktives, unbefristetes Anstellungsverhältnis mit einem interessanten und anspruchsvollen Aufgabengebiet - flexible Arbeitszeiten mit Home-Office-Option und eine familienfreundliche Ausrichtung - tarifliches Entgelt plus Jahressonderzahlung - 30 Tage Erholungsurlaub bei einer 5-Tage-Woche im Kalenderjahr - geringe bis keine Reisetätigkeit - umfangreiche Qualifizierungsangebote - zahlreiche Arbeitgeberleistungen (z. B. Jobticket, Jobradleasing, Gesundheitsleistungen, Altersvorsorge) - Möglichkeit des Bildungsurlaubs - eine strukturierte Einarbeitung sowie eine positive Arbeitsatmosphäre mit hilfsbereiten Kolleg\*innen ## Das erwartet Sie  **1.       Konzeption, Aufbau und kontinuierliche Weiterentwicklung der Managementsysteme zur Sicherstellung der Informationssicherheit und Compliance der LHD** - Konzeption, Aufbau, Betrieb und kontinuierliche Weiterentwicklung eines Business-Continuity-Management-Systems (BCMS) gemäß BSI-Standard 200-4 BCM - Identifikation und Bewertung von Risiken für Geschäftsprozesse und IT-Systeme - Durchführung von Business Impact Analysen (BIA) für kritische Geschäftsprozesse - Entwicklung und Pflege von Notfall- und Wiederanlaufplänen - Zusammenarbeit mit der ISMS-Sicherheitsorganisation der LHD - Mitwirkung bei der Durchführung von Risikoanalysen (Risikomanagement) - Erstellung und Aktualisierung von organisatorischen Regelungen, insbesondere Informationssicherheitsrichtlinien - Analyse und Dokumentation von Sicherheitsvorfällen (Detailanalyse komplexer, komponenten- und systemübergreifender, technischer Fehler Zustände, sowie die Ableitung von notwendigen Maßnahmen) - Mitwirkung bei der Konzeption, Erarbeitung und Durchführung von Sensibilisierungs- und Schulungsmaßnahmen zum Thema Informationssicherheit - Monitoring: Funktions- und Performanceüberwachung und Optimierung - Entwicklung und Erhebung von Kennzahlen / Key Performance Indicators (KPI) - Dokumentation der eingeführten IT-Sicherheits-Infrastruktur - Gemeinsame Erstellung und Pflege von Betriebs-, Einsatz- und Umstellungs-Handbüchern/Konzepten und Regelungen zum Einsatz der Systeme **2.     Mitarbeit in und Leitung von Projekten bei der Konzeption und Implementierung technischen und organisatorischen Maßnahmen in Bezug auf die Informationssicherheit** - Erstellung, Kontrolle und Weiterentwicklung von (verfahrensspezifischen) Informationssicherheitskonzepten - Mitwirkung an der Erstellung von Projektvereinbarungen, Vorhabenanmeldungen und anderer Dokumente zur Unterstützung interner Betriebsabläufen **3.       Mitwirkung bei Konzeption, Aufbau und Einrichtung von IT-Sicherheitssystemen (technisch/administrativ)** - Bereitstellung, Implementation (Installation und Konfiguration), Weiterentwicklung, Administration und Monitoring **4.        Systembetreuung IT-Sicherheitssysteme** - Softwarepflege/-wartung einschließlich Vertrag-/Lizensierungsregelungen - Sicherstellung laufender Betrieb, operative Aufgaben - Konfigurationsmanagement, Customizing (Anpassung/Parametrierung) - Unterstützung Helpdesk, Second-Level-Support, Ticketbearbeitung ** ** ## Das bringen Sie mit -  Diplom (FH), Bachelor (FH und Uni), Fachwirt (VWA, BA) auf dem Gebiet der Informatik, Wirtschaftsinformatik, IT-Forensik, IT-Sicherheit, Cyber Security oder vergleichbares Gebiet Sie sollten darüber hinaus - Neben den Erfahrungen und Kenntnissen im Fachbereich Informatik auch über ein - großes Interesse für und Sensibilität gegenüber dem Bereich IT-/Cyber-/Informations-Sicherheit verfügen - Berufserfahrung in den Gebieten Informationssicherheit wäre wünschenswert - gute Kenntnisse von ITK-Technologien und -Infrastrukturen besitzen - selbständig und gewissenhaft arbeiten, konzeptionell und analytisch denken können - kommunikationsfähig, sowie teamfähig sein und kundenorientiert arbeiten, sowie die Bereitschaft zur laufenden Fortbildung mitbringen - Einblicke in das Verwaltungsrecht sind von Vorteil - Bereitschaft zur Sicherheitsüberprüfung nach Sicherheitsüberprüfungsgesetz (SÜG) **Haben wir Ihren Nerv getroffen?** Wünschen Sie sich eine umfangreiche Einarbeitung in spannende Themen und ein gutes Team, welches Sie immer unterstützt? Dann erfüllen wir womöglich ihre Anforderungen und Sie unsere? …und freuen uns sehr auf Ihre Bewerbung. Bewerben Sie sich mit Ihren vollständigen Unterlagen über unser Online-Bewerberportal. Aus Sicherheitsgründen können nur Anhänge im PDF-Format angenommen werden. Bis zum Abschluss des Auswahlverfahrens werden Ihre personenbezogenen Daten unter Beachtung der EU-Datenschutzgrundverordnung (EU-DSGVO), des Sächsischen Datenschutzgesetzes (SächsDSG) und des Sächsischen Datenschutzdurchführungsgesetzes (SächsDSDG) in maschinenlesbarer Form im Personalmanagementsystem gespeichert und ausschließlich für den Zweck dieses Verfahrens verarbeitet und genutzt. Ihre persönlichen Daten werden vertraulich behandelt und nicht an Dritte weitergegeben. Die ausführlichen Datenschutzhinweise finden Sie unter: [www.dresden.de/stellenangeboten](http://www.dresden.de/stellenangeboten)

To apply: https://weworkremotely.com/remote-jobs/eb-it-dienstleistungen-it-security-manager-bcm-m-w-d

Read the full description
Security Product Cybersecurity Engineer at May Mobility

Embeds security practices throughout product development lifecycle for autonomous vehicles, manages vulnerabilities, and enforces secure coding standards across hardware and software systems.

Mid Posted 2 days ago RemoteFirstJobs Product
What this role involves

May Mobility is transforming cities through autonomous technology to create a safer, greener, more accessible world. Based in Ann Arbor, Michigan, May develops and deploys autonomous vehicles (AVs) powered by our innovative Multi-Policy Decision Making (MPDM) technology that literally reimagines the way AVs think.

Our vehicles do more than just drive themselves - they provide value to communities, bridge public transit gaps and move people where they need to go safely, easily and with a lot more fun. We’re building the world’s best autonomy system to reimagine transit by minimizing congestion, expanding access and encouraging better land use in order to foster more green, vibrant and livable spaces. Since our founding in 2017, we’ve given more than 500,000 autonomous rides to real people around the globe. And we’re just getting started. We’re hiring people who share our passion for building the future, today, solving real-world problems and seeing the impact of their work. Join us.

Job Summary

The Product Cybersecurity Engineer is responsible for ensuring security is embedded throughout the product development lifecycle—from architecture and code to deployment and operations. This role integrates security practices into development workflows, manages vulnerabilities in vehicle and autonomous systems, supports compliance with automotive cybersecurity standards, and serves as a cross-functional security expert bridging cybersecurity, hardware, and product engineering teams.

Essential Responsibilities

  • Integrate security practices — threat modeling, architecture reviews into product development workflows from requirements through release.
  • Provide early security input on hardware, firmware, and software design decisions, including third-party and supply chain risk considerations.
  • Write, review, and validate security requirements across hardware and software domains; enforce secure coding standards and perform security analysis on main compute systems.
  • Assist with maintaining Software Bill of Materials (SBOM) and Hardware Bill of Materials (HBOM) using dedicated SBOM tooling to ensure component visibility, vulnerability tracking, and supply chain transparency across products.
  • Apply security lenses during safety and functional assessments in collaboration with safety, systems, and software teams.
  • Assist in proactive vulnerability patching and support secure update strategies using product security tooling for threat modeling and risk profiling.
  • Conduct hazard and threat analyses (TARA/HARA) early in the architecture and development lifecycle.
  • Analyze and harden the security architecture of vehicle subsystems and autonomous stacks; define system- and product-level security requirements and ensure validation coverage.
  • Assist senior level engineers with Ethernet, in-vehicle networking, and cloud interface configuration, including port security and network segmentation.
  • Maintain working knowledge of R155/156, ISO 21434 and UL 4600; support internal audits, risk assessments, and compliance documentation.
  • Engage with Auto-ISAC to track emerging threats, attack vectors, and industry best practices.
  • Work across teams such as cybersecurity, hardware, and product engineering — providing architectural security design feedback.
  • Assist with fostering a security-first culture across the organization through integrated best practices and awareness programs.
  • Perform additional responsibilities as directed by your manager.

Skills and Abilities

Success in this role typically requires the following competencies:

  • Clear written communication and the ability to align stakeholders on security priorities before executing.
  • Excellent attention to detail and a rigorous, systematic approach to security analysis.
  • Ability to identify complex security problems across hardware, firmware, and software and devise optimal, innovative solutions that often cross organizational boundaries.

Qualifications and Experience

Candidates most successful in this role typically hold the following qualifications or comparable knowledge or experience:

Required

  • B.S. Degree in Computer Science, Computer Engineering, or an equivalent degree
  • Minimum of [1-3] years of experience in a product cyber security or related role
  • Experience performing threat modeling and attack surface analysis
  • Experience generating and managing Software Bills of Materials (SBOMs) using industry tooling, with working knowledge of SBOM formats such as SPDX and CycloneDX
  • Familiarity with vehicle communication networks and protocols across physical and application layers (CAN, LIN, Ethernet, DBCs), embedded systems interaction, and module security technologies.
  • Familiarity with security-relevant services in ISO 14229-1 (UDS)
  • Experience in TARA and HARA methodologies; experience applying UNECE WP.29, ISO/SAE 21434, and security standards.
  • Ability to clearly communicate findings and collaborate with engineering teams to drive timely mitigation and remediation.

Desirable

  • Experience in automotive product security at an OEM, Tier 1 supplier, or AV company.
  • Experience with autonomous vehicle systems and components.
  • Familiarity with AUTOSAR security modules, secure boot implementations, and penetration testing tools specific to automotive/embedded domains (e.g., CANalyzer, Wireshark, JTAG debugging).
  • Conduct hands-on penetration testing to identify, exploit, and report vulnerabilities across systems, applications, and devices.

Physical Requirements

  • Standard office working conditions which includes but is not limited to:
  • Prolonged sitting
  • Prolonged standing
  • Prolonged computer use
  • Travel required? –  Minimal: 1%-10%

Benefits and Perks

  • Comprehensive healthcare suite including medical, dental, vision, life, and disability plans. Domestic partners who have been residing together at least one year are also eligible to participate.
  • Health Savings and Flexible Spending Healthcare and Dependent Care Accounts available.
  • Rich retirement benefits, including an immediately vested employer safe harbor match.
  • Generous paid parental leave as well as a phased return to work.
  • Flexible vacation policy in addition to paid company holidays.
  • Total Wellness Program providing numerous resources for overall wellbeing

Don’t meet every single requirement? Studies have shown that women and/or people of color are less likely to apply to a job unless they meet every qualification. At May Mobility, we’re committed to building a diverse, inclusive, and authentic workforce, so if you’re excited about this role but your previous experience doesn’t align perfectly with every qualification, we encourage you to apply anyway! You may be the perfect candidate for this or another role at May.

Want to learn more about our culture & benefits? Check out our website!

May Mobility is an equal opportunity employer.  All applicants for employment will be considered without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, gender identity or expression, veteran status, genetics or any other legally protected basis.   Below, you have the opportunity to share your preferred gender pronouns, gender, ethnicity, and veteran status with May Mobility to help us identify areas of improvement in our hiring and recruitment processes. Completion of these questions is entirely voluntary.  Any information you choose to provide will be kept confidential, and will not impact the hiring decision in any way. If you believe that you will need any type of accommodation, please let us know.

Note to Recruitment Agencies: May Mobility does not accept unsolicited agency resumes. Furthermore, May Mobility does not pay placement fees for candidates submitted by any agency other than its approved partners.

Salary Range

$100,000—$155,000 USD

May Mobility uses automated tools to support — but not replace — human judgment in our recruiting process, to find out more please click here

Read the full description
Security Senior Information Security Engineer at SmartRecruiters

Designs and implements security compliance frameworks and technical controls across multiple regulatory standards including ISO 27001, SOC 2, GDPR, and AI security requirements.

Senior Remote Posted 2 days ago RemoteFirstJobs Product
What this role involves

Company Description

SmartRecruiters is the Recruiting AI Company that transforms hiring for the world’s leading enterprises. Built for global scale, SmartRecruiters, an SAP company, delivers an AI-powered hiring platform that automates and optimizes the entire talent acquisition process, ensuring faster and smarter hiring decisions. More than 4,000 companies, including Amazon, Visa, and McDonald’s, rely on SmartRecruiters to build winning teams. In 2025, SmartRecruiters joined SAP, the global leader in enterprise applications. Together, SmartRecruiters and SAP are accelerating the reinvention of hiring by combining cutting-edge AI innovation with the scale, reach, and resources of SAP’s ecosystem.

At SmartRecruiters, we are a values-driven, globally focused tech company with strong financial backing and a bold vision for the future of work. We commit and dig deep, embracing challenges with grit, curiosity, and a drive for excellence. We foster a collaborative and inclusive work environment, where trust and determination bring us together. Because together, we will win.

Recognized by Fosway Industry Analysts as a strategic leader in recruitment technology for three consecutive years, and awarded by Comparably as a top company for Women, Perks and Benefits, Work-Life Balance, Happiness, Compensation, Diversity, and Culture - we take pride in creating a place where everyone can thrive. Our remote-friendly culture, competitive salaries, and strong internal mobility ensure that high performers have meaningful growth opportunities in an environment built on respect and empowerment.

Job Description

SmartRecruiters is looking for a Senior Information Security Engineer to join the Governance, Risk & Compliance (GRC) team. This role is critical to ensuring that SmartRecruiters’ applications, systems, and processes remain compliant with industry standards and regulatory requirements, including ISO 27001, ISO 22301, ISO 42001, SOC 2 Type II, Cyber Essentials, GDPR, and the EU AI Act.

The successful candidate will combine strong GRC expertise with a technical, engineering mindset - someone who can drive compliance programmes across multiple frameworks while also stepping into complex technical topics such as business continuity, AI security, and cloud compliance. Critically, this is not a purely audit-focused role; we need someone who can dig into technical details, assess security architectures, support forensic investigations, build automation to replace manual processes, and provide hands-on guidance to engineering and security teams. A core part of this role is identifying opportunities to engineer scalable, repeatable solutions, from compliance evidence collection to policy enforcement, rather than relying on manual effort.

Responsibilities

Governance, Risk & Compliance

  • Identify manual, repetitive GRC processes and design automation blueprints to streamline them, including evidence collection, control monitoring, access reviews, policy enforcement checks, and compliance reporting
  • Build and maintain automated workflows using compliance platforms, scripting, or integration tools to reduce manual effort and improve audit-readiness
  • Develop reusable templates, playbooks, and standardised blueprints for recurring GRC activities (e.g., vendor assessments, internal audits, risk reviews) to ensure consistency and scalability.
  • Collaborate with engineering and IT teams to integrate security and compliance checks into existing toolchains and CI/CD pipelines where applicable
  • Continuously evaluate and improve GRC tooling, data flows, and reporting to drive operational efficiency across the team
  • Manage stakeholder expectations and partner with internal teams to ensure effective management of IT risks and compliance obligations
  • Maintain regional and local stakeholder relationships, meeting schedules, minutes, and reports.
  • Support the maintenance of the SOC 2 Type II framework, including evidence collection, control testing coordination, and audit support
  • Effectively manage ISO 27001 and ISO 22301 audit lifecycles and coordinate with stakeholders on ISMS and BCMS improvements
  • Support the maintenance and continuous improvement of the ISO 42001 (AI Management System) framework in alignment with the EU AI Act
  • Support vendor risk management activities, including third-party security assessments and due diligence reviews

Business Continuity & ISO 22301

  • Serve as a subject matter expert or key contributor for the Business Continuity Management System (BCMS), supporting the strategy, framework, and audit programme under ISO 22301
  • Support Business Impact Analysis (BIA), BCP/DRP development, recovery exercises, and continuity metrics management

AI Security & Compliance

  • Support AI security and compliance activities, including the assessment of AI-related risks, alignment with ISO 42001 controls, and regulatory readiness under the EU AI Act
  • Collaborate with product and engineering teams to evaluate security controls for AI/ML features and services

Qualifications

  • 5+ years of experience in information security, governance, risk, and/or compliance roles with a technical orientation
  • Demonstrated compliance or auditing experience with at least one major framework
  • Solid understanding of controls auditing principles and evidence management
  • Knowledge of risk management methodologies and experience conducting or supporting risk assessments
  • Ability to manage and deliver on multiple complex projects simultaneously, with minimal supervision
  • The ability to investigate, question, and interpret internal and external IT security and compliance issues at both a governance and technical level
  • A strong understanding of technology, cloud-based products, and SaaS environments
  • Experience working across business units and geographical boundaries to engage engineering, business, and operational teams
  • Experience with ISO 27001
  • Excellent written and verbal communication skills in English

Nice to have

  • Professional certifications such as CISA, CRISC, CISM, CISSP, CCSK, CCSP, or equivalent
  • Experience with ISO 9001, 27017, and 27018
  • Experience with ISO 22301 (Business Continuity), including BIA, BCP/DRP, and recovery testing
  • Experience with BSI C5 (Cloud Computing Compliance Criteria Catalogue) or similar cloud-specific compliance frameworks
  • Knowledge of AI security principles, experience with ISO 42001, or familiarity with the EU AI Act and its technical requirements
  • Technical understanding of cloud infrastructure (AWS preferred), networking fundamentals, identity management, and SaaS security architectures
  • Experience with enterprise risk management frameworks and tools
  • Understanding of threat modelling methodologies and secure development lifecycle (SDLC) principles
  • Hands-on experience with incident response - including participation in security incident investigations, containment, and post-mortem processes

Additional Information

SmartRecruiters is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

Read the full description
Security Senior SecOps Automation Engineer – Consumer FinTech

Designs, implements, and maintains security automation workflows and tools to protect fintech infrastructure and operations.

Senior Posted 3 days ago Jobicy AI
What this role involves
About TruelogicAt Truelogic we are a leading provider of nearshore staff augmentation services headquartered in New York. For over two decades, we’ve been delivering top-tier technology solutions to companies of...
Read the full description
Security Senior Risk Analyst at AlphaSense

Designs and builds a quantitative, AI-driven enterprise risk management program spanning information security, AI, and operational risk.

Senior Posted 3 days ago RemoteFirstJobs Product
What this role involves

About AlphaSense:

The world’s most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making. With market intelligence and search built on proven AI, AlphaSense delivers insights that matter from content you can trust. Our universe of public and private content includes equity research, company filings, event transcripts, expert calls, news, trade journals, and clients’ own research content.

The acquisition of Tegus by AlphaSense in 2024 advances our shared mission to empower professionals to make smarter decisions through AI-driven market intelligence. Together, AlphaSense and Tegus will accelerate growth, innovation, and content expansion, with complementary product and content capabilities that enable users to unearth even more comprehensive insights from thousands of content sets. Our platform is trusted by over 6,000 enterprise customers, including a majority of the S&P 500. Founded in 2011, AlphaSense is headquartered in New York City with more than 2,000 employees across the globe and offices in the U.S., U.K., Finland, India, Singapore, Canada, and Ireland. Come join us!

About the Role

AlphaSense is maturing its security risk management program and needs a Senior Risk Analyst to be a core builder and operator of that function. You will design, implement, and mature a risk framework that spans information security, AI, and operational risk—building toward a program that is quantitative-leaning, connected to live data sources, and actionable at every altitude from service owner to executive leadership. You will establish risk identification and scoring methodologies, own the enterprise risk register, and produce risk intelligence that drives real decisions. You will also support the TPRM function led by a dedicated TPRM lead, contributing to assessments and risk tracking as needed. You approach this with an AI-native mindset: using AI to monitor threat landscapes, analyze risk data, draft risk narratives, and surface emerging risks faster than a traditional manual program could. The goal is a risk function, not a risk register—one that measures outcomes and reduced exposure, not just activity.This is not a role for someone looking to maintain a program that already exists. AlphaSense is building a risk management discipline that we believe can serve as the blueprint for how AI-era companies measure, communicate, and act on risk. Risk management across the industry is still largely qualitative, reactive, and disconnected from the systems that generate real signal. We intend to change that—and we want someone on this team who shares that ambition and wants to be part of building the model that others will eventually follow.

Key Responsibilities

Risk Program Design & Maturation

Design and implement a structured risk management program, including risk taxonomy, scoring methodology, risk appetite statements, and escalation thresholds. Align the program with ISO 27005, NIST RMF, or ISO 31000 as appropriate. This is largely greenfield work—you will help define the architecture and continuously mature the discipline as the company scales.

Risk Register Ownership

Build and maintain the enterprise risk register as a living operational tool, not a compliance artifact. Lead periodic risk identification workshops with business, engineering, and legal stakeholders to surface new and evolving risks. Ensure every risk has a documented owner, risk rating, treatment decision, and remediation timeline—and that the register reflects current reality, not last quarter’s snapshot.

AI-Augmented Risk Analysis

Leverage AI tools to monitor threat intelligence, identify patterns across risk data, accelerate risk narrative drafting, and keep the risk register current between formal review cycles. Build AI-assisted workflows that reduce manual risk review burden and surface emerging risks earlier. Apply judgment to validate AI output before it informs a risk decision.

Third-Party & Vendor Risk Support

Support the TPRM function in partnership with the dedicated TPRM lead. Contribute to vendor risk assessments, risk scoring, and finding documentation as needed. Provide risk framework input to ensure third-party risks are consistently rated and tracked in alignment with the broader risk register.

AI & Emerging Technology Risk

Identify and assess AI-related risks including data privacy, model bias, explainability, security misuse, agentic system behavior, and third-party AI dependencies. Support compliance with AI governance frameworks (ISO 42001, NIST AI RMF, EU AI Act). Maintain current knowledge of the evolving AI risk landscape and help AlphaSense stay ahead of regulatory and operational risks from AI deployment.

Risk Reporting & Executive Communication

Produce clear, executive-ready risk reports, dashboards, and periodic risk summaries. Translate technical risk findings into business impact language that drives informed decisions at the service owner, leadership, and board levels. Make risk actionable at every altitude—engineers understand their exposure, executives understand portfolio risk.

Cross-Functional Risk Advisory

Provide cross-functional risk and control guidance on process improvements, new technology adoption, post-implementation reviews, and remediation activities. Support stakeholders in interpreting risk requirements and embedding risk management practices into how they build and operate—not as a checkpoint, but as an enabling partner.

What Success Looks Like

  • Security and compliance controls are clearly documented, tested, and consistently implemented—with evidence generated by integrations, not collected by hand
  • Risks and compliance gaps are identified early, tracked with owners, and remediated in partnership with technical teams before auditors find them
  • GRC processes scale alongside platform growth and new customer or regulatory requirements without proportional headcount growth
  • Stakeholders across Engineering, Legal, and Product view the GRC function as a trusted, enabling partner—not a compliance checkpoint
  • AI tools are used deliberately and responsibly: output is validated, sensitive data is protected, and automation creates leverage without introducing new risk
  • The risk register is a live operational tool that reflects current exposure—engineers know their risk posture, executives can explain portfolio risk, and risk scores change when the environment changes
  • Risk reporting is driven by KRIs and live data sources, not manually assembled status updates—leadership has real-time visibility into risk posture

Who You Are

Basic Requirements

  • 6+ years of experience in GRC, information security, risk management, or IT audit, preferably in a SaaS or cloud-native environment
  • Strong understanding of security and compliance frameworks including SOC 2, ISO 27001, NIST CSF 2.0, and CIS Controls; working knowledge of ISO 42001 and NIST AI RMF
  • AI-native mindset: you use AI tools—LLMs, agents, automation—for real, substantive work including analysis, drafting, evidence gathering, and workflow automation. You apply judgment about where AI creates leverage and where a human must stay in the loop
  • Proficiency with GRC platforms for evidence management and control testing (Drata, Vanta, AuditBoard, ServiceNow GRC, or equivalent)
  • Familiarity with cloud environments (AWS, Azure, or GCP) and the security and compliance posture tooling that runs on them (CSPM, SIEM, identity platforms)
  • Experience supporting external audits across security or privacy domains, including evidence collection, control walkthroughs, and auditor interaction
  • Ability to interpret technical controls and translate findings into compliance, risk, and policy documentation that engineers and non-technical stakeholders both understand
  • Working knowledge of risk registers, control libraries, and policy governance lifecycles
  • Working knowledge of privacy and data protection requirements (GDPR, CCPA/CPRA) and how they intersect with security controls, in partnership with Legal and Product teams
  • Strong written communication, analytical thinking, and attention to detail; able to produce clear audit responses, risk narratives, and control documentation under deadline
  • 4+ years of hands-on experience in information security risk management or a combined GRC/risk role with responsibility for building or significantly maturing a risk register and scoring methodology
  • Demonstrated use of AI or data tools to surface risk insights, analyze trends, draft risk narratives, or automate risk register workflows—with clear judgment about validating AI output before it informs a decision
  • Proven experience maturing an organization’s risk program from qualitative to quantitative risk measurement—including introducing scoring models, KRI frameworks, and data-driven risk reporting that changed how leadership makes risk decisions
  • Experience with data warehousing concepts, KRI development and tracking, and risk reporting pipelines that connect live data sources to dashboards and executive reporting
  • Proficiency with GRC platforms for risk tracking, control testing, and evidence management (Drata, Vanta, AuditBoard, ServiceNow GRC, or equivalent)
  • Strong analytical skills: comfort with qualitative and quantitative risk scoring, heat maps, likelihood/impact matrices, and risk appetite articulation
  • Experience producing executive-ready risk reports and translating technical findings into business impact language for non-technical audiences
  • Experience supporting TPRM assessments and contributing to vendor risk documentation in partnership with a dedicated TPRM function

Nice to Have

  • Relevant certifications: CISA, CRISC, CISM, CISSP, CCSK, or ISO 27001 Lead Auditor/Implementer
  • Experience with AI governance frameworks including ISO 42001, NIST AI RMF, EU AI Act, or OECD AI Principles
  • Exposure to SOX ITGC cycles—managing evidence, walkthroughs, and findings with external auditors
  • Privacy program crossover: data mapping, DPIAs, GDPR/CCPA operational compliance
  • Scripting or automation experience (Python, JavaScript, or low-code tools) applied to GRC or compliance workflows
  • Quantitative risk experience: FAIR-style decomposition, Monte Carlo simulation, or loss exceedance analysis applied to real risk decisions—not just theoretical familiarity
  • Experience with AI risk domains: model risk, algorithmic bias, AI system failure modes, agentic system risks, and governance frameworks including NIST AI RMF or ISO 42001
  • Familiarity with risk aggregation and BI tooling (Tableau, Looker, Power BI) for risk dashboarding and executive reporting
  • Background in financial services regulatory risk environments (SOX, FFIEC, or equivalent).

AlphaSense is an equal-opportunity employer. We are committed to a work environment that supports, inspires, and respects all individuals. All employees share in the responsibility for fulfilling AlphaSense’s commitment to equal employment opportunity. AlphaSense does not discriminate against any employee or applicant on the basis of race, color, sex (including pregnancy), national origin, age, religion, marital status, sexual orientation, gender identity, gender expression, military or veteran status, disability, or any other non-merit factor. This policy applies to every aspect of employment at AlphaSense, including recruitment, hiring, training, advancement, and termination.

In addition, it is the policy of AlphaSense to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations, and ordinances where a particular employee works.

Recruiting Scams and Fraud

We at AlphaSense have been made aware of fraudulent job postings and individuals impersonating AlphaSense recruiters. These scams may involve fake job offers, requests for sensitive personal information, or demands for payment. Please note:

  • AlphaSense never asks candidates to pay for job applications, equipment, or training.
  • All official communications will come from an @alpha-sense.com email address.
  • If you’re unsure about a job posting or recruiter, verify it on our Careers page.

If you believe you’ve been targeted by a scam or have any doubts regarding the authenticity of any job listing purportedly from or on behalf of AlphaSense please contact us. Your security and trust matter to us.

Read the full description
Security Security Engineer, Incident Response

Responds to and manages security incidents, investigating threats and coordinating remediation efforts.

Remote Posted 3 days ago Himalayas
What this role involves
Who we are At Twilio, we’re shaping the future of communications, all from the comfort of our homes.
Read the full description
Security Public Facing Security Researcher at CertiK

Public-facing security researcher who conducts Web3 audits and penetration testing while representing CertiK at conferences and on social media.

Mid Remote Posted 3 days ago RemoteFirstJobs Product
What this role involves

About the Company

Born from groundbreaking research at Columbia University and Yale University, CertiK is a leading Web3 security company focused on securing blockchain protocols, smart contracts, and decentralized applications through cutting-edge security research, formal verification, and AI-powered technology. Founded in 2017 and headquartered in New York City, CertiK provides end-to-end security solutions including smart contract audits, penetration testing, on-chain monitoring, incident response, and compliance services for some of the largest projects in the digital asset ecosystem.

Today, CertiK supports thousands of enterprise clients and Web3 projects globally, with a distributed international team spanning North America, Asia, and Europe. The company is backed by leading investors including Coatue, Goldman Sachs, Insight Partners, and Sequoia Capital, and has been recognized by organizations such as the World Economic Forum and CB Insights for its contributions to blockchain security innovation.

About This Role

This role is for a Web3 security researcher who can act as a public face for CertiK. This means having a strong social media presence, speaking at conferences, and being openly helpful to the wider security community. This doesn’t mean you have to have tens of thousands of followers on X, but you do need to be comfortable interacting with the general public. The specific type of security researcher is flexible - contract/chain auditors, pen testers, engineers, and multi-talented individuals can apply. This is a great role for a generalist.

Responsibilities

  • Work closely with the Web3 Task Force Team to create stronger connections to the blockchain ecosystem.

  • Speak at conferences about your area of expertise on behalf of CertiK.

  • Complete interviews about various Web3 security topics.

  • Perform tasks cross-functionally among the various teams at CertiK.

  • Support the marketing and feedback collection of CertiK’s products and services.

Requirements

  • 3+ years of experience in the Web3 space.

  • Strong social media presence and high visibility.

  • Experience speaking at conferences or in front of large audiences.

  • Strong technical skills in the areas of web3 security or related fields.

Bonus Points

  • Large number of social media followers.

  • Previous experience being the public face of an organization.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Read the full description
Security Public Facing Security Researcher at CertiK

Conducts Web3 security research while serving as a public-facing expert through conference speaking, social media engagement, and community outreach.

Mid Remote Posted 3 days ago RemoteFirstJobs Product
What this role involves

About the Company

Born from groundbreaking research at Columbia University and Yale University, CertiK is a leading Web3 security company focused on securing blockchain protocols, smart contracts, and decentralized applications through cutting-edge security research, formal verification, and AI-powered technology. Founded in 2017 and headquartered in New York City, CertiK provides end-to-end security solutions including smart contract audits, penetration testing, on-chain monitoring, incident response, and compliance services for some of the largest projects in the digital asset ecosystem.

Today, CertiK supports thousands of enterprise clients and Web3 projects globally, with a distributed international team spanning North America, Asia, and Europe. The company is backed by leading investors including Coatue, Goldman Sachs, Insight Partners, and Sequoia Capital, and has been recognized by organizations such as the World Economic Forum and CB Insights for its contributions to blockchain security innovation.

About This Role

This role is for a Web3 security researcher who can act as a public face for CertiK. This means having a strong social media presence, speaking at conferences, and being openly helpful to the wider security community. This doesn’t mean you have to have tens of thousands of followers on X, but you do need to be comfortable interacting with the general public. The specific type of security researcher is flexible - contract/chain auditors, pen testers, engineers, and multi-talented individuals can apply. This is a great role for a generalist.

Responsibilities

  • Work closely with the Web3 Task Force Team to create stronger connections to the blockchain ecosystem.

  • Speak at conferences about your area of expertise on behalf of CertiK.

  • Complete interviews about various Web3 security topics.

  • Perform tasks cross-functionally among the various teams at CertiK.

  • Support the marketing and feedback collection of CertiK’s products and services.

Requirements

  • 3+ years of experience in the Web3 space.

  • Strong social media presence and high visibility.

  • Experience speaking at conferences or in front of large audiences.

  • Strong technical skills in the areas of web3 security or related fields.

Bonus Points

  • Large number of social media followers.

  • Previous experience being the public face of an organization.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Read the full description
Security Senior Security Engineer at Samsara

Monitors and responds to security events, leads incident response investigations, and maintains automated security workflows for a publicly traded IoT operations platform.

Senior Remote Posted 3 days ago RemoteFirstJobs Product
What this role involves

Who we are

Samsara (NYSE: IOT) is the pioneer of the Connected Operations™ Cloud, which is a platform that enables organizations that depend on physical operations to harness Internet of Things (IoT) data to develop actionable insights and improve their operations. At Samsara, we are helping improve the safety, efficiency and sustainability of the physical operations that power our global economy. Representing more than 40% of global GDP, these industries are the infrastructure of our planet, including agriculture, construction, field services, transportation, and manufacturing — and we are excited to help digitally transform their operations at scale.

Working at Samsara means you’ll help define the future of physical operations and be on a team that’s shaping an exciting array of product solutions, including Video-Based Safety, Vehicle Telematics, Apps and Driver Workflows, and Equipment Monitoring. As part of a recently public company, you’ll have the autonomy and support to make an impact as we build for the long term.

About the role:

As a member of our Security Operations Team, you will collaborate with a global team of engineers to monitor and respond to security events, lead security incidents as Incident Commander, and lead digital forensic investigations in support of Employee Relations, Legal, Compliance, or Information Security cases.

Although you will be focused on security incident response, you will also have the opportunity to create and maintain runbooks, and automated workflows, and assist in process refinement and implementation. You will collaborate with a diverse team of engineers, and key stakeholders on security initiatives across the company. Above all, your focus is bringing Security expertise to the table in a collaborative, humble, and practical manner.

Location: This role is open to candidates residing in the UK

You should apply if:

  • You want to impact the industries that run our world: Every phone call you answer and every email you send can affect whether truck drivers deliver goods on time and without accidents, whether students get dropped off safely from school, or whether power gets restored quickly after a natural disaster.
  • You thrive the most when solving problems: Our constantly expanding technology and the complexities faced by our customers provide an exciting range of challenges for our Customer Success teams. With a growth mindset and a desire to learn, you will strategically partner with our customers to find unique solutions to help keep their operations safe, efficient, and sustainable.
  • You are a natural relationship builder: Whether the relationship is with our customers or with cross-functional teams in Samsara, you are in constant communication and collaboration with key stakeholders to win as a team.
  • You are the architect of your own career: If you put in the work, this role won’t be your last at Samsara. This Customer Success team is still shaping its future and you will have plenty of autonomy and opportunities to master your craft in a hyper growth environment.
  • You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by the best and brightest professionals out there.

In this role, you will:

  • Monitor security events and provide technical analysis on alerts
  • Lead information security incidents and employee insider investigations by developing the incident response strategy, lead the execution through incident closure, while providing incident updates to key stakeholders throughout the incident
  • Deliver security guidance clearly and concisely for incident response and insider threat initiatives
  • Coordinate the building of services, capabilities, integrations, and implementations of technologies to support security operations, incident response, and insider threat
  • Champion, role model, and embed Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) as we scale globally and across new offices
  • Participate in our on-call rota covering weekends

Minimum requirements for the role:

  • 5+ years of experience in Security Incident Response
  • Ability to communicate investigative findings and strategies to technical staff, executive leadership, and legal
  • Ability to build scripts or tools to support Samsara’s investigation processes, with proficiency in Python
  • Mentor and train security operation engineers on data collection, analysis, and reporting technical analysis
  • Practical experience acting as a lead during security incident response, including monitoring and triaging alerts, and coordinating across teams
  • Understanding of analysis and forensics techniques on macOS, Windows, and Linux
  • Experience utilizing SIEM tools to perform log reviews
  • Experience in cloud architecture and security (AWS, GCP) and cloud-based services
  • This role will be part of our EMEA so your hours will be aligned to the UK. As an operational time you may be expected to work flexible hours around this to support the load of the team

An ideal candidate also has:

  • 2+ years of experience working on insider threat initiatives or employee investigations
  • Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field - or relevant industry experience
  • GIAC Certified Incident Handler (GCIH) or similar Certification
  • Familiarity with common security frameworks and standards, including NIST Cybersecurity Framework, ISO 27001, FedRAMP

Total Rewards

At Samsara, we build for the people who keep the global economy moving. We want owners, not passengers, which is why our rewards are designed to fuel high-impact builders. Our compensation program delivers above-market total compensation through a combination of base salary, performance-based bonus/variable pay, and equity (for eligible roles) in a high-growth public company. We meaningfully differentiate pay for our top performers, who have the opportunity to earn above-market compensation that can outpace the broader market over time.

Beyond compensation, we provide the foundations that enable long-term success: a flexible, employee-led remote model, a professional development stipend, comprehensive health and parental leave plans, and more. If you’re ready to build for the long term and own the outcome, your journey starts here.

Flexible Working

At Samsara, we embrace a flexible working model that caters to the diverse needs of our teams. Our offices are open for those who prefer to work in-person and we also support remote work where it aligns with our operational requirements. For certain positions, being close to one of our offices or within a specific geographic area is important to facilitate collaboration, access to resources, or alignment with our service regions. In these cases, the job description will clearly indicate any working location requirements. Our goal is to ensure that all members of our team can contribute effectively, whether they are working on-site, in a hybrid model, or fully remotely. All offers of employment are contingent upon an individual’s ability to secure and maintain the legal right to work at the company and in the specified work location, if applicable.

Belonging at Samsara

At Samsara, we welcome everyone regardless of their background. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender, gender identity, sexual orientation, protected veteran status, disability, age, and other characteristics protected by law. We depend on the unique approaches of our team members to help us solve complex problems and want to ensure that Samsara is a place where people from all backgrounds can make an impact.

Accommodations

Samsara is an inclusive work environment, and we are committed to ensuring equal opportunity in employment for qualified persons with disabilities. Please email accessibleinterviewing@samsara.com or click here if you require any reasonable accommodations throughout the recruiting process.

Our Commitment to Authenticity

We use Tofu, a fraud detection tool, to validate the authenticity of applications and protect against identity fraud. This ensures we are connecting with real people and allows us to prioritize genuine candidates. Please see Samsara’s Candidate Privacy Notice for more information.

Fraudulent Employment Offers

Samsara is aware of scams involving fake job interviews and offers. Please know we do not charge fees to applicants at any stage of the hiring process. Official communication about your application will only come from emails ending in @samsara.com, @us-greenhouse-mail.io or @mail3.guide.co. For more information regarding fraudulent employment offers, please visit our blog post here.

Read the full description
Security Remote Securiti.ai SME at WaveStrong, Inc.

Configure and operationalize the Securiti.ai privacy-compliance platform across multi-cloud environments, automating DSAR, DPIA, and consent workflows for enterprise clients.

Senior Remote Posted 4 days ago RemoteFirstJobs Product
What this role involves

Exciting Remote Securiti.ai SME contract career opportunity.

Own the design, configuration and operationalization of the Securiti.ai platform for an enterprise privacy-compliance program — turning DSAR, DPIA, RoPA and consent requirements into a working, defensible capability the client can run after transition.

  • 2+ years hands-on Securiti.ai — discovery & classification, DSAR automation, DPIA, RoPA, consent modules
  • Multi-cloud connector configuration: AWS, Azure, GCP, Oracle Cloud, IBM Cloud; SaaS sources incl. M365 & Salesforce
  • Architect and configure the Securiti.ai Data Command Center — discovery, classification and data-mapping modules across the multi-cloud estate
  • Stand up DSAR intake and fulfillment automation, DPIA/PIA workflows, RoPA and Universal Consent Management
  • Map cross-border transfer obligations and EU AI Act touchpoints into the platform’s assessment framework
  • Integrate with the surrounding stack — DSPM, data catalog, CMDB and SaaS sources — and tune classification accuracy
  • Deliver runbooks, role-based training and knowledge transfer for client self-sufficiency.
  • Working fluency in GDPR, CCPA/CPRA and U.S. state privacy laws; EU AI Act awareness
  • Experience operationalizing DSAR SLAs, records of processing and consent at enterprise scale
  • Data mapping and lineage across structured/unstructured stores; Databricks & ServiceNow CMDB familiarity a plus
  • API-based integration experience; DSPM tooling exposure (e.g., Wiz, Microsoft Purview) valued
  • Preferred: Securiti.ai certification(s) — Privacy Ops / Data Command Center, IAPP CIPP/E, CIPM or CIPT; CISSP or equivalent security credential a plus
Read the full description
Security Security Architect (SecOps) - Northeast region (Remote) at GuidePoint Security

Lead technical discovery and design security architecture solutions for prospects and customers, translating requirements into SIEM/SOAR implementations and advising on emerging security platforms.

Senior Remote Posted 4 days ago RemoteFirstJobs Product
What this role involves

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.

GuidePoint Security is seeking a Security Architect (SecOps) to join our Security Operations practice and serve as a trusted technical advisor to prospects and customers throughout the sales cycle.

Note: Applicants must live in our Northeast region to be considered (NJ to Maine). Up to 25% travel primarily in the region required.

Role Overview:

You will partner with account executives and practice leadership to build customer confidence, articulate technical solutions, and enable seamless handoffs to delivery teams. This is a customer-facing role focused on discovery, design, and positioning — not deep implementation. You will work across the SIEM, SOAR, detection-as-code, and emerging technologies like Snowflake for security data lakes.

What You’ll Do:

  • Lead technical discovery calls and translate customer requirements into high-level solution designs
  • Speak credibly about product capabilities, integrations, and architectural trade-offs (e.g., Splunk, Sentinel, CrowdStrike Next-Gen SIEM, Tines, Torque, Snowflake)
  • Draw integration diagrams, validate technical feasibility, and position GuidePoint’s differentiated capabilities
  • Support account executives in pre-sales engagements, ensuring technical alignment before formal scoping
  • Stay current on security operations trends, emerging platforms, and competitive positioning
  • Collaborate with delivery architects to ensure smooth transitions from sales to implementation
  • Embraces emerging technologies, including AI tools, to work smarter, solve problems, and drive better business outcomes

What We’re Looking For:

  • Technically credible — you understand how SIEM/SOAR/detection-as-code ecosystems work at a fundamental level
  • Approachable and articulate — you can explain complex topics in accessible terms without being condescending or overconfident
  • Customer-focused — you listen well, ask the right questions, and build trust quickly
  • Curious and adaptable — you’re comfortable learning new platforms (e.g., Snowflake) as customer demand evolves
  • Experience in security operations, consulting, or pre-sales engineering preferred
  • No deep implementation expertise required — we value breadth, communication, and judgment over hands-on keyboard skills

We use Greenhouse Software as our applicant tracking system and Zoom Scheduler for HR screen request scheduling. At times, your email may block our communication with you. Please be sure to check your SPAM folder so that you don’t miss updates on your application.

Why GuidePoint? GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 1,200 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 6,200 customers.

Firmly-defined core values drive all aspects of the business, which have been paramount to the company’s success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.

This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.

Some added perks….

  • Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
  • Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)
  • Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
  • 12 corporate holidays and a Flexible Time Off (FTO) program
  • Healthy mobile phone and home internet allowance
  • Eligibility for retirement plan after 2 months at open enrollment
  • Pet Benefit Option
Read the full description